High risk vulnerability in OpenSSL 3.0.x

The OpenSSL project have released OpenSSL 3.0.7 which is a security fix for the vulnerability CVE-2022-3602 which consists of a buffer overrun. The details of this vulnerability are available in the OpenSSL security advisory. SVG advisory is available here and...

read more

Critical vulnerability in device-mapper-multipath

A critical vulnerability has been found in device-mapper-multipath which may allow authorization bypass Details on this can be found here: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt The vulnerability only affects hosts that are running...

read more

Vulnerability CVE-2022-40674 in expat

A vulnerabilty has been found in the expat library which may allow remote code execution. Sites running Redhat or derivates should see https://access.redhat.com/security/cve/cve-2022-40674 Details about the SVG advisory can be found on the SVG advisories' website:...

read more

EGI CSIRT hackathon in CERN

For the first time, several members of EGI CSIRT assembled in CERN for a week-long hackathon focusing on future projects. This event was highly successful and could form a useful template for work requiring several team members to meet concurrently.

read more

Linux namespaces and containers

A namespace wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Containers are an implementation of using namespaces.The namespaces in Linux are:...

read more

Security training at EGI conference 2022

Members of the EGI CSIRT led a lively, well-attended security workshop on the last day of the EGI Conference. The workshop covered risk management and vulnerability risk assessment, security architecture, and threat intelligence, security operations centres and...

read more
Trusted Introducer