[월:] 2022년 08월

No Image

USN-5579-1: Linux kernel vulnerabilities

2022-08-25 KENNETH 0

USN-5579-1: Linux kernel vulnerabilities Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740) It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741) Source: USN-5579-1: Linux kernel vulnerabilities

No Image

Pre-orders begin for Pentiment, historical mystery role-playing game coming Nov. 15

2022-08-24 KENNETH 0

Pre-orders begin for Pentiment, historical mystery role-playing game coming Nov. 15 Obsidian Entertainment and the Pentiment team announced on Wednesday that the game will launch Nov. 15 for Windows 10/11 PC, Xbox Series X|S, Xbox One, Steam, and with Xbox Game Pass and PC Game Pass. Pre-orders for the game are now open as well as pre-installs being available with Game Pass. “Explore history in the modern time through the style of illuminated manuscripts and early modern woodcuts,” writes Mikey Dowling, director of Communications for Obsidian Entertainment, in a post on Xbox Wire. “Pentiment is a narrative-adventure game set in 16th century upper Bavaria in the time of the Holy Roman Empire. You will take on the role of Andreas Maler, a very clever journeyman artist who gets caught up in a series of murders and scandals that spans 25 [ more… ]

No Image

USN-5578-1: Open VM Tools vulnerability

2022-08-24 KENNETH 0

USN-5578-1: Open VM Tools vulnerability It was discovered that Open VM Tools incorrectly handled certain requests. An attacker inside the guest could possibly use this issue to gain root privileges inside the virtual machine. Source: USN-5578-1: Open VM Tools vulnerability

No Image

USN-5577-1: Linux kernel (OEM) vulnerabilities

2022-08-24 KENNETH 0

USN-5577-1: Linux kernel (OEM) vulnerabilities Asaf Modelevsky discovered that the Intel(R) 10GbE PCI Express (ixgbe) Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. (CVE-2021-33061) It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Source: USN-5577-1: Linux kernel (OEM) vulnerabilities

No Image

USN-5576-1: Twisted vulnerability

2022-08-24 KENNETH 0

USN-5576-1: Twisted vulnerability It was discovered that Twisted incorrectly parsed some types of HTTP requests in its web server implementation. In certain proxy or multi-server configurations, a remote attacker could craft malicious HTTP requests in order to obtain sensitive information. Source: USN-5576-1: Twisted vulnerability