A new research project has uncovered 56 vulnerabilities in operational technology (OT) devices from 10 different vendors, all of which stem from insecurely designed or implemented functionality rather than programming errors. This highlights that despite the increased attention this type of critical devices have received over the past decade from both security researchers and malicious attackers, the industry is still not following fundamental secure-by-design principles.
“Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts,” researchers from security firm Forescout said in their new report.
To read this article in full, please click here
FEDORA-2022-bf6409e963
Packages in this update:
xen-4.15.2-5.fc35
Update description:
x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]
x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]
FEDORA-2022-92ef43c439
Packages in this update:
golang-github-prometheus-client-1.12.2-2.fc36
Update description:
Update to 1.12.1 Close: rhbz#2042592
Mitigate CVE-2022-21698 (rhbz#2067400).
FEDORA-2022-925fc688c1
Packages in this update:
xen-4.16.1-4.fc36
Update description:
x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]
Read Time: 2 Minute, 20 Second
FEDORA-2022-ba365d3703
Packages in this update:
apptainer-1.0.2-2.fc36
asciigraph-0.5.5-2.fc36
buildah-1.26.1-4.fc36
butane-0.14.0-2.fc36
caddy-2.4.6-3.fc36
cheat-4.2.2-4.fc36
clipman-1.6.1-3.fc36
cri-o-1.24.1-2.fc36
deepin-gir-generator-2.1.0-3.fc36
docker-distribution-2.6.2-17.git48294d9.fc36
git-lfs-3.1.2-4.fc36
git-octopus-2.0-0.4.beta.3.fc36.12
gmailctl-0.10.4-3.fc36
go-bindata-3.0.7-22.gita0ff256.fc36
godep-62-17.fc36
golang-1.18.3-2.fc36
golang-ariga-atlas-0.3.6-3.fc36
golang-entgo-ent-0.10.0-4.fc36
golang-github-chromedp-0.8.1-2.fc36
golang-github-client9-gospell-0-0.11.20190524git90dfc71.fc36
golang-github-elves-elvish-0.15.0-4.fc36
golang-github-google-dap-0.4.0-4.fc36
golang-github-heistp-irtt-0.9.1-2.fc36
golang-github-kalafut-imohash-1.0.2-3.fc36
golang-github-letsencrypt-pebble-2.3.1-5.fc36
golang-github-lofanmi-pinyin-1.0-4.fc36
golang-github-lunixbochs-vtclean-1.0.0-8.fc36
golang-github-mbndr-figlet4go-0-0.8.20191009gitd6cef5b.fc36
golang-github-mozillazg-pinyin-0.19.0-4.fc36
golang-github-msprev-fzf-bibtex-1.1-5.20220205gitd5df2c6.fc36
golang-github-rickb777-date-1.19.1-2.fc36
golang-github-segmentio-ksuid-1.0.4-3.fc36
golang-github-sqshq-sampler-1.1.0-9.fc36
golang-github-tomnomnom-xtermcolor-0.1.2-8.fc36
golang-github-tscholl2-siec-0-3.20211128git9bdfc48.fc36
golang-github-zyedidia-highlight-0-0.6.20200218git291680f.fc36
golang-rsc-pdf-0.1.1-10.fc36
golang-starlark-0-0.7.20210113gite81fc95.fc36
gomtree-0.4.0-11.fc36
google-guest-agent-20201217.02-4.fc36
gotun-0-0.14.gita9dbe4d.fc36
grafana-7.5.15-3.fc36
grafana-pcp-3.2.0-3.fc36
gron-0.7.1-2.fc36
ignition-2.14.0-2.fc36
kata-containers-2.3.3-2.fc36.1
kompose-1.17.0-9.fc36
manifest-tool-2.0.3-2.fc36
oci-seccomp-bpf-hook-1.2.5-3.fc36
origin-3.11.2-6.fc36
osbuild-composer-55-2.fc36
pack-0.27.0~rc1-4.fc36
podman-4.1.1-2.fc36
reposurgeon-4.32-2.fc36
restic-0.12.1-3.fc36
runc-1.1.1-2.fc36
singularity-3.8.7-2.fc36
skopeo-1.8.0-9.fc36
xe-guest-utilities-latest-7.30.0-4.fc36
Update description:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629.
osbuilder: Fix wrong config setting
FEDORA-2022-d8881cf797
Packages in this update:
golang-github-prometheus-client-1.12.2-1.fc37
Update description:
Automatic update for golang-github-prometheus-client-1.12.2-1.fc37.
Changelog
* Wed Jun 22 2022 Maxwell G <gotmax@e.email> 1.12.2-1
– Update to 1.12.1 Close: rhbz#2042592 rhbz#2067400
– Mitigate CVE-2022-21698 (rhbz#2067400).
FEDORA-2022-7416607232
Packages in this update:
chromium-102.0.5005.115-1.fc36
Update description:
Update to 102.0.5005.115.
Fixes:
CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641
CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
FEDORA-2022-bcb096166f
Packages in this update:
chromium-102.0.5005.115-1.fc35
Update description:
Update to 102.0.5005.115.
Fixes:
CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641
CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876
FEDORA-EPEL-2022-59cdfb46c4
Packages in this update:
glances-3.2.5-1.el8
Update description:
Security fix for CVE-2021-23418
Read Time: 1 Minute, 2 Second
FEDORA-2022-fe8d1879bc
Packages in this update:
bettercap-2.32.0-4.fc37
cadvisor-0.44.1-2.fc37
containerd-1.6.6-3.fc37
gobuster-3.1.0-3.fc37
golang-1.18.3-2.fc37
golang-gioui-0-8.20201225git18d4dbf.fc37
golang-github-cactus-statsd-client-5.0.0-5.fc37
golang-github-containerd-stargz-snapshotter-0.10.1-2.fc37
golang-github-containernetworking-cni-1.1.1-4.fc37
golang-github-crossdock-0-0.8.20190628git049aabb.fc37
golang-github-evanphx-json-patch-5.5.0-3.fc37
golang-github-hashicorp-serf-0.9.5-5.fc37
golang-github-oklog-ulid-2.0.2-10.fc37
golang-github-pact-foundation-1.5.1-6.fc37
golang-github-posener-complete-1.2.3-8.fc37
golang-github-prometheus-alertmanager-0.23.0-9.fc37
golang-github-shopify-sarama-1.27.2-5.fc37
golang-github-tdewolff-minify-2.11.10-3.fc37
golang-github-theupdateframework-notary-0.7.0-5.fc37
golang-nanomsg-mangos-3-3.2.1-6.fc37
grafana-7.5.15-3.fc37
graphviz-4.0.0-6.fc37
Update description:
Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629
Posts navigation
News, Advisories and much more