Articles by KENNETH

USN-6118-1: Linux kernel (Oracle) vulnerabilities Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-1075) It was discovered that the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel contained a type confusion vulnerability [ more… ]

USN-6115-1: TeX Live vulnerability Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands. Source: USN-6115-1: TeX Live vulnerability

USN-6116-1: hawk vulnerability It was discovered that hawk incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Source: USN-6116-1: hawk vulnerability

USN-6114-1: nth-check vulnerability Yeting Li discovered that nth-check incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. Source: USN-6114-1: nth-check vulnerability

USN-6113-1: Jhead vulnerability It was discovered that Jhead did not properly handle certain crafted images while processing the Exif markers. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Source: USN-6113-1: Jhead vulnerability