Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

WordPress 6.2 Beta 1

2023-02-08 KENNETH 0

WordPress 6.2 Beta 1 WordPress 6.2 Beta 1 is ready for download and testing! This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, you should test Beta 1 on a test server and site. You can test WordPress 6.2 Beta 1 in three ways: Option 1: Install and activate the WordPress Beta Tester plugin (select the “Bleeding edge” channel and “Beta/RC Only” stream). Option 2: Direct download the Beta 1 version (zip). Option 3: Use the following WP-CLI command: wp core update –version=6.2-beta1 The current target for the final release is March 28, 2023, which is seven weeks away. Your help testing this version is vital to ensuring everything in this release is the best it can be. Get an overview of the [ more… ]

No Image

USN-5847-1: Grunt vulnerabilities

2023-02-08 KENNETH 0

USN-5847-1: Grunt vulnerabilities It was discovered that Grunt was not properly loading YAML files before parsing them. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-7729) It was discovered that Grunt was not properly handling symbolic links when performing file copy operations. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. (CVE-2022-0436) It was discovered that there was a race condition in the Grunt file copy function, which could lead to an arbitrary file write. An attacker could possibly use this issue to perform a local privilege escalation attack or to execute arbitrary code. (CVE-2022-1537) Source: USN-5847-1: Grunt vulnerabilities

No Image

USN-5846-1: X.Org X Server vulnerability

2023-02-08 KENNETH 0

USN-5846-1: X.Org X Server vulnerability Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges. Source: USN-5846-1: X.Org X Server vulnerability

No Image

USN-5845-1: OpenSSL vulnerabilities

2023-02-08 KENNETH 0

USN-5845-1: OpenSSL vulnerabilities David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly handled streaming ASN.1 data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0215) Source: USN-5845-1: OpenSSL vulnerabilities

No Image

USN-5844-1: OpenSSL vulnerabilities

2023-02-08 KENNETH 0

USN-5844-1: OpenSSL vulnerabilities David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. (CVE-2023-0286) Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate verification. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203) Hubert Kario discovered that OpenSSL had a timing based side channel in the OpenSSL RSA Decryption implementation. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2022-4304) Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2022-4450) Octavio [ more… ]