SVG:Advisory-SVG-2012-4670
Jump to navigation
Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2012-4670
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI SVG ADVISORY [EGI-SVG-2012-4670] Title: EGI SVG Advisory 'Moderate' Risk DPM buffer overflow in SRM v2.2 endpoint Date: 2013-02-19 URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-4670 Introduction ============ A buffer overflow vulnerability has found in DPM in SRM v2.2 endpoint A new version of DPM which resolves these vulnerabilities is now available in the in the EMI-1 and EMI-2 distributions. This version is also available in EGI UMD-1 and EGI UMD-2. Details ======= A buffer overflow vulnerability has been found in DPM in the SRM v2.2 endpoint Risk category ============= This issue has been assessed as "Moderate" risk by the EGI SVG Risk Assessment Team. Affected software ================= DPM version 1.8.4 available both in the EMI 2 distribution and the EGI UMD 2 distribution. DPM version 1.8.2 available both in the EMI 1 distribution and the EGI UMD 1 distribution This vulnerability has been fixed in DPM 1.8.6 as available in EMI 1 Update 23 and EMI 2 Update 8. The package has also been released in EGI UMD-1 Release 1.10.0 http://repository.egi.eu/2013/02/19/release-umd-1-10-0/ and UMD-2 Release 2.4.0 http://repository.egi.eu/2013/02/18/release-umd-2-4-0/ Component installation information ================================== The official repository for the distribution of grid middleware for EGI sites is repository.egi.eu which contains the EGI Unified Middleware Distribution (UMD). Sites using the EGI UMD should see: http://repository.egi.eu/category/umd_releases/distribution/umd-2/ http://repository.egi.eu/category/umd_releases/distribution/umd_1/ Sites installing directly from EMI should see: http://www.eu-emi.eu/emi-2-matterhorn/updates/ http://www.eu-emi.eu/emi-1-kebnekaise-updates/ Recommendations =============== Sites are recommended to update relevant components. Credit ====== This vulnerability was reported to SVG by Eygene Ryabinkin Timeline ======== Yyyy-mm-dd 2012-11-19 Vulnerability reported by to SVG by Eygene Ryabinkin 2012-11-19 Acknowledgement from the EGI SVG to the reporter 2012-11-21 Assessment by the EGI Software Vulnerability Group reported to the software providers 2013-01-28 Updated packages available in the EMI distribution 2013-02-19 Updated packages available in the EGI UMD-1 and EGI UMD-2 2013-02-19 Public disclosure