DOS Vulnerability in OpenSSL – CVE-2022-0778
A DoS vulnerability has been announced in OpenSSL (CVE-2022-0778), affecting OpenSSL versions 1.0.2, 1.1.0, 1.1.1 and 3.0. EGI SVG considers this vulnerability to have a limited risk to EGI sites. For more details, read our advisory.
IT forensics for System Administrators
GEANT will deliver another online training programme IT Forensics for System Administrators - Part 2, which consists of 5 sessions and will run from 27th of April to 30th of May 2022. The registration is open: https://events.geant.org/event/1194 One of the sessions,...
HTCondor Security Release: 8.8.16, 9.0.10, and 9.6.0
New versions of HTCondor have been released to address three security vulnerabilities, sites that are running HTCondor as local batch system should upgrade as soon as possible. References:...
EGI CSIRT security workshop at ISGC 2022
EGI CSIRT will hold a security workshop on containers at the International Symposium of Grid and Cloud 2022, a virtual conference that will be held from 21 to 25 March 2022. With the uptake of different virtualization technologies also in traditional data processing...
Access control to compute and storage infrastructure
EGI CSIRT has prepared a document which gathers the information on how to restrict access to compute and storage resources in the EGI infrastructure. Site administrators can have a look at this EGI website.
Local privilege escalation vulnerability in polkit
A privilege escalation vulnerability CVE-2021-4034 has been discovered on polkit's pkexec utility - a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. A temporary mitigation is to remove the setuid bit...
