“Dark Angels” hacking group targets Andrade Gutierrez
Yearly Archives: 2023
mingw-python-werkzeug-2.2.3-1.fc37
FEDORA-2023-af75e27098
Packages in this update:
mingw-python-werkzeug-2.2.3-1.fc37
Update description:
Update to python-werkzeug-2.2.3.
mingw-python-werkzeug-2.2.3-1.fc38
FEDORA-2023-8d94dccc7e
Packages in this update:
mingw-python-werkzeug-2.2.3-1.fc38
Update description:
Update to python-werkzeug-2.2.3.
What is zero trust? A model for more effective security
Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months.
In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the 2022 survey issued by identity and access management technology provider Okta.
And that 55% is more than three times the figure it was four years ago; when Okta first asked security leaders whether they had a zero-trust initiative in place or were planning one within the following 18 months for its 2018 report, only 16% answered yes.
Two-Thirds of European Firms Have Started Zero Trust
mingw-binutils-2.38-7.fc37
FEDORA-2023-a86258ed64
Packages in this update:
mingw-binutils-2.38-7.fc37
Update description:
Backport patch for CVE-2023-25587.
mingw-binutils-2.39-5.fc38
FEDORA-2023-dbba9e7218
Packages in this update:
mingw-binutils-2.39-5.fc38
Update description:
Backport patch for CVE-2023-25587.
mingw-binutils-2.37-7.fc36
FEDORA-2023-d044484038
Packages in this update:
mingw-binutils-2.37-7.fc36
Update description:
Backport patch for CVE-2023-25587.
USN-5928-1: systemd vulnerabilities
It was discovered that systemd did not properly validate the time and
accuracy values provided to the format_timespan() function. An attacker
could possibly use this issue to cause a buffer overrun, leading to a
denial of service attack. This issue only affected Ubuntu 14.04 ESM, Ubuntu
16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2022-3821)
It was discovered that systemd did not properly manage the fs.suid_dumpable
kernel configurations. A local attacker could possibly use this issue to
expose sensitive information. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-4415)
It was discovered that systemd did not properly manage a crash with long
backtrace data. A local attacker could possibly use this issue to cause a
deadlock, leading to a denial of service attack. This issue only affected
Ubuntu 22.10. (CVE-2022-45873)
ZDI-23-213: SolarWinds Network Performance Monitor WorkerControllerWCFProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.