EGI SVG Advisories

Advisories for 2016

Recent Advisories

Earlier Advisories: Advisories from 2014 and 2015

Earlier Advisories: Advisories from 2011 to 2013

Date Title Contents/Link Risk Status
2016-12-20 Linux kernel’s IPv6 implementation - mishandled socket options Advisory-SVG-CVE-2016-3841 High Fixed
2016-11-10 updated 2016-12-14, 2017-01-13 Linux kernel vulnerability Advisory-SVG-CVE-2016-7117 High Heads up
2016-12-06 HIGH risk vulnerabilities concerning Xen Advisory-SVG-CVE-2016-9379 High Fixed
2016-11-24 VOMS server certificate chain/user validation Advisory-SVG-2016-11495 Moderate Fixed
2016-10-21 XSS in DIRAC Webapp and Web portal Advisory-SVG-2016-11107 Moderate Fixed
2016-10-20 updated 2016-10-26 Linux kernel privilege escalation Advisory-SVG-CVE-2016-5195 Critical Fixed
2016-10-10 gridsite / canl-c impersonation vulnerability Advisory-SVG-2016-11476 Critical Fixed
2016-08-25 KeyStone VOMS does not check CRLs Advisory-SVG-2016-10558 Moderate Fixed
2016-07-18 DIRAC configuration - database passwords visible on dirac interface Advisory-SVG-2016-11255 Up to High Fixed
2016-07-15 Two Perfsonar Vulnerabilities announced by the Perfsonar team Advisory-SVG-2016-11363 Moderate Fixed
2016-07-12 dCache READONLY and non-/ user root not enforced Advisory-SVG-2016-11288 Moderate Fixed
2016-06-20 STORM WebDAV interface XXE vulnerability Advisory-SVG-2015-10134 Low Fixed
2016-06-20 dCache WebDAV interface XXE vulnerability Advisory-SVG-2015-10121 Low Fixed
2016-06-13 iperf3 used in perfSONAR CVE-2016-4303 Advisory-SVG-CVE-2016-4303 Critical Fixed
2016-06-08 Vulnerability in IBM’s GPFS CVE-2016-0392 Advisory-SVG-CVE-2016-0392 Critical Fixed
2016-06-08 Arbitrary file overwrite vulnerability in WebAppDIRAC Advisory-SVG-2016-11033 High Fixed
2016-06-08 dCache configuration issue Advisory-SVG-2016-10837 High (Config)
2016-06-08 LHCb Setup scripts Advisory-SVG-2015-9809 Low Fixed
2016-06-07 Authorization by user_id to manage VMs does not work in V2.1 Nova API for OpenStack Advisory-SVG-2016-11190 High  
2016-05-25 Dirac Pilot factory payload verification Advisory-SVG-2014-7440 Low Migrating from
2016-05-25 PANDA Pilot factory payload verification Advisory-SVG-2014-7430 Low Migrating from
2016-04-28 OpenStack VM management permissions Advisory-SVG-2016-10636 Moderate (Config)
2016-03-11 NSS heap buffer overflow vulnerability Advisory-SVG-CVE-2016-1950 Critical Fixed
2016-02-17 glibc remote code execution vulnerability - CVE-2015-7547 Advisory-SVG-CVE-2015-7547 Critical Fixed
2016-02-03 Linux Kernel Vulnerability - CVE-2016-0728 Advisory-SVG-2016-10376 High Fixed
2016-01-05 Linux Kernel Vulnerabilities Advisory-SVG-2015-CVE-2015-7613 Moderate/High Fixed