FEDORA-2024-903edb056a
Packages in this update:
python-jinja2-3.1.4-1.fc38
Update description:
Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
python-jinja2-3.1.4-1.fc38
Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
python-jinja2-3.1.4-1.fc41
Automatic update for python-jinja2-3.1.4-1.fc41.
* Tue May 7 2024 Lumír Balhar <lbalhar@redhat.com> – 3.1.4-1
– Update to 3.1.4 (rhbz#2279211,rhbz#2279491)
Microsoft is working on a promising-looking protocol to lock down DNS.
ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.
Jake Williams, VP of research and development at consultancy Hunter Strategy, said the union of these previously disparate engines would allow updates to be made to the Windows firewall on a per-domain name basis. The result, he said, is a mechanism that allows organizations to, in essence, tell clients “only use our DNS server, that uses TLS, and will only resolve certain domains.” Microsoft calls this DNS server or servers the “protective DNS server.”
By default, the firewall will deny resolutions to all domains except those enumerated in allow lists. A separate allow list will contain IP address subnets that clients need to run authorized software. Key to making this work at scale inside an organization with rapidly changing needs. Networking security expert Royce Williams (no relation to Jake Williams) called this a “sort of a bidirectional API for the firewall layer, so you can both trigger firewall actions (by input *to* the firewall), and trigger external actions based on firewall state (output *from* the firewall). So instead of having to reinvent the firewall wheel if you are an AV vendor or whatever, you just hook into WFP.”
mingw-libxml2-2.12.7-1.fc39
Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)
mingw-libxml2-2.12.7-1.fc41
Automatic update for mingw-libxml2-2.12.7-1.fc41.
* Thu May 16 2024 Richard W.M. Jones <rjones@redhat.com> – 2.12.7-1
– Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)
mingw-libxml2-2.12.7-1.fc40
Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)
libxml2-2.12.7-1.fc40
Update to 2.12.7
Fix CVE-2024-34459.
Cyber resilience is becoming increasingly complex to achieve with the changing nature of computing. Appropriate for this year’s conference theme, organizations are exploring “the art of the possible”, ushering in an era of dynamic computing as they explore new technologies. Simultaneously, as innovation expands and computing becomes more dynamic, more threats become possible – thus, the approach to securing business environments must also evolve.
As part of this year’s conference, I led a keynote presentation around the possibilities, risks, and rewards of cyber tech convergence. We explored the risks and rewards of cyber technology convergence and integration across network & security operations. More specifically, we looked into the future of more open, adaptable security architectures, and what this means for security teams.
This year, we also launched the inaugural LevelBlue Futures™ Report: Beyond the Barriers to Cyber Resilience. Led by Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue, we hosted an in-depth session based on our research that examined the complexities of dynamic computing. This included an analysis of how dynamic computing merges IT and business operations, taps into data-driven decision-making, and redefines cyber resilience for the modern era. Some of the notable findings she discussed include:
85% of respondents say computing innovation is increasing risk, while 74% confirmed that the opportunity of computing innovation outweighs the corresponding increase in cybersecurity risk.
The adoption of Cybersecurity-as-a-Service (CSaaS) is on the rise, with 32% of organizations opting to outsource their cybersecurity needs rather than managing them in-house.
66% of respondents share cybersecurity is an afterthought, while another 64% say cybersecurity is siloed. This isn’t surprising when 61% say there is a lack of understanding of cybersecurity at the board level.
Theresa was also featured live on-site discussing these findings with prominent cyber media in attendance. She emphasized what today’s cyber resilience barriers look like and what new resilience challenges are promised for tomorrow. Be sure to check out some of those interviews below.
New Research from LevelBlue Reveals 2024 Cyber Resilience Trends – Theresa Lanowitz – RSA24 #2
LevelBlue & Enterprise Strategy Group: A Look at Cyber Resilience
For access to the full LevelBlue Futures™ Report, download a complimentary copy here.
UK organizations are less likely than their European peers to have known exploited bugs but take longer to fix them
perl-Email-MIME-1.954-1.fc40
This update, to the latest upstream release, addresses an excessive memory use issue (CVE-2024-4140), which can cause denial of service when parsing multi-part MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts will be considered for parsing, defaulting to 100.