Yearly Archives: 2024

Advisories

rust-rustls-0.23.17-1.el10_0 rust-zlib-rs-0.4.0-1.el10_0

Read Time:29 Second

FEDORA-EPEL-2024-21e104619e

Packages in this update:

rust-rustls-0.23.17-1.el10_0
rust-zlib-rs-0.4.0-1.el10_0

Update description:

Update the rustls crate to version 0.23.17.
Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

Read More

Advisories

rust-rustls-0.23.17-1.fc40 rust-zlib-rs-0.4.0-1.fc40

Read Time:28 Second

FEDORA-2024-632b468c59

Packages in this update:

rust-rustls-0.23.17-1.fc40
rust-zlib-rs-0.4.0-1.fc40

Update description:

Update the rustls crate to version 0.23.17.
Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

Read More

Advisories

rust-rustls-0.23.17-1.fc41 rust-zlib-rs-0.4.0-1.fc41

Read Time:28 Second

FEDORA-2024-41e6e2fc74

Packages in this update:

rust-rustls-0.23.17-1.fc41
rust-zlib-rs-0.4.0-1.fc41

Update description:

Update the rustls crate to version 0.23.17.
Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

Read More

Advisories

rust-rustls-0.23.17-1.fc42 rust-zlib-rs-0.4.0-1.fc42

Read Time:28 Second

FEDORA-2024-6bcc5bbd5f

Packages in this update:

rust-rustls-0.23.17-1.fc42
rust-zlib-rs-0.4.0-1.fc42

Update description:

Update the rustls crate to version 0.23.17.
Update the zlib-rs crate to version 0.4.0.

The update to zlib-rs v0.4.0 also addresses CVE-2024-11249 (stack overflow during decompression with malicious input). This issue had no actual impact in Fedora, because no applications yet use the the zlib-rs feature of rustls and rustls is the only dependent package of zlib-rs.

Read More

Advisories

USN-7121-2: Linux kernel (Azure) vulnerabilities

Read Time:1 Minute, 12 Second

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– Cryptographic API;
– ATM drivers;
– Device frequency scaling framework;
– GPU drivers;
– Hardware monitoring drivers;
– VMware VMCI Driver;
– Network drivers;
– Device tree and open firmware driver;
– SCSI drivers;
– Greybus lights staging drivers;
– BTRFS file system;
– File systems infrastructure;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– Netfilter;
– Memory management;
– Ethernet bridge;
– IPv6 networking;
– IUCV driver;
– Logical Link layer;
– MAC80211 subsystem;
– NFC subsystem;
– Network traffic control;
– Unix domain sockets;
(CVE-2023-52614, CVE-2024-26633, CVE-2024-46758, CVE-2024-46723,
CVE-2023-52502, CVE-2024-41059, CVE-2024-44987, CVE-2024-36020,
CVE-2023-52599, CVE-2023-52639, CVE-2024-26668, CVE-2024-42094,
CVE-2022-48938, CVE-2022-48733, CVE-2024-27397, CVE-2023-52578,
CVE-2024-38560, CVE-2024-38538, CVE-2024-42310, CVE-2024-46722,
CVE-2024-46800, CVE-2024-41095, CVE-2024-42104, CVE-2024-35877,
CVE-2022-48943, CVE-2024-46743, CVE-2023-52531, CVE-2024-46757,
CVE-2024-36953, CVE-2024-46756, CVE-2024-38596, CVE-2023-52612,
CVE-2024-38637, CVE-2024-41071, CVE-2024-46759, CVE-2024-43882,
CVE-2024-26675, CVE-2024-43854, CVE-2024-44942, CVE-2024-44998,
CVE-2024-42240, CVE-2024-41089, CVE-2024-26636, CVE-2024-46738,
CVE-2024-42309)

Read More

Advisories

USN-7123-1: Linux kernel (Azure) vulnerabilities

Read Time:5 Minute, 24 Second

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly validate certain SMB messages, leading to an
out-of-bounds read vulnerability. An attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2023-6610)

Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and
Shweta Shinde discovered that the Confidential Computing framework in the
Linux kernel for x86 platforms did not properly handle 32-bit emulation on
TDX and SEV. An attacker with access to the VMM could use this to cause a
denial of service (guest crash) or possibly execute arbitrary code.
(CVE-2024-25744)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– MIPS architecture;
– PowerPC architecture;
– RISC-V architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Block layer subsystem;
– Android drivers;
– Serial ATA and Parallel ATA drivers;
– ATM drivers;
– Drivers core;
– Null block device driver;
– Character device driver;
– ARM SCMI message protocol;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I3C subsystem;
– InfiniBand drivers;
– Input Device core drivers;
– Input Device (Miscellaneous) drivers;
– IOMMU subsystem;
– IRQ chip drivers;
– ISDN/mISDN subsystem;
– LED subsystem;
– Multiple devices driver;
– Media drivers;
– VMware VMCI Driver;
– MMC subsystem;
– Network drivers;
– Near Field Communication (NFC) drivers;
– NVME drivers;
– Device tree and open firmware driver;
– Parport drivers;
– PCI subsystem;
– Pin controllers subsystem;
– Remote Processor subsystem;
– S/390 drivers;
– SCSI drivers;
– QCOM SoC drivers;
– Direct Digital Synthesis drivers;
– Thunderbolt and USB4 drivers;
– TTY drivers;
– Userspace I/O drivers;
– DesignWare USB3 driver;
– USB Gadget drivers;
– USB Host Controller drivers;
– USB Type-C Connector System Software Interface driver;
– USB over IP driver;
– VHOST drivers;
– File systems infrastructure;
– BTRFS file system;
– Ext4 file system;
– F2FS file system;
– JFS file system;
– NILFS2 file system;
– NTFS3 file system;
– Proc file system;
– SMB network file system;
– Core kernel;
– DMA mapping infrastructure;
– RCU subsystem;
– Tracing infrastructure;
– Radix Tree data structure library;
– Kernel userspace event delivery library;
– Objagg library;
– Memory management;
– Amateur Radio drivers;
– Bluetooth subsystem;
– Ethernet bridge;
– CAN network layer;
– Networking core;
– Ethtool driver;
– IPv4 networking;
– IPv6 networking;
– IUCV driver;
– KCM (Kernel Connection Multiplexor) sockets driver;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– Network traffic control;
– SCTP protocol;
– Sun RPC protocol;
– TIPC protocol;
– TLS protocol;
– Wireless networking;
– AppArmor security module;
– Landlock security;
– Simplified Mandatory Access Control Kernel framework;
– FireWire sound drivers;
– SoC audio core drivers;
– USB sound devices;
(CVE-2023-52751, CVE-2024-43902, CVE-2024-46791, CVE-2024-45018,
CVE-2024-44987, CVE-2024-46763, CVE-2024-46724, CVE-2024-26893,
CVE-2024-42283, CVE-2024-46738, CVE-2024-46819, CVE-2024-44982,
CVE-2023-52889, CVE-2024-45025, CVE-2023-52918, CVE-2024-46800,
CVE-2024-46756, CVE-2024-46719, CVE-2024-39472, CVE-2024-42292,
CVE-2024-45006, CVE-2024-46675, CVE-2024-44971, CVE-2024-46731,
CVE-2024-42286, CVE-2024-44954, CVE-2024-42274, CVE-2024-46746,
CVE-2024-42276, CVE-2024-43869, CVE-2024-43830, CVE-2024-42288,
CVE-2024-41042, CVE-2024-42126, CVE-2024-43870, CVE-2024-46805,
CVE-2024-41078, CVE-2024-44966, CVE-2024-44989, CVE-2024-46795,
CVE-2024-44988, CVE-2024-38577, CVE-2024-43839, CVE-2024-43909,
CVE-2024-46745, CVE-2024-42285, CVE-2024-43871, CVE-2024-41081,
CVE-2024-42289, CVE-2024-44965, CVE-2024-42271, CVE-2024-42284,
CVE-2024-45009, CVE-2024-41068, CVE-2024-44958, CVE-2024-46759,
CVE-2024-42304, CVE-2024-43890, CVE-2024-41019, CVE-2024-43846,
CVE-2024-41012, CVE-2024-44983, CVE-2024-41072, CVE-2024-46702,
CVE-2024-26800, CVE-2024-42302, CVE-2023-52572, CVE-2024-46783,
CVE-2024-43892, CVE-2024-45028, CVE-2024-44999, CVE-2024-46814,
CVE-2024-41022, CVE-2024-42281, CVE-2024-46679, CVE-2024-42290,
CVE-2024-44960, CVE-2024-41071, CVE-2024-41091, CVE-2024-44990,
CVE-2024-46757, CVE-2024-38611, CVE-2024-47668, CVE-2024-45008,
CVE-2024-46707, CVE-2024-44935, CVE-2024-42299, CVE-2024-46771,
CVE-2024-42265, CVE-2024-43883, CVE-2024-46673, CVE-2024-46747,
CVE-2024-43875, CVE-2024-44985, CVE-2024-42311, CVE-2024-46798,
CVE-2024-43884, CVE-2024-46725, CVE-2024-42318, CVE-2024-43873,
CVE-2024-42296, CVE-2024-43907, CVE-2024-43834, CVE-2024-46721,
CVE-2024-47659, CVE-2024-45026, CVE-2024-47667, CVE-2024-44986,
CVE-2024-41020, CVE-2024-43849, CVE-2024-46744, CVE-2024-44946,
CVE-2024-43861, CVE-2024-42269, CVE-2024-46822, CVE-2024-46739,
CVE-2024-44948, CVE-2024-46804, CVE-2024-41064, CVE-2024-44995,
CVE-2024-26669, CVE-2024-46781, CVE-2024-46732, CVE-2024-42246,
CVE-2024-46780, CVE-2024-46743, CVE-2024-44947, CVE-2024-47663,
CVE-2024-46752, CVE-2024-43893, CVE-2024-45021, CVE-2024-43856,
CVE-2024-46714, CVE-2024-41011, CVE-2024-41070, CVE-2024-46832,
CVE-2024-46737, CVE-2024-43867, CVE-2024-42277, CVE-2024-44934,
CVE-2024-46723, CVE-2024-43880, CVE-2024-43860, CVE-2024-42297,
CVE-2024-45003, CVE-2024-46810, CVE-2024-43889, CVE-2024-42287,
CVE-2024-43854, CVE-2024-42313, CVE-2024-42305, CVE-2024-41077,
CVE-2024-38602, CVE-2024-46758, CVE-2024-46807, CVE-2024-43853,
CVE-2024-45007, CVE-2024-41090, CVE-2024-42280, CVE-2024-46844,
CVE-2024-45011, CVE-2024-47660, CVE-2024-47665, CVE-2024-46829,
CVE-2024-44944, CVE-2024-41015, CVE-2024-42259, CVE-2024-43914,
CVE-2024-43829, CVE-2022-48666, CVE-2024-43828, CVE-2024-46755,
CVE-2024-43858, CVE-2024-46740, CVE-2024-46689, CVE-2024-42309,
CVE-2024-42295, CVE-2024-41098, CVE-2023-52757, CVE-2024-46782,
CVE-2024-46777, CVE-2024-46685, CVE-2024-44969, CVE-2024-47669,
CVE-2024-43882, CVE-2024-42310, CVE-2024-43905, CVE-2024-44998,
CVE-2024-42306, CVE-2024-40915, CVE-2024-46713, CVE-2024-41059,
CVE-2024-41017, CVE-2024-43879, CVE-2024-46677, CVE-2024-42312,
CVE-2024-43908, CVE-2024-46750, CVE-2024-46722, CVE-2024-42267,
CVE-2024-46818, CVE-2024-26661, CVE-2024-43817, CVE-2024-42272,
CVE-2024-41065, CVE-2024-46828, CVE-2024-46840, CVE-2024-46676,
CVE-2024-43841, CVE-2024-46815, CVE-2024-26607, CVE-2023-52434,
CVE-2024-46761, CVE-2024-42114, CVE-2024-41073, CVE-2024-43894,
CVE-2024-43835, CVE-2024-46817, CVE-2024-41060, CVE-2024-36484,
CVE-2024-42301, CVE-2024-44974, CVE-2024-43863, CVE-2024-41063)

