No Image

Announcing Windows 11 Insider Preview Build 23440

2023-04-20 KENNETH 0

Announcing Windows 11 Insider Preview Build 23440 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 23440 to the Dev Channel. We are releasing ISOs for this build – they can be downloaded here. If you miss this month’s Windows Insider webcast featuring the Phone Link team, you can watch it on demand here: https://aka.ms/April2023WIPWebcast. Changes and Improvements [Start menu] We are trying out a recommendation in the Start menu to quickly access the release notes for Windows Insider Preview builds. Insiders can click the recommendation in Start where it will open this blog post for Build 23440 to learn about all the changes and improvements included in the build. Let us know what you think of this experience. As a reminder, the settings for what is recommended on Start can be adjusted via Settings > Personalization > [ more… ]

No Image

USN-6032-1: Linux kernel (OEM) vulnerabilities

2023-04-20 KENNETH 0

USN-6032-1: Linux kernel (OEM) vulnerabilities Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash). (CVE-2022-36280) Gerald Lee discovered that the USB Gadget file system implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-4382) It was discovered that a memory leak existed in the SCTP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2023-1074) It was discovered that the RNDIS USB driver in the Linux kernel contained an integer overflow vulnerability. A local attacker with physical access [ more… ]

No Image

USN-6031-1: Linux kernel (OEM) vulnerabilities

2023-04-20 KENNETH 0

USN-6031-1: Linux kernel (OEM) vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the Integrity Measurement Architecture (IMA) implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions. (CVE-2022-21505) It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service (memory exhaustion). (CVE-2022-3903) It was discovered that a race condition existed in the SMSC UFX USB driver implementation in the Linux kernel, leading to a use-after-free vulnerability. A [ more… ]

A Primer on QUIC Networking and Encryption in NGINX

2023-04-20 KENNETH 0

A Primer on QUIC Networking and Encryption in NGINX table.nginx-blog, table.nginx-blog th, table.nginx-blog td { border: 2px solid black; border-collapse: collapse; } table.nginx-blog { width: 100%; } table.nginx-blog th { background-color: #d3d3d3; align: left; padding-left: 5px; padding-right: 5px; padding-bottom: 2px; padding-top: 2px; line-height: 120%; } table.nginx-blog td { padding-left: 5px; padding-right: 5px; padding-bottom: 2px; padding-top: 5px; line-height: 120%; } table.nginx-blog td.center { text-align: center; padding-bottom: 2px; padding-top: 5px; line-height: 120%; } The first mention of QUIC and HTTP/3 on the NGINX blog was four years ago (!), and like you we’re now eagerly looking forward to the imminent merging of our QUIC implementation into the NGINX Open Source mainline branch. Given the long gestation, it’s understandable if you haven’t QUIC much thought. At this point, however, as a developer or site administrator you need to be aware of how QUIC [ more… ]

No Image

USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities

2023-04-19 KENNETH 0

USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities It was discovered that the Traffic-Control Index (TCINDEX) implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-1281) It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2021-3669) It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3424) Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could [ more… ]