sukarof
2019-02-03 02:59 deepin
Edited by sukarof at 2019-2-2 19:01
This is why I download the latest Firefox from the link below instead of using the one in the deepin app store. I have given up the hope that the app store will catch up in resonable time.
https://sourceforge.net/projects/ubuntuzilla/files/mozilla/apt/pool/main/f/firefox-mozilla-build/
This is why I download the latest Firefox from the link below instead of using the one in the deepin app store. I have given up the hope that the app store will catch up in resonable time.
https://sourceforge.net/projects/ubuntuzilla/files/mozilla/apt/pool/main/f/firefox-mozilla-build/
Reply Like 0 View the author
January 31 - Alert RSS
A vulnerability in the change_port_settings function of the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to a division-by-zero condition in the change_port_settings function, as defined in the drivers/usb/serial/io_ti.c source code file of the affected software. An attacker could exploit the vulnerability by maliciously setting high baud rates on a targeted system. A successful exploit could cause the targeted system to crash, resulting in a DoS condition.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
Kernel.org has confirmed the vulnerability and released software updates.
Security Impact Rating: Medium
CVE: CVE-2017-18360
https://tools.cisco.com/security/center/viewAlert.x?alertId=59541&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Linux%20Kernel%20change_port_settings%20Local%20Denial%20of%20Service%20Vulnerability&vs_k=1
Firefox and chrome (Deepin appstore is supplying very outdated versions of these browsers)
Security fixes
Chrome 72 fixes 58 CVE-level flaws, including 17 rated ‘high’ severity and one ‘critical’, identified as CVE-2019-5754 and described simply as an “inappropriate implementation in QUIC Networking.”
Continuing its six-week schedule, the next version, Chrome 73, is due out on 12 March, with version 74 appearing on 23 April.
Part of this update will see Chrome warn users when they visit lookalike URLs meant to resemble popular websites.
Firefox 65
Naked Security has already covered the new content blocking setting added to Firefox 65, but this also patches seven CVEs, including three marked ‘critical’ and two ‘high’.
The criticals include CVE-2018-18500 (reported by SophosLabs’ researcher Yaniv Frank), described as:
A use-after-free vulnerability that can occur while parsing an HTML5 stream in concert with custom HTML elements.
Also fixed are CVE-2018-18501 and CVE-2018-18502, both memory safety flaws plus CVE-2018-18504, a memory corruption issue, and CVE-2018-18505, a privilege escalation affecting Inter-process Communication (IPC) authentication.
Continuing the memory theme, Linux, macOS and Android versions get protection against ‘stack smashing’, which attackers can use to take control of a browser process.
https://nakedsecurity.sophos.com/2019/01/31/update-now-chrome-and-firefox-patch-security-flaws/