EGI SVG Advisories

Advisory-SVG-2015-CVE-2015-3193

** WHITE information - Unlimited distribution allowed                       **
** see https://go.egi.eu/tlp for distribution restrictions **


EGI SVG   ADVISORY [EGI-SVG-OpenSSL-CVE-2015]

Title:   EGI SVG Advisory 'Low'  RISK - OpenSSL announcement on 3rd December

Date:    2015-12-07
Updated:


URL:     https://advisories.egi.eu/2015/Advisory-SVG-2015-CVE-2015-3193


Brief Advisory
===============

OpenSSL announced several vulnerabilities on 3rd December 2015

https://www.openssl.org/news/secadv/20151203.txt

SVG has looked at this announcement and considers all these vulnerabilities to
be either 'Low' risk or not applicable in the EGI environment.


Recommendations
===============

Sites are recommended to update relevant components as part of their normal
maintenance routine.


Credit
======

SVG alerted to this vulnerability by Raul Lopes.

Comments
========

Comments or questions should be sent to svg-rat  at  mailman.egi.eu

We are currently revising the vulnerability issue handling procedure so
suggestions and comments are welcome.



Timeline
========

Yyyy-mm-dd

2015-12-03 Vulnerabilities announced by OpenSSL and SVG alerted
2015-12-04 Assessment by the EGI Software Vulnerability Group
2015-12-07 Brief advisory to sites drafted