python-twisted-22.4.0-1.fc37

Read Time:18 Second

FEDORA-2022-dc6dc2cfd3

Packages in this update:

python-twisted-22.4.0-1.fc37

Update description:

Automatic update for python-twisted-22.4.0-1.fc37.

Changelog

* Thu Jun 23 2022 Robert-André Mauchin <zebob.m@gmail.com> 22.4.0-1
– Update to 22.4.0 Close: rhbz#2046562 rhbz#2073115 rhbz#2060972
rhbz#2059508

Read More

Open-source software risks persist, according to new reports

Read Time:37 Second

Open-source software (OSS) has become a mainstay of most applications, but it has also created security challenges for developers and security teams, challenges that may be overcome by the growing “shift left” movement, according to two studies released this week.

More than four out of five organizations (41%) don’t have high confidence in their open-source security, researchers at Snyk, a developer security company, and The Linux Foundation reveal in their The State of Open Source Security report.

It also notes that the time to fix vulnerabilities in open-source projects has steadily increased over the last three years, more than doubling from 49 days in 2018 to 110 days in 2021.

To read this article in full, please click here

Read More

USN-5487-3: Apache HTTP Server regression

Read Time:1 Minute, 24 Second

USN-5487-1 fixed several vulnerabilities in Apache HTTP Server.
Unfortunately it caused regressions. USN-5487-2 reverted the
patches that caused the regression in Ubuntu 14.04 ESM for further
investigation. This update re-adds the security fixes for Ubuntu
14.04 ESM and fixes two different regressions: one affecting mod_proxy
only in Ubuntu 14.04 ESM and another in mod_sed affecting also Ubuntu 16.04 ESM
and Ubuntu 18.04 LTS.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

Kaseya closes $6.2 billion Datto deal, vows to cut prices

Read Time:45 Second

Kaseya, a maker of IT service and security management software, announced Thursday that it had finalized its $6.2 billion acquisition of cybersecurity company Datto, promising tight integration between the two companies’ products and lower pricing for customers.

The deal’s closure marks the third high-profile acquisition for Kaseya in the past 18 months, as the company acquired security threat response company Infocyte in January, and threat detection company BitDam in March 2021. A total of 12 acquisitions have been completed by Kaseya under CEO Fred Voccola.

The company’s public messaging about the Datto deal emphasized impending price cuts—an average of 10% across the board, according to Kaseya. Some products are expected to remain at the same price point, while others will drop significantly more, Kaseya said. Datto will continue to operate as an independent brand, Kaseya added.

To read this article in full, please click here

Read More

Cisco reports vulnerabilities in products including email and web manager

Read Time:41 Second

Cisco has issued alerts for a vulnerability found in its email security and web management products that could allow an authenticated remote actor to retrieve sensitive information from an affected device.

An advisory issued by Cisco this week outlined that the vulnerability—detected in the web management interface of Cisco Secure Email and Web Manager, known formerly as Cisco Security Management Appliance (CSMA), and Cisco Email Security Appliance (ESA)—allows an authenticated actor to extract sensitive information through a Lightweight Directory Access Protocol (LDAP) server connected to the affected device.

This vulnerability is due to a design oversight in the querying process, according to Cisco. LDAP is an external authentication protocol for accessing and maintaining distributed directory information services on the public internet or corporate intranet.

To read this article in full, please click here

Read More