No Image

Peace Builders featured in Minecraft’s week-long Worlds of Learning event

2022-08-31 KENNETH 0

Peace Builders featured in Minecraft’s week-long Worlds of Learning event Between Aug. 30 and Sept. 6, Minecraft Marketplace is going back to school and celebrating learning with a host of educational treats, including a free map from Minecraft Education and the Nobel Peace Center. “Log in to play the free Peace Builders adventure created through a Minecraft Education partnership with the Nobel Peace Center,” writes Sophie Austin in a post on Minecraft.net. “Meet four ground-breaking Nobel Peace Prize laureates: Jody Williams, Archbishop Desmond Tutu, journalist Carl Von Ossietzky and the United Nations Refugee Agency, and help restore peace to your Overworld.” Head over to Minecraft.net to find out more. Source: Peace Builders featured in Minecraft’s week-long Worlds of Learning event

No Image

USN-5589-1: Linux kernel vulnerabilities

2022-08-31 KENNETH 0

USN-5589-1: Linux kernel vulnerabilities Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33656) Source: USN-5589-1: Linux kernel vulnerabilities

No Image

USN-5588-1: Linux kernel vulnerability

2022-08-30 KENNETH 0

USN-5588-1: Linux kernel vulnerability Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Source: USN-5588-1: Linux kernel vulnerability

No Image

USN-5572-2: Linux kernel (AWS) vulnerabilities

2022-08-30 KENNETH 0

USN-5572-2: Linux kernel (AWS) vulnerabilities Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Source: USN-5572-2: Linux kernel (AWS) vulnerabilities

No Image

USN-5585-1: Jupyter Notebook vulnerabilities

2022-08-30 KENNETH 0

USN-5585-1: Jupyter Notebook vulnerabilities It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting (XSS) attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19351) It was discovered that Jupyter Notebook incorrectly handled certain SVG documents. An attacker could possibly use this issue to perform cross-site scripting (XSS) attacks. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-21030) It was discovered that Jupyter Notebook incorrectly filtered certain URLs on the login page. An attacker could possibly use this issue to perform open-redirect attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-10255) It was discovered that Jupyter Notebook had an incomplete fix for CVE-2019-10255. An attacker could possibly use this issue to perform open-redirect attack using empty netloc. (CVE-2019-10856) It [ more… ]