** WHITE information - Unlimited distribution allowed **
** see https://go.egi.eu/tlp for distribution restrictions **
Title: EGI SVG Advisory/Alert - security notice regarding signing key and
binary downloads of Ceph
Date: 2015-10-13
Updated:
URL: https://advisories.egi.eu/2015/Advisory-SVG-2015-9517
Short Alert
===========
Ceph is a distributed storage solution and is used in some sites in the EGI
infrastructure.
A security notice has been issued by Ceph regarding singing key and binary
downloads of Ceph.
Sites running Ceph should check the following link:
http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/
and check which version they have and that it is signed appropriately if they
have not done so already.
It is difficult to find whether any EGI sites are affected by this security
issue, or the risk if any have been so we leave it to sites to check.
Timeline
========
Yyyy-mm-dd
2015-09-21 SVG and CSIRT alerted to this issue by Sophie Ferry
2015-09-21 Acknowledgement from the EGI SVG to the reporter
2015-09-28 SVG agreed a short alert to sites should be sent
2015-10-12 Alert drafted
2015-10-13 Alert sent to sites