[월:] 2022년 02월

No Image

USN-5294-1: Linux kernel vulnerabilities

2022-02-18 KENNETH 0

USN-5294-1: Linux kernel vulnerabilities It was discovered that the Packet network protocol implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-22600) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) Kirill Tkhai discovered [ more… ]

No Image

Play ‘Shrouded Islands,’ Sea of Thieves’ first Adventure, from now to March 3

2022-02-18 KENNETH 0

Play ‘Shrouded Islands,’ Sea of Thieves’ first Adventure, from now to March 3 Kicking off a new series of time-limited, narrative-focused events, “Shrouded Islands” is now available for Sea of Thieves fans to play until March 3. “As part of our push to make the Sea of Thieves a more dynamic place to explore, these Adventures won’t be replacing our Season-based method of delivering free, regular content updates but will run alongside them, offering a new Adventure roughly every month, each lasting for a minimum of two weeks,” writes Mike Chapman, creative director for Rare, in a post on Xbox Wire. “There’ll be secrets to discover, battles to fight, rewards to earn and a unique cinematic trailer to introduce each Adventure, laying out the stakes and preparing you for the events ahead.” The update is available for free to all [ more… ]

No Image

USN-5292-1: snapd vulnerabilities

2022-02-18 KENNETH 0

USN-5292-1: snapd vulnerabilities James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. (CVE-2021-3155) Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local attacker could possibly use this issue to inject arbitrary AppArmor policy rules, resulting in a bypass of intended access restrictions. (CVE-2021-4120) The Qualys Research Team discovered that snapd did not properly validate the location of the snap-confine binary. A local attacker could possibly use this issue to execute other arbitrary binaries and escalate privileges. (CVE-2021-44730) The Qualys Research Team discovered that a race condition existed in the snapd snap-confine binary when preparing a private mount namespace for a snap. A local attacker could possibly use this issue to escalate privileges and execute arbitrary [ more… ]

No Image

Rally your forces in Total War: Warhammer III, now available with PC Game Pass

2022-02-18 KENNETH 0

Rally your forces in Total War: Warhammer III, now available with PC Game Pass Total War: Warhammer III – now available to play with PC Game Pass — introduces you to the game’s fantastical world and how to build a massive army. In it you’ll also learn how effective diplomacy can be for gaining allies and even setting rival factions at war with each other. “Yes, this is the third title in this trilogy, but there is no better time to start marshalling your forces and building empires in the world of Warhammer Fantasy,” writes Andy Hall, principal writer for Creative Assembly, in a post on Xbox Wire. “The game starts with a brand-new experience, a bespoke narrative campaign designed to bring you up to speed and refresh lapsed generals in both the basics and advanced techniques of warmongering. This [ more… ]

No Image

USN-5291-1: libarchive vulnerabilities

2022-02-17 KENNETH 0

USN-5291-1: libarchive vulnerabilities It was discovered that libarchive incorrectly handled symlinks. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly use this issue to change modes, times, ACLs, and flags on arbitrary files. (CVE-2021-23177, CVE-2021-31566) It was discovered that libarchive incorrectly handled certain RAR archives. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-36976) Source: USN-5291-1: libarchive vulnerabilities