Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 9: Line 9:
[[SVG:Speculative Execution Vulnerabilities | SVG Speculative execution vulnerabilities ]]
[[SVG:Speculative Execution Vulnerabilities | SVG Speculative execution vulnerabilities ]]


This may be useful to sites in conjunction with the advisories[[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]], [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]], and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620]]  below.
This may be useful to sites in conjunction with the advisories[[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]], [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]], and [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620]]  from 2018.  


{| {{egi-table}}
{| {{egi-table}}
Line 17: Line 17:
|  2019-01-10 ||  systemd-journald vulnerabilities  
|  2019-01-10 ||  systemd-journald vulnerabilities  
   || [[SVG:Advisory-SVG-2019-15258| Advisory-SVG-2019-15258 ]] || Up to Critical ||Heads Up ||
   || [[SVG:Advisory-SVG-2019-15258| Advisory-SVG-2019-15258 ]] || Up to Critical ||Heads Up ||
|-
|-
|  2018-12-13 updated 2019-01-03 ||  Vulnerability in Singularity on CentOS/EL7
  || [[SVG:Advisory-SVG-CVE-2018-19295| Advisory-SVG-CVE-2018-19295 ]] || Critical || Fixed ||
|-
|-
|  2018-12-19 ||  VMware integer overflow vulnerability
  || [[SVG:Advisory-SVG-CVE-2018-6983| Advisory-SVG-CVE-2018-6983 ]] || Alert || Fixed ||
|-
|-
|  2018-12-14 ||  Remote authenticated DoS on CREAM-CE
  || [[SVG:Advisory-SVG-2017-12435| Advisory-SVG-2017-12435 ]] || Low || Fixed ||
|-
|-
|  2018-12-06 || Kubernetes privilege escalation vulnerability  || [[SVG:Advisory-SVG-CVE-2018-1002105 | Advisory-SVG-CVE-2018-1002105 ]] || Critical || Fixed ||
|-
|-
|  2018-10-24 || VMware out of bounds read vulnerability    || [[SVG:Advisory-SVG-CVE-2018-6974 | Advisory-SVG-CVE-2018-6974 ]] || Alert Critical || Fixed ||
|-
|-
|  2018-10-18 update 2018-10-23||  Multiple Oracle Database and other Oracle Vulnerabilities  || [[SVG:Advisory-SVG-CVE-2018-3259 | Advisory-SVG-CVE-2018-3259 ]] || Alert Critical || Fixed ||
|-
|-
|  2018-10-03||  Vulnerability in RedHat Ceph Storage 2.5  || [[SVG:Advisory-SVG-CVE-2018-14649 | Advisory-SVG-CVE-2018-14649 ]] || Alert Critical || Fixed ||
|-
|-
|  2018-09-27 update 2018-10-03, 2018-10-11||  Integer overflow vulnerability in the Linux kernel's create_elf_tables() function.  || [[SVG:Advisory-SVG-CVE-2018-14634 | Advisory-SVG-CVE-2018-14634 ]] || Critical || Fixed ||
|-
|-
|  2018-09-04 || L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors || [[SVG:Advisory-SVG-CVE-2018-3620 | Advisory-SVG-CVE-2018-3620 ]] || High || Fixed ||
|-
|-
|  2018-08-17 || cobbler vulnerability: CobblerXMLRPCInterface exports all its methods over XMLRPC  ||  [[SVG:Advisory-SVG-CVE-2018-10931 | Advisory-SVG-CVE-2018-10931 ]] || Critical || Fixed ||
|-
|-
|  2018-08-17 ||  Oracle Database Vulnerability    ||  [[SVG:Advisory-SVG-CVE-2018-3110 | Advisory-SVG-CVE-2018-3110 ]] || Critical || Fixed ||
|-
|-
|  2018-07-05, updated 2018-07-09, 2018-07-20 || Singularity vulnerability allowing access to protected files  ||  [[SVG:Advisory-SVG-CVE-2018-12021 | Advisory-SVG-CVE-2018-12021 ]] || Critical || Fixed ||
|-
|-
