2020年11月14日 星期六

[USN-4604-1] MySQL vulnerabilities

 ---------- Forwarded message ---------

From: Marc Deslauriers <marc.deslauriers@canonical.com>

Date: Oct 27, 2020 8:43PM

Multiple security issues were discovered in MySQL and this update includes

new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10.

Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32.

In addition to security fixes, the updated packages contain bug fixes, new

features, and possibly incompatible changes.

References:

  https://usn.ubuntu.com/4604-1

  CVE-2019-14775, CVE-2020-14672, CVE-2020-14760, CVE-2020-14765,

  CVE-2020-14769, CVE-2020-14771, CVE-2020-14773, CVE-2020-14775,

  CVE-2020-14776, CVE-2020-14777, CVE-2020-14785, CVE-2020-14786,

  CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14793,

  CVE-2020-14794, CVE-2020-14800, CVE-2020-14804, CVE-2020-14809,

  CVE-2020-14812, CVE-2020-14814, CVE-2020-14821, CVE-2020-14827,

  CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14836,

  CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14844,

  CVE-2020-14845, CVE-2020-14846, CVE-2020-14848, CVE-2020-14852,

  CVE-2020-14853, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866,

  CVE-2020-14867, CVE-2020-14868, CVE-2020-14869, CVE-2020-14870,

  CVE-2020-14873, CVE-2020-14878, CVE-2020-14888, CVE-2020-14891,

  CVE-2020-14893

LM: elementary OS 5.2

 

REF: https://blog.cloudflare.com/introducing-cloudflare-one/

[USN-4602-1] Perl vulnerabilities

 ---------- Forwarded message ---------

From: Marc Deslauriers <marc.deslauriers@canonical.com>

Date: Oct 26, 2020 7:45PM

ManhND discovered that Perl incorrectly handled certain regular

expressions. In environments where untrusted regular expressions are

evaluated, a remote attacker could possibly use this issue to cause Perl to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2020-10543)

Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly

handled certain regular expressions. In environments where untrusted

regular expressions are evaluated, a remote attacker could possibly use

this issue to cause Perl to crash, resulting in a denial of service, or

possibly execute arbitrary code. (CVE-2020-10878)

Sergey Aleynikov discovered that Perl incorrectly handled certain regular

expressions. In environments where untrusted regular expressions are

evaluated, a remote attacker could possibly use this issue to cause Perl to

crash, resulting in a denial of service, or possibly execute arbitrary

code. (CVE-2020-12723)

References:

  https://usn.ubuntu.com/4602-1

  CVE-2020-10543, CVE-2020-10878, CVE-2020-12723

Introducing Cloudflare One

 

REF: https://blog.cloudflare.com/introducing-cloudflare-one/

[LSN-0073-1] Linux kernel vulnerability

 ---------- Forwarded message ---------

From: benjamin.romer@canonical.com

Date: Oct 26, 2020 7:45PM

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the

Linux kernel contained a type-confusion error. A physically proximate

remote attacker could use this to cause a denial of service (system

crash) or possibly execute arbitrary code. (CVE-2020-12351)

Andy Nguyen discovered that the Bluetooth A2MP implementation in the

Linux kernel did not properly initialize memory in some situations. A

physically proximate remote attacker could use this to expose sensitive

information (kernel memory). (CVE-2020-12352)

Andy Nguyen discovered that the Bluetooth HCI event packet parser in the

Linux kernel did not properly handle event advertisements of certain

sizes, leading to a heap-based buffer overflow. A physically proximate

remote attacker could use this to cause a denial of service (system

crash) or possibly execute arbitrary code. (CVE-2020-24490)

References

-   CVE-2020-12351

-   CVE-2020-12352

-   CVE-2020-24490

LM: KDE neon 5.20.0

REF: https://www.linux-magazine.com/Issues/2020/241/This-Month-s-DVD

2020年11月8日 星期日

MagicSoft Recorder ver 3.3.2

It adds support for recording HEVC 10 bit with nVidia cards using containers : mov, mp4, mkv and ts

The supported video modes are 720p, 1080p and 4K

The software can be freely downloaded from our website 

https://www.magicsoft.tv