No Image

USN-3235-1: libxml2 vulnerabilities

2017-03-16 KENNETH 0

USN-3235-1: libxml2 vulnerabilities Ubuntu Security Notice USN-3235-1 16th March, 2017 libxml2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in libxml2. Software description libxml2 – GNOME XML library Details It was discovered that libxml2 incorrectly handled format strings. If auser or automated system were tricked into opening a specially crafteddocument, an attacker could possibly cause libxml2 to crash, resulting in adenial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04LTS, and Ubuntu 16.04 LTS. (CVE-2016-4448) It was discovered that libxml2 incorrectly handled certain malformeddocuments. If a user or automated system were tricked into opening aspecially crafted document, an attacker could cause libxml2 to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2016-4658) Nick Wellnhofer discovered [ more… ]

No Image

USN-3234-1: Linux kernel vulnerabilities

2017-03-16 KENNETH 0

USN-3234-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3234-1 15th March, 2017 linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-gke – Linux kernel for Google Container Engine (GKE) systems linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon Processors Details Ralf Spenneberg discovered that the ext4 implementation in the Linux kerneldid not properly validate meta block groups. An attacker with physicalaccess could use this to specially craft an ext4 image that causes a denialof service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit duringa setxattr call on a tmpfs filesystem. [ more… ]

No Image

USN-3234-2: Linux kernel (Xenial HWE) vulnerabilities

2017-03-16 KENNETH 0

USN-3234-2: Linux kernel (Xenial HWE) vulnerabilities Ubuntu Security Notice USN-3234-2 15th March, 2017 linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty Details USN-3234-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu14.04 LTS. Ralf Spenneberg discovered that the ext4 implementation in the Linux kerneldid not properly validate meta block groups. An attacker with physicalaccess could use this to specially craft an ext4 image that causes a denialof service (system crash). (CVE-2016-10208) It was discovered that the Linux kernel did not clear the setgid bit duringa setxattr call on a tmpfs filesystem. A local [ more… ]

Complete Anatomy: Award-Winning App Comes to Windows Store

2017-03-16 KENNETH 0

Complete Anatomy: Award-Winning App Comes to Windows Store 3D4Medical has just completed the port of its award-winning flagship product Complete Anatomy to Windows Store using the Windows Bridge for iOS. The Windows Bridge is an open-source environment for Objective-C that provides support for third party APIs. The Windows Bridge was a very important component in 3D4Medical’s development team, bringing the high-resolution 3D models and smooth touch interface that its users were already familiar with to the world of Windows PC and Surface users. 3D4Medical created a Universal Windows Platform (UWP) app in response to the huge demand from its core audience of medical students and clinical professionals, many of whom use Windows devices. The app supports multiple Windows form-factors and device configurations. The interface can be manipulated with either a mouse or touch gestures. The experience particularly shines on Surfaces [ more… ]

No Image

Announcing the new Bug Bounty Program for Office Insider Builds on Windows

2017-03-16 KENNETH 0

Announcing the new Bug Bounty Program for Office Insider Builds on Windows We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our continuous internal engineering investments that include designing secure features through threat modeling, security in code reviews, security automation, and internal penetration testing. The Microsoft Cloud and Online Services Bounty Program has helped us identify elusive vulnerabilities and provided a way to reward the individuals actively partnering with us to protect our customers. We want to continue incentivizing research around design and logic and reward deeper thought in important areas of Office. Office Insider Builds give users early access to the latest Office [ more… ]