by EGI CSIRT | May 28, 2021 | News
A security vulnerability in Singularity version 3.7.2 and 3.7.3 has been publicly announced that enables an attacker to publish malicious container that takes priority over a container that a user is expecting to run. Due to incorrect use of a default URL, singularity...
by EGI CSIRT | May 12, 2021 | Advisories, News
The Squid project has publicly announced new vulnerabilities, one of which is deemed HIGH risk, viz. CVE-2020-25097, because it may allow services to be exposed that are not directly accessible from the client host. The other ones only concern potential denial of...
by EGI CSIRT | May 12, 2021 | News
Singularity 3.7.3 was released in April and is available in Fedora and EPEL repositories. It fixes a security bug in umoci (CVE-2021-29136), a dependency used by Singularity to extract docker/OCI image layers. It can be tricked into modifying host files by creating a...
by EGI CSIRT | Apr 9, 2021 | Advisories, News
We would like to point out two vulnerabilities found in the Linux Kernel, that are high risk for our infrastructure. CVE-2020-25211 A buffer overflow vulnerability has been announced by RedHat which may allow a local user to crash the system, compromise data...
by EGI CSIRT | Mar 29, 2021 | News
We had a very successful Security Workshop on Monday 22nd March as part of ISGC 2021, including a discussion of the new Trusted CI Framework, the sharing and active use of threat intelligence, and a hands-on container security session. The threat intelligence session...
by EGI CSIRT | Mar 22, 2021 | Advisories, News
2 vulnerabilities have been found concerning HTCondor, affecting a limited number of versions. One may allow any authenticated user to impersonate any other user on the Condor system, and potentially reconfigure the HTCondor daemons. The other may allow any...
Recent Comments