SECURITY

No Image

An intern’s experience with Rust

2019-10-17 KENNETH 0

An intern’s experience with Rust Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical network processing agent into Rust to eliminate … An intern’s experience with Rust Read More » The post An intern’s experience with Rust appeared first on Microsoft Security Response Center. Source: An intern’s experience with Rust

No Image

USN-4156-2: SDL vulnerabilities

2019-10-16 KENNETH 0

USN-4156-2: SDL vulnerabilities libsdl1.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in SDL. Software Description libsdl1.2 – Simple DirectMedia Layer debug files Details USN-4156-1 fixed several vulnerabilities in SDL. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libsdl1.2debian – 1.2.15-8ubuntu1.1+esm1 Ubuntu 12.04 ESM libsdl1.2debian – 1.2.14-6.4ubuntu3.2 To update your system, please follow [ more… ]

No Image

USN-4156-1: SDL vulnerabilities

2019-10-16 KENNETH 0

USN-4156-1: SDL vulnerabilities libsdl1.2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SDL. Software Description libsdl1.2 – Simple DirectMedia Layer Details It was discovered that SDL incorrectly handled certain images. If a user were tricked into opening a crafted image file, a remote attacker could use this issue to cause SDL to crash, resulting in a denial of service, or possibly execute arbitary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libsdl1.2debian – 1.2.15+dfsg2-0.1ubuntu0.1 Ubuntu 16.04 LTS libsdl1.2debian – 1.2.15+dfsg1-3ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 [ more… ]

No Image

USN-4155-1: Aspell vulnerability

2019-10-15 KENNETH 0

USN-4155-1: Aspell vulnerability aspell vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Aspell could be made to expose sensitive information if it received a specially crafted input. Software Description aspell – GNU Aspell spell-checker Details It was discovered that Aspell incorrectly handled certain inputs. An attacker could potentially access sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 aspell – 0.60.7~20110707-6ubuntu0.1 libaspell15 – 0.60.7~20110707-6ubuntu0.1 Ubuntu 18.04 LTS aspell – 0.60.7~20110707-4ubuntu0.1 libaspell15 – 0.60.7~20110707-4ubuntu0.1 Ubuntu 16.04 LTS aspell – 0.60.7~20110707-3ubuntu0.1 libaspell15 – 0.60.7~20110707-3ubuntu0.1 Ubuntu 14.04 ESM aspell – 0.60.7~20110707-1ubuntu1+esm1 libaspell15 – 0.60.7~20110707-1ubuntu1+esm1 Ubuntu 12.04 ESM aspell – 0.60.7~20110707-1ubuntu0.1 libaspell15 – 0.60.7~20110707-1ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In [ more… ]

No Image

USN-4154-1: Sudo vulnerability

2019-10-14 KENNETH 0

USN-4154-1: Sudo vulnerability sudo vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Sudo could be made to run commands as root if it called with a specially crafted user ID. Software Description sudo – Provide limited super user privileges to specific users Details Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 sudo – 1.8.27-1ubuntu1.1 sudo-ldap – 1.8.27-1ubuntu1.1 Ubuntu 18.04 LTS sudo – 1.8.21p2-3ubuntu1.1 sudo-ldap – 1.8.21p2-3ubuntu1.1 Ubuntu 16.04 LTS sudo – 1.8.16-0ubuntu1.8 sudo-ldap – 1.8.16-0ubuntu1.8 Ubuntu 14.04 ESM sudo – 1.8.9p5-1ubuntu1.5+esm2 sudo-ldap – 1.8.9p5-1ubuntu1.5+esm2 Ubuntu 12.04 ESM [ more… ]