golang-1.18.3-1.fc36
go1.18.3 includes security fixes to the crypto/rand, crypto/tls, os/exec, and path/filepath packages, as well as bug fixes to the compiler, and the crypto/tls and text/template/parse packages.
It was discovered that FFmpeg would attempt to divide by zero when using Linear
Predictive Coding (LPC) or AAC codecs. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20445, CVE-2020-20446,
CVE-2020-20453)
It was discovered that FFmpeg incorrectly handled certain input. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-20450)
It was discovered that FFmpeg incorrectly handled file conversion to APNG
format. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-21041)
It was discovered that FFmpeg incorrectly handled remuxing RTP-hint tracks.
A remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-21688)
It was discovered that FFmpeg incorrectly handled certain specially crafted
AVI files. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 21.10. (CVE-2020-21697)
It was discovered that FFmpeg incorrectly handled writing MOV video tags. An
attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22015)
It was discovered that FFmpeg incorrectly handled writing MOV files. An
attacker could possibly use this issue to cause a denial of service or other
unspecified impact. This issue affected only Ubuntu 18.04 LTS. (CVE-2020-22016)
It was discovered that FFmpeg incorrectly handled memory when using certain
filters. An attacker could possibly use this issue to cause a denial of service
or other unspecified impact. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-22017, CVE-2020-22020, CVE-2020-22022,
CVE-2020-22023, CVE-2022-22025, CVE-2020-22026, CVE-2020-22028, CVE-2020-22031,
CVE-2020-22032, CVE-2020-22034, CVE-2020-22036, CVE-2020-22042)
It was discovered that FFmpeg incorrectly handled memory when using certain
filters. An attacker could possibly use this issue to cause a denial of service
or other unspecified impact. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2020-22019, CVE-2020-22021,
CVE-2020-22033)
It was discovered that FFmpeg incorrectly handled memory when using certain
filters. An attacker could possibly use this issue to cause a denial of service
or other unspecified impact. This issue only affected Ubuntu 21.10.
(CVE-2020-22027, CVE-2020-22029, CVE-2020-22030, CVE-2020-22035)
It was discovered that FFmpeg incorrectly handled certain specially crafted
JPEG files. An attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 21.10. (CVE-2020-22037)
It was discovered that FFmpeg incorrectly performed calculations in EXR codec.
An attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-35965)
It was discovered that FFmpeg did not verify return values of functions
init_vlc and init_get_bits. An attacker could possibly use this issue to cause
a denial of service or other unspecified impact. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 21.10. (CVE-2021-38114,
CVE-2021-38171)
It was discovered that FFmpeg incorrectly handled certain specially crafted
files. An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10 and Ubuntu 22.04 LTS. (CVE-2022-1475)
The ca-certificates package contained outdated CA certificates. This update
refreshes the included certificates to those contained in the 2.50 version
of the Mozilla certificate authority bundle.
People are leaking classified military information on discussion boards for the video game War Thunder to win arguments—repeatedly.
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component.
If your organization is having trouble creating policies, I hope that this blog post will help you set a clear path. We’ll discuss setting up your organization up for success by ensuring that you do not treat your policies as a “do once and forget” project. Many organizations I have worked with have done that, but later realized good policy lifecycle is required, and a pillar of good governance.
Organizations often feel that developing and enforcing policies is bureaucratic and tedious, but the importance of policies is often felt when your organization does not have them. Not only are they a cost of doing business, but they are also used to establish the foundation and norms of acquiring, operating, and securing technology and information assets.
The lifecycle, as it implies, should be iterative and continuous, and policies should be revisited at a regular cadence to ensure they remain relevant and deliver value to your business.
The first step is to find out where your organization is, this step should shine a light on where, and what gaps exist.
First, determine how you will be assessing your policies; here is a checklist, whether you are building new ones or bringing current ones up to date:
Is it current and up to date
Does it have a clear purpose or goal
Does it have a clear scope (inclusions /exclusions)
Does it have a clear ownership
Does it have a clear list of affected people
Does it have language that is easy to understand
Is it detailed enough to avoid misinterpretations
Does it follow the laws/regulations/ethical standards
Does it reflect the organizational goals/values and culture
Are key terms and acronyms defined
Have related policies and procedures been identified
Are there clear consequences for non-compliance
Is it approved and supported by management
Is it enforceable
Next, inventory your organization’s policies by listing them and then assessing the quality using the previous list. Based on the quality, identify if your organization needs new policies or if the existing ones need improvement, then determine the amount of work that will be required.
Best practices suggest that you may want to prioritize your efforts on the most significant improvements, those that focus on the most serious business vulnerabilities.
Understand that policy improvement does not end with a new policy document. You will need to plan for communications, training, process changes, and any technology improvements needed to make the policy fair and enforceable.
After the assessment is done, you should plan on developing your policies or revamping the old ones. Although there is no consensus on what makes a good policy, referenced material [1] [2] [3] [4] suggests the following best practices, policies should have a clear purpose and precise presentation that drives compliance by eliminating misinterpretations;
All policies should include and describe the following:
Purpose
Expectations
Consequences
Glossary of terms
For maximum effect, policies should be written:
With everyday language
With direct and active voice
Precisely to avoid misinterpretation
Realistically
Consistently in keeping with standards
Consider that policies need to be actively sold to the people who are supposed to follow them. You can achieve that by using a communication plan that includes:
Goals and objectives
Key messages
Potential barriers
Suggested actions
Budget considerations
Timelines
A lack of enforcement will create ethical, financial, and legal risks to any organization. Among the risks are loss of productivity due to abuse of privileges, potential wasted resources, and loss of reputation if an employee engages in illegal activities due to poor policy enforcement, which can lead to potential litigation. Make sure that you have clear rules of engagement.
Your organization should establish the proper support framework around Leadership, Process, and Monitoring. Policies should perform against standards. Policies don’t always fail due to bad behavior; they fail because:
They are poorly written
There is no enforcement
They are illegal or unethical
They are poorly communicated
They go against company culture
If your company feels overwhelmed thinking about all the moving pieces that make up an IT Policy Management Lifecycle. Let AT&T Cybersecurity Consulting help whether you need to amend existing policies, implement one or more brand new policies, or need a complete overhaul of the entire policy portfolio.
1) F. H. Alqahtani, “Developing an Information Security Policy: A Case Study Approach,” Science Direct, vol. 124, pp. 691-697, 2017.
2) S. Diver, “SANS White Papers,” SANS , 02 03 2004. [Online]. Available: https://www.sans.org/white-papers/1331/. [Accessed 15
3) S. V. Flowerday and T. Tuyikeze, “Information security policy development and implementation: The what, how, and who,” Science Direct, vol. 61, pp. 169-183, 2016.
4) K. J. Knapp, R. F. Morris, T. E. Marshall and T. A. Byrd, “Information security policy: An Organizational level process model,” Science Direct, vol. 28, no. 7, pp. 493-508, 2007.
ntfs-3g-system-compression-1.0-9.fc35
Rebuild for ntfs-3g CVE
ntfs-3g-system-compression-1.0-9.fc36
Rebuild for ntfs-3g CVE
