F5 and NGINX: Delivering Flexible, Secure, and Durable Applications from Code to Customer

2019-05-24 KENNETH 0

F5 and NGINX: Delivering Flexible, Secure, and Durable Applications from Code to Customer Businesses are always looking for the next competitive advantage. Customers have more choice than ever, and expect every interaction to look, feel, and function as seamlessly as the Facebook and Google apps they use every day. As enterprises race to build new applications and roll out capabilities to meet their customers’ demands, a distinct pattern has emerged, often called “shadow IT”. In a traditional IT architecture with monolithic applications, the infrastructure or network operations (NetOps) team usually controls app deployment, which is subject to strict compliance, governance, and security requirements. But DevOps teams in such environments – faced with both the internal pressure to innovate and the external pressure to bring services to market quickly – often circumvent such controls for the sake of agility. Even if [ more… ]

No Image

USN-3957-2: MariaDB vulnerabilities

2019-05-24 KENNETH 0

USN-3957-2: MariaDB vulnerabilities MariaDB vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Summary Several security issues were fixed in MariaDB. Software Description mariadb-5.5 – MariaDB database Details USN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-5564-changelog/ https://mariadb.com/kb/en/library/mariadb-5564-release-notes/ Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM mariadb-server – 5.5.64-1ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References [ more… ]

No Image

USN-3977-2: Intel Microcode update

2019-05-23 KENNETH 0

USN-3977-2: Intel Microcode update intel-microcode update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Summary The system could be made to expose sensitive information. Software Description intel-microcode – Processor microcode for Intel CPUs Details USN-3977-1 provided mitigations for Microarchitectural Data Sampling (MDS) vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original advisory details: Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an [ more… ]

No Image

USN-3993-2: curl vulnerability

2019-05-23 KENNETH 0

USN-3993-2: curl vulnerability curl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary curl could be made to crash if it received a specially crafted data. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details USN-3993-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM curl – 7.35.0-1ubuntu2.20+esm2 libcurl3 – 7.35.0-1ubuntu2.20+esm2 libcurl3-gnutls – 7.35.0-1ubuntu2.20+esm2 libcurl3-nss [ more… ]

No Image

USN-3993-1: curl vulnerabilities

2019-05-22 KENNETH 0

USN-3993-1: curl vulnerabilities curl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in curl. Software Description curl – HTTP, HTTPS, and FTP client and client libraries Details Wenchao Li discovered that curl incorrectly handled memory in the curl_url_set() function. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435) It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436) Update instructions The problem can be corrected by updating your system to [ more… ]