It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House’s comments in January on the Office of Management and Budget’s (OMB’s) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats.”
Daily Archives: August 29, 2022
rubygem-puma-5.6.5-1.fc37
FEDORA-2022-7c8b29195f
Packages in this update:
rubygem-puma-5.6.5-1.fc37
Update description:
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
FEDORA-2022-7bc0f14a13
Packages in this update:
rubygem-puma-5.6.5-1.fc38
Update description:
Automatic update for rubygem-puma-5.6.5-1.fc38.
Changelog
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
CVE-2021-41781
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVE-2021-41780
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVE-2021-40326
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
DSA-5221 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.