Security alerts and/or security advisories will be sent to all EGI site security contacts or NGI security officers by EGI CSIRT using either an EGI broadcasting tool or a pre-established mailing list. They will also be listed on this page. They may cover a wide range of software, including — but not limited to — the EGI middleware.
Since December 2015, new alerts are no longer placed here. All alerts and advisories concerning software vulnerabilities are placed on the SVG page, as a result of a change in procedure. This is regardless of what type of software they refer to, whether Grid Middleware, operating system vulnerabilities, or other software.
SVG Advisories can be found here.
| Date | Title | Contents | Rating |
|---|---|---|---|
| 2010-XX-XX | A brief discription | Link to the alert/advisory | Critical/High/Moderate/Low Risk |
The risk rating is in line with EGI SVG’s practice.
The following alert bulletins describe security vulnerabilities or immediate threats against one or more sites or the EGI infrastructure and include recommendations and mitigation techniques.
| Date | Title | Contents | Rating |
|---|---|---|---|
| 2015-11-06 | Remote arbitrary code execution vulnerabilities in the core crypto library used by RedHat. | Advisory-SVG-2015-CVE-2015-7183 | Critical |
| 2015-07-24 | libuser local root exploit CVE-2015-3245, CVE-2015-3246 for RedHat | CSIRT Alert libuser-2015-07-24 | Critical |
| 2015-05-29 | SSL TLS ‘Logjam’ vulnerability (CVE-2015-400) | CSIRT Alert Logjam-2015-05-29 | Low |
| 2015-05-15 | VENOM: QEMU vulnerability (CVE-2015-3456) | CSIRT Alert VENOM-2015-05-13 | Low to Critical |
| 2015-05-07 | Linux vulnerabilities CVE-2015-1318 CVE-2015-1862 CVE-2015-3315 | CSIRT Alert LinuxCVEs-2015-05-07 | High (for RH7) |
| 2015-04-15 | CVE-2015-2151 Xen Vulnerability Hypervisor memory corruption due to x86 emulator flaw | CSIRT Alert Xen-2015-04-15 | High |
| 2015-03-30 | CVE-2015-1815 RedHat setroubleshoot | CSIRT Alert RedHat-setroubleshoot-2015-03-30 | Critical |
| 2015-01-30 | GNU C Library (glibc) “GHOST” vulnerability (CVE-2015-0235) | CSIRT Alert GHOST-glibc-2015-01-30 | High |
| 2015-01-06 | CVE-2014-9295 - Remote code execution in NTP | CSIRT Alert Ntp-2015-01-06 | High |
| 2014-10-31 | Multiple sites report attempts to exploit CVE-2014-7236 affecting Twiki | CSIRT Alert Twiki-2014-10-31 | High |
| 2014-10-28 | xrootd data protection | CSIRT Alert xrootd-2014-10-28 | |
| 2014-10-16 | ‘POODLE’ vulnerability in SSL version 3 | CSIRT Alert POODLE-2014-10-16 | Medium |
| 2014-10-01 | updated 2014-10-30 Xen MSR vulnerability - potential memory leak across guest VMs | CSIRT Alert XSA-108-2014-10-01 | High |
| 2014-09-29 | Update: ‘shellshock’ vulnerability - arbitrary code execution via crafted environment variables (CVE-2014-6271, CVE-2014-7177) | CSIRT Alert Shellshock-2014-09-29 | Critical |
| 2014-09-26 | ‘shellshock’ vulnerability - arbitrary code execution via crafted environment variables | CSIRT Alert Shellshock-2014-09-26 | Critical |
| 2014-07-04 | Linux Kernel Privilege escalation vulnerability CVE-2014-3153 | CSIRT Alert LinuxKernel-2014-07-04 | High |
| 2014-04-08 | OpenSSL “Heartbleed” Vulnerability (CVE-2014-0160) | CSIRT Alert OpenSSL-2014-04-08 | Critical |
| 2014-04-07 | Vulnerability Announced in Lustre | CSIRT Alert Lustre-2014-04-07 | High |
| 2013-06-19 | Advisory concerning puppet vulnerability (CVE 2013-3567) | CSIRT Alert puppet-2013-06-19 | Critical |
