python-twisted-22.4.0-1.fc37
Automatic update for python-twisted-22.4.0-1.fc37.
* Thu Jun 23 2022 Robert-André Mauchin <zebob.m@gmail.com> 22.4.0-1
– Update to 22.4.0 Close: rhbz#2046562 rhbz#2073115 rhbz#2060972
rhbz#2059508
Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the growing “shift left” movement, according to two studies released this week.
More than four out of five organizations (41%) don’t have high confidence in their open-source security, researchers at Snyk, a developer security company, and The Linux Foundation reveal in their The State of Open Source Security report.
It also notes that the time to fix vulnerabilities in open-source projects has steadily increased over the last three years, more than doubling from 49 days in 2018 to 110 days in 2021.
A panel of experts discussed practical strategies to implement security on a budget
It was discovered that Vim incorrectly handled memory when opening and
searching the contents of certain files. If an attacker could trick a user
into opening a specially crafted file, it could cause Vim to crash.
USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)
It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)
It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)
Kaseya, a maker of IT service and security management software, announced Thursday that it had finalized its $6.2 billion acquisition of cybersecurity company Datto, promising tight integration between the two companies’ products and lower pricing for customers.
The deal’s closure marks the third high-profile acquisition for Kaseya in the past 18 months, as the company acquired security threat response company Infocyte in January, and threat detection company BitDam in March 2021. A total of 12 acquisitions have been completed by Kaseya under CEO Fred Voccola.
The company’s public messaging about the Datto deal emphasized impending price cuts—an average of 10% across the board, according to Kaseya. Some products are expected to remain at the same price point, while others will drop significantly more, Kaseya said. Datto will continue to operate as an independent brand, Kaseya added.
Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device.
An advisory issued by Cisco this week outlined that the vulnerability—detected in the web management interface of Cisco Secure Email and Web Manager, known formerly as Cisco Security Management Appliance (CSMA), and Cisco Email Security Appliance (ESA)—allows an authenticated actor to extract sensitive information through a Lightweight Directory Access Protocol (LDAP) server connected to the affected device.
This vulnerability is due to a design oversight in the querying process, according to Cisco. LDAP is an external authentication protocol for accessing and maintaining distributed directory information services on the public internet or corporate intranet.
Securing end points is just one challenge facing firms in the legal sector
Securing endpoints is just one challenge facing firms in the legal sector
exim-4.95-1.el8
This is an update fixing CVE-2021-38371.
