[월:] 2023년 05월

No Image

USN-6109-1: Linux kernel (Raspberry Pi) vulnerabilities

2023-05-26 KENNETH 0

USN-6109-1: Linux kernel (Raspberry Pi) vulnerabilities Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion [ more… ]

No Image

USN-6054-2: Django vulnerability

2023-05-25 KENNETH 0

USN-6054-2: Django vulnerability USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations. Source: USN-6054-2: Django vulnerability

No Image

USN-6108-1: Jhead vulnerabilities

2023-05-25 KENNETH 0

USN-6108-1: Jhead vulnerabilities It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. (CVE-2021-34055) Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2022-41751) Source: USN-6108-1: Jhead vulnerabilities

No Image

USN-6105-2: ca-certificates update

2023-05-25 KENNETH 0

USN-6105-2: ca-certificates update USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle. Source: USN-6105-2: ca-certificates update

Announcing Windows 11 Insider Preview Build 23466

2023-05-25 KENNETH 0

Announcing Windows 11 Insider Preview Build 23466 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 23466 to the Dev Channel. We are releasing ISOs for this build – they can be downloaded here. This build includes a set of these new features that were announced and shown at Build this week. What’s new in Build 23466 Dev Drive Dev Drive is a new form of storage volume available to improve performance for key developer workloads. Dev Drive is built upon Resilient File System (ReFS) technology and includes file system optimizations and features that enable developers to better manage their performance and security profile. It has been designed to meet a developer’s needs to host project source code, working folders, and package caches. It is not designed for general consumer workloads such as document libraries, installing packaged applications [ more… ]