Wednesday, March 17, 2010

OSG 1.2.8 Release Announcement

OSG Operations and Integration are pleased to announce the release of OSG version 1.2.8.

This is a security update for all OSG installations using Gratia probes to report accounting information. The urgency of this update depends on the following factors:

  • If your resource is using Gratia probes to report accounting information and are using Condor or Managed Fork, you should apply this update to prevent authorized local users from gaining elevated privileges
  • Other resources using Gratia probes for accounting can treat this as a low priority security update that may prevent authorized local users from being able to run a DOS attack on Gratia reporting
  • Resources not using Gratia do not need to apply this update since it does not apply in this case

This release also updates several software components, see the complete list below.

  • Gratia probes
  • osg-version

This update corrects a bug in the Gratia probes that may pose a security risk to resources in certain instances. Please see the VDT release notes for more details: http://vdt.cs.wisc.edu/releases/2.0.0/release-p15.html

Complete update instructions can be found at https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/OSG128UpdateInstructions

Sites using rpms to install Gratia probes should update their rpms to the latest versions in accordance with the guidelines given in the summary.

If you are updating from a version prior to 1.2.0 or installing the OSG stack for the first time see the full installation instructions at https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/