[월:] 2023년 05월

No Image

USN-6094-1: Linux kernel vulnerabilities

2023-05-23 KENNETH 0

USN-6094-1: Linux kernel vulnerabilities Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability in [ more… ]

Announcing Windows 11 Insider Preview Build 25370

2023-05-23 KENNETH 0

Announcing Windows 11 Insider Preview Build 25370 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25370 to the Canary Channel. REMINDER: As builds released to the Canary Channel are “hot off the presses,” we will offer limited documentation for builds flighted to the Canary Channel (no known issues for example), but we will not publish a blog post for every flight – only when new features are available in a build. And like the previous Canary Channel build, this build has a few new features and changes to document. What’s new in Build 25370 Support for vTPM in Hyper-V on Windows on Arm (Arm64) builds After upgrading your host OS to the latest flighted build (Build 25370 and higher), you will now be able to upgrade guest Windows on Arm VM’s to Windows 11 Insider Preview [ more… ]

No Image

USN-6093-1: Linux kernel (BlueField) vulnerabilities

2023-05-22 KENNETH 0

USN-6093-1: Linux kernel (BlueField) vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. (CVE-2023-1829) It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-3108) It [ more… ]

No Image

WP Briefing: Episode 56: What to Know About WordPress Playground

2023-05-22 KENNETH 0

WP Briefing: Episode 56: What to Know About WordPress Playground Join guest host Rich Tabor and WordPress Playground innovator Adam Zielinski as they discuss the capabilities and promise of WP Playground in episode 56 of the WordPress Briefing. Stay tuned for your small list of big things coming up in the next two weeks. Have a question you’d like answered? You can submit them to [email protected], either written or as a voice recording. Credits Host: Josepha Haden ChomphosyGuests: Rich Tabor and Adam ZielinskiEditor: Dustin HartzlerLogo: Javier ArceProduction: Brett McSherry and Nicholas GarofaloSong: Fearless First by Kevin MacLeod Show Notes WordPress Playground and the Playground Github repo WordCamp Gliwice WordCamp Europe 2023, Contributor Day, and WP Connect #meta-playground in the Making WordPress Slack ChatGPT WooCommerce CloudFest and Daniel Bachhuber The Kim Parsell Memorial Scholarship for travel to WordCamp US 2023 Find your closest location for [ more… ]

No Image

USN-5900-2: tar vulnerability

2023-05-22 KENNETH 0

USN-5900-2: tar vulnerability USN-5900-1 fixed vulnerabilities in tar. This update fixes it to Ubuntu 23.04. Original advisory details: It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Source: USN-5900-2: tar vulnerability