Julien Levrard

Backdoor in xz/liblzma (CVE-2024-3094)

On March 29th, Andres Freund, a Postgres developer, working at Microsoft, identified a response time while authenticating to openSSH on a Debian Sid installation that was about 500 ms longer as usual. He investigated the behaviour and concluded that liblzma, part of the xz library, was compromised by a complex backdoor injected into distribution packages […]

Backdoor in xz/liblzma (CVE-2024-3094) Read More »

CVE-2023-20593/Zenbleed

On July 24th 2023, AMD has issued a security bulletin disclosing a vulnerability in its Zen2 computer processor microarchitecture. Named “Cross-Process Information Leak” by AMD, the vulnerability is also known as “Zenbleed”. Labelled CVE-2023-20593 and rated by AMD as Medium, the issue allows an attacker to potentially access sensitive information processed by the CPU in

CVE-2023-20593/Zenbleed Read More »

How to protect my cloud workloads (Log4Shell)

Log4shell, how to protect my cloud workloads

Update 22/12: 2 new vulnerabilities have been identify. Those vulnerabilities are also impacting the initial patchs (2.15.0 and 2.16.0): CVE-2021-45105 : Risk of Denial of Service (DOS) CVE-2021-45046 : Risk of information leak and remote code execution in some environments and local code execution in all environments Update 22/12: Updated table assessing the risks at

Log4shell, how to protect my cloud workloads Read More »

Log4j Vulnerability

Log4j vulnerability (CVE-2021-44228)

On December 10th, a group of security researchers published a security notice regarding a vulnerability in Log4j. Log4j is a library commonly used in Java environment to manage logging. Log4j versions 2.0 to 2.14.1 are affected by a vulnerability that may lead to remote code execution (RCE). Older versions of Log4j (1.X) might also be

Log4j vulnerability (CVE-2021-44228) Read More »

Microsoft Exchange Server Vulnerabilities

Microsoft Exchange Server Vulnerabilities

On March 2nd, Microsoft published a security patch for 4 vulnerabilities on Microsoft Exchange Server. Security researchers detected that those vulnerabilities are actively exploited for targeted attacks. The vulnerable version are: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 All OVHcloud Exchange managed services have been patched

Microsoft Exchange Server Vulnerabilities Read More »

Private Cloud en cours de qualification SecNumCloud

OVH est officiellement en cours de qualification pour son offre Private Cloud. Cette première étape formelle dans le projet de qualification est l’occasion de faire un point sur le dispositif mis en place pour aligner son offre avec les exigences élevées du référentiel SecNumCloud dans l’objectif de fournir un cloud de confiance reconnu comme tel

Private Cloud en cours de qualification SecNumCloud Read More »