It seems as if everyone is playing “buzzword bingo” when it comes to zero trust and its implementation, and it starts with government guidance. The White House’s comments in January on the Office of Management and Budget’s (OMB’s) Federal Zero Trust Strategy for all federal agencies and departments were both pragmatic and aspirational. Their observation, citing the Log4j vulnerability as an example, sums it up nicely: “The zero-trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats.”
Monthly Archives: August 2022
rubygem-puma-5.6.5-1.fc37
FEDORA-2022-7c8b29195f
Packages in this update:
rubygem-puma-5.6.5-1.fc37
Update description:
Update to Puma 5.6.5.
rubygem-puma-5.6.5-1.fc38
FEDORA-2022-7bc0f14a13
Packages in this update:
rubygem-puma-5.6.5-1.fc38
Update description:
Automatic update for rubygem-puma-5.6.5-1.fc38.
Changelog
* Thu Aug 25 2022 Vít Ondruch <vondruch@redhat.com> – 5.6.5-1
– Update to Puma 5.6.5.
Resolves: rhbz#2046576
Resolves: rhbz#2113697
Resolves: rhbz#2071625
Resovles: rhbz#2054212
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 5.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
CVE-2021-41781
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVE-2021-41780
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
CVE-2021-40326
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.
DSA-5221 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
python-nbclient-0.6.7-1.fc38 python-nbconvert-6.5.3-3.fc38
FEDORA-2022-b910e3473f
Packages in this update:
python-nbclient-0.6.7-1.fc38
python-nbconvert-6.5.3-3.fc38
Update description:
New versions of nbclient and nbconvert.
CVE-2019-15167
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.
A Vulnerability in Atlassian Bitbucket Server and Data Center Could Allow For Remote Code Execution
A Vulnerability has been discovered in Atlassian Bitbucket Server and Data Center which could allow for remote code execution. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Successful exploitation could allow the attacker to execute remote code in context of the application. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.