FEDORA-2022-dbd2935e44
Packages in this update:
rsync-3.2.3-6.fc34
Update description:
Security fix for CVE-2018-25032
rsync-3.2.3-6.fc34
Security fix for CVE-2018-25032
rsync-3.2.3-15.fc36
Security fix for CVE-2018-25032
rsync-3.2.3-9.fc35
Security fix for CVE-2018-25032
The so-called software supply chain has been generating a lot of buzz these days. It came fully into the spotlight because of the global intrusion campaign where attackers used the update process of the popular Orion management software from SolarWinds to upload malicious code. Over 18,000 customers were affected, although the attackers only selectively attacked major corporations and government agencies once their backdoor was installed.
SolarWinds was probably the highest-profile supply chain attack in recent history, but there have been many others. The attack led to a reevaluation of who is responsible for security. For example, one of the major responses to the SolarWinds attack was President Biden’s Executive Order on Improving the Nation’s Cybersecurity. Among other things, the order stresses the need for supply chain security. And for the first time, a high-profile government directive specifically mentioned developers’ responsibility to deploy secure software.
With the weight of Western sanctions crippling parts of the Russian economy, the consensus seems to be that Moscow’s ambitions of being a major player in the development of machine learning, robotics, natural language processing and other artificial intelligence (AI) tools are functionally dead. The consequences of the war waged against Ukraine on Russia’s wealth, workforce and access to sophisticated imported products such as microprocessors used to operate everything from mobile devices to automobiles are immense.
rubygem-nokogiri-1.11.7-2.fc34
Backport fix for possible DOS by regex assigned as CVE-2022-24836.
rubygem-nokogiri-1.13.1-2.fc35
Backport fix for possible DOS by regex assigned as CVE-2022-24836.
rubygem-nokogiri-1.13.4-1.fc36
New version 1.13.4 is released. This new version addresses possible DOS by regex, assigned as CVE-2022-24836.