ProHoster > Articles by: ProHoster

Author: ProHoster

Flatpak 1.10.2 update fixes sandbox isolation vulnerability

Submitted by

A corrective update to the toolkit for creating self-contained packages Flatpak 1.10.2 is available, which eliminates a vulnerability (CVE-2021-21381) that allows the author of a package with an application to bypass the sandbox isolation mode and gain access to files on the main system. The problem has been appearing since release 0.9.4. The vulnerability is caused by an error in the implementation of the file forwarding function, which allows […]

Vulnerability in the iSCSI subsystem of the Linux kernel that allows you to escalate your privileges

Submitted by

A vulnerability (CVE-2021-27365) has been identified in the iSCSI subsystem code of the Linux kernel, which allows an unprivileged local user to execute code at the kernel level and gain root privileges in the system. A working prototype of the exploit is available for testing. The vulnerability was addressed in Linux kernel updates 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260. Kernel package updates are available in Debian, Ubuntu, SUSE/openSUSE, […]

Google demonstrates exploitation of Specter vulnerabilities by executing JavaScript in the browser

Submitted by

Google has published several exploit prototypes showing the possibility of exploiting Specter class vulnerabilities when executing JavaScript code in the browser, bypassing previously added protection methods. Exploits can be used to gain access to the memory of the process processing web content in the current tab. To test the operation of the exploit, the website leaky.page was launched, and the code describing the logic of the work was posted on GitHub. Proposed […]

Chrome update 89.0.4389.90 fixing 0-day vulnerability

Submitted by

Google has created an update to Chrome 89.0.4389.90, which fixes five vulnerabilities, including the CVE-2021-21193 problem, already used by attackers in exploits (0-day). Details have not yet been disclosed; it is only known that the vulnerability is caused by accessing an already freed memory area in the Blink JavaScript engine. The problem has been assigned a high, but not critical, level of danger, i.e. It is indicated that the vulnerability does not allow [...]

Wine 6.4 release

Submitted by

An experimental release of an open implementation of WinAPI - Wine 6.4 - took place. Since the release of version 6.3, 38 bug reports have been closed and 396 changes have been made. The most important changes: Added support for the DTLS protocol. DirectWrite provides support for manipulating font sets (FontSets), defining filters for font sets, and calling GetFontFaceReference(), GetFontSet(), and GetSystemFontSet() to obtain […]

Spring update of ALT p9 starter kits

Submitted by

The eighth release of starter kits on the Ninth Alt platform is ready. These images are suitable for starting work with a stable repository for experienced users who prefer to independently determine the list of application packages and customize the system (even creating their own derivatives). How composite works are distributed under the terms of the GPLv2+ license. Options include the base system and one of the desktop environments […]

Release of Mesa 21.0, a free implementation of OpenGL and Vulkan

Submitted by

The release of the free implementation of the OpenGL and Vulkan APIs - Mesa 21.0.0 - has been presented. The first release of the Mesa 21.0.0 branch has an experimental status - after the final stabilization of the code, a stable version 21.0.1 will be released. Mesa 21.0 includes full support for OpenGL 4.6 for the 965, iris (Intel), radeonsi (AMD), zink and llvmpipe drivers. OpenGL 4.5 support is available for AMD GPUs […]

Criticism of Microsoft after the removal of a prototype exploit for Microsoft Exchange from GitHub

Submitted by

Microsoft has removed from GitHub the code (copy) with a prototype exploit demonstrating the principle of operation of a critical vulnerability in Microsoft Exchange. This action caused outrage among many security researchers, as the prototype of the exploit was published after the release of the patch, which is common practice. The GitHub rules contain a clause prohibiting the posting of active malicious code or exploits (i.e., attacking systems […]) in repositories.

The Russian Railway transfers a part of workstations to Astra Linux

Submitted by

OJSC Russian Railways is transferring part of its infrastructure to the Astra Linux platform. 22 thousand licenses for the distribution have already been purchased - 5 thousand licenses will be used to migrate automated workstations of employees, and the rest to build a virtual infrastructure of workplaces. Migration to Astra Linux will begin this month. The implementation of Astra Linux into the Russian Railways infrastructure will be carried out by JSC […]

GitLab stops using "master" name by default

Submitted by

Following GitHub and Bitbucket, collaborative development platform GitLab has announced that it will no longer use the default word "master" for master branches in favor of "main." The term “master” has recently been considered politically incorrect, reminiscent of slavery and is perceived by some community members as an insult. The change will be made both in the GitLab.com service and after updating the GitLab platform for […]

The official console version of 7-zip for Linux has been released

Submitted by

Igor Pavlov released the official console version of 7-zip for Linux along with the release of version 21.01 for Windows due to the fact that the p7zip project has not seen an update for five years. The official version of 7-zip for Linux is similar to p7zip, but is not a copy. The difference between the projects is not reported. The program was released in versions for x86, x86-64, ARM and […]

Release of the decentralized media sharing platform MediaGoblin 0.11

Submitted by

A new version of the decentralized media file sharing platform MediaGoblin 0.11.0 has been published, designed for hosting and sharing media content, including photos, videos, sound files, videos, three-dimensional models and PDF documents. Unlike centralized services like Flickr and Picasa, the MediaGoblin platform aims to organize content sharing without being tied to a specific service, using a model similar to StatusNet […]

« back to top 565 566 567 568 569 570 571 572 573 574 In the end "