Difference between revisions of "SVG:Advisories"
Line 82: | Line 82: | ||
Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC-hub services. | Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC-hub services. | ||
Earlier Advisories: [[SVG:Advisories-SVG-2020 | Advisories from 2020]] | |||
Earlier Advisories: [[SVG:Advisories-SVG-2019 | Advisories from 2019]] | Earlier Advisories: [[SVG:Advisories-SVG-2019 | Advisories from 2019]] |
Revision as of 16:45, 14 January 2021
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
All advisories which are disclosed publicly by SVG are placed on this wiki.
All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI https://www.egi.eu/ Software Vulnerability Group.
A guide to the risk categories is available at Notes On Risk
SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities
Date | Title | Contents/Link | Risk | Status | |
---|---|---|---|---|---|
2020-09-22 updated 2020-10-22 | Privilege escalation vulnerability in recent kernels (e.g. RHEL/CentOS 8) | Advisory-SVG-CVE-2020-14386 | High | Fixed | |
2020-10-20 | Singularity - file overwrite vulnerability | Advisory-SVG-CVE-2020-15229 | Fixed | ||
2020-09-16 | Cache Poisoning Squid Vulnerabilities | Advisory-SVG-2020-16840 | Moderate | Fixed | |
2020-09-09 | Disk Pool Manager (DPM) logging may contain sensitive information | Advisory-SVG-2020-16835 | Moderate | Sites to check | |
2020-08-17 | Vulnerability in dCache macaroon bearer token validation | Advisory-SVG-2020-16806 | Low | Fixed | |
2020-05-04 updated 2020-06-05 | Remote code execution vulnerabilities in Salt master | Advisory-SVG-CVE-2020-11651 | Critical | Fixed | |
2020-03-13 updated 2020-04-28, 2020-06-05 | Vulnerability in IBM GPFS file system | Advisory-SVG-2020-16274 | Critical | Fixed | |
2020-05-06 updated 2020-05-12 | Singularity and unprivileged user namespaces | Advisory-SVG-2020-16648 | N/A | ||
2020-03-23 updated 2020-04-08, 2020-04-16, 2020-04-30 | Vulnerabilities in HTCondor | Advisory-SVG-CVE-2019-18823 | Moderate | Fixed | |
2020-02-11 updated 2020-04-29 | vulnerabilities concerning Squid | Advisory-SVG-2020-16203 | up to CRITICAL | Fixed | |
2019-12-19 updated 2020-02-10 | Singularity File Permission Vulnerability | Advisory-SVG-CVE-2019-19724 | Fixed |
EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.
Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC-hub services.
Earlier Advisories: Advisories from 2020
Earlier Advisories: Advisories from 2019
Earlier Advisories: Advisories from 2018
Earlier Advisories: Advisories from 2017
Earlier Advisories: Advisories from 2016
Earlier Advisories: Advisories from 2014 and 2015
In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.
Earlier Advisories: Advisories from 2011 to 2013
Advisories from prior to 2011 Gridpp Advisories Archive