Daily Archives: June 22, 2022

News

Dozens of insecure-by-design flaws found in OT products

Read Time:38 Second

A new research project has uncovered 56 vulnerabilities in operational technology (OT) devices from 10 different vendors, all of which stem from insecurely designed or implemented functionality rather than programming errors. This highlights that despite the increased attention this type of critical devices have received over the past decade from both security researchers and malicious attackers, the industry is still not following fundamental secure-by-design principles.

“Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts,” researchers from security firm Forescout said in their new report.

To read this article in full, please click here

Read More

Advisories

xen-4.15.2-5.fc35

Read Time:18 Second

FEDORA-2022-bf6409e963

Packages in this update:

xen-4.15.2-5.fc35

Update description:

x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]

x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]

Read More

Advisories

xen-4.16.1-4.fc36

Read Time:9 Second

FEDORA-2022-925fc688c1

Packages in this update:

xen-4.16.1-4.fc36

Update description:

x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]

Read More

Advisories

apptainer-1.0.2-2.fc36 asciigraph-0.5.5-2.fc36 buildah-1.26.1-4.fc36 butane-0.14.0-2.fc36 caddy-2.4.6-3.fc36 cheat-4.2.2-4.fc36 clipman-1.6.1-3.fc36 cri-o-1.24.1-2.fc36 deepin-gir-generator-2.1.0-3.fc36 docker-distribution-2.6.2-17.git48294d9.fc36 git-lfs-3.1.2-4.fc36 git-octopus-2.0-0.4.beta.3.fc36.12 gmailctl-0.10.4-3.fc36 go-bindata-3.0.7-22.gita0ff256.fc36 godep-62-17.fc36 golang-1.18.3-2.fc36 golang-ariga-atlas-0.3.6-3.fc36 golang-entgo-ent-0.10.0-4.fc36 golang-github-chromedp-0.8.1-2.fc36 golang-github-client9-gospell-0-0.11.20190524git90dfc71.fc36 golang-github-elves-elvish-0.15.0-4.fc36 golang-github-google-dap-0.4.0-4.fc36 golang-github-heistp-irtt-0.9.1-2.fc36 golang-github-kalafut-imohash-1.0.2-3.fc36 golang-github-letsencrypt-pebble-2.3.1-5.fc36 golang-github-lofanmi-pinyin-1.0-4.fc36 golang-github-lunixbochs-vtclean-1.0.0-8.fc36 golang-github-mbndr-figlet4go-0-0.8.20191009gitd6cef5b.fc36 golang-github-mozillazg-pinyin-0.19.0-4.fc36 golang-github-msprev-fzf-bibtex-1.1-5.20220205gitd5df2c6.fc36 golang-github-rickb777-date-1.19.1-2.fc36 golang-github-segmentio-ksuid-1.0.4-3.fc36 golang-github-sqshq-sampler-1.1.0-9.fc36 golang-github-tomnomnom-xtermcolor-0.1.2-8.fc36 golang-github-tscholl2-siec-0-3.20211128git9bdfc48.fc36 golang-github-zyedidia-highlight-0-0.6.20200218git291680f.fc36 golang-rsc-pdf-0.1.1-10.fc36 golang-starlark-0-0.7.20210113gite81fc95.fc36 gomtree-0.4.0-11.fc36 google-guest-agent-20201217.02-4.fc36 gotun-0-0.14.gita9dbe4d.fc36 grafana-7.5.15-3.fc36 grafana-pcp-3.2.0-3.fc36 gron-0.7.1-2.fc36 ignition-2.14.0-2.fc36 kata-containers-2.3.3-2.fc36.1 kompose-1.17.0-9.fc36 manifest-tool-2.0.3-2.fc36 oci-seccomp-bpf-hook-1.2.5-3.fc36 origin-3.11.2-6.fc36 osbuild-composer-55-2.fc36 pack-0.27.0~rc1-4.fc36 podman-4.1.1-2.fc36 reposurgeon-4.32-2.fc36 restic-0.12.1-3.fc36 runc-1.1.1-2.fc36 singularity-3.8.7-2.fc36 skopeo-1.8.0-9.fc36 xe-guest-utilities-latest-7.30.0-4.fc36

