Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
(Deprecate and redirect page)
Tag: Replaced
 
(134 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{svg-header}}
{{DeprecatedAndMovedTo|new_location=https://advisories.egi.eu/}}
 
 
All advisories which are disclosed publicly by SVG are placed on this wiki.
 
A guide to the risk categories is available at  [[SVG:Notes On Risk | Notes On Risk]]
 
 
{| {{egi-table}}
!Date !! Title !! Contents/Link !! Risk !!  Status !!
 
|-
| 2017-08-22 || XROOTD potential for remote code execution ||  [[SVG:Advisory-SVG-2017-12728  | Advisory-SVG-2017-12728  ]] || Low || Fixed ||
|-
 
 
|-
| 2017-08-22 || Old dCache "gridftp door" re-introduced  ||  [[SVG:Advisory-SVG-2015-9323  | Advisory-SVG-2015-9323  ]] || Moderate || Fixed ||
|-
 
 
|-
| 2017-08-07 || VOMS Admin allows VO membership requests from users without a certificate  ||  [[SVG:Advisory-SVG-2016-11839  | Advisory-SVG-2016-11839  ]] || Low || Fixed ||
|-
 
|-
| 2017-08-07 || ARC 5.2.1 World Writeable log directory ||  [[SVG:Advisory-SVG-2017-12319  | Advisory-SVG-2017-12319  ]] || Moderate|| Fixed ||
|-
 
 
|-
| 2017-03-20 updated 2017-03-27, 2017-07-04  ||  Vulnerability concerning VOMS Admin    ||  [[SVG:Advisory-SVG-2017-12543  | Advisory-SVG-2017-12543  ]] || Critical || Fixed ||
|-
 
|-
| 2017-06-21 updated 2017-07-11  || Stack clash memory allocation vulnerability  ||  [[SVG:Advisory-SVG-CVE-2017-1000364  | Advisory-SVG-CVE-2017-1000364  ]] || High || Fixed ||
|-
 
 
|-
| 2017-06-06  || NSS out of bounds write flaw  ||  [[SVG:Advisory-SVG-CVE-2017-5461  | Advisory-SVG-CVE-2017-5461  ]] || High || Fixed ||
|-
 
 
|-
| 2017-06-06  ||  sudo local root vulnerability  ||  [[SVG:Advisory-SVG-CVE-2017-1000367  | Advisory-SVG-CVE-2017-1000367  ]] || Moderate || Fixed ||
|-
 
 
|-
| 2017-03-24 updated 2017-06-01  || canl-c impersonation vulnerability  ||  [[SVG:Advisory-SVG-2017-12276  | Advisory-SVG-2017-12276  ]] || High || Fixed ||
|-
 
 
 
|-
| 2017-04-07 updated 2017-06-01  || OpenStack Vulnerable Configuration problem  ||  [[SVG:Advisory-SVG-2017-12680  | Advisory-SVG-2017-12680  ]] ||  || (Check) ||
|-
 
 
|-
| 2017-06-01  || Qemu and Xen guest escape issues CVE-2016-9603 and others  ||  [[SVG:Advisory-SVG-CVE-2016-9603 | Advisory-SVG-CVE-2016-9603 ]] || Up to High || Fixed ||
|-
 
 
 
|-
| 2017-05-17  || Intel AMT  Vulnerability  ||  [[SVG:Advisory-SVG-CVE-2017-5689 | Advisory-SVG-CVE-2017-5689 ]] ||  || (Check) ||
|-
 
|-
| 2017-03-09 updated 2017-04-27  || Linux Kernel (n_hdlc module) privilege escalation vulnerability  ||  [[SVG:Advisory-SVG-CVE-2017-2636 | Advisory-SVG-CVE-2017-2636 ]] || High || Fixed  ||
|-
 
 
 
|-
| 2017-02-28  || Linux Kernel (DCCP module) privilege escalation vulnerability  ||  [[SVG:Advisory-SVG-CVE-2017-6074 | Advisory-SVG-CVE-2017-6074 ]] || High || Fixed  ||
|-
 
 
|-
| 2017-02-17  || Singularity container escape vulnerability ||  [[SVG:Advisory-SVG-2017-12381 | Advisory-SVG-2017-12381 ]] || Up to High || Fixed  ||
|-
 
 
|-
| 2017-02-13  || Attacks on Hadoop installations - check configuration  ||  [[SVG:Advisory-SVG-2017-12931 | Advisory-SVG-2017-12931 ]] ||  || (Check) ||
|-
 
 
|-
| 2017-02-01  || Ansible input validation vulnerability  ||  [[SVG:Advisory-SVG-CVE-2016-9587 | Advisory-SVG-CVE-2016-9587 ]] || Up to High || Fixed ||
|-
 
 
|-
| 2016-11-10 updated 2016-12-14, 2017-01-13 || Linux kernel vulnerability    ||  [[SVG:Advisory-SVG-CVE-2016-7117 | Advisory-SVG-CVE-2016-7117 ]] || High || Fixed ||
|-
 
 
|-
| 2017-01-11 ||  OpenStack Nova Metadata leak -sites should check  ||  [[SVG:Advisory-SVG-2016-12231 | Advisory-SVG-2016-12231 ]] ||  || (check) ||
|-
 
|-
| 2017-01-10 ||  SLURM vulnerability CVE-2016-10030  ||  [[SVG:Advisory-SVG-CVE-2016-10030 | Advisory-SVG-CVE-2016-10030 ]] || High || Fixed ||
|-
 
 
|}
 
EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.
 
Earlier Advisories:  [[SVG:Advisories-SVG-2016 | Advisories from 2016]]
 
Earlier Advisories:  [[SVG:Advisories-SVG-2014-2015 | Advisories from 2014 and 2015 ]]
 
In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts
and EGI SVG advisories primarily concerned gLite Middleware. 
 
Earlier Advisories: [[SVG:Advisories-SVG-2011-2013 | Advisories from 2011 to 2013 ]]
 
 
 
Advisories from prior to 2011 [https://archive.gridpp.ac.uk/gsvg/advisories/ Gridpp Advisories Archive]

Latest revision as of 15:15, 24 June 2022

Alert.png This article is Deprecated and has been moved to https://advisories.egi.eu/.


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=113877"