EGI SVG Advisories

Advisories for 2020

A guide to the risk categories is available at Notes On Risk

Date	Title	Contents/Link	Risk	Status
2020-09-22 updated 2020-10-22	Privilege escalation vulnerability in recent kernels (e.g. RHEL/CentOS 8)	Advisory-SVG-CVE-2020-14386	High	Fixed
2020-10-20	Singularity - file overwrite vulnerability	Advisory-SVG-CVE-2020-15229		Fixed
2020-09-16	Cache Poisoning Squid Vulnerabilities	Advisory-SVG-2020-16840	Moderate	Fixed
2020-09-09	Disk Pool Manager (DPM) logging may contain sensitive information	Advisory-SVG-2020-16835	Moderate	Sites to check
2020-08-17	Vulnerability in dCache macaroon bearer token validation	Advisory-SVG-2020-16806	Low	Fixed
2020-05-04 updated 2020-06-05	Remote code execution vulnerabilities in Salt master	Advisory-SVG-CVE-2020-11651	Critical	Fixed
2020-03-13 updated 2020-04-28, 2020-06-05	Vulnerability in IBM GPFS file system	Advisory-SVG-2020-16274	Critical	Fixed
2020-05-06 updated 2020-05-12	Singularity and unprivileged user namespaces	Advisory-SVG-2020-16648	N/A
2020-03-23 updated 2020-04-08, 2020-04-16, 2020-04-30	Vulnerabilities in HTCondor	Advisory-SVG-CVE-2019-18823	Moderate	Fixed
2020-02-11 updated 2020-04-29	vulnerabilities concerning Squid	Advisory-SVG-2020-16203	up to CRITICAL	Fixed
2019-12-19 updated 2020-02-10	Singularity File Permission Vulnerability	Advisory-SVG-CVE-2019-19724		Fixed

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process, which was revised in 2017 and approved by the EGI OMB in November 2017.

This site is open source. Improve this page.