Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 16: Line 16:
|-
|-
|  2019-07-10 ||  ZeroMQ Vulnerability   
|  2019-07-10 ||  ZeroMQ Vulnerability   
   || [[SVG:Advisory-SVG-CVE-13132 | Advisory-SVG-CVE-13132 ]] || Alert ||  ||
   || [[SVG:Advisory-SVG-CVE-2019-13132 | Advisory-SVG-CVE-2019-13132 ]] || Alert ||  ||
|-
|-



Revision as of 10:27, 10 July 2019

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisories Advisory-SVG-CVE-2017-5753 , Advisory-SVG-CVE-2018-3639 , and Advisory-SVG-CVE-2018-3620 from 2018.

Date Title Contents/Link Risk Status
2019-07-10 ZeroMQ Vulnerability Advisory-SVG-CVE-2019-13132 Alert
2019-06-20 Linux Kernel DOS vulnerability: TCP SACK panic Advisory-SVG-CVE-2019-11477 Alert
2019-05-16 updated 2019-06-20 Singularity Vulnerability announced by the Singularity team Advisory-SVG-CVE-2019-11328 High Fixed
2019-05-29 Docker symlink-race attack Advisory-SVG-CVE-2018-15664 Alert
2019-05-16 Microarchitectural Store Buffer Data vulnerability affecting Intel Processors Advisory-SVG-CVE-2018-12126 High Fixed
2019-02-13 updated 2019-03-01 runc malicious container escape affecting Docker, Kubernetes, lxc Advisory-SVG-CVE-2019-5736 Critical
2019-01-10 updated 2019-01-15, 2019-05-14 systemd-journald vulnerabilities Advisory-SVG-2019-15258 Up to Critical Heads Up

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC-hub services.

Earlier Advisories: Advisories from 2018

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013


Advisories from prior to 2011 Gridpp Advisories Archive