[월:] 2020년 09월

USN-4525-1: Linux kernel vulnerabilities It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18808) It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19054) It was discovered that the VFIO PCI driver in the Linux kernel did not properly handle attempts to access disabled memory spaces. A local attacker could use this to cause a denial of service (system crash). (CVE-2020-12888) It was discovered that the state of network RNG in the Linux kernel was potentially observable. A remote attacker could use this to [ more… ]

USN-4524-1: TNEF vulnerabilities Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service. (CVE-2019-18849) Source: USN-4524-1: TNEF vulnerabilities

USN-4523-1: LibOFX vulnerability It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack. (CVE-2019-9656) Source: USN-4523-1: LibOFX vulnerability

USN-4522-1: noVNC vulnerability It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2017-18635) Source: USN-4522-1: noVNC vulnerability