EGI-CSIRT first F2F meeting in 2024
The EGI CSIRT traditionally meets in Prague for the first F2F meeting in the year. The discussions in this meeting will cover our core activities (handling software vulnerabilities, incident response, security monitoring and others), our security policies and...
Terrapin
A new vulnerability in the SSH cryptographic network protocol has been discovered (CVE-2023-48795) that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The vulnerability has been found in OpenSSH before...
Intel processor vulnerability CVE-2023-23583
A security vulnerability CVE-2023-23583 was found in some Intel processors potentially allowing privilege escalation, information disclosure and/or a denial of service via local access. See more about this vulnerability in our SVG Advisory.
High risk buffer overflow vulnerability in GNU C Library
HIGH risk buffer overflow vulnerability CVE-2023-4911 in GNU C Library’s dynamic loader ld.so which may lead to privilege escalation. [R 1] [R 2]. This affects RHEL8, RHEL9 and derivatives, but not RHEL7. More about this vulnerability and how to mitigate it, can be...
High risk vulnerability in INDIGO-IAM
A HIGH risk vulnerability has been found concerning INDIGO-IAM where a user may be granted rights to which they are not entitled. Effectively this is a privilege escalation vulnerability. This is fixed in INDIGO-IAM version 1.8.1p2 and 1.8.2p2. More about this...
HIGH risk Slurm race condition vulnerability
Multiple HIGH risk race condition vulnerabilities concerning Slurm (CVE-2023-41914) were found which may result in the user taking ownership of an arbitrary file on the system. This has been fixed in Slurm versions 23.02.6 and 22.05.10. Sites using a vulnerable...
