VDT security advisory 2009-02

Summary

Some versions of dCache have a security vulnerability in the SRM subsystem.

Relevant Versions

This advisory affects the following VDT versions:

All versions of dCache 1.8.x, and various versions of dCache 1.9.x.

Date Announced

2009-07-28

Description

Some versions of dCache have a security vulnerability in the SRM subsystem.

We consider this to be a medium severity security problem and therefore you are strongly urged to upgrade.

Solution

The dCache RPM can be downloaded directly from the dCache web site, choose the update appropriate for the version of dCache you are using. (Note: the 1.9.2 version was updated on 05-August-2009 because the previously announced version had a bug that could cause performance problems.)

• dCache 1.9.4-2 (release notes)
• dCache 1.9.3-3 (release notes)
• dCache 1.9.2-10 (release notes)

If you are using the vdt-dcache package the upgrade from vdt-dcache 2.3.1 to 2.3.3 is available from the VDT dCache web site It contains dcache-server-1.9.2-10.noarch.rpm.

It is possible to upgrade just the SRM dcache node in order to activate the security patch.

The upgrade for 1.8.x version is not available because this version is no longer supported by dcache.

We encouraged everybody to upgrade dCache as soon as possible.

Please let us know if you have any questions or encounter any problems with upgrade.

Questions

Please contact vdt-support@opensciencegrid.org if you have any questions.