FEDORA-MODULAR-2022-3608f8903c
Packages in this update:
perl-App-cpanminus-1.7045-3420220414075222.f34
Update description:
1.7045 – [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature
perl-App-cpanminus-1.7045-3420220414075222.f34
1.7045 – [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature
perl-App-cpanminus-1.7045-3620220414075222.f36
1.7045 – [CVE-2020-16154] remove the functionality to verify CHECKSUMS signature
Enterprise choices for virtual private networks (VPNs) used to be so simple. You had to choose between two protocols and a small number of suppliers. Those days are gone. Thanks to the pandemic, we have more remote workers than ever, and they need more sophisticated protection. And as the war in Ukraine continues, more people are turning to VPNs to get around blocks imposed by Russia and other authoritarian governments, such as that shown by Cloudflare’s data on VPN usage.
The skeptic in my head has been saying for years, “How can I measure security efficacy in the real world?” Here’s how.
First, it is important to know that efficacy is measured by calculating the “proportionate reduction in risk.” In the case of COVID-19 vaccines, for example, that occurs when assessing the outcome of applying treatment to one population as compared to an untreated population. That meant monitoring the effect of giving either the real vaccine or a placebo to 30,000 to 40,000 people for each vaccine (population requirements were determined statistically) and assessing the outcomes. With both Pfizer and Moderna, the vaccines resulted in about 95% fewer COVID cases, so that is their efficacy. You can find the efficacy data of all sorts of treatments against all sorts of illnesses and diseases.
firefox-stable-3520220420085727.1
thunderbird-stable-3520220420101307.1
Firefox 99 and Thunderbird 91.8 Flatpak updates
Brendan Dolan-Gavitt discovered that the aQuantia AQtion Ethernet device
driver in the Linux kernel did not properly validate meta-data coming from
the device. A local attacker who can control an emulated device can use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2021-43975)
It was discovered that the UDF file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious UDF image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2022-0617)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.