[월:] 2022년 10월

No Image

USN-5702-1: curl vulnerabilities

2022-10-27 KENNETH 0

USN-5702-1: curl vulnerabilities Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. (CVE-2022-32221) Hiroki Kurosawa discovered that curl incorrectly handled parsing .netrc files. If an attacker were able to provide a specially crafted .netrc file, this issue could cause curl to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2022-35260) It was discovered that curl incorrectly handled certain HTTP proxy return codes. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-42915) Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote [ more… ]

No Image

Tech the halls with early Microsoft Store deals

2022-10-27 KENNETH 0

Tech the halls with early Microsoft Store deals With the holidays fast approaching, savvy shoppers are already on the hunt for great deals on tech for family and friends. Microsoft Store is kicking off savings earlier than ever with can’t-miss Early Black Friday deals on PCs starting Nov. 1. And with our Microsoft Store Promise, extended holiday returns through Jan. 31, flexible payment options and low-price promise, shoppers can have confidence they’ll get our best deals of the season. Ready, set, shop! From Nov. 1, save up to 50% on select PCs: Starting at $149.99, which come preloaded with Windows 11 to make the everyday easier. Starting from $279.99, HP 15-dy2046ms 15.6 Laptop: Stay connected to what matters most with a device featuring long-lasting battery life and a thin, portable design so you can work anywhere, from the office to [ more… ]

No Image

Spooky Fall returns to Minecraft Dungeons

2022-10-27 KENNETH 0

Spooky Fall returns to Minecraft Dungeons “Hail adventurers, both young and old. We bring you grave tidings, if we may be so bold.” So begins verses by Per Landin on Minecraft.net, inviting Minecraft Dungeons fans to join Spooky Fall, an event underway now until Nov. 9 in the game. Head to Minecraft.net to find out more, but heed Landin’s warning: “Make sure to tread carefully when your skin starts to crawl. We hope you survive this spookiest fall…” Source: Spooky Fall returns to Minecraft Dungeons

No Image

USN-5701-1: Jinja2 vulnerability

2022-10-26 KENNETH 0

USN-5701-1: Jinja2 vulnerability Yeting Li discovered that Jinja2 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Source: USN-5701-1: Jinja2 vulnerability

No Image

USN-5700-1: Linux kernel vulnerabilities

2022-10-26 KENNETH 0

USN-5700-1: Linux kernel vulnerabilities David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2602) Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674) Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719) Sönke Huster discovered that the WiFi driver [ more… ]