Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:Advisories

From EGIWiki
Revision as of 15:01, 22 August 2017 by Cornwall (talk | contribs)
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisories


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk


Date Title Contents/Link Risk Status
2017-08-22 XROOTD potential for remote code execution Advisory-SVG-2017-12728 Low Fixed
2017-08-22 Old dCache "gridftp door" re-introduced Advisory-SVG-2015-9323 Moderate Fixed
2017-08-07 VOMS Admin allows VO membership requests from users without a certificate Advisory-SVG-2016-11839 Low Fixed
2017-08-07 ARC 5.2.1 World Writeable log directory Advisory-SVG-2017-12319 Moderate Fixed
2017-03-20 updated 2017-03-27, 2017-07-04 Vulnerability concerning VOMS Admin Advisory-SVG-2017-12543 Critical Fixed
2017-06-21 updated 2017-07-11 Stack clash memory allocation vulnerability Advisory-SVG-CVE-2017-1000364 High Fixed
2017-06-06 NSS out of bounds write flaw Advisory-SVG-CVE-2017-5461 High Fixed
2017-06-06 sudo local root vulnerability Advisory-SVG-CVE-2017-1000367 Moderate Fixed
2017-03-24 updated 2017-06-01 canl-c impersonation vulnerability Advisory-SVG-2017-12276 High Fixed
2017-04-07 updated 2017-06-01 OpenStack Vulnerable Configuration problem Advisory-SVG-2017-12680 (Check)
2017-06-01 Qemu and Xen guest escape issues CVE-2016-9603 and others Advisory-SVG-CVE-2016-9603 Up to High Fixed
2017-05-17 Intel AMT Vulnerability Advisory-SVG-CVE-2017-5689 (Check)
2017-03-09 updated 2017-04-27 Linux Kernel (n_hdlc module) privilege escalation vulnerability Advisory-SVG-CVE-2017-2636 High Fixed
2017-02-28 Linux Kernel (DCCP module) privilege escalation vulnerability Advisory-SVG-CVE-2017-6074 High Fixed
2017-02-17 Singularity container escape vulnerability Advisory-SVG-2017-12381 Up to High Fixed
2017-02-13 Attacks on Hadoop installations - check configuration Advisory-SVG-2017-12931 (Check)
2017-02-01 Ansible input validation vulnerability Advisory-SVG-CVE-2016-9587 Up to High Fixed
2016-11-10 updated 2016-12-14, 2017-01-13 Linux kernel vulnerability Advisory-SVG-CVE-2016-7117 High Fixed
2017-01-11 OpenStack Nova Metadata leak -sites should check Advisory-SVG-2016-12231 (check)
2017-01-10 SLURM vulnerability CVE-2016-10030 Advisory-SVG-CVE-2016-10030 High Fixed

EGI SVG produces advisories according to the EGI SVG issue handling procedure, which was revised in autumn 2015.

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013


Advisories from prior to 2011 Gridpp Advisories Archive