Recent Advisories
EGI SVG primarily issues advisories concerning gLite Middleware.
Up to November 2015 CSIRT also issued general alerts at EGI CSIRT Alert - Now all advisories and alerts are issued on the SVG wiki.
A guide to the risk categories is available at Notes On Risk
| Date | Title | Contents/Link | Risk | Status |
|---|---|---|---|---|
| 2015-12-16 | CREAM Proxy delegation | Advisory-SVG-2014-6980 | Low | Fixed |
| 2015-12-07 | OpenSSL announcement on 3rd December | SVG:Advisory-SVG-2015-CVE-2015-3193 | Low | Fixed |
| 2015-11-06 | Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat. | Advisory-SVG-2015-CVE-2015-7183 | Critical | Fixed |
| 2015-11-03 | Xen Breakout Vulnerability | Advisory-SVG-2015-CVE-2015-7835 | Critical | Fixed |
| 2015-10-28 | Various Java CVE’s with max CVSS score | Advisory-SVG-2015-9707 | Fixed | |
| 2015-10-26 | Vulnerability in the dCache SRM server module | Advisory-SVG-2015-9495 | High | Fixed |
| 2015-10-13 | Dirac does not check CRLs | Advisory-SVG-2015-8580 | High | Fixed |
| 2015-10-13 | security notice regarding signing key and binary downloads of Ceph | Advisory-SVG-2015-9517 | ||
| 2015-08-18 | VOMs Potential DoS | Advisory-SVG-2014-7159 | Low | Fixed |
| 2015-08-13 | DIRAC SQL injection vulnerability | Advisory-SVG-2014-7553 | High | Fixed |
| 2015-07-24 | libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat | Alerts/libuser-2015-07-24 | Critical | Fixed |
| 2015-07-13 | OpenSSL release on 9th July - CVE-2015-1793 | Advisory-SVG-2015-9065 | N/A | Fixed |
| 2015-06-23 | OpenStack Cinder CVE-2015-1850 | Advisory-SVG-2015-8964 | High | Fixed |
| 2015-06-05 | Persistent XSS in OpenStack Horizon admin dashboard. CVE-2015-3988 | Advisory-SVG-2015-8706 | Up to High | Fixed |
| 2015-05-27 | perfSONAR potential for a remote root exploit (in non-recommended configuration) | Advisory-SVG-2015-8479 | High | Fixed |
| 2015-05-13 | Buffer overflow vulnerability in xrootd client | Advisory-SVG-2015-8464 | Low | Fixed |
| 2015-04-01 | OpenSSL updates released on 19th March 2015 and VOMS | Advisory-SVG-2015-8343 | Low | Fixed |
| 2015-03-31 | Unicore command injection vulnerability | Advisory-SVG-2014-7749 | High | Fixed |
| 2015-03-30 | CVE-2015-1815 RedHat setroubleshoot (link to csirt alerts) | Alerts/RedHat-setroubleshoot-2015-03-30 | Critical | Fixed |
| 2015-02-20 | EGI SVG Advisory - dCache vulnerability for some access methods | Advisory-SVG-2015-8183 | N/A | Fixed |
| 2015-02-11 | CVE-2015-1195 OpenStack | Advisory-SVG-2015-8056 | High | Fixed |
| 2015-02-11 | Torque CVE-2014-3684 resolved in Torque version in the EGI AppDB part of the UMD | Advisory-SVG-2014-7628 | Moderate | Fixed |
| 2015-01-14 | DPM Wiki instructs insecure configuration if configured ‘memcached’ | Advisory-SVG-2015-7980 | Moderate | Fixed |
| 2015-01-14 | CVE-2014-5261, CVE-2014-5262 Cacti remote command and code execution vulnerabilities - relevant to sites running Perfsonar | Advisory-SVG-2014-7191 | High | Fixed |
| 2015-01-14 | FTS3 and GFAL2 allow attacker to impersonate other users and destroy their data | Advisory-SVG-2014-7696 | High | Fixed |
| 2014-11-12 | User introduction of Rogue VMs - Openstack | Advisory-SVG-2014-7472 | High | Fixed |
| 2014-09-29 | Buffer Overflow Vulnerability (Atlas FAX sites) | Advisory-SVG-2014-7372 | High | Fixed |
| 2014-08-06 | WMS allows other users to access logging information | Advisory-SVG-2013-5346 | Moderate | Fixed |
| 2014-08-06 | glite_wms_wmproxy_dirmanager allows any user to change the permissions on any directory | Advisory-SVG-2013-5560 | Moderate | Fixed |
| 2014-08-05 | Remote access to dCache configuration information | Advisory-SVG-2014-7009 | Moderate | Fixed |
| 2014-08-05 | DPM Information Leak Vulnerability | Advisory-SVG-2012-3390 | Low | Fixed |
| 2014-08-05 | PerfSONAR web interface vulnerabilities | Advisory-SVG-2013-6052 | Moderate | Fixed |
| 2014-08-05 | FTS3 - Lack of Authorization on config commands | Advisory-SVG-2013-5769 | Low | Fixed |
| 2014-07-17 | Perfsonar ‘Cacti’ graphs web vulnerability | Advisory-SVG-2014-7162 | Critical | Fixed |
| 2014-06-23 | EMI WMS Impersonation vulnerability | Advisory-SVG-2013-5331 | High | Fixed |
| 2014-06-02 | DPM version in EPEL | Advisory-SVG-2014-6963 | High | Fixed |
| 2014-04-10 | WN and UI tarballs in the EMI repository contain a version of OpenSSL vulnerable to CVE-2014-016 | Advisory-SVG-2014-6884 | Critical | Fixed |
| 2014-04-08 | OpenSSL “Heartbleed” vulnerability CVE-2014-0160 (Link to CSIRT alert) | OpenSSL-2014-04-08 | Critical | Fixed |
| 2014-03-27 | Torque Vulnerability: arbitrary code execution via job submission | Advisory-SVG-2014-6627 | High | Fixed |
| 2014-03-25 | Vulnerabilities in STORM | Advisory-SVG-2013-6116 | High | Fixed |
| 2014-02-13 | Results of CREAM vulnerability Assessment | Advisory-SVG-2013-5813 | High | Fixed |