EGI SVG Advisories

EGI SVG advisories

All advisories which are disclosed publicly by EGI Software Vulnerability Group (SVG) are placed on this site.

All advisories which are disclosed publicly by SVG are subject to the Creative commons licence CC-BY 4.0. including crediting the EGI SVG.

A guide to the risk categories is available at Notes On Risk.

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities.

Current advisories

Date Title Contents/Link CVE(s) (if applicable)
2023-07-04 Updated 2024-12-03 MODERATE risk Indigo IAM XSS vulnerability [EGI-SVG-2023-20] Advisory-EGI-SVG-2023-20 N/A
2024-10-02 Updated 24-11-07 CRITICAL risk Nvidia container escape Vulnerability [EGI-SVG-2024-22] Advisory-EGI-SVG-2024-22 CVE-2024-0132
2024-10-29 Multiple Intel Processor Vulnerabilities [EGI-SVG-2024-24] Advisory-EGI-SVG-2024-24 CVE-2023-42667 + more
2024-08-20 Updated 2024-10-09, 2024-10-24 CRITICAL risk SAML Authentication bypass flaw [EGI-SVG-2024-21 Advisory-EGI-SVG-2024-21 CVE-2024-45409
2024-08-20 Updated 2024-10-09 HIGH risk Flaw in Linux kernel’s network route management [EGI-SVG-2024-19] Advisory-EGI-SVG-2024-19 CVE-2024-36971
2024-10-04 Updated 2024-10-08 HIGH risk - CUPS vulnerabilities [EGI-SVG-2024-23] Advisory-EGI-SVG-2024-23 CVE-2024-47176 + more
2024-07-31 Updated 2024-08-02, 2024-09-12 HIGH risk - voms-proxy-init susceptible to proxy theft [EGI-SVG-2024-15] Advisory-EGI-SVG-2024-15 N/A
2024-09-11 SLUBStick Attack Scenario [EGI-SVG-2024-20] Advisory-EGI-SVG-2024-20 N/A
2024-07-29 Updated 2024-09-11 CRITICAL risk Docker Vulnerability [EGI-SVG-2024-17] Advisory-EGI-SVG-2024-17 CVE-2024-41110
2024-07-23 Updated 2024-08-22 HIGH risk vulnerability in libndp [EGI-SVG-2024-16] Advisory-EGI-SVG-2024-16 CVE-2024-5564
2024-07-11 Updated 2024-08-22 HIGH risk ANOTHER OpenSSH vulnerability [EGI-SVG-2024-14] Advisory-EGI-SVG-2024-14 CVE-2024-6409
2024-07-11 Updated 2024-08-22 HIGH risk OpenSSH vulnerability [EGI-SVG-2024-13] Advisory-EGI-SVG-2024-13 CVE-2024-6387
2024-07-09 Updated 2024-08-22 HIGH risk OpenStack arbitrary file access vulnerability [EGI-SVG-2024-12] Advisory-EGI-SVG-2024-12 CVE-2024-32498
2024-06-03 Updated 2024-07-25 ALERT Apptainer github/containers/image Vulnerability [EGI-SVG-2024-11] Advisory-EGI-SVG-2024-11 CVE-2024-3727
2024-05-03 Updated 2024-06-05 HIGH risk glibc vulnerability [EGI-SVG-2024-10] Advisory-EGI-SVG-2024-10 CVE-2024-2961
2024-04-10 Updated 2024-05-24 CRITICAL risk Netfilter vulnerability [EGI-SVG-2024-08] Advisory-EGI-SVG-2024-08 CVE-2024-1086
2024-03-06 Updated 2024-04-19 HIGH risk Linux Kernel vulnerabilities (RHEL9) [EGI-SVG-2024-06] Advisory-EGI-SVG-2024-06 CVE-2023-6817 + more
2024-03-06 Updated 2024-04-10 HIGH risk Linux Kernel vulnerabilities [EGI-SVG-2024-05] Advisory-EGI-SVG-2024-05 CVE-2023-4623 + more
2024-03-05 Updated 2024-04-10 HIGH risk vulnerability in Lustre [EGI-SVG-2024-04] Advisory-EGI-SVG-2024-04 CVE-2023-51786
2024-04-03 Updated 2024-04-10 CRITICAL risk vulnerability in xz data compression tools [EGI-SVG-2024-07] Advisory-EGI-SVG-2024-07 CVE-2024-3094
2024-02-12 Updated 2024-03-15 HIGH risk vulnerability in runc affecting containers [EGI-SVG-2024-03] Advisory-EGI-SVG-2024-03 CVE-2024-21626
2024-01-30 Updated 2024-03-15 HIGH risk array indexing vulnerability in netfilter [EGI-SVG-2023-54] Advisory-EGI-SVG-2023-54 CVE-2023-42753
2024-01-18 Updated 2024-02-20 HIGH risk Linux privilege escalation Vulnerabilities [EGI-SVG-2024-01] Advisory-EGI-SVG-2024-01 CVE-2023-4206 + 2 more
2023-12-14 Updated 2024-02-20 CRITICAL risk Multiple SLURM Vulnerabilities [EGI-SVG-2023-59] Advisory-EGI-SVG-2023-59 CVE-2023-49934 + 5 more
2023-09-25 Updated 2024-02-20 CRITICAL risk PMIX race condition vulnerability [EGI-SVG-2023-51] Advisory-EGI-SVG-2023-51 CVE-2023-41915
2023-08-23 Updated 2024-02-19 HIGH risk AMD CPU Processor Vulnerability [EGI-SVG-CVE-2023-20569] Advisory-SVG-CVE-2023-20569 CVE-2023-20569
2023-08-16 Updated 2023-10-19, 2024-02-19 HIGH risk Intel Downfall Vulnerability [EGI-SVG-CVE-2022-40982] Advisory-SVG-CVE-2022-40982 CVE-2022-40982
2023-07-26 Updated 2023-08-15, 2023-09-21, 2023-09-22, 2024-02-16 ALERT Zenbleed speculative execution vulnerability [EGI-SVG-CVE-2023-20593] Advisory-SVG-CVE-2023-20593 CVE-2023-20593
2023-11-21 Updated 2024-10-29 Intel processor vulnerability [EGI-SVG-2023-58] Advisory-EGI-SVG-2023-58 CVE-2023-23583
2023-10-16 Updated 2023-11-14 HIGH risk Slurm race condition vulnerability [EGI-SVG-2023-57] Advisory-EGI-SVG-2023-57 CVE-2023-41914
2023-10-06 Updated 2023-11-14 HIGH Risk glibc vulnerability [EGI-SVG-2023-55] Advisory-EGI-SVG-2023-55 CVE-2023-4911
2023-09-21 Updated 2023-11-14 HIGH Risk INDIGO-IAM Vulnerability [EGI-SVG-2023-53] Advisory-EGI-SVG-2023-53 N/A
2023-09-21 Updated 2023-10-19, 2023-10-24 HIGH Risk Linux kernel vulnerabilities [EGI-SVG-2023-52] Advisory-EGI-SVG-2023-52 CVE-2023-3610 +9 more

EGI SVG produces advisories according to the SEC02 EGI Software Vulnerability Issue Handling.

Note that SVG is currently working on how to better cope with reducing homogeneity of the infrastructure and handle vulnerabilities related to the EOSC services.

Earlier advisories

In the past (up to the end of 2015) CSIRT also issued general alerts at EGI CSIRT Alerts and EGI SVG advisories primarily concerned gLite Middleware.

Publishing an advisory

See Publishing an Advisory