Read Time:2 Second
Outage impacts Russian state media websites
Daily Archives: February 22, 2023
Time Taken to Deploy Ransomware Drops 94%
What is Traffic Light Protocol? Here’s how it supports CISOs in sharing threat data
Read Time:32 Second
Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive threat information within an organization or business and to enable more effective collaboration among security defenders, system administrators, security managers, and researchers.
TLP grew out of efforts by various public-sector security incident response teams of various nations that began sharing security alerts. The protocol was developed so that recipients of threat data could assess its sensitivity and determine how to share it with others, without giving any aid to the bad actors, revealing personal data, or running afoul of data privacy regulations.
Call of Duty Developer Confirms Phishing Attempt but Not Breach
python-cryptography-37.0.2-8.fc38
Read Time:30 Second
FEDORA-2023-749dd47c79
Packages in this update:
python-cryptography-37.0.2-8.fc38
Update description:
Security fix for CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
python-cryptography-37.0.2-5.fc37
Read Time:30 Second
FEDORA-2023-fa5d0b461d
Packages in this update:
python-cryptography-37.0.2-5.fc37
Update description:
Security fix for CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
python-cryptography-36.0.0-4.fc36
Read Time:30 Second
FEDORA-2023-672f668f51
Packages in this update:
python-cryptography-36.0.0-4.fc36
Update description:
Security fix for CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
python-cryptography-37.0.2-8.fc39
Read Time:38 Second
FEDORA-2023-51706f88e3
Packages in this update:
python-cryptography-37.0.2-8.fc39
Update description:
Automatic update for python-cryptography-37.0.2-8.fc39.
Changelog
* Wed Feb 22 2023 Christian Heimes <cheimes@redhat.com> – 37.0.2-8
– Fix CVE-2023-23931: Don’t allow update_into to mutate immutable objects, resolves rhbz#2171820
– Fix FTBFS due to failing test_load_invalid_ec_key_from_pem and test_decrypt_invalid_decrypt, resolves rhbz#2171661
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> – 37.0.2-7
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 9 2022 Christian Heimes <cheimes@redhat.com> – 37.0.2-6
– Enable SHA1 signatures in test suite (ELN-only)
golang-github-need-being-tree-0.1.0-1.fc36 golang-helm-3-3.11.1-2.fc36 golang-oras-0.15.1-1.20221105git690716b.fc36 golang-oras-1-1.2.1-1.fc36 golang-oras-2-2.0.0~rc.4-1.fc36
Read Time:19 Second
FEDORA-2023-6550d9323b
Packages in this update:
golang-github-need-being-tree-0.1.0-1.fc36
golang-helm-3-3.11.1-2.fc36
golang-oras-0.15.1-1.20221105git690716b.fc36
golang-oras-1-1.2.1-1.fc36
golang-oras-2-2.0.0~rc.4-1.fc36
Update description:
Update helm to 3.11.1, resolving multiple security issues
golang-github-need-being-tree-0.1.0-1.fc37 golang-helm-3-3.11.1-1.fc37 golang-oras-0.15.1-1.20221105git690716b.fc37 golang-oras-1-1.2.1-1.fc37 golang-oras-2-2.0.0~rc.4-1.fc37
Read Time:19 Second
FEDORA-2023-c9b2182a4e
Packages in this update:
golang-github-need-being-tree-0.1.0-1.fc37
golang-helm-3-3.11.1-1.fc37
golang-oras-0.15.1-1.20221105git690716b.fc37
golang-oras-1-1.2.1-1.fc37
golang-oras-2-2.0.0~rc.4-1.fc37
Update description:
Update helm to 3.11.1, resolving multiple security issues