EGI SVG Advisories

Advisories for 2020

Recent Advisories

A guide to the risk categories is available at Notes On Risk

Date Title Contents/Link Risk Status
2020-09-22 updated 2020-10-22 Privilege escalation vulnerability in recent kernels (e.g. RHEL/CentOS 8) Advisory-SVG-CVE-2020-14386 High Fixed
2020-10-20 Singularity - file overwrite vulnerability Advisory-SVG-CVE-2020-15229   Fixed
2020-09-16 Cache Poisoning Squid Vulnerabilities Advisory-SVG-2020-16840 Moderate Fixed
2020-09-09 Disk Pool Manager (DPM) logging may contain sensitive information Advisory-SVG-2020-16835 Moderate Sites to check
2020-08-17 Vulnerability in dCache macaroon bearer token validation Advisory-SVG-2020-16806 Low Fixed
2020-05-04 updated 2020-06-05 Remote code execution vulnerabilities in Salt master Advisory-SVG-CVE-2020-11651 Critical Fixed
2020-03-13 updated 2020-04-28, 2020-06-05 Vulnerability in IBM GPFS file system Advisory-SVG-2020-16274 Critical Fixed
2020-05-06 updated 2020-05-12 Singularity and unprivileged user namespaces Advisory-SVG-2020-16648 N/A  
2020-03-23 updated 2020-04-08, 2020-04-16, 2020-04-30 Vulnerabilities in HTCondor Advisory-SVG-CVE-2019-18823 Moderate Fixed
2020-02-11 updated 2020-04-29 vulnerabilities concerning Squid Advisory-SVG-2020-16203 up to CRITICAL Fixed
2019-12-19 updated 2020-02-10 Singularity File Permission Vulnerability Advisory-SVG-CVE-2019-19724   Fixed

EGI SVG produces advisories according to the EGI Software Vulnerability Issue Handling Process, which was revised in 2017 and approved by the EGI OMB in November 2017.