## page was renamed from SecurityTeam/KnowledgeBase/CephIntrusion
## page was copied from SecurityTeam/KnowledgeBase/MediaCoverageTemplate
== Ceph Signing Key and Binary Downloads ==

## Description. Should contain a high level description and optional low level description along with how the vulnerability can be exploited and the result of exploitation
It was [[http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/|discovered]] that Ceph community sites were compromised. Ceph verified the upstream source that is distributed via http://download.ceph.com/tarballs/ is safe. Ubuntu verified that the source tarballs used in the Ubuntu archive match the verified safe upstream versions. People using ceph packages from the official Ubuntu repositories are not affected.

Those using debs downloaded from Ceph's affected community sites are affected and you should update your APT keys and packages as per [[http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/|Ceph's announcement]].

==== Timeline ====
 * 2015 Sep 09: Ubuntu first became aware of the issue
 * 2015 Sep 17: [[http://ceph.com/releases/important-security-notice-regarding-signing-key-and-binary-downloads-of-ceph/|Ceph announces]] issue to the public


----
CategoryTemplate