SVG:Advisories

From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template RAT/Membership Documents Assessment Secure Coding Info for SVG members

Advisories


All advisories which are disclosed publicly by SVG are placed on this wiki.

A guide to the risk categories is available at Notes On Risk


Date Title Contents/Link Risk Status
2018-05-24 Kernel Side-Channel Attack using Speculative Store Bypass vulnerability Advisory-SVG-CVE-2018-3639 High Fixed
2018-03-26 update 2018-05-24 glibc vulnerability Advisory-SVG-CVE-2018-1000001 Up to Critical Fixed
2018-04-30 update 2018-05-23 Local privilege escalation using singularity Advisory-SVG-2018-14311 Critical Fixed
2018-03-29 update 2018-05-23 Singularity can be tricked to create directories and files outside the container. Advisory-SVG-2018-14213 Critical Fixed
2018-05-16 Command injection via DHCP response Advisory-SVG-CVE-2018-1111 Critical Fixed
2018-05-16 multiple vulnerabilities in the Linux kernel (incl. CVE-2018-8897, CVE-2018-1087, CVE-2017-16939) Advisory-SVG-CVE-2018-8897 Moderate Fixed
2018-04-14 update 2018-05-08 DPM SRM Buffer Overflow Advisory-SVG-2017-13915 Moderate Fixed
2018-04-13 MySQL Server compromise Advisory-SVG-CVE-2018-2562 Up to High
2018-03-22 update 2018-04-13 Vulnerability concerning SLURM Advisory-SVG-CVE-2018-7033 Up to Critical Fixed
2018-03-28 data-channel encryption is not enforced in gridftp Advisory-SVG-2018-14117 Alert
2018-03-05 update 2018-03-19 Vulnerability in Singularity 2.3.2 allowing escape from the container Advisory-SVG-2018-14145 High Fixed
2018-03-05 update 2018-03-19 Image mounting via Singularity Advisory-SVG-2018-13999 Alert
2018-02-23 update 2018-03-19, 2018-05-16 linux kernel 'use-after-free' flaw in XFRM Advisory-SVG-CVE-2017-16939 Alert
2018-02-07 update 2018-03-05 VOMS Admin privilege escalation vulnerability Advisory-SVG-2017-13249 Moderate Fixed
2018-02-12 ROBOT attack - Various Vulnerabilities Advisory-SVG-2017-13925 (Information)
2018-01-23 CPU speculative execution vulnerabilities (Meltdown and Spectre) Advisory-SVG-CVE-2017-5753 Critical Ongoing

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process , which was revised in 2017 and approved by the EGI OMB in November 2017.

Earlier Advisories: Advisories from 2017

Earlier Advisories: Advisories from 2016

Earlier Advisories: Advisories from 2014 and 2015

In the past (up to the end of 2015) CSIRT also issued general alerts at https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Earlier Advisories: Advisories from 2011 to 2013


Advisories from prior to 2011 Gridpp Advisories Archive

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export