EGI SVG Advisories

Advisories for 2019

Recent Advisories

A guide to the risk categories is available at Notes On Risk

SVG also provides information that may be useful to various sites concerning the various SVG Speculative execution vulnerabilities

This may be useful to sites in conjunction with the advisoriesAdvisory-SVG-CVE-2017-5753, Advisory-SVG-CVE-2018-3639, and Advisory-SVG-CVE-2018-3620 from 2018.

Date Title Contents/Link Risk Status
2019-12-19 updated 2020-02-10 Singularity File Permission Vulnerability Advisory-SVG-CVE-2019-19724   Fixed
2019-11-11 updated 2019-12-09 dCache xrootd protocol implementation vulnerability Advisory-SVG-2019-16022 Low Fixed
2019-11-13 updated 2019-12-02 Vulnerabilities in Squid CVE-2019-12526, CVE-2019-12523 and others Advisory-SVG-CVE-2019-12526 High Fixed
2019-11-27 CREAM command injection attack Advisory-SVG-2018-14321 Low Fixed
2019-07-26 updated 2019-11-11 Frontier-Squid-4 vulnerability Advisory-SVG-2019-15849 High Fixed
2019-05-29 updated 2019-09-16 Docker symlink-race attack Advisory-SVG-CVE-2018-15664 Alert Fixed
2019-07-10 ZeroMQ Vulnerability Advisory-SVG-CVE-2019-13132 Alert  
2019-06-20 Linux Kernel DOS vulnerability: TCP SACK panic Advisory-SVG-CVE-2019-11477 Alert  
2019-05-16 updated 2019-06-20 Singularity Vulnerability announced by the Singularity team Advisory-SVG-CVE-2019-11328 High Fixed
2019-05-16 Microarchitectural Store Buffer Data vulnerability affecting Intel Processors Advisory-SVG-CVE-2018-12126 High Fixed
2019-02-13 updated 2019-03-01 runc malicious container escape affecting Docker, Kubernetes, lxc Advisory-SVG-CVE-2019-5736 Critical  
2019-01-10 updated 2019-01-15, 2019-05-14, 2022-07-28 systemd-journald vulnerabilities Advisory-SVG-2019-15258 Critical Fixed

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process, which was revised in 2017 and approved by the EGI OMB in November 2017.