Read Time:2 Minute, 20 Second

FEDORA-2022-ba365d3703

Packages in this update:

apptainer-1.0.2-2.fc36
asciigraph-0.5.5-2.fc36
buildah-1.26.1-4.fc36
butane-0.14.0-2.fc36
caddy-2.4.6-3.fc36
cheat-4.2.2-4.fc36
clipman-1.6.1-3.fc36
cri-o-1.24.1-2.fc36
deepin-gir-generator-2.1.0-3.fc36
docker-distribution-2.6.2-17.git48294d9.fc36
git-lfs-3.1.2-4.fc36
git-octopus-2.0-0.4.beta.3.fc36.12
gmailctl-0.10.4-3.fc36
go-bindata-3.0.7-22.gita0ff256.fc36
godep-62-17.fc36
golang-1.18.3-2.fc36
golang-ariga-atlas-0.3.6-3.fc36
golang-entgo-ent-0.10.0-4.fc36
golang-github-chromedp-0.8.1-2.fc36
golang-github-client9-gospell-0-0.11.20190524git90dfc71.fc36
golang-github-elves-elvish-0.15.0-4.fc36
golang-github-google-dap-0.4.0-4.fc36
golang-github-heistp-irtt-0.9.1-2.fc36
golang-github-kalafut-imohash-1.0.2-3.fc36
golang-github-letsencrypt-pebble-2.3.1-5.fc36
golang-github-lofanmi-pinyin-1.0-4.fc36
golang-github-lunixbochs-vtclean-1.0.0-8.fc36
golang-github-mbndr-figlet4go-0-0.8.20191009gitd6cef5b.fc36
golang-github-mozillazg-pinyin-0.19.0-4.fc36
golang-github-msprev-fzf-bibtex-1.1-5.20220205gitd5df2c6.fc36
golang-github-rickb777-date-1.19.1-2.fc36
golang-github-segmentio-ksuid-1.0.4-3.fc36
golang-github-sqshq-sampler-1.1.0-9.fc36
golang-github-tomnomnom-xtermcolor-0.1.2-8.fc36
golang-github-tscholl2-siec-0-3.20211128git9bdfc48.fc36
golang-github-zyedidia-highlight-0-0.6.20200218git291680f.fc36
golang-rsc-pdf-0.1.1-10.fc36
golang-starlark-0-0.7.20210113gite81fc95.fc36
gomtree-0.4.0-11.fc36
google-guest-agent-20201217.02-4.fc36
gotun-0-0.14.gita9dbe4d.fc36
grafana-7.5.15-3.fc36
grafana-pcp-3.2.0-3.fc36
gron-0.7.1-2.fc36
ignition-2.14.0-2.fc36
kata-containers-2.3.3-2.fc36.1
kompose-1.17.0-9.fc36
manifest-tool-2.0.3-2.fc36
oci-seccomp-bpf-hook-1.2.5-3.fc36
origin-3.11.2-6.fc36
osbuild-composer-55-2.fc36
pack-0.27.0~rc1-4.fc36
podman-4.1.1-2.fc36
reposurgeon-4.32-2.fc36
restic-0.12.1-3.fc36
runc-1.1.1-2.fc36
singularity-3.8.7-2.fc36
skopeo-1.8.0-9.fc36
xe-guest-utilities-latest-7.30.0-4.fc36

Update description:

Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629.

osbuilder: Fix wrong config setting

Read More

Advisories

golang-github-prometheus-client-1.12.2-1.fc37

Read Time:19 Second

FEDORA-2022-d8881cf797

Packages in this update:

golang-github-prometheus-client-1.12.2-1.fc37

Update description:

Automatic update for golang-github-prometheus-client-1.12.2-1.fc37.

Changelog

* Wed Jun 22 2022 Maxwell G <gotmax@e.email> 1.12.2-1
– Update to 1.12.1 Close: rhbz#2042592 rhbz#2067400
– Mitigate CVE-2022-21698 (rhbz#2067400).

