Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 23: Line 23:


|-
|-
| 2015-12-16 || CREAM Proxy delegation   ||  [[SVG:Advisory-SVG-2014-6980 | Advisory-SVG-2014-6980 ]] || Low || Fixed  ||
| 2016-01-05 || Linux Kernel Vulnerabilities   ||  [[SVG:Advisory-SVG-2015-CVE-2015-7613 | Advisory-SVG-2015-CVE-2015-7613 ]] || Moderate/High || Fixed  ||
|-
|-


|-
| 2015-12-07 || OpenSSL announcement on 3rd December  ||  [[SVG:Advisory-SVG-2015-CVE-2015-3193 | SVG:Advisory-SVG-2015-CVE-2015-3193]]  || Low  || Fixed  ||
|-
|-
| 2015-11-06 || Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat.  ||  [[SVG:Advisory-SVG-2015-CVE-2015-7183 | Advisory-SVG-2015-CVE-2015-7183 ]]  || Critical  || Fixed  ||
|-
|-
| 2015-11-03 || Xen Breakout Vulnerability  ||  [[SVG:Advisory-SVG-2015-CVE-2015-7835 | Advisory-SVG-2015-CVE-2015-7835 ]]
  || Critical  || Fixed  ||
|-
|-
| 2015-10-28 || Various Java CVE's with max CVSS score ||  [[SVG:Advisory-SVG-2015-9707 | Advisory-SVG-2015-9707 ]]
  ||  || Fixed  ||
|-
|-
| 2015-10-26 || Vulnerability in the dCache SRM server module  ||  [[SVG:Advisory-SVG-2015-9495 | Advisory-SVG-2015-9495 ]]
  || High  || Fixed  ||
|-
|-
| 2015-10-13 || Dirac does not check CRLs  ||  [[SVG:Advisory-SVG-2015-8580 | Advisory-SVG-2015-8580 ]]
  || High  || Fixed  ||
|-
|-
| 2015-10-13 ||security notice regarding signing key and binary downloads of Ceph  ||  [[SVG:Advisory-SVG-2015-9517 | Advisory-SVG-2015-9517 ]]
  ||  ||  ||
|-
|-
| 2015-08-18 || VOMs Potential DoS  ||  [[SVG:Advisory-SVG-2014-7159 | Advisory-SVG-2014-7159 ]]
  || Low || Fixed ||
|-
|-
| 2015-08-13 || DIRAC SQL injection vulnerability  ||  [[SVG:Advisory-SVG-2014-7553 | Advisory-SVG-2014-7553 ]]
  || High || Fixed ||
|-
|-
| 2015-07-24 || libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat  ||  [[EGI_CSIRT:Alerts/libuser-2015-07-24  | Alerts/libuser-2015-07-24  ]]
  || Critical || Fixed ||
|-
|-
| 2015-07-13 || OpenSSL release on 9th July - CVE-2015-1793 ||  [[SVG:Advisory-SVG-2015-9065 | Advisory-SVG-2015-9065 ]]
  || N/A || Fixed ||
|-
|-
| 2015-06-23 ||  OpenStack Cinder CVE-2015-1850  ||  [[SVG:Advisory-SVG-2015-8964 | Advisory-SVG-2015-8964 ]]
  || High || Fixed ||
|-
|-
| 2015-06-05 || Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988  ||  [[SVG:Advisory-SVG-2015-8706 | Advisory-SVG-2015-8706 ]]
  || Up to High || Fixed ||
|-
|-
| 2015-05-27 || perfSONAR potential for a remote root exploit (in non-recommended configuration) ||  [[SVG:Advisory-SVG-2015-8479 | Advisory-SVG-2015-8479 ]]
  || High || Fixed ||
|-
|-
| 2015-05-13 || Buffer overflow vulnerability in xrootd client  ||  [[SVG:Advisory-SVG-2015-8464 | Advisory-SVG-2015-8464 ]]
  || Low || Fixed ||
|-
|-
| 2015-04-01 || OpenSSL updates released on 19th March 2015 and VOMS  ||  [[SVG:Advisory-SVG-2015-8343 | Advisory-SVG-2015-8343 ]]
  || Low || Fixed ||
|-
|-
| 2015-03-31 || Unicore command injection vulnerability  ||  [[SVG:Advisory-SVG-2014-7749 | Advisory-SVG-2014-7749 ]]
  || High || Fixed ||
|-
|-
| 2015-03-30 ||  CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts)  ||  [[EGI_CSIRT:Alerts/RedHat-setroubleshoot-2015-03-30  | Alerts/RedHat-setroubleshoot-2015-03-30    ]]
  || Critical || Fixed ||
|-
|-
| 2015-02-20 || EGI SVG Advisory - dCache vulnerability for some access methods  ||  [[SVG:Advisory-SVG-2015-8183 | Advisory-SVG-2015-8183 ]]
  || N/A || Fixed ||
|-
|-
| 2015-02-11 || CVE-2015-1195 OpenStack  ||  [[SVG:Advisory-SVG-2015-8056 | Advisory-SVG-2015-8056 ]]
  || High || Fixed ||
|-
|-
| 2015-02-11 || Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD  ||  [[SVG:Advisory-SVG-2014-7628 | Advisory-SVG-2014-7628 ]]
