Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @


From EGIWiki
Jump to navigation Jump to search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More


EGI SVG primarily issues advisories concerning gLite Middleware.

Up to November 2015 CSIRT also issued general alerts at - Now all advisories and alerts are issued on the SVG wiki.

A guide to the risk categories is available at Notes On Risk

Recent Advisories

Date Title Contents/Link Risk Status

2015-12-16 CREAM Proxy delegation Advisory-SVG-2014-6980 Low Fixed
2015-12-07 OpenSSL announcement on 3rd December SVG:Advisory-SVG-2015-CVE-2015-3193 Low Fixed
2015-11-06 Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat. Advisory-SVG-2015-CVE-2015-7183 Critical Fixed
2015-11-03 Xen Breakout Vulnerability Advisory-SVG-2015-CVE-2015-7835 Critical Fixed
2015-10-28 Various Java CVE's with max CVSS score Advisory-SVG-2015-9707 Fixed
2015-10-26 Vulnerability in the dCache SRM server module Advisory-SVG-2015-9495 High Fixed
2015-10-13 Dirac does not check CRLs Advisory-SVG-2015-8580 High Fixed
2015-10-13 security notice regarding signing key and binary downloads of Ceph Advisory-SVG-2015-9517
2015-08-18 VOMs Potential DoS Advisory-SVG-2014-7159 Low Fixed
2015-08-13 DIRAC SQL injection vulnerability Advisory-SVG-2014-7553 High Fixed
2015-07-24 libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat Alerts/libuser-2015-07-24 Critical Fixed
2015-07-13 OpenSSL release on 9th July - CVE-2015-1793 Advisory-SVG-2015-9065 N/A Fixed
2015-06-23 OpenStack Cinder CVE-2015-1850 Advisory-SVG-2015-8964 High Fixed
2015-06-05 Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988 Advisory-SVG-2015-8706 Up to High Fixed
2015-05-27 perfSONAR potential for a remote root exploit (in non-recommended configuration) Advisory-SVG-2015-8479 High Fixed
2015-05-13 Buffer overflow vulnerability in xrootd client Advisory-SVG-2015-8464 Low Fixed
2015-04-01 OpenSSL updates released on 19th March 2015 and VOMS Advisory-SVG-2015-8343 Low Fixed
2015-03-31 Unicore command injection vulnerability Advisory-SVG-2014-7749 High Fixed
2015-03-30 CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts) Alerts/RedHat-setroubleshoot-2015-03-30 Critical Fixed
2015-02-20 EGI SVG Advisory - dCache vulnerability for some access methods Advisory-SVG-2015-8183 N/A Fixed
2015-02-11 CVE-2015-1195 OpenStack Advisory-SVG-2015-8056 High Fixed
2015-02-11 Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD Advisory-SVG-2014-7628 Moderate Fixed
2015-01-14 DPM Wiki instructs insecure configuration if configured 'memcached' Advisory-SVG-2015-7980 Moderate Fixed
2015-01-14 CVE-2014-5261, CVE-2014-5262 Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar Advisory-SVG-2014-7191 High Fixed
2015-01-14 FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data Advisory-SVG-2014-7696 High Fixed
2014-11-12 User introduction of Rogue VMs - Openstack Advisory-SVG-2014-7472 High Fixed
2014-09-29 Buffer Overflow Vulnerability (Atlas FAX sites) Advisory-SVG-2014-7372 High Fixed
2014-08-06 WMS allows other users to access logging information Advisory-SVG-2013-5346 Moderate Fixed
2014-08-06 glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory Advisory-SVG-2013-5560 Moderate Fixed
2014-08-05 Remote access to dCache configuration information Advisory-SVG-2014-7009 Moderate Fixed
2014-08-05 DPM Information Leak Vulnerability Advisory-SVG-2012-3390 Low Fixed
2014-08-05 PerfSONAR web interface vulnerabilities Advisory-SVG-2013-6052 Moderate Fixed
2014-08-05 FTS3 - Lack of Authorization on config commands Advisory-SVG-2013-5769 Low Fixed
2014-07-17 Perfsonar 'Cacti' graphs web vulnerability Advisory-SVG-2014-7162 Critical Fixed
2014-06-23 EMI WMS Impersonation vulnerability Advisory-SVG-2013-5331 High Fixed
2014-06-02 DPM version in EPEL Advisory-SVG-2014-6963 High Fixed
2014-04-10 WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016 Advisory-SVG-2014-6884 Critical Fixed
2014-04-08 OpenSSL "Heartbleed" vulnerability CVE-2014-0160 (Link to CSIRT alert) OpenSSL-2014-04-08 Critical Fixed
2014-03-27 Torque Vulnerability: arbitrary code execution via job submission Advisory-SVG-2014-6627 High Fixed
2014-03-25 Vulnerabilities in STORM Advisory-SVG-2013-6116 High Fixed
2014-02-13 Results of CREAM vulnerability Assessment Advisory-SVG-2013-5813 High Fixed