SVG:Advisory-SVG-2015-9517
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-9517
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** Title: EGI SVG Advisory/Alert - security notice regarding signing key and binary downloads of Ceph Date: 2015-10-13 Updated: URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9517 Short Alert =========== Ceph is a distributed storage solution and is used in some sites in the EGI infrastructure. A security notice has been issued by Ceph regarding singing key and binary downloads of Ceph. Sites running Ceph should check the following link: http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/ and check which version they have and that it is signed appropriately if they have not done so already. It is difficult to find whether any EGI sites are affected by this security issue, or the risk if any have been so we leave it to sites to check. Timeline ======== Yyyy-mm-dd 2015-09-21 SVG and CSIRT alerted to this issue by Sophie Ferry 2015-09-21 Acknowledgement from the EGI SVG to the reporter 2015-09-28 SVG agreed a short alert to sites should be sent 2015-10-12 Alert drafted 2015-10-13 Alert sent to sites