EGI-CSIRT at ISC 2024
EGI-CSIRT participated in the ISC High Performance Conference 2024 with a presentation on User Namespaces, are they good, bad or evil? The use of user namespaces reduces the attack surface in the event of a compromise, it allows isolation of the workload, but the...
Security bug-fixes in git
The Git project released new security bug-fix versions on May 14th, 2024: v2.45.1, v2.44.1, v2.43.4, v2.42.2, v2.41.1, v2.40.2, and v2.39.4: CVE-2024-32002: https://nvd.nist.gov/vuln/detail/CVE-2024-32002 CVE-2024-32004: https://nvd.nist.gov/vuln/detail/CVE-2024-32004...
EGI CSIRT Cybersecurity report for 2023
In 2023, EGI CSIRT has significantly increased the efforts to strengthen global collaboration. We recognise the value of shared knowledge and unified defence strategies. Our engagement has expanded beyond the Worldwide LHC Computing Grid (WLCG) organisations,...
High risk kernel vulnerabilities in RHEL9
There are a large number of CVE’s patched in this RHEL9 release, we have identified the 3 listed above as ‘HIGH’ risk according to our criteria (CVE-2023-6817, CVE-2024-0193, CVE-2024-0646). We have not investigated all the CVE’s in detail, and there is the...
High risk kernel vulnerabilities
Redhat has released a new kernel, which includes fixes for some high risk vulnerabilities that effect RHEL 8, but also RHEL 7 and 9. CVE ID/CVSS Score : CVE-2023-4623/7.8 Affecting RHEL7, RHEL8, and RHEL9 CVE ID/CVSS Score : CVE-2023-4921/7.8 Affecting RHEL7 and RHEL8...
High vulnerability in Lustre: CVE-2023-51786
There is a vulnerability in Lustre where users may gain access to files and/or folders which they should not have permission to access based on their user or group ID. This may lead to data compromise or possible privilege escalation. Please see...
