Technology Python programming language hurries out update to tackle remote code vulnerability
Got a new Roku this holiday season? Here's how to set it up
Time to put that new streaming gift to use.To help make sure you have no problems we took out a Streaming Stick Plus, our favorite overall streaming device, to walk you through the process -- which should be basically the same no matter which Roku you're using. Here's how to set up your new Roku.
The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable but in practical terms can only be used to knock a machine offline.
PSF is urging its legion of Python users to, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.
Best Smartphones of 2020
Smartphones are the center of our digital lives. And since you'll likely use your phone more than any other gadget you own, picking the right one to last you through years of use is crucial. © Jacob Krol/CNN Fortunately, we've tested all of the top smartphones released in 2020 to help you make the right call. Here are the ones we found to be the best:Best smartphone overall: iPhone 12 ($799; amazon.com or expercom.com)Runner-up: Galaxy Note 20 Ultra ($1,299; samsung.com)Budget pick: Pixel 4a 5G ($499; amazon.
The project expedited the release after receiving unexpected pressure from some users who were concerned over the security flaw.
"Since the announcement of the release candidates for 3.9.2 on 3.8.8, we received a number of inquiries from end users urging us to expedite the final releases due to the security content, especially," said the Python release team.
"This took us somewhat by surprise since we believed security content is cherry-picked by downstream distributors from source either way, and the RC releases provide installers for everybody else interested in upgrading in the meantime," PSF said.
"It turns out that release candidates are mostly invisible to the community and in many cases cannot be used due to upgrade processes which users have in place."
Nick Saban corrected Todd McShay about Alex Leatherwood's draft ranking
Star Alabama RB Najee Harris hurdled Notre Dame CB Nick McCloud en route to a 53-yard gain in the 2021 Rose Bowl Game in Arlington, TX.
Python 3.x through to 3.9.1 has a buffer overflow in PyCArg_repr in ctypes/callproc.c, which may lead to remote code execution.
It affects Python applications that "accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param."
The bug occurs because "sprintf" is used unsafely. The impact is broad because Python is pre-installed with multiple Linux distributions and Windows 10.
Various Linux distributions,, have been backporting the security patches to ensure the built-in versions of Python are shielded.
The vulnerability is a common memory flaw., a stack-based buffer overflow in Python's ctypes module improperly validated the input passed to it, "which would allow an attacker to overflow a buffer on the stack and crash the application."
Apple TV: 11 essential tips to master your streaming box
The Apple TV is a seemingly simple device that's gained so many new features over the years. Here's the latest.Even though a new Apple TV is possibly on the horizon, the current Apple TV lineup is worth the investment for Apple fans and users. And once you get the shiny new box setup, there are some things you'll need to learn. For instance, getting around the Siri remote can feel simplistic, but there are some hidden shortcuts that will surely make your life easier.
While a remote code execution vulnerability is bad news, RedHat notes that the "highest threat from this vulnerability is to system availability." In other words, an attacker would likely only be able to pull off a denial of service attack.
"Our understanding is that while the CVE is listed as "remote code execution", practical exploits of this vulnerability as such are very unlikely due the following conditions needing to be met for successful RCE," said the PSF.
"To be sure, denial of service through malicious input is also a serious issue. Thus, to help the community members for whom the release candidate was insufficient, we are releasing the final versions of 3.9.2 and 3.8.8 today," the organization added.
The other flaw is tracked asand concerns a web cache poisoning vulnerability by "defaulting the query args separator to &, and allowing the user to choose a custom separator."
February Patchday: Microsoft closes the zero-day gap in Windows .
© DEFAULT_CREDIT Windows (Image: Microsoft) It allows the unauthorized extension of user rights. There are also three major bugs in the Windows TCP / IP stack. They can be used for denial-of-service attacks. Microsoft published fixes for 56 vulnerabilities in Windows, Office and other products on its monthly patch day. Among them is a zero-day vulnerability in Windows that is already actively being used for attacks. It enables hackers to extend user rights without authorization.