by EGI CSIRT | May 28, 2024 | Advisories, News
A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when...
by EGI CSIRT | May 20, 2024 | Advisories, News
The Git project released new security bug-fix versions on May 14th, 2024: v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4: CVE-2024-32002: https://nvd.nist.gov/vuln/detail/CVE-2024-32002 CVE-2024-32004: https://nvd.nist.gov/vuln/detail/CVE-2024-32004...
by EGI CSIRT | Apr 25, 2024 | Advisories, News
There are a large number of CVE’s patched in this RHEL9 release, we have identified the 3 listed above as ‘HIGH’ risk according to our criteria (CVE-2023-6817, CVE-2024-0193, CVE-2024-0646). We have not investigated all the CVE’s in detail, and there is the...
by EGI CSIRT | Apr 19, 2024 | Advisories, News
Redhat has released a new kernel, which includes fixes for some high risk vulnerabilities that effect RHEL 8, but also RHEL 7 and 9. CVE ID/CVSS Score : CVE-2023-4623/7.8 Affecting RHEL7, RHEL8, and RHEL9 CVE ID/CVSS Score : CVE-2023-4921/7.8 Affecting RHEL7 and RHEL8...
by EGI CSIRT | Apr 18, 2024 | Advisories, News
There is a vulnerability in Lustre where users may gain access to files and/or folders which they should not have permission to access based on their user or group ID. This may lead to data compromise or possible privilege escalation. Please see...
by EGI CSIRT | Apr 3, 2024 | Advisories, News
A CRITICAL risk vulnerability CVE-2024-3094 has been found in recent versions of xz data compression tools. Only a few Linux distributions use the versions affected, which does not include RHEL and its derivatives like RockyLinux and AlmaLinux. Hence most EGI sites...
Recent Comments