  || Moderate || Fixed ||
|-
|-
| 2015-01-14 || DPM Wiki instructs insecure configuration if configured 'memcached' ||  [[SVG:Advisory-SVG-2015-7980 | Advisory-SVG-2015-7980 ]]
  || Moderate || Fixed ||
|-
|-
| 2015-01-14 || CVE-2014-5261,  CVE-2014-5262  Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar  ||  [[SVG:Advisory-SVG-2014-7191 | Advisory-SVG-2014-7191 ]]
  || High || Fixed ||
|-
|-
| 2015-01-14 || FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data  ||  [[SVG:Advisory-SVG-2014-7696 | Advisory-SVG-2014-7696 ]]
  || High || Fixed ||
|-
|-
| 2014-11-12 || User introduction of Rogue VMs - Openstack ||  [[SVG:Advisory-SVG-2014-7472 | Advisory-SVG-2014-7472 ]]
  || High || Fixed ||
|-
|-
| 2014-09-29 || Buffer Overflow Vulnerability (Atlas FAX sites) ||  [[SVG:Advisory-SVG-2014-7372 | Advisory-SVG-2014-7372 ]]
  || High || Fixed ||
|-
|-
| 2014-08-06 ||  WMS allows other users to access logging information  ||  [[SVG:Advisory-SVG-2013-5346 | Advisory-SVG-2013-5346 ]]
  || Moderate || Fixed ||
|-
|-
| 2014-08-06 ||  glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory  ||  [[SVG:Advisory-SVG-2013-5560 | Advisory-SVG-2013-5560 ]]
  || Moderate || Fixed ||
|-
|-
| 2014-08-05 || Remote access to dCache configuration information  ||  [[SVG:Advisory-SVG-2014-7009 | Advisory-SVG-2014-7009 ]]
  || Moderate || Fixed ||
|-
|-
| 2014-08-05 || DPM Information Leak Vulnerability  ||  [[SVG:Advisory-SVG-2012-3390 | Advisory-SVG-2012-3390 ]]
  || Low || Fixed ||
|-
|-
| 2014-08-05 || PerfSONAR web interface vulnerabilities  ||  [[SVG:Advisory-SVG-2013-6052 | Advisory-SVG-2013-6052 ]]
  || Moderate || Fixed ||
|-
|-
| 2014-08-05 || FTS3 - Lack of Authorization on config commands ||  [[SVG:Advisory-SVG-2013-5769 | Advisory-SVG-2013-5769 ]]
  || Low || Fixed ||
|-
|-
| 2014-07-17 || Perfsonar 'Cacti' graphs web vulnerability  ||  [[SVG:Advisory-SVG-2014-7162 | Advisory-SVG-2014-7162 ]]
  || Critical || Fixed ||
|-
|-
| 2014-06-23 || EMI WMS Impersonation vulnerability  ||  [[SVG:Advisory-SVG-2013-5331 | Advisory-SVG-2013-5331 ]]
  || High || Fixed ||
|-
|-
| 2014-06-02 ||  DPM version in EPEL  ||  [[SVG:Advisory-SVG-2014-6963 | Advisory-SVG-2014-6963 ]]
  || High || Fixed ||
|-
|-
| 2014-04-10 || WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016  ||  [[SVG:Advisory-SVG-2014-6884 | Advisory-SVG-2014-6884 ]]
  || Critical || Fixed ||
|-
|-
| 2014-04-08 || OpenSSL "Heartbleed" vulnerability CVE-2014-0160 (Link to CSIRT alert) ||  [[EGI_CSIRT:Alerts/OpenSSL-2014-04-08| OpenSSL-2014-04-08]] || Critical || Fixed ||
|-
|-
| 2014-03-27 || Torque Vulnerability: arbitrary code execution via job submission || [[SVG:Advisory-SVG-2014-6627 | Advisory-SVG-2014-6627 ]]
|| High || Fixed ||
|-
|-
| 2014-03-25 || Vulnerabilities in STORM || [[SVG:Advisory-SVG-2013-6116 | Advisory-SVG-2013-6116 ]]
|| High || Fixed ||
|-
|-
| 2014-02-13 ||  Results of CREAM vulnerability Assessment || [[SVG:Advisory-SVG-2013-5813 | Advisory-SVG-2013-5813 ]]
|| High || Fixed ||
|-




|}
|}

Revision as of 16:59, 5 January 2016

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.

All advisories which are disclosed publicly by SVG are placed on this wiki.

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts

and EGI SVG advisories primarily concerned gLite Middleware.


A guide to the risk categories is available at Notes On Risk

Earlier Advisories: Advisories from 2014 and 2015

Earlier Advisories: Advisories from 2011 to 2013

Date Title Contents/Link Risk Status



2016-01-05 Linux Kernel Vulnerabilities Advisory-SVG-2015-CVE-2015-7613 Moderate/High Fixed
Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=85316"