Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-6090-1: Linux kernel vulnerabilities

2023-05-19 KENNETH 0

USN-6090-1: Linux kernel vulnerabilities It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. (CVE-2022-27672) Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-3707) Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2023-0459) It was discovered that the TLS subsystem in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this [ more… ]

No Image

USN-6089-1: Linux kernel (OEM) vulnerability

2023-05-19 KENNETH 0

USN-6089-1: Linux kernel (OEM) vulnerability It was discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Source: USN-6089-1: Linux kernel (OEM) vulnerability

[도서] 데이터 과학자 원칙

2023-05-19 KENNETH 0

[도서] 데이터 과학자 원칙 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]데이터 과학자 원칙 권정민,권시현,김영민,김진환,박준석,변성윤,이정원,이진형,이제현 저 | 골든래빗 | 2023년 06월 판매가 19,800원 (10%할인) | YES포인트 1,100원(5%지급) – 더 나은 데이터 과학자로 성장을 꿈꾼다면 – 먼저 헤쳐온 데이터 리더들의 원칙에서 해답을 찾아보세요 “데이터 과학자는 뭐하는 사람일까? 지금처럼 하면 되는 것일까? 나도 선배 데이터 과학자들처럼 성장 Source: [도서] 데이터 과학자 원칙

No Image

USN-6088-1: runC vulnerabilities

2023-05-18 KENNETH 0

USN-6088-1: runC vulnerabilities It was discovered that runC incorrectly made /sys/fs/cgroup writable when in rootless mode. An attacker could possibly use this issue to escalate privileges. (CVE-2023-25809) It was discovered that runC incorrectly performed access control when mounting /proc to non-directories. An attacker could possibly use this issue to escalate privileges. (CVE-2023-27561) It was discovered that runC incorrectly handled /proc and /sys mounts inside a container. An attacker could possibly use this issue to bypass AppArmor, and potentially SELinux. (CVE-2023-28642) Source: USN-6088-1: runC vulnerabilities

No Image

USN-6087-1: Ruby vulnerabilities

2023-05-18 KENNETH 0

USN-6087-1: Ruby vulnerabilities It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-28755) It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possily use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2023-28756) Source: USN-6087-1: Ruby vulnerabilities