Read Time:7 Second
Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework.
Yearly Archives: 2022
CVE-2021-31650
Read Time:7 Second
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
Friday Squid Blogging: Squid in Concert
Read Time:16 Second
Squid is performing a concert in London in February.
If you don’t know what their music is like, try this or this or this.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
samba-4.16.8-0.fc36
Read Time:9 Second
FEDORA-2022-7f9021ead1
Packages in this update:
samba-4.16.8-0.fc36
Update description:
Security fixes for CVE-2022-37966, CVE-2022-37967 and CVE-2022-38023
libptytty-2.0-2.el8 rxvt-unicode-9.30-3.el8
Read Time:14 Second
FEDORA-EPEL-2022-49c3f833e1
Packages in this update:
libptytty-2.0-2.el8
rxvt-unicode-9.30-3.el8
Update description:
Update to rxvt-unicode 9.30
This mitigates CVE-2022-4170
Introduce libptytty as a dependency since upstream split it out in 9.29+
samba-4.17.4-0.fc37
Read Time:6 Second
FEDORA-2022-cb92b4ea21
Packages in this update:
samba-4.17.4-0.fc37
Update description:
Update to version 4.17.4
BrandPost: One-Policy Framework, Zero Trust, and Ops teams
Read Time:48 Second
In today’s digital era, customers expect information, resources, and services to be readily available from anywhere in the world. To deliver on customers’ expectations and leverage the best of on-premises and public cloud offerings, many enterprises use a mix of on-premises and cloud-based architectures.
The freedom to choose from many architectures and deployment strategies results in hybrid networks, which are challenging to secure due to disparate security management consoles that lack consistent security policies across these environments.
So then how do Ops teams protect their hybrid environments? The most effective approach is to create a single unified policy, which can then be applied to any environment through a centralized console, to avoid unnecessary operational headaches. A single unified policy is easily achievable via one-policy framework. Organizations with homogeneous environments can benefit equally from a one-policy framework and can adapt to future architecturalchanges with ease.
rxvt-unicode-9.30-2.el7
Read Time:15 Second
FEDORA-EPEL-2022-c57a51c195
Packages in this update:
rxvt-unicode-9.30-2.el7
Update description:
Update to 9.30
Strip package back to just be the -terminfo file.
This is due to CVE-2022-4170: unaffected versions of rxvt-unicode (that is, libptytty) don’t build on epel7.
rxvt-unicode-9.30-1.el7
Read Time:15 Second
FEDORA-EPEL-2022-e187f1231f
Packages in this update:
rxvt-unicode-9.30-1.el7
Update description:
Update to 9.30
Strip package back to just be the -terminfo file.
This is due to CVE-2022-4170: unaffected versions of rxvt-unicode (that is, libptytty) don’t build on epel7.
