USN-5484-1: Linux kernel vulnerabilities

Read Time:54 Second

It was discovered that the Linux kernel did not properly restrict access to
the kernel debugger when booted in secure boot environments. A privileged
attacker could use this to bypass UEFI Secure Boot restrictions.
(CVE-2022-21499)

It was discovered that a race condition existed in the network scheduling
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2021-39713)

It was discovered that some Intel processors did not completely perform
cleanup actions on multi-core shared buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21123)

It was discovered that some Intel processors did not completely perform
cleanup actions on microarchitectural fill buffers. A local attacker could
possibly use this to expose sensitive information. (CVE-2022-21125)

It was discovered that some Intel processors did not properly perform
cleanup during specific special register write operations. A local attacker
could possibly use this to expose sensitive information. (CVE-2022-21166)

Read More

Ransomware could target OneDrive and SharePoint files by abusing versioning configurations

Read Time:34 Second

Researchers warn that documents hosted in the cloud might not be out of reach for ransomware actors and that while they’re harder to permanently encrypt due to the automated backup features of cloud service, there are still ways to make life hard for organizations.

Researchers from Proofpoint have devised a proof-of-concept attack scenario that involves abusing the document versioning settings in Microsoft’s OneDrive and SharePoint Online services that are part of Office 365 and Microsoft 365 cloud offerings. Furthermore, since these services provide access to most of their features through APIs, potential attacks can be automated using ​​command-line interface and PowerShell scripts.

To read this article in full, please click here

Read More

kernel-5.18.5-100.fc35

Read Time:14 Second

FEDORA-2022-177a008b98

Packages in this update:

kernel-5.18.5-100.fc35

Update description:

The 5.18.5 stable kernel update contains mitigation for the processor MMIO stale-data vulnerabilities. These are covered by CVE-2022-21166 CVE-2022-21125 and CVE-2022-21123

Read More

kernel-5.18.5-200.fc36

Read Time:14 Second

FEDORA-2022-391e24517d

Packages in this update:

kernel-5.18.5-200.fc36

Update description:

The 5.18.5 stable kernel update contains mitigation for the processor MMIO stale-data vulnerabilities. These are covered by CVE-2022-21166 CVE-2022-21125 and CVE-2022-21123

Read More

Cloud-native TACACS+ access solution launched by Portnox

Read Time:42 Second

Most organizations know an extra measure of access management is needed for IT staff who run their networks. The problem is one of the best solutions for achieving that—Terminal Access Controller Access Control Server (TACACS+)—can be both complicated and costly to implement. That’s why a company called Portnox announced Wednesday a cloud-native TACACS+ solution that it claims is easy to set up and use, as well as priced within the reach of mid-market companies.

“TACACS+ is a standard protocol. It’s been out for a long time, but no one has a cloud-based solution,” Portnox CEO Denny LeCompte tells CSO. “Many IT departments that would find TACACS+ really valuable don’t use it because it’s too much trouble. That’s why we built a cloud-based version.”

To read this article in full, please click here

Read More

USN-5482-1: SPIP vulnerabilities

Read Time:39 Second

It was discovered that SPIP incorrectly validated inputs. An authenticated
attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross
Site Scripting (XSS). If a user were tricked into browsing a malicious SVG
file, an attacker could possibly exploit this issue to execute arbitrary
code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote
authenticated editor could possibly use this issue to execute arbitrary code,
and a remote unauthenticated attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-26846, CVE-2022-26847)

Read More

USN-5483-1: Exempi vulnerabilities

Read Time:14 Second

It was discovered that Exempi incorrectly handled certain media files. If a
user or automated system were tricked into opening a specially crafted
file, a remote attacker could cause Exempi to stop responding or crash,
resulting in a denial of service, or possibly execute arbitrary code.

Read More