Strengthening the Microsoft Edge Sandbox

2017-03-24 KENNETH 0

Strengthening the Microsoft Edge Sandbox In a recent post, we outlined the layered strategy that the Microsoft Edge security team employs to protect you from vulnerabilities that could be used to compromise your device or personal data. In particular, we showed how Microsoft Edge is leveraging technologies like Code Integrity Guard (CIG) and Arbitrary Code Guard (ACG) to break some of the techniques that hackers rely on when exploiting vulnerabilities to obtain Remote Code Execution (RCE). This is where the attacker seeks to escape from web code (JS and HTML) in the browser to run native CPU code of the attacker’s choosing. This lets the attacker violate all of the browser’s rules for the web, such as same-origin policy, and so it is important to web users that we try as hard as possible to block RCE attacks. However, despite [ more… ]

No Image

RHBA-2017:0840-1: opendaylight bug fix advisory

2017-03-24 KENNETH 0

RHBA-2017:0840-1: opendaylight bug fix advisory Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7. Source: RHBA-2017:0840-1: opendaylight bug fix advisory

No Image

RHBA-2017:0839-1: tzdata enhancement update

2017-03-24 KENNETH 0

RHBA-2017:0839-1: tzdata enhancement update Red Hat Enterprise Linux: Updated tzdata packages that add one enhancement are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Advanced Update Support, Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7.1 Extended Update Support, Red Hat Enterprise Linux 7.1 Little Endian Extended Update Support, Red Hat [ more… ]

No Image

USN-3243-1: Git vulnerability

2017-03-23 KENNETH 0

USN-3243-1: Git vulnerability Ubuntu Security Notice USN-3243-1 23rd March, 2017 git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Git could be made to run programs as your login if it explored a specially crafted repository. Software description git – fast, scalable, distributed revision control system Details It was discovered that Git incorrectly sanitized branch names in the PS1variable when configured to display the repository status in the shellprompt. If a user were tricked into exploring a malicious repository, aremote attacker could use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]