Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SVG:Advisories"

From EGIWiki
Jump to navigation Jump to search
Line 13: Line 13:
|  2018-07-05, updated 2018-07-09, 2018-07-20 || Singularity vulnerability allowing access to protected files  ||  [[SVG:Advisory-SVG-CVE-2018-12021 | Advisory-SVG-CVE-2018-12021 ]] || Critical || Fixed ||
|  2018-07-05, updated 2018-07-09, 2018-07-20 || Singularity vulnerability allowing access to protected files  ||  [[SVG:Advisory-SVG-CVE-2018-12021 | Advisory-SVG-CVE-2018-12021 ]] || Critical || Fixed ||
|-
|-
|-
|  2018-03-28 update 2018-07-20  ||data-channel encryption is not enforced in gridftp    ||  [[SVG:Advisory-SVG-2018-14117  | Advisory-SVG-2018-14117 ]] || Alert ||  ||
|-


|-
|-
Line 53: Line 58:
|  2018-03-22 update 2018-04-13 || Vulnerability concerning SLURM  ||  [[SVG:Advisory-SVG-CVE-2018-7033  | Advisory-SVG-CVE-2018-7033 ]] || Up to Critical || Fixed ||
|  2018-03-22 update 2018-04-13 || Vulnerability concerning SLURM  ||  [[SVG:Advisory-SVG-CVE-2018-7033  | Advisory-SVG-CVE-2018-7033 ]] || Up to Critical || Fixed ||
|-
|-
|-
|  2018-03-28 update 2018-07-20  ||data-channel encryption is not enforced in gridftp    ||  [[SVG:Advisory-SVG-2018-14117  | Advisory-SVG-2018-14117 ]] || Alert ||  ||
|-


|-
|-

Revision as of 09:06, 23 July 2018

Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk


Date Title Contents/Link Risk Status
2018-07-05, updated 2018-07-09, 2018-07-20 Singularity vulnerability allowing access to protected files Advisory-SVG-CVE-2018-12021 Critical Fixed
2018-03-28 update 2018-07-20 data-channel encryption is not enforced in gridftp Advisory-SVG-2018-14117 Alert
2018-05-24 Kernel Side-Channel Attack using Speculative Store Bypass vulnerability Advisory-SVG-CVE-2018-3639 High Fixed
2018-03-26 update 2018-05-24 glibc vulnerability Advisory-SVG-CVE-2018-1000001 Up to Critical Fixed
2018-04-30 update 2018-05-23 Local privilege escalation using singularity Advisory-SVG-2018-14311 Critical Fixed
2018-03-29 update 2018-05-23 Singularity can be tricked to create directories and files outside the container. Advisory-SVG-2018-14213 Critical Fixed
2018-05-16 Command injection via DHCP response Advisory-SVG-CVE-2018-1111 Critical Fixed
2018-05-16 multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) Advisory-SVG-CVE-2018-8897 Moderate Fixed
2018-04-14 update 2018-05-08 DPM SRM Buffer Overflow Advisory-SVG-2017-13915 Moderate Fixed
2018-04-13 MySQL Server compromise Advisory-SVG-CVE-2018-2562 Up to High
2018-03-22 update 2018-04-13 Vulnerability concerning SLURM Advisory-SVG-CVE-2018-7033 Up to Critical Fixed
2018-03-05 update 2018-03-19 Vulnerability in Singularity 2.3.2 allowing escape from the container Advisory-SVG-2018-14145 High Fixed
2018-03-05 update 2018-03-19 Image mounting via Singularity Advisory-SVG-2018-13999 Alert
2018-02-23 update 2018-03-19, 2018-05-16 linux kernel 'use-after-free' flaw in XFRM Advisory-SVG-CVE-2017-16939 Alert
2018-02-07 update 2018-03-05 VOMS Admin privilege escalation vulnerability Advisory-SVG-2017-13249 Moderate Fixed
2018-02-12 ROBOT attack - Various Vulnerabilities Advisory-SVG-2017-13925 (Information)
2018-01-23 CPU speculative execution vulnerabilities (Meltdown and Spectre) Advisory-SVG-CVE-2017-5753 Critical Ongoing

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013


Advisories from prior to 2011 Gridpp Advisories Archive