This is a security update for all OSG installations using Gratia probes to report accounting information. The urgency of this update depends on the following factors:
- If your resource is using Gratia probes to report accounting information and are using Condor or Managed Fork, you should apply this update to prevent authorized local users from gaining elevated privileges
- Other resources using Gratia probes for accounting can treat this as a low priority security update that may prevent authorized local users from being able to run a DOS attack on Gratia reporting
- Resources not using Gratia do not need to apply this update since it does not apply in this case
This release also updates several software components, see the complete list below.
- Gratia probes
- osg-version
This update corrects a bug in the Gratia probes that may pose a security risk to resources in certain instances. Please see the VDT release notes for more details: http://vdt.cs.wisc.edu/releases/2.0.0/release-p15.html
Complete update instructions can be found at https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/OSG128UpdateInstructions
Sites using rpms to install Gratia probes should update their rpms to the latest versions in accordance with the guidelines given in the summary.
If you are updating from a version prior to 1.2.0 or installing the OSG stack for the first time see the full installation instructions at https://twiki.grid.iu.edu/bin/view/ReleaseDocumentation/
Posts
Copyright 2009 Indiana University - Developed for Open Science Grid