From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template RAT/Membership Documents Assessment Secure Coding Info for SVG members


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisories Advisory-SVG-CVE-2017-5753 , Advisory-SVG-CVE-2018-3639 , and Advisory-SVG-CVE-2018-3620 below.

Date Title Contents/Link Risk Status
2018-10-24 VMware out of bounds read vulnerability Advisory-SVG-CVE-2018-6974 Alert Critical Fixed
2018-10-18 update 2018-10-23 Multiple Oracle Database and other Oracle Vulnerabilities Advisory-SVG-CVE-2018-3259 Alert Critical Fixed
2018-10-03 Vulnerability in RedHat Ceph Storage 2.5 Advisory-SVG-CVE-2018-14649 Alert Critical Fixed
2018-09-27 update 2018-10-03, 2018-10-11 Integer overflow vulnerability in the Linux kernel's create_elf_tables() function. Advisory-SVG-CVE-2018-14634 Critical Fixed
2018-09-04 L1TF - Speculative Execution Side Channel vulnerabilities concerning Intel processors Advisory-SVG-CVE-2018-3620 High Fixed
2018-08-17 cobbler vulnerability: CobblerXMLRPCInterface exports all its methods over XMLRPC Advisory-SVG-CVE-2018-10931 Critical Fixed
2018-08-17 Oracle Database Vulnerability Advisory-SVG-CVE-2018-3110 Critical Fixed
2018-07-05, updated 2018-07-09, 2018-07-20 Singularity vulnerability allowing access to protected files Advisory-SVG-CVE-2018-12021 Critical Fixed
2018-03-28 update 2018-07-20 data-channel encryption is not enforced in gridftp Advisory-SVG-2018-14117 Alert
2018-05-24 Kernel Side-Channel Attack using Speculative Store Bypass vulnerability Advisory-SVG-CVE-2018-3639 High Fixed
2018-03-26 update 2018-05-24 glibc vulnerability Advisory-SVG-CVE-2018-1000001 Up to Critical Fixed
2018-04-30 update 2018-05-23 Local privilege escalation using singularity Advisory-SVG-2018-14311 Critical Fixed
2018-03-29 update 2018-05-23 Singularity can be tricked to create directories and files outside the container. Advisory-SVG-2018-14213 Critical Fixed
2018-05-16 Command injection via DHCP response Advisory-SVG-CVE-2018-1111 Critical Fixed
2018-05-16 multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) Advisory-SVG-CVE-2018-8897 Moderate Fixed
2018-04-14 update 2018-05-08 DPM SRM Buffer Overflow Advisory-SVG-2017-13915 Moderate Fixed
2018-04-13 MySQL Server compromise Advisory-SVG-CVE-2018-2562 Up to High
2018-03-22 update 2018-04-13 Vulnerability concerning SLURM Advisory-SVG-CVE-2018-7033 Up to Critical Fixed
2018-03-05 update 2018-03-19 Vulnerability in Singularity 2.3.2 allowing escape from the container Advisory-SVG-2018-14145 High Fixed
2018-03-05 update 2018-03-19 Image mounting via Singularity Advisory-SVG-2018-13999 Alert
2018-02-23 update 2018-03-19, 2018-05-16 linux kernel 'use-after-free' flaw in XFRM Advisory-SVG-CVE-2017-16939 Alert
2018-02-07 update 2018-03-05 VOMS Admin privilege escalation vulnerability Advisory-SVG-2017-13249 Moderate Fixed
2018-02-12 ROBOT attack - Various Vulnerabilities Advisory-SVG-2017-13925 (Information)
2018-01-23 CPU speculative execution vulnerabilities (Meltdown and Spectre) Advisory-SVG-CVE-2017-5753 Critical Ongoing

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013

Advisories from prior to 2011 Gridpp Advisories Archive

Personal tools