FEDORA-2022-90162a1d88
Packages in this update:
kernel-6.0.15-300.fc37
Update description:
The 6.0.15 stable kernel update contains a number of important fixes across the tree.
kernel-6.0.15-300.fc37
The 6.0.15 stable kernel update contains a number of important fixes across the tree.
A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475.
A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.
A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability.
A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.
The ongoing incident has impacted clinical and corporate systems, as well as some hospital phone lines and webpages
There’s an old security adage: a chain is only as strong as its weakest link. The sentiment long predates Information and Communications Technology (ICT), but it’s never been more relevant. With modern ICT connecting millions of systems worldwide, there are exponentially more “links” to worry about. That’s especially true when we shift our focus from defending against external threats, which organizations have gotten pretty good at, to those originating inside an organization’s sphere of trust. Here, we have work to do — starting with the ICT supply chain itself.
Today’s supply chains are a modern marvel. Vast webs of suppliers, manufacturers, integrators, shipping carriers, and others allow vendors to build ICT products more cost-effectively and to quickly deliver them to customers anywhere. But modern supply chains also increase the number of parties with access to those products — and the number of potential weak links that cybercriminals could seek to exploit. By targeting an organization’s hardware or software supply chain, hackers can compromise an ICT product before it’s even deployed. And, since that product is coming from a supplier the target implicitly trusts, the compromise may go undetected until it’s too late.
curl-7.85.0-5.fc37
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
curl-7.82.0-12.fc36
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
While 57% of these breaches were attributed to different types of malware, ATM skimming still accounted for 6.5% of all attacks targeting the financial sector