| 2013-05-14 | Advisory concerning perf_event kernel vulnerability (CVE-2013-2094) | CSIRT Alert kernel-2013-05-14 | Critical |
| 2013-03-18 | Advisory concerning ptrace kernel vulnerability (CVE-2013-0871) | CSIRT Alert kernel-2013-03-18 | High |
| 2012-08-01 | Advisory concerning gLite 3.2 middleware components no longer supported on 01 August 2012. | CSIRT Advisory EGI-ADV-20120801/ | Advisory |
| 2012-07-17 | Critical - Wrong permissions on directory containing user proxies | CSIRT Alert EMI-1-WMS-file-permissions | Critical |
| 2012-07-16 | Advisory - EGI CSIRT:Advisory; Upgrade gLite-3, RHel4 and derivatives | CSIRT Advisory EGI-ADV-20120716 | Advisory |
| 2012-02-06 | MODERATE RISK - Multiple Vulnerabilities in the libxml (CVE-2012-3919 etc.) | CSIRT Alert libxml2-2012-02-06 | Moderate |
| 2012-01-23 | High risk vulnerability in Linux kernel: Insufficient /proc/pid/mem access control (CVE-2012-0056) | CSIRT Alert kernel-2012-01-23 | High |
| 2011-12-28 | Critical telnetd vulnerability - Remote root vulnerability in telnet daemons (CVE-2011-4862) | N/A | Critical |
| 2011-06-15 | High Risk - Torque Authentication Bypass Vulnerability (CVE-2011-2907) | CSIRT Alert Torque-2011-06-15 | High |
| 2011-04-12 | HIGH Risk glibc Vulnerability - privilege escalation (CVE-2011-0536) | CSIRT Alert glibc-2011-04-12 | High |
| 2011-03-30 | Critical Vulnerability detected in dCache Admin Web Interface | CSIRT Alert dCache-2011-03-30 | Critical |
| 2011-01-07 | High Risk Kernel Vulnerability:heap overflow in tipc_msg_build() (CVE-2010-3859) | CSIRT Alert tipc-2011-01-07 | High |
| 2010-12-16 | HIGH root vulnerabilities in Tivoli Storage Manager (TSM) client software | CSIRT Alert tsm-2010-12-16 | High |
| 2010-11-18 | CRITICAL Local root vulnerability in systemtap (CVE-2010-4170) | CSIRT Alert systemtap-2010-11-18 | Critical |
| 2010-11-02 | HIGH iovec integer overflow in net/rds/rdma.c (CVE-2010-3865) | CSIRT Alert rds-rdma-2010-11-02 | High |
| 2010-10-23 | HIGH Vulnerability in C library dynamic linker (CVE-2010-3856) | CSIRT Alert liblinker-2010-10-23 | High |
| 2010-10-20 | HIGH Local root vulnerability in RDS (CVE-2010-3904) | CSIRT Alert rds-2010-10-20 | High |
| 2010-10-18 | HIGH Vulnerability in C library dynamic linker (CVE-2010-3847) | CSIRT Alert liblinker-2010-10-18 | High |
| 2010-09-30 | RHEL4 patch for CVE-2010-3081 kernel vulnerability (CVE-2010-3081) | CSIRT Alert kernel-2010-09-30 | Moderate |
| 2010-09-16 | Critical Kernel Vulnerability: 64-bit Compatibility Mode Stack Pointer Corruption (CVE-2010-3081) | CSIRT Alert kernel-2010-09-16 | Critical |
| 2010-08-18 | Moderate Impact Vulnerabilities in Elog Web Application | CSIRT Alert elog-2010-08-18 | Moderate |
| 2010-06-28 | Moderate Impact Vulnerability In Intel Compiler Suite | CSIRT Alert intel-28-06-2010 | Moderate |
List of alerts published during EGEE
| Date | Title | Contents | Rating |
|---|---|---|---|
| 2009-11-24 | Critical-risk vulnerabilities CVE-2009-3547 | N/A | Critical risk |
| 2009-10-20 | High-risk vulnerabilities in CREAM CE software | CSIRT Alert cream-20-10-2009 | High risk |
| 2009-07-09 | Remote command execution in Nagios WAP/WML interface | CSIRT Alert nagios-09-07-2009 | Medium risk |
| 2008-07-29 | DNS cache poisoning/spoofing | CSIRT Alert dns-29-07-2008 | Medium risk |
| 2006-10-23 | Critical Vulnerability: OpenPBS/Torque | CSIRT Alert openpbs-23-10-2006 | Extremely critical |