Vulnerability in Slurm stepmgr subsystem CVE-2024-48936
Slurm version 24.05.4 was released, including a fix for a recently discovered security issue with the new stepmgr subsystem. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs...
EGI-CSIRT F2F meeting in Abingdon
In early October 2024, EGI-CSIRT met in Abingdon for a F2F meeting. In addition to the usual operational tasks, the meeting focused on international collaboration, future training, and improving the security of the EGI network of computing centres. To achieve this, we...
CRITICAL risk SAML Authentication bypass flaw
A critical risk vulnerability has been found in the omniauth_saml plugin (via the ruby-saml library), which is used by e.g. GitLab, allowing potential Authentication bypass. Update your GitLab instances urgently. Details are available in the SVG Advisory.
Flaw in Linux kernel’s network route management
HIGH risk use-after-free vulnerability CVE-2024-36971 has been found in the Linux kernel’s network route management. This flaw allows an attacker to alter the behaviour of certain network connections. Sites are recommended to update the relevant software immediately....
CUPS vulnerabilities
Multiple vulnerabilities have been found in CUPS, CVE-2024-47176, CVE-2024-47076, CVE-2024-47175. These are HIGH risk vulnerabilities which may lead to remote code execution. CUPS is used for printing management, but in case any sites have this software installed,...
voms-proxy-init susceptible to proxy theft
HIGH risk vulnerability has been found concerning the Java version of voms-proxy-init. During the proxy generation process it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that...
