[월:] 2020년 08월

No Image

USN-4441-2: MySQL regression

2020-08-05 KENNETH 0

USN-4441-2: MySQL regression USN-4441-1 fixed vulnerabilities in MySQL. The new upstream version changed compiler options and caused a regression in certain scenarios. This update fixes the problem. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.21 in Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.31. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-21.html https://www.oracle.com/security-alerts/cpujul2020.html Source: USN-4441-2: MySQL regression

No Image

USN-4432-2: GRUB2 regression

2020-08-05 KENNETH 0

USN-4432-2: GRUB2 regression USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot environments. Unfortunately, the update introduced regressions for some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode), preventing them from successfully booting. This update addresses the issue. Users with BIOS systems that installed GRUB2 versions from USN-4432-1 should verify that their GRUB2 installation has a correct understanding of their boot device location and installed the boot loader correctly. We apologize for the inconvenience. Original advisory details: Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) Chris Coulson discovered that the GRUB2 function handling code did not properly handle a function being redefined, leading to a [ more… ]

No Image

WordPress 5.5 Release Candidate 2

2020-08-05 KENNETH 0

WordPress 5.5 Release Candidate 2 The second release candidate for WordPress 5.5 is here! WordPress 5.5 is slated for release on August 11, 2020, but we need your help to get there—if you haven’t tried 5.5 yet, now is the time! You can test the WordPress 5.5 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) Or download the release candidate here (zip). Thank you to all of the contributors who tested the Beta releases and gave feedback. Testing for bugs is a critical part of polishing every release and a great way to contribute to WordPress. Plugin and Theme Developers Please test your plugins and themes against WordPress 5.5 and update the Tested up to version in the readme file to 5.5. If you find compatibility problems, please be sure to post to the support forums, so those can be figured out before the [ more… ]

No Image

USN-4452-1: libvirt vulnerability

2020-08-05 KENNETH 0

USN-4452-1: libvirt vulnerability Trent Shea discovered that the libvirt package set incorrect permissions on the UNIX domain socket. A local attacker could use this issue to access libvirt and escalate privileges. Source: USN-4452-1: libvirt vulnerability

No Image

USN-4451-1: ppp vulnerability

2020-08-05 KENNETH 0

USN-4451-1: ppp vulnerability Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Source: USN-4451-1: ppp vulnerability