Difference between revisions of "SVG:Advisory-SVG-2015-9809"
Jump to navigation
Jump to search
(Created page with "{{svg-header}} <pre> Placeholder - Advisory has not been released yet. </pre>") |
|||
Line 3: | Line 3: | ||
<pre> | <pre> | ||
Title: EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb setup scripts [EGI-SVG-2015-9809] | |||
Date: 2016-06-08 | |||
Updated: | |||
Affected Software and Risk | |||
========================== | |||
LOW risk vulnerability concerning LHCb setup scripts | |||
Package :LHCb setup scripts | |||
A vulnerability has been found where there are poor/insecure setup scripts. No direct exploit has been found but | |||
these scripts should not be present. | |||
Actions Required/Recommended | |||
============================ | |||
None | |||
Affected software Details. | |||
========================== | |||
LHCb version prior to v8r5p3 (released on 25/01/2016). | |||
More information | |||
================ | |||
This is for information/completeness only. Sites are not asked to take action. | |||
TLP and URL | |||
=========== | |||
** WHITE information - Unlimited distribution - see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP | |||
for distribution restrictions*** | |||
URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9809 | |||
Minor updates may be made without re-distribution to the sites | |||
Credit | |||
====== | |||
This vulnerability was reported by Simon Fayers from Imperial College. | |||
Comments | |||
======== | |||
Comments or questions should be sent to svg-rat at mailman.egi.eu | |||
If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to | |||
report-vulnerability at egi.eu | |||
the EGI Software Vulnerability Group will take a look. | |||
Timeline | |||
======== | |||
Yyyy-mm-dd [EGI-SVG-2015-9809] | |||
2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG. | |||
2015-11-18 Acknowledgement from the EGI SVG to the reporter | |||
2015-11-18 Software providers responded and involved in investigation | |||
2015-12-09 EGI SVG Risk Assessment completed | |||
2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the software providers | |||
2016-01-25 Updated packages available | |||
2016-06-08 Public disclosure on wiki for completeness | |||
</pre> | </pre> |
Latest revision as of 10:49, 8 June 2016
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-9809
Title: EGI SVG Advisory [TLP:White] 'Low' risk vulnerability concerning LHCb setup scripts [EGI-SVG-2015-9809] Date: 2016-06-08 Updated: Affected Software and Risk ========================== LOW risk vulnerability concerning LHCb setup scripts Package :LHCb setup scripts A vulnerability has been found where there are poor/insecure setup scripts. No direct exploit has been found but these scripts should not be present. Actions Required/Recommended ============================ None Affected software Details. ========================== LHCb version prior to v8r5p3 (released on 25/01/2016). More information ================ This is for information/completeness only. Sites are not asked to take action. TLP and URL =========== ** WHITE information - Unlimited distribution - see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions*** URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-9809 Minor updates may be made without re-distribution to the sites Credit ====== This vulnerability was reported by Simon Fayers from Imperial College. Comments ======== Comments or questions should be sent to svg-rat at mailman.egi.eu If you find or become aware of a vulnerability which is relevant to EGI you may report it by e-mail to report-vulnerability at egi.eu the EGI Software Vulnerability Group will take a look. Timeline ======== Yyyy-mm-dd [EGI-SVG-2015-9809] 2015-11-18 Vulnerability reported by Simon Fayer who is a member of SVG. 2015-11-18 Acknowledgement from the EGI SVG to the reporter 2015-11-18 Software providers responded and involved in investigation 2015-12-09 EGI SVG Risk Assessment completed 2015-12-09 Assessment by the EGI Software Vulnerability Group reported to the software providers 2016-01-25 Updated packages available 2016-06-08 Public disclosure on wiki for completeness