[월:] 2018년 01월

No Image

USN-3430-3: Dnsmasq regression

2018-01-04 KENNETH 0

USN-3430-3: Dnsmasq regression Ubuntu Security Notice USN-3430-3 4th January, 2018 dnsmasq regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary USN-3430-2 introduced regression in Dnsmasq. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details USN-3430-2 fixed several vulnerabilities. The update introduced a newregression that breaks DNS resolution. This update addresses the problem. We apologize for the inconvenience. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to [ more… ]

No Image

RHSA-2018:0018-1: Important: kernel security update

2018-01-04 KENNETH 0

RHSA-2018:0018-1: Important: kernel security update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Source: RHSA-2018:0018-1: Important: kernel security update

No Image

RHSA-2018:0017-1: Important: kernel security update

2018-01-04 KENNETH 0

RHSA-2018:0017-1: Important: kernel security update Red Hat Enterprise Linux: An update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Source: RHSA-2018:0017-1: Important: kernel security update

No Image

RHSA-2018:0016-1: Important: kernel-rt security update

2018-01-04 KENNETH 0

RHSA-2018:0016-1: Important: kernel-rt security update Red Hat Enterprise Linux: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Source: RHSA-2018:0016-1: Important: kernel-rt security update

No Image

Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer

2018-01-04 KENNETH 0

Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer Today, Google Project Zero published details of a class of vulnerabilities which can be exploited by speculative execution side-channel attacks. These techniques can be used via JavaScript code running in the browser, which may allow attackers to gain access to memory in the attacker’s process. Microsoft has issued security updates (KB4056890) with mitigations for this class of attacks. As part of these updates, we are making changes to the behavior of supported versions of Microsoft Edge and Internet Explorer 11 to mitigate the ability to successfully read memory through this new class of side-channel attacks. Initially, we are removing support for SharedArrayBuffer from Microsoft Edge (originally introduced in the Windows 10 Fall Creators Update), and reducing the resolution of performance.now() in Microsoft Edge and Internet Explorer from 5 microseconds [ more… ]