[월:] 2022년 10월

No Image

USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities

2022-10-05 KENNETH 0

USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-2318) Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365) Roger Pau Monné discovered [ more… ]

No Image

WordPress 6.1 Beta 3 Now Available

2022-10-05 KENNETH 0

WordPress 6.1 Beta 3 Now Available WordPress 6.1 Beta 3 is now available for download and testing. This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, it is recommended that you test Beta 3 on a test server and site.  You can test WordPress 6.1 Beta 3 in three ways: Option 1: Install and activate the WordPress Beta Tester plugin (select the “Bleeding edge” channel and “Beta/RC Only” stream). Option 2: Direct download the Beta 3 version (zip). Option 3: Use the following WP-CLI command: wp core update –version=6.1-beta3 The current target for the final release is November 1, 2022, which is about four weeks away.  Additional information on the 6.1 release cycle is available. Check the Make WordPress Core blog for 6.1-related [ more… ]

No Image

USN-5654-1: Linux kernel (GKE) vulnerabilities

2022-10-05 KENNETH 0

USN-5654-1: Linux kernel (GKE) vulnerabilities It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33655) Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information. (CVE-2022-1012, CVE-2022-32296) Norbert Slusarek discovered that a race condition existed in the perf subsystem in the Linux kernel, resulting in a use-after-free vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1729) It was discovered that the device-mapper verity (dm-verity) [ more… ]

No Image

G5 Entertainment celebrates 21st birthday with special offers and entertainment for gamers

2022-10-05 KENNETH 0

G5 Entertainment celebrates 21st birthday with special offers and entertainment for gamers G5 Entertainment, the Swedish publisher and developer of free-to-play games for smartphones, tablets and PCs, is celebrating 21 years in business. Check out check out their game collection on Microsoft Store. G5, which continues to grow and develop new games with a team of over 900, has prepared a special landing page to mark the event where gamers can take part in activities and receive daily prizes, discounts and special offers. The anniversary campaign will run until Oct. 16. Source: G5 Entertainment celebrates 21st birthday with special offers and entertainment for gamers

No Image

USN-5653-1: Django vulnerability

2022-10-04 KENNETH 0

USN-5653-1: Django vulnerability Benjamin Balder Bach discovered that Django incorrectly handled certain internationalized URLs. A remote attacker could possibly use this issue to cause Django to crash, resulting in a denial of service. Source: USN-5653-1: Django vulnerability