From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template RAT/Membership Documents Assessment Secure Coding Info for SVG members


EGI SVG primarily issues advisories concerning gLite Middleware.

Up to November 2015 CSIRT also issued general alerts at - Now all advisories and alerts are issued on the SVG wiki.

A guide to the risk categories is available at Notes On Risk

Recent Advisories

Date Title Contents/Link Risk Status

2015-12-16 CREAM Proxy delegation Advisory-SVG-2014-6980 Low Fixed
2015-12-07 OpenSSL announcement on 3rd December SVG:Advisory-SVG-2015-CVE-2015-3193 Low Fixed
2015-11-06 Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat. Advisory-SVG-2015-CVE-2015-7183 Critical Fixed
2015-11-03 Xen Breakout Vulnerability Advisory-SVG-2015-CVE-2015-7835 Critical Fixed
2015-10-28 Various Java CVE's with max CVSS score Advisory-SVG-2015-9707 Fixed
2015-10-26 Vulnerability in the dCache SRM server module Advisory-SVG-2015-9495 High Fixed
2015-10-13 Dirac does not check CRLs Advisory-SVG-2015-8580 High Fixed
2015-10-13 security notice regarding signing key and binary downloads of Ceph Advisory-SVG-2015-9517
2015-08-18 VOMs Potential DoS Advisory-SVG-2014-7159 Low Fixed
2015-08-13 DIRAC SQL injection vulnerability Advisory-SVG-2014-7553 High Fixed
2015-07-24 libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat Alerts/libuser-2015-07-24 Critical Fixed
2015-07-13 OpenSSL release on 9th July - CVE-2015-1793 Advisory-SVG-2015-9065 N/A Fixed
2015-06-23 OpenStack Cinder CVE-2015-1850 Advisory-SVG-2015-8964 High Fixed
2015-06-05 Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988 Advisory-SVG-2015-8706 Up to High Fixed
2015-05-27 perfSONAR potential for a remote root exploit (in non-recommended configuration) Advisory-SVG-2015-8479 High Fixed
2015-05-13 Buffer overflow vulnerability in xrootd client Advisory-SVG-2015-8464 Low Fixed
2015-04-01 OpenSSL updates released on 19th March 2015 and VOMS Advisory-SVG-2015-8343 Low Fixed
2015-03-31 Unicore command injection vulnerability Advisory-SVG-2014-7749 High Fixed
2015-03-30 CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts) Alerts/RedHat-setroubleshoot-2015-03-30 Critical Fixed
2015-02-20 EGI SVG Advisory - dCache vulnerability for some access methods Advisory-SVG-2015-8183 N/A Fixed
2015-02-11 CVE-2015-1195 OpenStack Advisory-SVG-2015-8056 High Fixed
2015-02-11 Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD Advisory-SVG-2014-7628 Moderate Fixed
2015-01-14 DPM Wiki instructs insecure configuration if configured 'memcached' Advisory-SVG-2015-7980 Moderate Fixed
2015-01-14 CVE-2014-5261, CVE-2014-5262 Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar Advisory-SVG-2014-7191 High Fixed
2015-01-14 FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data Advisory-SVG-2014-7696 High Fixed
2014-11-12 User introduction of Rogue VMs - Openstack Advisory-SVG-2014-7472 High Fixed
2014-09-29 Buffer Overflow Vulnerability (Atlas FAX sites) Advisory-SVG-2014-7372 High Fixed
2014-08-06 WMS allows other users to access logging information Advisory-SVG-2013-5346 Moderate Fixed
2014-08-06 glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory Advisory-SVG-2013-5560 Moderate Fixed
2014-08-05 Remote access to dCache configuration information Advisory-SVG-2014-7009 Moderate Fixed
2014-08-05 DPM Information Leak Vulnerability Advisory-SVG-2012-3390 Low Fixed
2014-08-05 PerfSONAR web interface vulnerabilities Advisory-SVG-2013-6052 Moderate Fixed
2014-08-05 FTS3 - Lack of Authorization on config commands Advisory-SVG-2013-5769 Low Fixed
2014-07-17 Perfsonar 'Cacti' graphs web vulnerability Advisory-SVG-2014-7162 Critical Fixed
2014-06-23 EMI WMS Impersonation vulnerability Advisory-SVG-2013-5331 High Fixed
2014-06-02 DPM version in EPEL Advisory-SVG-2014-6963 High Fixed
2014-04-10 WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016 Advisory-SVG-2014-6884 Critical Fixed
2014-04-08 OpenSSL "Heartbleed" vulnerability CVE-2014-0160 (Link to CSIRT alert) OpenSSL-2014-04-08 Critical Fixed
2014-03-27 Torque Vulnerability: arbitrary code execution via job submission Advisory-SVG-2014-6627 High Fixed
2014-03-25 Vulnerabilities in STORM Advisory-SVG-2013-6116 High Fixed
2014-02-13 Results of CREAM vulnerability Assessment Advisory-SVG-2013-5813 High Fixed
Personal tools