No Image

USN-4180-1: Bash vulnerability

2019-11-11 KENNETH 0

USN-4180-1: Bash vulnerability bash vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Bash could be made to crash or execute arbitrary code if it received a specially crafted input. Software Description bash – GNU Bourne Again SHell Details It was discovered that Bash incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM bash – 4.2-2ubuntu2.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart Bash to make all the necessary changes. References CVE-2012-6711 Source: USN-4180-1: Bash vulnerability

No Image

USN-4179-1: FriBidi vulnerability

2019-11-08 KENNETH 0

USN-4179-1: FriBidi vulnerability fribidi vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Summary Applications using FriBidi could be made to crash or run programs as your login if it displayed specially crafted text. Software Description fribidi – Free Implementation of the Unicode BiDi algorithm (utility) Details Alex Murray discovered a stack-based buffer overflow when handling a large number of unicode isolate directives. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libfribidi0 – 1.0.5-3.1ubuntu0.19.10.1 Ubuntu 19.04 libfribidi0 – 1.0.5-3.1ubuntu0.19.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-18397 Source: USN-4179-1: FriBidi vulnerability

No Image

Using Rust in Windows

2019-11-08 KENNETH 0

Using Rust in Windows This Saturday 9th of November, there will be a keynote from Microsoft engineers Ryan Levick and Sebastian Fernandez at RustFest Barcelona. They will be talking about why Microsoft is exploring Rust adoption, some of the challenges we’ve faced in this process, and the future of Rust adoption in Microsoft. If you want to talk with … Using Rust in Windows Read More » The post Using Rust in Windows appeared first on Microsoft Security Response Center. Source: Using Rust in Windows

No Image

USN-4178-1: WebKitGTK+ vulnerabilities

2019-11-07 KENNETH 0

USN-4178-1: WebKitGTK+ vulnerabilities webkit2gtk vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK+. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libjavascriptcoregtk-4.0-18 – 2.26.1-0ubuntu0.19.04.3 libwebkit2gtk-4.0-37 – 2.26.1-0ubuntu0.19.04.3 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.26.1-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.26.1-0ubuntu0.18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, [ more… ]

No Image

Vulnerability hunting with Semmle QL: DOM XSS

2019-11-07 KENNETH 0

Vulnerability hunting with Semmle QL: DOM XSS In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of­­­ the … Vulnerability hunting with Semmle QL: DOM XSS Read More » The post Vulnerability hunting with Semmle QL: DOM XSS appeared first on Microsoft Security Response Center. Source: Vulnerability hunting with Semmle QL: DOM XSS