Read Time:8 Second
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Monthly Archives: August 2023
#BHUSA: White House, DARPA and CISA Ask for Help in Securing Open Source Software
Read Time:7 Second
Kemba Walden announced at Black Hat USA that five US government agencies were launching a request for information on open source software security
DSA-5474 intel-microcode – security update
Read Time:6 Second
This update ships updated CPU microcode for some types of Intel CPUs and
provides mitigations for security vulnerabilities.
DSA-5475 linux – security update
xen-4.17.2-1.fc38
Read Time:15 Second
FEDORA-2023-fff31650c8
Packages in this update:
xen-4.17.2-1.fc38
Update description:
update to xen-4.17.2 which includes
x86/AMD: Speculative Return Stack Overflow [XSA-434, CVE-2023-20569]
x86/Intel: Gather Data Sampling [XSA-435, CVE-2022-40982]
remove patches now included upstream
#BHUSA: US National Security Agency Announces Codebreaker Challenge Theme
Read Time:6 Second
Contestants of the 10-year-old NSA competition will have to decipher an unknown signal in overseas US territory
USN-6278-2: .NET vulnerabilities
Read Time:36 Second
USN-6278-1 fixed several vulnerabilities in .NET. This update
provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that .NET did properly handle the execution of
certain commands. An attacker could possibly use this issue to
achieve remote code execution. (CVE-2023-35390)
Benoit Foucher discovered that .NET did not properly implement the
QUIC stream limit in HTTP/3. An attacker could possibly use this
issue to cause a denial of service. (CVE-2023-38178)
It was discovered that .NET did not properly handle the disconnection
of potentially malicious clients interfacing with a Kestrel server. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-38180)
USN-6277-2: Dompdf vulnerabilities
Read Time:47 Second
USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the
corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that Dompdf was not properly validating untrusted input when
processing HTML content under certain circumstances. An attacker could
possibly use this issue to expose sensitive information or execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS.
(CVE-2014-5011, CVE-2014-5012, CVE-2014-5013)
It was discovered that Dompdf was not properly validating processed HTML
content that referenced PHAR files, which could result in the deserialization
of untrusted data. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2021-3838)
It was discovered that Dompdf was not properly validating processed HTML
content that referenced both a remote base and a local file, which could
result in the bypass of a chroot check. An attacker could possibly use this
issue to expose sensitive information. (CVE-2022-2400)
New York Introduces First-Ever Statewide Cybersecurity Strategy
APT31 Linked to Recent Industrial Attacks in Eastern Europe
Read Time:4 Second
Kaspersky published the third installment of their investigation on this campaign earlier today