Difference between revisions of "SVG:Advisories"
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
|- | |- | ||
| 2018-05-16 update 2018-05-08 || Command injection via DHCP response || [[SVG:Advisory-SVG-2018-1111 | Advisory-SVG-2018-1111 ]] || Critical || Fixed || | | 2018-05-16 update 2018-05-08 || Command injection via DHCP response || [[SVG:Advisory-SVG-CVE-2018-1111 | Advisory-SVG-CVE-2018-1111 ]] || Critical || Fixed || | ||
|- | |- | ||
|- | |- | ||
| 2018-05-16 || multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) || [[SVG:Advisory-SVG-2018-8897 | Advisory-SVG-2018-8897 ]] || Moderate || Fixed || | | 2018-05-16 || multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) || [[SVG:Advisory-SVG-CVE-2018-8897 | Advisory-SVG-CVE-2018-8897 ]] || Moderate || Fixed || | ||
|- | |- | ||
Revision as of 15:42, 16 May 2018
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisories
All advisories which are disclosed publicly by SVG are placed on this wiki.
A guide to the risk categories is available at Notes On Risk
Date | Title | Contents/Link | Risk | Status |
|
---|---|---|---|---|---|
2018-05-16 update 2018-05-08 | Command injection via DHCP response | Advisory-SVG-CVE-2018-1111 | Critical | Fixed | |
2018-05-16 | multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) | Advisory-SVG-CVE-2018-8897 | Moderate | Fixed | |
2018-04-14 update 2018-05-08 | DPM SRM Buffer Overflow | Advisory-SVG-2017-13915 | Moderate | Fixed | |
2018-04-13 | MySQL Server compromise | Advisory-SVG-CVE-2018-2562 | Up to High | ||
2018-03-22 update 2018-04-13 | Vulnerability concerning SLURM | Advisory-SVG-CVE-2018-7033 | Up to Critical | Fixed | |
2018-03-28 | data-channel encryption is not enforced in gridftp | Advisory-SVG-2018-14117 | Alert | ||
2018-03-05 update 2018-03-19 | Vulnerability in Singularity 2.3.2 allowing escape from the container | Advisory-SVG-2018-14145 | High | Fixed | |
2018-03-05 update 2018-03-19 | Image mounting via Singularity | Advisory-SVG-2018-13999 | Alert | ||
2018-02-23 update 2018-03-19, 2018-05-16 | linux kernel 'use-after-free' flaw in XFRM | Advisory-SVG-CVE-2017-16939 | Alert | ||
2018-02-07 update 2018-03-05 | VOMS Admin privilege escalation vulnerability | Advisory-SVG-2017-13249 | Moderate | Fixed | |
2018-02-12 | ROBOT attack - Various Vulnerabilities | Advisory-SVG-2017-13925 | (Information) | ||
2018-01-23 | CPU speculative execution vulnerabilities (Meltdown and Spectre) | Advisory-SVG-CVE-2017-5753 | Critical | Ongoing |
EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.
Earlier Advisories: Advisories from 2017
Earlier Advisories: Advisories from 2016
Earlier Advisories: Advisories from 2014 and 2015
In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.
Earlier Advisories: Advisories from 2011 to 2013
Advisories from prior to 2011 Gridpp Advisories Archive