[월:] 2022년 03월

No Image

Appears to say: Microsoft Edge now provides auto-generated image labels

2022-03-18 KENNETH 0

Appears to say: Microsoft Edge now provides auto-generated image labels Many people who are blind or low vision experience the web primarily through a screen reader: an assistive technology that reads the content of each page aloud. Screen readers depend on having image labels (alternative text or “alt text”) provided that allows them to describe visual content – like images and charts – so the user can understand the full content of the page. Alt text is critical to making the web accessible, yet it’s often overlooked. Our data suggests that more than half of the images processed by screen readers are missing alt text. To help fill that gap, Microsoft Edge will now provide auto-generated alt text for images that do not include it. Auto-generated alt text helps users of assistive technology such as screen readers discover the meaning [ more… ]

No Image

USN-5332-2: Bind vulnerability

2022-03-17 KENNETH 0

USN-5332-2: Bind vulnerability USN-5332-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Xiang Li, Baojun Liu, Chaoyi Lu, and Changgen Zou discovered that Bind incorrectly handled certain bogus NS records when using forwarders. A remote attacker could possibly use this issue to manipulate cache results. (CVE-2021-25220) Source: USN-5332-2: Bind vulnerability

No Image

USN-5321-2: Firefox vulnerabilities

2022-03-17 KENNETH 0

USN-5321-2: Firefox vulnerabilities USN-5321-1 fixed vulnerabilities in Firefox. The update didn’t include arm64 because of a regression. This update provides the corresponding update for arm64. This update also removes Yandex and Mail.ru as optional search providers in the drop-down search menu. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, obtain sensitive information, or execute arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382, CVE-2022-26383, CVE-2022-26384, CVE-2022-26385) A TOCTOU bug was discovered when verifying addon signatures during install. A local attacker could potentially exploit this to trick a user into installing an addon with an invalid signature. (CVE-2022-26387) Source: USN-5321-2: Firefox vulnerabilities

No Image

USN-5334-1: man-db vulnerability

2022-03-17 KENNETH 0

USN-5334-1: man-db vulnerability It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code. Source: USN-5334-1: man-db vulnerability

No Image

USN-5333-1: Apache HTTP Server vulnerabilities

2022-03-17 KENNETH 0

USN-5333-1: Apache HTTP Server vulnerabilities Chamal De Silva discovered that the Apache HTTP Server mod_lua module incorrectly handled certain crafted request bodies. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2022-22719) James Kettle discovered that the Apache HTTP Server incorrectly closed inbound connection when certain errors are encountered. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-22720) It was discovered that the Apache HTTP Server incorrectly handled large LimitXMLRequestBody settings on certain platforms. In certain configurations, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-22721) Ronald Crane discovered that the Apache HTTP Server mod_sed module incorrectly handled memory. A remote attacker could use this issue [ more… ]