Difference between revisions of "SVG:Advisory-SVG-2012-4670"
Jump to navigation
Jump to search
(Created page with "{{svg-header}} <pre> Placeholder for 4670. This is in work. </pre>") |
|||
Line 2: | Line 2: | ||
<pre> | <pre> | ||
** WHITE information - Unlimited distribution allowed ** | |||
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** | |||
EGI SVG ADVISORY [EGI-SVG-2012-4670] | |||
Title: EGI SVG Advisory 'Moderate' Risk DPM buffer overflow in SRM v2.2 endpoint | |||
Date: 2013-02-19 | |||
URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-4670 | |||
Introduction | |||
============ | |||
A buffer overflow vulnerability has found in DPM in SRM v2.2 endpoint | |||
A new version of DPM which resolves these vulnerabilities is now available in the in the EMI-1 and EMI-2 distributions. | |||
This version is also available in EGI UMD-1 and EGI UMD-2. | |||
Details | |||
======= | |||
A buffer overflow vulnerability has been found in DPM in the SRM v2.2 endpoint | |||
Risk category | |||
============= | |||
This issue has been assessed as "Moderate" risk by the EGI SVG Risk Assessment Team. | |||
Affected software | |||
================= | |||
DPM version 1.8.4 available both in the EMI 2 distribution and the EGI UMD 2 distribution. | |||
DPM version 1.8.2 available both in the EMI 1 distribution and the EGI UMD 1 distribution | |||
This vulnerability has been fixed in DPM 1.8.6 as available in EMI 1 Update 23 and EMI 2 Update 8. | |||
The package has also been released in EGI UMD-1 Release 1.10.0 http://repository.egi.eu/2013/02/19/release-umd-1-10-0/ | |||
and UMD-2 Release 2.4.0 | |||
http://repository.egi.eu/2013/02/18/release-umd-2-4-0/ | |||
Component installation information | |||
================================== | |||
The official repository for the distribution of grid middleware for EGI sites is | |||
repository.egi.eu which contains the EGI Unified Middleware Distribution (UMD). | |||
Sites using the EGI UMD should see: | |||
http://repository.egi.eu/category/umd_releases/distribution/umd-2/ | |||
http://repository.egi.eu/category/umd_releases/distribution/umd_1/ | |||
Sites installing directly from EMI should see: | |||
http://www.eu-emi.eu/emi-2-matterhorn/updates/ | |||
http://www.eu-emi.eu/emi-1-kebnekaise-updates/ | |||
Recommendations | |||
=============== | |||
Sites are recommended to update relevant components. | |||
Credit | |||
====== | |||
This vulnerability was reported to SVG by Eygene Ryabinkin | |||
Timeline | |||
======== | |||
Yyyy-mm-dd | |||
2012-11-19 Vulnerability reported by to SVG by Eygene Ryabinkin | |||
2012-11-19 Acknowledgement from the EGI SVG to the reporter | |||
2012-11-21 Assessment by the EGI Software Vulnerability Group reported to the software providers | |||
2013-01-28 Updated packages available in the EMI distribution | |||
2013-02-19 Updated packages available in the EGI UMD-1 and EGI UMD-2 | |||
2013-02-19 Public disclosure | |||
</pre> | </pre> |
Revision as of 17:13, 19 February 2013
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2012-4670
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI SVG ADVISORY [EGI-SVG-2012-4670] Title: EGI SVG Advisory 'Moderate' Risk DPM buffer overflow in SRM v2.2 endpoint Date: 2013-02-19 URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-4670 Introduction ============ A buffer overflow vulnerability has found in DPM in SRM v2.2 endpoint A new version of DPM which resolves these vulnerabilities is now available in the in the EMI-1 and EMI-2 distributions. This version is also available in EGI UMD-1 and EGI UMD-2. Details ======= A buffer overflow vulnerability has been found in DPM in the SRM v2.2 endpoint Risk category ============= This issue has been assessed as "Moderate" risk by the EGI SVG Risk Assessment Team. Affected software ================= DPM version 1.8.4 available both in the EMI 2 distribution and the EGI UMD 2 distribution. DPM version 1.8.2 available both in the EMI 1 distribution and the EGI UMD 1 distribution This vulnerability has been fixed in DPM 1.8.6 as available in EMI 1 Update 23 and EMI 2 Update 8. The package has also been released in EGI UMD-1 Release 1.10.0 http://repository.egi.eu/2013/02/19/release-umd-1-10-0/ and UMD-2 Release 2.4.0 http://repository.egi.eu/2013/02/18/release-umd-2-4-0/ Component installation information ================================== The official repository for the distribution of grid middleware for EGI sites is repository.egi.eu which contains the EGI Unified Middleware Distribution (UMD). Sites using the EGI UMD should see: http://repository.egi.eu/category/umd_releases/distribution/umd-2/ http://repository.egi.eu/category/umd_releases/distribution/umd_1/ Sites installing directly from EMI should see: http://www.eu-emi.eu/emi-2-matterhorn/updates/ http://www.eu-emi.eu/emi-1-kebnekaise-updates/ Recommendations =============== Sites are recommended to update relevant components. Credit ====== This vulnerability was reported to SVG by Eygene Ryabinkin Timeline ======== Yyyy-mm-dd 2012-11-19 Vulnerability reported by to SVG by Eygene Ryabinkin 2012-11-19 Acknowledgement from the EGI SVG to the reporter 2012-11-21 Assessment by the EGI Software Vulnerability Group reported to the software providers 2013-01-28 Updated packages available in the EMI distribution 2013-02-19 Updated packages available in the EGI UMD-1 and EGI UMD-2 2013-02-19 Public disclosure