** WHITE information - Unlimited distribution allowed **
** see https://go.egi.eu/tlp for distribution restrictions **
EGI SVG ADVISORY [EGI-SVG-OpenSSL-CVE-2015]
Title: EGI SVG Advisory 'Low' RISK - OpenSSL announcement on 3rd December
Date: 2015-12-07
Updated:
URL: https://advisories.egi.eu/2015/Advisory-SVG-2015-CVE-2015-3193
Brief Advisory
===============
OpenSSL announced several vulnerabilities on 3rd December 2015
https://www.openssl.org/news/secadv/20151203.txt
SVG has looked at this announcement and considers all these vulnerabilities to
be either 'Low' risk or not applicable in the EGI environment.
Recommendations
===============
Sites are recommended to update relevant components as part of their normal
maintenance routine.
Credit
======
SVG alerted to this vulnerability by Raul Lopes.
Comments
========
Comments or questions should be sent to svg-rat at mailman.egi.eu
We are currently revising the vulnerability issue handling procedure so
suggestions and comments are welcome.
Timeline
========
Yyyy-mm-dd
2015-12-03 Vulnerabilities announced by OpenSSL and SVG alerted
2015-12-04 Assessment by the EGI Software Vulnerability Group
2015-12-07 Brief advisory to sites drafted