[월:] 2021년 01월

Announcing Windows 10 Insider Preview Build 21286

2021-01-07 KENNETH 0

Announcing Windows 10 Insider Preview Build 21286 Hello Windows Insiders, today we are releasing Windows 10 Insider Preview Build 21286 (RS_PRERELEASE) to Windows Insiders in the Dev Channel. This build is being offered to ALL Insiders in the Dev Channel. All Insiders in the Dev Channel will now receive the same build going forward. What’s new in Build 21286 Introducing news and interests on the taskbar With news and interests on the Windows taskbar, you get quick access to an integrated feed of dynamic content such as news and weather that updates throughout the day. You can personalize your feed with relevant content tailored for you. Instead of switching between apps or your PC and phone to stay up to date with the news and interests you care about – seamlessly peek into your feed directly from the taskbar anytime [ more… ]

No Image

USN-4677-2: p11-kit vulnerability

2021-01-06 KENNETH 0

USN-4677-2: p11-kit vulnerability USN-4677-1 fixed a vulnerability in p11-kit. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: David Cook discovered that p11-kit incorrectly handled certain memory operations. An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-4677-2: p11-kit vulnerability

No Image

USN-4682-1: WavPack vulnerability

2021-01-06 KENNETH 0

USN-4682-1: WavPack vulnerability It was discovered that WavPack incorrectly handled certain WAV files. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Source: USN-4682-1: WavPack vulnerability

No Image

USN-4678-1: Linux kernel vulnerabilities

2021-01-06 KENNETH 0

USN-4678-1: Linux kernel vulnerabilities It was discovered that the AMD Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. (CVE-2020-12912) Jann Horn discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations. A local attacker could use this to expose sensitive information or possibly escalate privileges. (CVE-2020-29534) Source: USN-4678-1: Linux kernel vulnerabilities

No Image

USN-4680-1: Linux kernel vulnerabilities

2021-01-06 KENNETH 0

USN-4680-1: Linux kernel vulnerabilities It was discovered that debugfs in the Linux kernel as used by blktrace contained a use-after-free in some situations. A privileged local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19770) It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-0423) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proximate attacker could use this to impersonate a previously paired Bluetooth device. (CVE-2020-10135) It was discovered that the console keyboard driver in [ more… ]