Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

SVG:General Advisory Template

From EGIWiki
Revision as of 12:58, 4 November 2010 by Cornwall (talk | contribs)
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

General Advisory Template


<add or delete sections as needed>


** WHITE information - Unlimited distribution allowed                       **  or
** GREEN information - Community wide distribution                          **  or
** AMBER information - Limited distribution                                 **


** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **

EGI CSIRT ADVISORY [EGI-ADV-yyyymmdd] or
EGI SVG   ADVISORY [EGI-SVG-yyyymmdd] 

Title: <Title  - refer to any CVE number and include name software>
Date:  <date>
URL:   https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd  

Introduction
============

<Describe the reason for the issuing of this advisory> 

<this could include - e.g. updated as patch available> 

<include cve- number if one has been issued> 

<include EGI RT number for SVG/UMD issues>


Details
=======

<describe the problem, something about why it occurs, and the effect on sites>

<take care not to release anything useful to an attacker, unless it is already public, 
especially if you are sending it in WHITE>


Risk Category
=============

<This issue has been assess as Critical/High/Moderate/Low by CSIRT or SVG as appropriate>  
<if critical - include critical in title and e-mail title>


Affected Software
=================

<e.g. which version(s) of Linux are effected>

<e.g. which middleware component is effected within  gLite/ARC/Unicore/Globus/Other>


Mitigation
==========

<Describe mitigation to carry out - this may be to run a script>


Component Installation information
==================================

<e.g. patch not yet available>

<e.g. patch available from vendor for x system but not y>

<e.g. pointer to UMD release >


Recommendations
===============

<as appropriate e.g.>

<Immediately apply the mitigation described above to all user-accessible systems.>

<Apply vendor kernel updates when they become available.>

<Apply new version in EGI UMD>


Credit
======

<if applicable - person who discovers vulnerability>


References
==========


<refer to any public disclosure>
<e.g. Linux vendors info>
<any other info on the problem>


Timeline  <probably SVG/EGI UMD issues only>
========
Yyyy-mm-dd

2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME
2010-??-?? Initial assessment by the EGI Software Vulnerability Group reported to software providers
2010-??-?? Updated packages available in the EGI UMD
2010-??-?? Public disclosure




On behalf of the <EGI CSIRT / EGI CSIRT and SVG / EGI SVG  as appropriate>  ,

| RAT Issue Handling Instructions | RAT Issue Handling Templates | RAT Issue Handling Templates contd | SVG-CSIRT Critical Notes | Advisory Template |

| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |


Retrieved from "https://wiki.egi.eu/w/index.php?title=SVG:General_Advisory_Template&oldid=5179"