EGI CSIRT F2F meeting in Prague
EGI CSIRT will have the first F2F meeting in Prague, from 16th to 18th of January 2023. The meeting will focus on security operations, vulnerability management and the preparations for the upcoming trainings and security challenge. It will tackle federated cloud...
Security workshop in Edinburgh
EGI CSIRT will prepare a security workshop that will take place on the 11th of January 2023 in Edinburgh, as part of the IRIS collaboration meeting. A full day event will consist of lectures on security architecture, risk assessment, vulnerability management, logging,...
High risk vulnerability in OpenSSL 3.0.x
The OpenSSL project have released OpenSSL 3.0.7 which is a security fix for the vulnerability CVE-2022-3602 which consists of a buffer overrun. The details of this vulnerability are available in the OpenSSL security advisory. SVG advisory is available here and...
Critical vulnerability in device-mapper-multipath
A critical vulnerability has been found in device-mapper-multipath which may allow authorization bypass Details on this can be found here: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt The vulnerability only affects hosts that are running...
Vulnerability CVE-2022-40674 in expat
A vulnerabilty has been found in the expat library which may allow remote code execution. Sites running Redhat or derivates should see https://access.redhat.com/security/cve/cve-2022-40674 Details about the SVG advisory can be found on the SVG advisories' website:...
EGI CSIRT hackathon in CERN
For the first time, several members of EGI CSIRT assembled in CERN for a week-long hackathon focusing on future projects. This event was highly successful and could form a useful template for work requiring several team members to meet concurrently.
