SVG:Advisory-SVG-2015-CVE-2015-3193
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
Advisory-SVG-2015-CVE-2015-3193
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI SVG ADVISORY [EGI-SVG-OpenSSL-CVE-2015] Title: EGI SVG Advisory 'Low' RISK - OpenSSL announcement on 3rd December Date: 2015-12-07 Updated: URL: https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-CVE-2015-3193 Brief Advisory =============== OpenSSL announced several vulnerabilities on 3rd December 2015 https://www.openssl.org/news/secadv/20151203.txt SVG has looked at this announcement and considers all these vulnerabilities to be either 'Low' risk or not applicable in the EGI environment. Recommendations =============== Sites are recommended to update relevant components as part of their normal maintenance routine. Credit ====== SVG alerted to this vulnerability by Raul Lopes. Comments ======== Comments or questions should be sent to svg-rat at mailman.egi.eu We are currently revising the vulnerability issue handling procedure so suggestions and comments are welcome. Timeline ======== Yyyy-mm-dd 2015-12-03 Vulnerabilities announced by OpenSSL and SVG alerted 2015-12-04 Assessment by the EGI Software Vulnerability Group 2015-12-07 Brief advisory to sites drafted