Read More

Advisories

chromium-102.0.5005.115-1.fc36

Read Time:37 Second

FEDORA-2022-7416607232

Packages in this update:

chromium-102.0.5005.115-1.fc36

Update description:

Update to 102.0.5005.115.

Fixes:
CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641
CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876

Read More

Advisories

chromium-102.0.5005.115-1.fc35

Read Time:37 Second

FEDORA-2022-bcb096166f

Packages in this update:

chromium-102.0.5005.115-1.fc35

Update description:

Update to 102.0.5005.115.

Fixes:
CVE-2022-1633 CVE-2022-1634 CVE-2022-1635 CVE-2022-1636 CVE-2022-1637 CVE-2022-1638 CVE-2022-1639 CVE-2022-1640 CVE-2022-1641
CVE-2022-1853 CVE-2022-1854 CVE-2022-1855 CVE-2022-1856 CVE-2022-1857 CVE-2022-1858 CVE-2022-1859 CVE-2022-1860 CVE-2022-1861 CVE-2022-1862 CVE-2022-1863 CVE-2022-1864 CVE-2022-1865 CVE-2022-1866 CVE-2022-1867 CVE-2022-1868 CVE-2022-1869 CVE-2022-1870 CVE-2022-1871 CVE-2022-1872 CVE-2022-1873 CVE-2022-1874 CVE-2022-1875 CVE-2022-1876

Read More

Advisories

bettercap-2.32.0-4.fc37 cadvisor-0.44.1-2.fc37 containerd-1.6.6-3.fc37 gobuster-3.1.0-3.fc37 golang-1.18.3-2.fc37 golang-gioui-0-8.20201225git18d4dbf.fc37 golang-github-cactus-statsd-client-5.0.0-5.fc37 golang-github-containerd-stargz-snapshotter-0.10.1-2.fc37 golang-github-containernetworking-cni-1.1.1-4.fc37 golang-github-crossdock-0-0.8.20190628git049aabb.fc37 golang-github-evanphx-json-patch-5.5.0-3.fc37 golang-github-hashicorp-serf-0.9.5-5.fc37 golang-github-oklog-ulid-2.0.2-10.fc37 golang-github-pact-foundation-1.5.1-6.fc37 golang-github-posener-complete-1.2.3-8.fc37 golang-github-prometheus-alertmanager-0.23.0-9.fc37 golang-github-shopify-sarama-1.27.2-5.fc37 golang-github-tdewolff-minify-2.11.10-3.fc37 golang-github-theupdateframework-notary-0.7.0-5.fc37 golang-nanomsg-mangos-3-3.2.1-6.fc37 grafana-7.5.15-3.fc37 graphviz-4.0.0-6.fc37

Read Time:1 Minute, 2 Second

FEDORA-2022-fe8d1879bc

Packages in this update:

bettercap-2.32.0-4.fc37
cadvisor-0.44.1-2.fc37
containerd-1.6.6-3.fc37
gobuster-3.1.0-3.fc37
golang-1.18.3-2.fc37
golang-gioui-0-8.20201225git18d4dbf.fc37
golang-github-cactus-statsd-client-5.0.0-5.fc37
golang-github-containerd-stargz-snapshotter-0.10.1-2.fc37
golang-github-containernetworking-cni-1.1.1-4.fc37
golang-github-crossdock-0-0.8.20190628git049aabb.fc37
golang-github-evanphx-json-patch-5.5.0-3.fc37
golang-github-hashicorp-serf-0.9.5-5.fc37
golang-github-oklog-ulid-2.0.2-10.fc37
golang-github-pact-foundation-1.5.1-6.fc37
golang-github-posener-complete-1.2.3-8.fc37
golang-github-prometheus-alertmanager-0.23.0-9.fc37
golang-github-shopify-sarama-1.27.2-5.fc37
golang-github-tdewolff-minify-2.11.10-3.fc37
golang-github-theupdateframework-notary-0.7.0-5.fc37
golang-nanomsg-mangos-3-3.2.1-6.fc37
grafana-7.5.15-3.fc37
graphviz-4.0.0-6.fc37

Update description:

Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

Read More