Difference between revisions of "SVG:General Advisory Template"
Jump to navigation
Jump to search
(Created page with '{{svg-header}}') |
|||
Line 1: | Line 1: | ||
{{svg-header}} | {{svg-header}} | ||
<pre> | |||
<add or delete sections as needed> | |||
** WHITE information - Unlimited distribution allowed ** or | |||
** GREEN information - Community wide distribution ** or | |||
** AMBER information - Limited distribution ** | |||
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** | |||
EGI CSIRT ADVISORY [EGI-ADV-yyyymmdd] or | |||
EGI SVG ADVISORY [EGI-SVG-yyyymmdd] | |||
Title: <Title - refer to any CVE number and include name software> | |||
Date: <date> | |||
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd | |||
Introduction | |||
============ | |||
<Describe the reason for the issuing of this advisory> | |||
<this could include - e.g. updated as patch available> | |||
<include cve- number if one has been issued> | |||
<include EGI RT number for SVG/UMD issues> | |||
Details | |||
======= | |||
<describe the problem, something about why it occurs, and the effect on sites> | |||
<take care not to release anything useful to an attacker, unless it is already public, | |||
especially if you are sending it in WHITE> | |||
Risk Category | |||
============= | |||
<This issue has been assess as Critical/High/Moderate/Low by CSIRT or SVG as appropriate> | |||
<if critical - include critical in title and e-mail title> | |||
Affected Software | |||
================= | |||
<e.g. which version(s) of Linux are effected> | |||
<e.g. which middleware component is effected within gLite/ARC/Unicore/Globus/Other> | |||
Mitigation | |||
========== | |||
<Describe mitigation to carry out - this may be to run a script> | |||
Component Installation information | |||
================================== | |||
<e.g. patch not yet available> | |||
<e.g. patch available from vendor for x system but not y> | |||
<e.g. pointer to UMD release > | |||
Recommendations | |||
=============== | |||
<as appropriate e.g.> | |||
<Immediately apply the mitigation described above to all user-accessible systems.> | |||
<Apply vendor kernel updates when they become available.> | |||
<Apply new version in EGI UMD> | |||
Credit | |||
====== | |||
<if applicable - person who discovers vulnerability> | |||
References | |||
========== | |||
<refer to any public disclosure> | |||
<e.g. Linux vendors info> | |||
<any other info on the problem> | |||
Timeline <probably SVG/EGI UMD issues only> | |||
======== | |||
Yyyy-mm-dd | |||
2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME | |||
2010-??-?? Initial assessment by the EGI Software Vulnerability Group reported to software providers | |||
2010-??-?? Updated packages available in the EGI UMD | |||
2010-??-?? Public disclosure | |||
On behalf of the <EGI CSIRT / EGI CSIRT and SVG / EGI SVG as appropriate> , | |||
</pre> |
Revision as of 15:06, 28 October 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
General Advisory Template
<add or delete sections as needed> ** WHITE information - Unlimited distribution allowed ** or ** GREEN information - Community wide distribution ** or ** AMBER information - Limited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-yyyymmdd] or EGI SVG ADVISORY [EGI-SVG-yyyymmdd] Title: <Title - refer to any CVE number and include name software> Date: <date> URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd Introduction ============ <Describe the reason for the issuing of this advisory> <this could include - e.g. updated as patch available> <include cve- number if one has been issued> <include EGI RT number for SVG/UMD issues> Details ======= <describe the problem, something about why it occurs, and the effect on sites> <take care not to release anything useful to an attacker, unless it is already public, especially if you are sending it in WHITE> Risk Category ============= <This issue has been assess as Critical/High/Moderate/Low by CSIRT or SVG as appropriate> <if critical - include critical in title and e-mail title> Affected Software ================= <e.g. which version(s) of Linux are effected> <e.g. which middleware component is effected within gLite/ARC/Unicore/Globus/Other> Mitigation ========== <Describe mitigation to carry out - this may be to run a script> Component Installation information ================================== <e.g. patch not yet available> <e.g. patch available from vendor for x system but not y> <e.g. pointer to UMD release > Recommendations =============== <as appropriate e.g.> <Immediately apply the mitigation described above to all user-accessible systems.> <Apply vendor kernel updates when they become available.> <Apply new version in EGI UMD> Credit ====== <if applicable - person who discovers vulnerability> References ========== <refer to any public disclosure> <e.g. Linux vendors info> <any other info on the problem> Timeline <probably SVG/EGI UMD issues only> ======== Yyyy-mm-dd 2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME 2010-??-?? Initial assessment by the EGI Software Vulnerability Group reported to software providers 2010-??-?? Updated packages available in the EGI UMD 2010-??-?? Public disclosure On behalf of the <EGI CSIRT / EGI CSIRT and SVG / EGI SVG as appropriate> ,