SVG:Advisory-SVG-2015-CVE-2015-3193

From EGIWiki
Jump to: navigation, search
Main page Software Security Checklist Issue Handling Advisories Notes On Risk Advisory Template More

Advisory-SVG-2015-CVE-2015-3193




** WHITE information - Unlimited distribution allowed                       **  

** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **


EGI SVG   ADVISORY [EGI-SVG-OpenSSL-CVE-2015] 

Title:       EGI SVG Advisory 'Low'  RISK - OpenSSL announcement on 3rd December

Date:        2015-12-07 
Updated:    


URL:         https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2015-CVE-2015-3193


Brief Advisory
===============

OpenSSL announced several vulnerabilities on 3rd December 2015 

https://www.openssl.org/news/secadv/20151203.txt

SVG has looked at this announcement and considers all these vulnerabilities to be either 
'Low' risk or not applicable in the EGI environment.


Recommendations
===============

Sites are recommended to update relevant components as part of their normal maintenance 
routine. 


Credit
======

SVG alerted to this vulnerability by Raul Lopes.  

Comments
========

Comments or questions should be sent to svg-rat  at  mailman.egi.eu

We are currently revising the vulnerability issue handling procedure so suggestions and 
comments are welcome. 



Timeline  
========
Yyyy-mm-dd

2015-12-03 Vulnerabilities announced by OpenSSL and SVG alerted
2015-12-04 Assessment by the EGI Software Vulnerability Group  
2015-12-07 Brief advisory to sites drafted