Hi,
I think Imperial also run dCache. I usually get the versions from the
dCache repository, though the gLite version had caught up with us.
The advisory I was reacting to was on one of the dCache mailing lists.
I actually backed out the update late last night because the srm had
crashed three times since I'd updated.
Yours,
Chris.
On 30 Jul 2009, at 09:13, "Ma, M (Mingchao)" <[log in to unmask]>
wrote:
> Hi Chris and all,
>
> RALPP is the only site running dCache at UKI ROC, isn't it?
>
> Chris, where do you get the dCache software package (not the patch),
> from
> gLite repository or from dCache repository? Is dCache part of gLite
> milldeware or it is a third-party software package?
>
> Patrick reported the vulnerability to me on Monday morning. As
> dCache is
> Grid middleware I passed it to GSVG to handle it. GSVG is assessing
> the
> vulnerability but I haven't seen an advisory out yet.
>
> Thanks,
>
> Mingchao
>
>> -----Original Message-----
>> From: GRIDPP2: Deployment and support of SRM and local storage
>> management
>> [mailto:[log in to unmask]] On Behalf Of Brew, CAJ (Chris)
>> Sent: 29 July 2009 18:00
>> To: [log in to unmask]
>> Subject: Re: [Fwd: Warning : Vulnerability in the SRM subsystem of
>> dCache
>> (all production releases)]
>>
>> Hi Jens,
>>
>> RALPP headnode updated to 1.9.1-10 earlier today.
>>
>> Chris.
>>
>> P.s. Just running the checks on what looks like it might be a
>> successful
>> test pnfs->chimera migration. It's not too difficult so unless I find
>> problems I will probably schedule the real thing for a few weeks from
>> now.
>>
>>> -----Original Message-----
>>> From: GRIDPP2: Deployment and support of SRM and local storage
>>> management [mailto:[log in to unmask]] On Behalf Of
>>> Jensen,
>>> J (Jens)
>>> Sent: 29 July 2009 17:54
>>> To: [log in to unmask]
>>> Subject: [Fwd: Warning : Vulnerability in the SRM subsystem of
>>> dCache
>>> (all production releases)]
>>>
>>> Will this affect our dCache sites? I don't see 1.(< 9) mentioned
>>> but
>>> the recommendation is to "upgrade to a 1.9 so you can apply the
>>> patch"
>>>
>>> --jens
>>>
>>> -------- Original Message --------
>>> Subject: Warning : Vulnerability in the SRM subsystem of dCache
>> (all
>>> production releases)
>>> Date: Mon, 27 Jul 2009 18:04:38 +0200
>>> From: [log in to unmask]
>> <[log in to unmask]>
>>> Reply-To: [log in to unmask]
>>> To: [log in to unmask], [log in to unmask],
>>> [log in to unmask]
>>>
>>>
>>>
>>> Dear all,
>>>
>>> we recently detected a vulnerability in the SRM subsystem of dCache.
>>> Security patches are already available at dCache.org. Please find
>>> details on the issue below.
>>> In case you need further help : Drop us an e-mail at :
>>> [log in to unmask] <mailto:[log in to unmask]>.
>>>
>>> regards
>>> patrick
>>>
>>>
>>> - Affected releases
>>>
>>> All production releases are affected.
>>>
>>> - Footprint :
>>>
>>> * One needs to be authenticated in order to abuse the system
>>> (based on
>>> this vulnerability).
>>> * Neither the file system metadata nor the actual data is in danger.
>>> * The flaw is in the code since the introduction of SRM 2.2.
>>> * This security issue has not been reported by a customer and up to
>> now
>>> only the dCache core team has knowledge on how to misuse the system
>>> based on this flaw.
>>>
>>> - Solution :
>>>
>>> Please find fixes for this security bug at dCache.org
>>> (http://www.dcache.org/downloads/1.9) for releases
>>>
>>> 1.9.1 -> patch 1.9.1-10
>>> 1.9.2 -> patch 1.9.2-9
>>> 1.9.3 -> patch 1.9.3-3
>>> 1.9.4 -> patch 1.9.4-2
>>>
>>> * Only the SRM door needs to be patched.
>>> * In case you are running a pre 1.9.1 version you should consider
>>> to
>>> upgrade your system to a release for which we provide a patch.
>>> * Please check the compatibility matrix in the release notes if you
>>> want
>>> to run mixed releases.
>>> * All current 1.9.x head nodes, including 1.9.3 and 1.9.4, are
>>> compatible with 1.9.0 pool nodes.
>>> * Although you may mix different head-node releases with different
>> pool
>>> node releases, please make sure all head node services are running
>>> the
>>> same release (eg 1.9.3). For mixing head node services within a
>>> patch
>>> level (1.9.3-x) please refer to the corresponding release notes.
>> --
>> Scanned by iCritical.
--
Scanned by iCritical.
|