No Image

USN-5544-1: Linux kernel vulnerabilities

2022-08-02 KENNETH 0

USN-5544-1: Linux kernel vulnerabilities It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Felix Fu discovered that the Sun RPC implementation in the Linux kernel did not properly handle socket states, leading to a use-after-free vulnerability. A remote attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-28893) Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. (CVE-2022-34918) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading [ more… ]

No Image

WP Briefing: Episode 37: The World of WordPress on World Wide Web Day

2022-08-02 KENNETH 0

WP Briefing: Episode 37: The World of WordPress on World Wide Web Day In the thirty-seventh episode of the WordPress Briefing, WordPress users and contributors reflect on how WordPress has changed their understanding of the web as we celebrate World Wide Web Day. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Editor: Dustin HartzlerLogo: Beatriz FialhoProduction: Santana Inniss & Chloé BringmannSong: Fearless First by Kevin MacLeod Guests: Adam Warner Alice Orrù Dee Teal Femy Praseeth Jill Binder Mary Job Oneal Rosero Theophilus Adegbohungbe Ugyen Dorji References Diverse Speaker Training Group Support Underrepresented Speakers at WordCamp US Call of Speakers – WordCamp Asia 2023 Refocusing the WordPress App on Core Features WordPress.org Homepage and Download Redesign Transcript [Josepha Haden Chomphosy 00:00:00]  Hello, everyone! And welcome to the WordPress Briefing: the podcast where [ more… ]

No Image

The Xbox Pride Controller: Available to customize year-round thanks to collective effort

2022-08-02 KENNETH 0

The Xbox Pride Controller: Available to customize year-round thanks to collective effort In the hands of a gamer, an Xbox Wireless Controller helps navigate unfamiliar worlds. With it, you can jump huge chasms, escape from seemingly impossible situations and explore an endless array of characters and places. And thanks to the recently relaunched Xbox Design Lab, it’s also a canvas players can customize – a way to express who they are and what matters to them. The latest choices for that personalization debuted in June as Microsoft’s Pride 2022 observances commenced: more than 30 LGBTQIA+ interwoven community flags that celebrate intersectionality and unity on the Xbox Pride controller. This design honors the ever expanding and ever evolving diversity of LGBTQIA+ experiences and identities that span the globe. “At the end of the day, this was a collective effort that kicked [ more… ]

No Image

USN-5543-1: Net-SNMP vulnerabilities

2022-08-01 KENNETH 0

USN-5543-1: Net-SNMP vulnerabilities Yu Zhang and Nanyu Zhong discovered that Net-SNMP incorrectly handled memory operations when processing certain requests. A remote attacker could use this issue to cause Net-SNMP to crash, resulting in a denial of service, or possibly execute arbitrary code. Source: USN-5543-1: Net-SNMP vulnerabilities

No Image

USN-5542-1: Samba vulnerabilities

2022-08-01 KENNETH 0

USN-5542-1: Samba vulnerabilities It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-3670) Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges. (CVE-2022-2031) Luca Moro discovered that Samba incorrectly handled certain SMB1 communications. A remote attacker could possibly use this issue to obtain sensitive memory contents. (CVE-2022-32742) Joseph Sutton discovered that Samba incorrectly handled certain password change requests. A remote attacker could use this issue to change passwords of other users, resulting in privilege escalation. (CVE-2022-32744) Joseph Sutton discovered that Samba incorrectly handled certain LDAP add or modify requests. A remote attacker could possibly use this issue to cause Samba to crash, resulting [ more… ]