[월:] 2022년 10월

No Image

USN-5668-1: Linux kernel vulnerabilities

2022-10-11 KENNETH 0

USN-5668-1: Linux kernel vulnerabilities It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-4159) It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 (V4L2) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-20369) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared [ more… ]

No Image

Announcing Windows 11 Insider Preview Build 22621.741 and 22623.741

2022-10-11 KENNETH 0

Announcing Windows 11 Insider Preview Build 22621.741 and 22623.741 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 22621.741 and Build 22623.741 (KB5018503) to the Beta Channel. Build 22623.741 = New features rolling out. Build 22621.741 = New features off by default. Windows Insiders who are on Build 22622.601 and did not see Build 22623.730 should be able to reboot and see this new build offered. REMINDER: Insiders who were previously on Build 22622 will automatically get moved to Build 22623 via an enablement package. The enablement package artificially increments the build number for the update with new features getting rolled out and turned on to make it easier to differentiate from devices with the update with features off by default. This approach is being used for the Beta Channel only and is not indicative of any changes [ more… ]

No Image

USN-5667-1: Linux kernel vulnerabilities

2022-10-11 KENNETH 0

USN-5667-1: Linux kernel vulnerabilities Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1882) Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information. (CVE-2022-26373) Eric Biggers discovered that a use-after-free vulnerability existed in the io_uring subsystem in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3176) It was discovered that the Netlink Transformation [ more… ]

No Image

USN-5665-1: PCRE vulnerabilities

2022-10-11 KENNETH 0

USN-5665-1: PCRE vulnerabilities It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. (CVE-2017-6004) It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. (CVE-2017-7186) Source: USN-5665-1: PCRE vulnerabilities

No Image

USN-5666-1: OpenSSH vulnerability

2022-10-11 KENNETH 0

USN-5666-1: OpenSSH vulnerability It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution. Source: USN-5666-1: OpenSSH vulnerability