From EGIWiki
Revision as of 12:38, 21 October 2020 by Cornwall (talk | contribs)
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


All advisories which are disclosed publicly by SVG are placed on this wiki.

All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI Software Vulnerability Group.

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

Date Title Contents/Link Risk Status
2020-10-20 Singularity - file overwrite vulnerability Advisory-SVG-CVE-2020-15299 Fixed
2020-09-22 Privilege escalation vulnerability in recent kernels (e.g. RHEL/CentOS 8) Advisory-SVG-CVE-2020-14386 High Mitigation Recommended
2020-09-16 Cache Poisoning Squid Vulnerabilities Advisory-SVG-2020-16840 Moderate Fixed
2020-09-09 Disk Pool Manager (DPM) logging may contain sensitive information Advisory-SVG-2020-16835 Moderate Sites to check
2020-08-17 Vulnerability in dCache macaroon bearer token validation Advisory-SVG-2020-16806 Low Fixed
2020-05-04 updated 2020-06-05 Remote code execution vulnerabilities in Salt master Advisory-SVG-CVE-2020-11651 Critical Fixed
2020-03-13 updated 2020-04-28, 2020-06-05 Vulnerability in IBM GPFS file system Advisory-SVG-2020-16274 Critical Fixed
2020-05-06 updated 2020-05-12 Singularity and unprivileged user namespaces Advisory-SVG-2020-16648 N/A
2020-03-23 updated 2020-04-08, 2020-04-16, 2020-04-30 Vulnerabilities in HTCondor Advisory-SVG-CVE-2019-18823 Moderate Fixed
2020-02-11 updated 2020-04-29 vulnerabilities concerning Squid Advisory-SVG-2020-16203 up to CRITICAL Fixed
2019-12-19 updated 2020-02-10 Singularity File Permission Vulnerability Advisory-SVG-CVE-2019-19724 Fixed

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC-hub services.

Earlier Advisories: Advisories from 2019

Earlier Advisories: Advisories from 2018

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013

Advisories from prior to 2011 Gridpp Advisories Archive