Security Advisories & Alerts

CVE-2017-6074: Linux local root exploit

New CVE-2017-6074 Linux local root exploit was published. CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call. Mitigation: Recent versions of the SELinux policy can mitigate this flaw....

Read More

CVE-2017-3135: denial-of-service vulnerability in ISC BIND 9

ISC announced CVE-2017-3135, a denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases, and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and 9.11.1b1 releases. Mitigation: Upgrade to the patched release most closely related to your current version of BIND.  These can all be...

Read More

Don’t click “Chrome: The ‘HoeflerText’ font wasn’t found scam”

Researchers at Proofpoint discovered an infection technique which targets only chrome users on Windows. The Chrome users are targeted with Font Wasn’t Found Social Engineering Scheme if they navigate to a compromised website through search engines. Once users runs the downloaded file dubbed as “Chrome_Font.exe”, it gets installed and infects the user system. Upon infection, the computer will start browsing in the background on its...

Read More

Page 66 of 66« First...102030...6263646566