|  2018-03-28 update 2018-07-20  ||data-channel encryption is not enforced in gridftp    ||  [[SVG:Advisory-SVG-2018-14117  | Advisory-SVG-2018-14117 ]] || Alert ||  ||
|-
|-
|  2018-05-24 ||  Kernel Side-Channel Attack using Speculative Store Bypass vulnerability  ||  [[SVG:Advisory-SVG-CVE-2018-3639 | Advisory-SVG-CVE-2018-3639 ]] || High || Fixed ||
|-
|-
|  2018-03-26 update 2018-05-24 ||  glibc vulnerability  ||  [[SVG:Advisory-SVG-CVE-2018-1000001 | Advisory-SVG-CVE-2018-1000001 ]] || Up to Critical || Fixed ||
|-
|-
|  2018-04-30 update 2018-05-23 || Local privilege escalation using singularity ||  [[SVG:Advisory-SVG-2018-14311 | Advisory-SVG-2018-14311 ]] || Critical || Fixed ||
|-
|-
|  2018-03-29 update 2018-05-23 ||Singularity can be tricked to create directories and files outside the container.  ||  [[SVG:Advisory-SVG-2018-14213 | Advisory-SVG-2018-14213 ]] || Critical || Fixed ||
|-
|-
|  2018-05-16 || Command injection via DHCP response ||  [[SVG:Advisory-SVG-CVE-2018-1111 | Advisory-SVG-CVE-2018-1111 ]] || Critical || Fixed ||
|-
|-
|  2018-05-16  ||  multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939)  ||  [[SVG:Advisory-SVG-CVE-2018-8897  | Advisory-SVG-CVE-2018-8897 ]] || Moderate || Fixed ||
|-
|-
|  2018-04-14 update 2018-05-08 || DPM SRM Buffer Overflow    ||  [[SVG:Advisory-SVG-2017-13915 | Advisory-SVG-2017-13915 ]] || Moderate || Fixed ||
|-
|-
|  2018-04-13 || MySQL Server compromise  ||  [[SVG:Advisory-SVG-CVE-2018-2562 | Advisory-SVG-CVE-2018-2562 ]] || Up to High ||  ||
|-
|-
|  2018-03-22 update 2018-04-13 || Vulnerability concerning SLURM  ||  [[SVG:Advisory-SVG-CVE-2018-7033  | Advisory-SVG-CVE-2018-7033 ]] || Up to Critical || Fixed ||
|-
|-
|  2018-03-05 update 2018-03-19 || Vulnerability in Singularity 2.3.2 allowing escape from the container    ||  [[SVG:Advisory-SVG-2018-14145  | Advisory-SVG-2018-14145 ]] || High || Fixed ||
|-
|-
|  2018-03-05 update 2018-03-19 || Image mounting via Singularity  ||  [[SVG:Advisory-SVG-2018-13999  | Advisory-SVG-2018-13999 ]] || Alert ||  ||
|-
|-
|  2018-02-23 update 2018-03-19, 2018-05-16 || linux kernel 'use-after-free' flaw in XFRM  ||  [[SVG:Advisory-SVG-CVE-2017-16939  | Advisory-SVG-CVE-2017-16939 ]] || Alert ||  ||
|-
|-
|  2018-02-07 update 2018-03-05 || VOMS Admin privilege escalation vulnerability    ||  [[SVG:Advisory-SVG-2017-13249  | Advisory-SVG-2017-13249 ]] || Moderate || Fixed ||
|-
|-
|  2018-02-12 ||  ROBOT attack - Various Vulnerabilities ||  [[SVG:Advisory-SVG-2017-13925  | Advisory-SVG-2017-13925 ]] || (Information) || ||
|-
|-
|  2018-01-23 || CPU speculative execution vulnerabilities (Meltdown and Spectre) ||  [[SVG:Advisory-SVG-CVE-2017-5753  | Advisory-SVG-CVE-2017-5753 ]] || Critical || Ongoing ||
|-
|-


Revision as of 16:27, 14 January 2019

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisories Advisory-SVG-CVE-2017-5753 , Advisory-SVG-CVE-2018-3639 , and Advisory-SVG-CVE-2018-3620 from 2018.

Date Title Contents/Link Risk Status
2019-01-10 systemd-journald vulnerabilities Advisory-SVG-2019-15258 Up to Critical Heads Up

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Earlier Advisories: Advisories from 2018

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013


Advisories from prior to 2011 Gridpp Advisories Archive

Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:Advisories&oldid=100921"