Read More

News

Enhancing Cyber Resilience in US SLED Organizations

Read Time:2 Minute, 27 Second

2024 Cyber Resilience Research Unveils US SLED Sector Challenges

New data illuminates how US SLED leaders can prioritize resilience.

US SLED (State, Local, and Higher Education) organizations find themselves at the intersection of progress and peril in the rapidly evolving digital landscape. The latest data underscores that the trade-offs are significant and pose substantial risks to US SLED providers.

Get your complimentary copy of the report

One of the foremost obstacles is the disconnect between senior executives and cybersecurity priorities. Despite recognizing cyber resilience as a crucial imperative, many US SLED organizations struggle to secure the support and resources from top leadership. This lack of engagement hinders progress and leaves institutions vulnerable to potential breaches.

Meanwhile, technology continues to advance astonishingly, as do the risks posed by cyber threats. The 2024 LevelBlue Futures™ Report reveals this delicate balancing act between innovation and security within the US SLED sector. Our comprehensive analysis identifies opportunities for deeper alignment between executive leadership and technical teams.

The Elusive Quest for Cyber Resilience in US SLED

 

Imagine a world where US SLED organizations are impervious to cyber threats—where every aspect of an operation is fortified against disruptions. This is the lofty ideal of cyber resilience, yet it remains an elusive goal for many US SLED providers. The rapid evolution of computing has transformed the IT landscape, blurring the lines between legacy systems, cloud computing, and digital transformation initiatives. While these advancements bring undeniable benefits, they also introduce unprecedented risks.

Our research indicates that 86% of US SLED respondents agree that dynamic computing increases their risk exposure. In a world where cybercriminals are becoming increasingly sophisticated, the need for cyber resilience has never been more urgent. From ransomware attacks to crippling DDoS incidents, US SLED organizations operate in a climate where a single breach can have catastrophic consequences.

Exploring the Relationship Between Leadership and Cyber Resilience

Our survey of 1,050 C-suite and senior executives, including 197 from the finance sector across 18 countries, highlights the pressing need for cyber resilience. The report is designed to foster thoughtful discussions about vulnerabilities and improvement opportunities.

In the report, you’ll:

Discover why US SLED leaders and tech teams must prioritize cyber resilience.
Learn about the critical barriers to achieving cyber resilience.
Uncover the importance of business context and operational issues in prioritizing resilience.

Recognizing the Imperative of Cyber Resilience

US SLED leaders are called to chart a course toward greater security and preparedness. Reacting to cyber threats as they arise is no longer enough; organizations must proactively bolster their defenses and cultivate a culture of resilience from within.

Our research delves into the multifaceted challenges facing US SLED organizations in their quest for cyber resilience. From limited visibility into IT estates to the complexity of integrating new technologies with legacy systems, US SLED providers grapple with deep-seated barriers that hinder their ability to withstand cyber threats.

Get your complimentary copy of the report

Read More