openvpn-2.4.12-1.el7

March 17, 2022

Read Time:29 Second

FEDORA-EPEL-2022-3f443e2e1e

Packages in this update:

openvpn-2.4.12-1.el7

Update description:

This is a security and bugfix release of OpenVPN 2.4 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE: Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

WARNING: OpenVPN 2.4 will from now only receive security and critical bug fixes for the next 12 months. Please consider to upgrade to OpenVPN 2.5 via Fedora Copr builds.

News

CIS Completes SOC 2 Type II Audit Using CIS Best Practices

March 17, 2022

Read Time:6 Second

CIS’s SOC 2 Type II compliance ensures members’ data and associated information is protected at all times with all compliance requirements.

Advisories

USN-5333-2: Apache HTTP Server vulnerabilities

March 17, 2022

Read Time:57 Second

USN-5333-1 fixed several vulnerabilities in Apache. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

Chamal De Silva discovered that the Apache HTTP Server mod_lua module
incorrectly handled certain crafted request bodies. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2022-22719)

James Kettle discovered that the Apache HTTP Server incorrectly closed
inbound connection when certain errors are encountered. A remote attacker
could possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-22720)

It was discovered that the Apache HTTP Server incorrectly handled large
LimitXMLRequestBody settings on certain platforms. In certain
configurations, a remote attacker could use this issue to cause the server
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-22721)

Ronald Crane discovered that the Apache HTTP Server mod_sed module
incorrectly handled memory. A remote attacker could use this issue to cause
the server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2022-23943)

News

Deepfence revamps ThreatMapper with new scanner, runtime SBOMs

March 17, 2022

Read Time:32 Second

Deepfence, a security observability and protection company, is releasing ThreatMapper 1.3.0, the latest version of its open-source threat intelligence platform, with two new features — a secret-scanning tool and runtime SBOM (software bill of materials).

The latest version of the software will feature a new open-source scanning tool, SecretScanner, which can be accessed through the ThreatMapper UI and API, and will allow users to scan for and report sensitive “secrets” left inadvertently within production workloads and container images in registries. Secrets refer to sensitive pieces of information including encryption keys, authentication tokens, and passwords.

To read this article in full, please click here

News