No Image

USN-5189-1: GLib vulnerability

2021-12-14 KENNETH 0

USN-5189-1: GLib vulnerability It was discovered that GLib incorrectly handled certain environment variables. An attacker could possibly use this issue to escalate privileges. Source: USN-5189-1: GLib vulnerability

No Image

USN-5142-3: Samba regression

2021-12-14 KENNETH 0

USN-5142-3: Samba regression USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/show_bug.cgi?id=14922 This update fixes the problem. Original advisory details: Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. (CVE-2016-2124) Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An authenticated attacker could possibly use this issue to become root on domain members. (CVE-2020-25717) Andrew Bartlett discovered that Samba did not correctly sandbox Kerberos tickets issues by an RODC. An RODC could print administrator tickets, contrary to expectations. (CVE-2020-25718) Andrew Bartlett discovered that Samba incorrectly handled Kerberos tickets. Delegated administrators could possibly use this issue to impersonate accounts, leading to total domain [ more… ]

No Image

USN-5188-1: Keepalived vulnerability

2021-12-14 KENNETH 0

USN-5188-1: Keepalived vulnerability It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass. Source: USN-5188-1: Keepalived vulnerability

No Image

USN-5186-1: Firefox vulnerabilities

2021-12-10 KENNETH 0

USN-5186-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct spoofing attacks, bypass CSP restrictions, or execute arbitrary code. (CVE-2021-43536, CVE-2021-43537, CVE-2021-43538, CVE-2021-43539, CVE-2021-43541, CVE-2021-43542, CVE-2021-43543, CVE-2021-43545, CVE-2021-43546) A security issue was discovered with the handling of WebExtension permissions. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to create and install a service worker that wouldn’t be uninstalled with the extension. (CVE-2021-43540) Source: USN-5186-1: Firefox vulnerabilities

No Image

USN-5183-1: BlueZ vulnerability

2021-12-09 KENNETH 0

USN-5183-1: BlueZ vulnerability Julian Rauchberger discovered that BlueZ incorrectly handled memory when processing SDP attribute requests. A remote attacker could use this issue to cause BlueZ to crash, leading to a denial of service, or possibly execute arbitrary code. Source: USN-5183-1: BlueZ vulnerability