by EGI CSIRT | Jul 14, 2021 | News
From 6th to 9th of July an EGI CSIRT virtual F2F meeting took place. The focus of the meeting was on future EGI CSIRT activities, such as security monitoring, vulnerability and incident handling, training, and security policymaking. The team will prepare a new...
by EGI CSIRT | Jun 16, 2021 | News
DHCP vulnerability (CVE-2021-25217) has been announced, rated 8.8 CVSS v3 Base Score by Redhat. Due to discrepancy between the code that handles encapsulated option information in leases transmitted and the code with reads lease information after it has been written...
by EGI CSIRT | Jun 8, 2021 | Advisories, News
A serious vulnerability has been found in Apache Struts on which VOMS-Admin is dependent. The exploit of this vulnerability could cause remote code execution. Apache Struts version 2.5.26 fixes this issue. Sites running VOMS-Admin should upgrade to voms-admin-server...
by EGI CSIRT | May 28, 2021 | News
A security vulnerability in Singularity version 3.7.2 and 3.7.3 has been publicly announced that enables an attacker to publish malicious container that takes priority over a container that a user is expecting to run. Due to incorrect use of a default URL, singularity...
by EGI CSIRT | May 12, 2021 | Advisories, News
The Squid project has publicly announced new vulnerabilities, one of which is deemed HIGH risk, viz. CVE-2020-25097, because it may allow services to be exposed that are not directly accessible from the client host. The other ones only concern potential denial of...
by EGI CSIRT | May 12, 2021 | News
Singularity 3.7.3 was released in April and is available in Fedora and EPEL repositories. It fixes a security bug in umoci (CVE-2021-29136), a dependency used by Singularity to extract docker/OCI image layers. It can be tricked into modifying host files by creating a...
Recent Comments