Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 24: Line 24:


|-
|-
| 2016-12-20 || Linux kernel's IPv6 implementation - mishandled socket options   ||  [[SVG:Advisory-SVG-CVE-2016-3841 | Advisory-SVG-CVE-2016-3841 ]] || High || Fixed ||
| 2017-01-10 || SLURM vulnerability CVE-2016-10030   ||  [[SVG:Advisory-SVG-CVE-2016-10030 | Advisory-SVG-CVE-2016-10030 ]] || High || Fixed ||
|-
|-


|-
| 2016-11-10 updated 2016-12-14 || Linux kernel vulnerability    ||  [[SVG:Advisory-SVG-CVE-2016-7117 | Advisory-SVG-CVE-2016-7117 ]] || High || Heads up ||
|-
|-
| 2016-12-06 ||HIGH risk vulnerabilities concerning Xen ||  [[SVG:Advisory-SVG-CVE-2016-9379 | Advisory-SVG-CVE-2016-9379 ]] || High || Fixed ||
|-
|-
| 2016-11-24 ||VOMS server certificate chain/user validation ||  [[SVG:Advisory-SVG-2016-11495  | Advisory-SVG-2016-11495 ]] || Moderate || Fixed ||
|-
|-
| 2016-10-21 || XSS in DIRAC Webapp and Web portal ||  [[SVG:Advisory-SVG-2016-11107  | Advisory-SVG-2016-11107 ]] || Moderate || Fixed ||
|-
|-
| 2016-10-20 updated 2016-10-26 || Linux kernel privilege escalation ||  [[SVG:Advisory-SVG-CVE-2016-5195  | Advisory-SVG-CVE-2016-5195 ]] || Critical || Fixed ||
|-
|-
| 2016-10-10 || gridsite / canl-c impersonation vulnerability ||  [[SVG:Advisory-SVG-2016-11476  | Advisory-SVG-2016-11476 ]] || Critical || Fixed ||
|-
|-
| 2016-08-25 || KeyStone VOMS does not check CRLs ||  [[SVG:Advisory-SVG-2016-10558  | Advisory-SVG-2016-10558 ]] || Moderate || Fixed ||
|-
|-
| 2016-07-18 ||DIRAC configuration - database passwords visible on dirac interface  ||  [[SVG:Advisory-SVG-2016-11255  | Advisory-SVG-2016-11255 ]] || Up to High || Fixed ||
|-
|-
| 2016-07-15 || Two Perfsonar Vulnerabilities announced by the Perfsonar team ||  [[SVG:Advisory-SVG-2016-11363  | Advisory-SVG-2016-11363 ]] || Moderate || Fixed ||
|-
|-
| 2016-07-12 || dCache READONLY and non-/ user root not enforced ||  [[SVG:Advisory-SVG-2016-11288  | Advisory-SVG-2016-11288 ]] || Moderate || Fixed ||
|-
|-
| 2016-06-20 || STORM WebDAV interface XXE vulnerability  ||  [[SVG:Advisory-SVG-2015-10134  | Advisory-SVG-2015-10134 ]] || Low || Fixed ||
|-
|-
| 2016-06-20 || dCache WebDAV interface XXE vulnerability  ||  [[SVG:Advisory-SVG-2015-10121  | Advisory-SVG-2015-10121 ]] || Low || Fixed ||
|-
|-
| 2016-06-13 || iperf3 used in perfSONAR CVE-2016-4303  ||  [[SVG:Advisory-SVG-CVE-2016-4303  | Advisory-SVG-CVE-2016-4303]] || Critical || Fixed ||
|-
|-
| 2016-06-08 || Vulnerability in IBM's GPFS CVE-2016-0392  ||  [[SVG:Advisory-SVG-CVE-2016-0392  | Advisory-SVG-CVE-2016-0392]] || Critical || Fixed ||
|-
|-
| 2016-06-08 || Arbitrary file overwrite vulnerability in WebAppDIRAC  ||  [[SVG:Advisory-SVG-2016-11033  | Advisory-SVG-2016-11033 ]] || High || Fixed  ||
|-
|-
| 2016-06-08 || dCache configuration issue ||  [[SVG:Advisory-SVG-2016-10837  | Advisory-SVG-2016-10837 ]] || High || (Config)  ||
|-
|-
| 2016-06-08 || LHCb Setup scripts ||  [[SVG:Advisory-SVG-2015-9809  | Advisory-SVG-2015-9809]] || Low || Fixed  ||
|-
|-
| 2016-06-07 || Authorization by user_id to manage VMs does not work in V2.1 Nova API for OpenStack ||  [[SVG:Advisory-SVG-2016-11190  | Advisory-SVG-2016-11190]] || High ||  ||
|-
|-
| 2016-05-25 || Dirac Pilot factory payload verification  ||  [[SVG:Advisory-SVG-2014-7440  | Advisory-SVG-2014-7440]] || Low || Migrating from  ||
|-
|-
| 2016-05-25 || PANDA Pilot factory payload verification  ||  [[SVG:Advisory-SVG-2014-7430  | Advisory-SVG-2014-7430]] || Low || Migrating from  ||
|-
|-
| 2016-04-28 || OpenStack VM management permissions  ||  [[SVG:Advisory-SVG-2016-10636  | Advisory-SVG-2016-10636]] || Moderate || (Config) ||
|-
|-
| 2016-03-11 || NSS heap buffer overflow vulnerability ||  [[SVG:Advisory-SVG-CVE-2016-1950  | Advisory-SVG-CVE-2016-1950]] || Critical || Fixed ||
|-
|-
| 2016-02-17 ||  glibc remote code execution vulnerability - CVE-2015-7547 ||  [[SVG:Advisory-SVG-CVE-2015-7547  | Advisory-SVG-CVE-2015-7547]] || Critical || Fixed ||
|-
|-
| 2016-02-03 ||  Linux Kernel Vulnerability - CVE-2016-0728 ||  [[SVG:Advisory-SVG-2016-10376  | Advisory-SVG-2016-10376 ]] || High || Fixed ||
|-
|-
| 2016-01-05 ||  Linux Kernel Vulnerabilities    ||  [[SVG:Advisory-SVG-2015-CVE-2015-7613 | Advisory-SVG-2015-CVE-2015-7613 ]] || Moderate/High  || Fixed  ||
|-


|}
|}


Advisories from prior to 2011 [https://archive.gridpp.ac.uk/gsvg/advisories/ Gridpp Advisories Archive]
Advisories from prior to 2011 [https://archive.gridpp.ac.uk/gsvg/advisories/ Gridpp Advisories Archive]

Revision as of 13:09, 10 January 2017

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.

All advisories which are disclosed publicly by SVG are placed on this wiki.

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts

and EGI SVG advisories primarily concerned gLite Middleware.


A guide to the risk categories is available at Notes On Risk


Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

Earlier Advisories: Advisories from 2011 to 2013

Date Title Contents/Link Risk Status


2017-01-10 SLURM vulnerability CVE-2016-10030 Advisory-SVG-CVE-2016-10030 High Fixed

Advisories from prior to 2011 Gridpp Advisories Archive

Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=92410"