Security workshop in Edinburgh

EGI CSIRT will prepare a security workshop that will take place on the 11th of January 2023 in Edinburgh, as part of the IRIS collaboration meeting. A full day event will consist of lectures on security architecture, risk assessment, vulnerability management, logging,...

High risk vulnerability in OpenSSL 3.0.x

The OpenSSL project have released OpenSSL 3.0.7 which is a security fix for the vulnerability CVE-2022-3602 which consists of a buffer overrun. The details of this vulnerability are available in the OpenSSL security advisory. SVG advisory is available here and...

Critical vulnerability in device-mapper-multipath

A critical vulnerability has been found in device-mapper-multipath which may allow authorization bypass Details on this can be found here: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt The vulnerability only affects hosts that are running...

Vulnerability CVE-2022-40674 in expat

A vulnerabilty has been found in the expat library which may allow remote code execution. Sites running Redhat or derivates should see https://access.redhat.com/security/cve/cve-2022-40674 Details about the SVG advisory can be found on the SVG advisories’...