No Image

Announcing Windows 10 Insider Preview Build 20180

2020-07-30 KENNETH 0

Announcing Windows 10 Insider Preview Build 20180 Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 20180 to Windows Insiders in the Dev Channel. IMPORTANT NOTE: Insider Preview Builds 20161 and below will expire on July 31st. To avoid hitting this expiration, please update to Insider Preview Builds 20170 or newer. What’s new in Build 20180 We are turning on much of the new features mentioned on July 1st in Build 20161 including theme-aware tiles on Start. The new pinned sites capability mentioned with last week’s flight of Build 20175 is still only available to a subset of Insiders. Updates for developers The Windows SDK is now flighting continuously with the Dev Channel. Whenever a new OS build is flighted to the Dev Channel, the corresponding SDK will also be flighted. You can always install the latest Insider [ more… ]

No Image

USN-4443-1: Firefox vulnerabilities

2020-07-30 KENNETH 0

USN-4443-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass iframe sandbox restrictions, confuse the user, or execute arbitrary code. (CVE-2020-6463, CVE-2020-6514, CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, CVE-2020-15659) It was discovered that redirected HTTP requests which are observed or modified through a web extension could bypass existing CORS checks. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information across origins. (CVE-2020-15655) Source: USN-4443-1: Firefox vulnerabilities

No Image

USN-4436-2: librsvg regression

2020-07-29 KENNETH 0

USN-4436-2: librsvg regression USN-4436-1 fixed a vulnerability in librsvg. The upstream fix caused a regression when parsing certain SVG files. This update backs out the fix pending further investigation. Original advisory details: It was discovered that librsvg incorrectly handled parsing certain SVG files. A remote attacker could possibly use this issue to cause librsvg to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-11464) It was discovered that librsvg incorrectly handled parsing certain SVG files with nested patterns. A remote attacker could possibly use this issue to cause librsvg to consume resources and crash, resulting in a denial of service. (CVE-2019-20446) Source: USN-4436-2: librsvg regression

New Developer Landing Page and Issues Repo

2020-07-29 KENNETH 0

New Developer Landing Page and Issues Repo We are excited to announce two new online resources for developers using Windows: A new docs landing-page for developers building and deploying apps and systems running on non-Microsoft operating systems like Linux and Android A new GitHub issues repo for filing developer-oriented issues with Windows Let’s dig into these two announcements: New Landing Page for Developers on Windows Are you a developer using Windows, but working with cross-platform web, Node, React, Java, Kotlin, Python, Xamarin, Android Studio, etc.? And do you primarily deploy your sites, services, and systems to Linux-based cloud environments or Android devices? If so, we’re very excited to announce that we’ve just published a new landing-page to help you get your development environment setup and optimize your workflow when running Windows. We want you, and every developer running on Windows, [ more… ]

No Image

USN-4442-1: Sympa vulnerabilities

2020-07-29 KENNETH 0

USN-4442-1: Sympa vulnerabilities Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2018-1000550) It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. (CVE-2018-1000671) Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Source: USN-4442-1: Sympa vulnerabilities