No Image

USN-5823-3: MySQL regression

2023-01-30 KENNETH 0

USN-5823-3: MySQL regression USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html https://www.oracle.com/security-alerts/cpujan2023.html Source: USN-5823-3: MySQL regression

No Image

USN-5831-1: Linux kernel (Azure CVM) vulnerabilities

2023-01-28 KENNETH 0

USN-5831-1: Linux kernel (Azure CVM) vulnerabilities Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-4378) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in the Linux kernel. A physically proximate [ more… ]

No Image

USN-5830-1: Linux kernel vulnerabilities

2023-01-28 KENNETH 0

USN-5830-1: Linux kernel vulnerabilities It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-43945) Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42896) It was discovered that the Xen netback driver in the Linux kernel did not properly handle packets structured in certain ways. An attacker in a guest VM could possibly use this to cause a denial of service (host NIC availability). (CVE-2022-3643) It was discovered that an integer overflow vulnerability existed in the Bluetooth subsystem in [ more… ]

No Image

USN-5822-2: Samba regression

2023-01-27 KENNETH 0

USN-5822-2: Samba regression USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. (CVE-2021-20251) Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2022-3437) Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges. (CVE-2022-37966, CVE-2022-37967) It was discovered that Samba supported weak RC4/HMAC-MD5 in [ more… ]

[도서] 초보 연구자의 논문작성을 위한 JASP 실전 통계분석 쉽게 배우기

2023-01-27 KENNETH 0

[도서] 초보 연구자의 논문작성을 위한 JASP 실전 통계분석 쉽게 배우기 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]초보 연구자의 논문작성을 위한 JASP 실전 통계분석 쉽게 배우기 유성모 저 | 황소걸음 아카데미 | 2023년 02월 판매가 18,000원 (0%할인) | YES포인트 0원(0%지급) 이 책은 실증기반 초보 연구자를 위한 오픈 소스 무료 통계 소프트웨어 JASP 통계분석 안내서이다. 다음과 같은 원칙으로 책을 구성하고 있다. 첫째, 통계모형을 비롯한 수학적인 기호 및 수식에 익숙하지 않은 연구 Source: [도서] 초보 연구자의 논문작성을 위한 JASP 실전 통계분석 쉽게 배우기