Vulnerabilities concerning expat XML parser
Vulnerabilities have been found concerning the expat XML parser, including two which may lead to arbitrary code execution (CVE-2022-25235, CVE-2022-25236). The expat XML parser is a library, written in C, which is a dependency for various other software. Details are...
Critical risk vulnerabilities in Java 15 and later
A vulnerability has been found in Java (CVE-2022-21449), involving Improper Verification of Cryptographic Signature. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data. The details can be...
DOS Vulnerability in OpenSSL – CVE-2022-0778
A DoS vulnerability has been announced in OpenSSL (CVE-2022-0778), affecting OpenSSL versions 1.0.2, 1.1.0, 1.1.1 and 3.0. EGI SVG considers this vulnerability to have a limited risk to EGI sites. For more details, read our advisory.
IT forensics for System Administrators
GEANT will deliver another online training programme IT Forensics for System Administrators - Part 2, which consists of 5 sessions and will run from 27th of April to 30th of May 2022. The registration is open: https://events.geant.org/event/1194 One of the sessions,...
HTCondor Security Release: 8.8.16, 9.0.10, and 9.6.0
New versions of HTCondor have been released to address three security vulnerabilities, sites that are running HTCondor as local batch system should upgrade as soon as possible. References:...
EGI CSIRT security workshop at ISGC 2022
EGI CSIRT will hold a security workshop on containers at the International Symposium of Grid and Cloud 2022, a virtual conference that will be held from 21 to 25 March 2022. With the uptake of different virtualization technologies also in traditional data processing...