SVG:General Advisory Template
Jump to navigation
Jump to search
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
General Advisory Template
<add or delete sections as needed> ** WHITE information - Unlimited distribution allowed ** or ** GREEN information - Community wide distribution ** or ** AMBER information - Limited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-yyyymmdd] or EGI SVG ADVISORY [EGI-SVG-yyyymmdd] Title: <Title - refer to any CVE number and include name software> Date: <date> URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd Introduction ============ <Describe the reason for the issuing of this advisory> <this could include - e.g. updated as patch available> <include cve- number if one has been issued> <include EGI RT number for SVG/UMD issues> Details ======= <describe the problem, something about why it occurs, and the effect on sites> <take care not to release anything useful to an attacker, unless it is already public, especially if you are sending it in WHITE> Risk Category ============= <This issue has been assess as Critical/High/Moderate/Low by CSIRT or SVG as appropriate> <if critical - include critical in title and e-mail title> Affected Software ================= <e.g. which version(s) of Linux are effected> <e.g. which middleware component is effected within gLite/ARC/Unicore/Globus/Other> Mitigation ========== <Describe mitigation to carry out - this may be to run a script> Component Installation information ================================== <e.g. patch not yet available> <e.g. patch available from vendor for x system but not y> <e.g. pointer to UMD release > Recommendations =============== <as appropriate e.g.> <Immediately apply the mitigation described above to all user-accessible systems.> <Apply vendor kernel updates when they become available.> <Apply new version in EGI UMD> Credit ====== <if applicable - person who discovers vulnerability> References ========== <refer to any public disclosure> <e.g. Linux vendors info> <any other info on the problem> Timeline <probably SVG/EGI UMD issues only> ======== Yyyy-mm-dd 2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME 2010-??-?? Initial assessment by the EGI Software Vulnerability Group reported to software providers 2010-??-?? Updated packages available in the EGI UMD 2010-??-?? Public disclosure On behalf of the <EGI CSIRT / EGI CSIRT and SVG / EGI SVG as appropriate> ,
| RAT Issue Handling Instructions | RAT Issue Handling Templates | RAT Issue Handling Templates contd | SVG-CSIRT Critical Notes | Advisory Template |
| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |