No Image

MS15-SEP – Microsoft Security Bulletin Summary for September 2015 – Version: 3.0

2015-10-13 KENNETH 0

Revision Note: V3.0 (October 13, 2015): For MS15-099, revised Bulletin Summary to announce the availability of an update package for Microsoft Excel 2016. Customers running Microsoft Excel 2016 should apply update 2920693 to be protected from the vulnerabilities discussed in MS15-099. The majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically.Summary: This bulletin summary lists security bulletins released for September 2015. Source: ms-security

No Image

3042058 – Update to Default Cipher Suite Priority Order – Version: 1.1

2015-10-13 KENNETH 0

Revision Note: V1.1 (October 13, 2015): Advisory revised to announce that the Default Cipher Suite Prioritization update (3042058), originally released May 12, 2015 via the Microsoft Download Center (DLC) only, is now also available via Microsoft Update (MU) and Windows Server Update Services (WSUS). This is an update offering venue change only. There were no changes to the update files. Customers who have already successfully installed the update do not need to take any action.Summary: On May 12, 2015, Microsoft announced the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The update added additional cipher suites to the default list on affected systems and improved cipher suite priority ordering. The improvements were in keeping with ongoing efforts to bolster the [ more… ]

PHP 함수의 mysql 데이터베이스 확장 함수의 고찰

2015-10-13 KENNETH 0

  PHP 함수의 mysql 데이터베이스 확장 함수의 고찰 PHP에서 지원하는 mysql 함수 mysql mysqli pdo-mysql     습관 난 몇년동안 리눅스상에서 APM을 설치할때 mysql을 컴파일해서 설치하고 php설치시 ”–with-mysql=/usr/local/mysql” 등의 옵션을 사용했다. –with-mysql=/usr/local/mysql –with-pdo-mysql=/usr/local/mysql (필요시 추가) 형태로 설치한뒤 추가로 mysqli가 필요한 경우 별도의 모듈형태로 mysqli 를 설치해서 사용했다.. 특별히 큰 이유가 있었던것은 아니고, 그냥 mysql3 + php4.0 시절부터 그렇게 해왔기 때문에 의례 그렇게 했다는게 맞다.   새로운것 헌데 PHP5.3 부터 변경된점중.. mysqlnd 라는것이 있다. 출처 : http://php.net/manual/en/book.mysqlnd.php 위에서 설명한 mysql의 3가지 지원함수의 사용을 위해서 mysql 라이브러리 (컴파일이든 yum, apt 를 이용한 클라이언트/라이브러리 설치) php컴파일시 libmysqlclient 를 사용 해야 했던 전통적인 방식대신 mysql Native Driver 라는 새로운 방식을 php-5.3 부터 지원하게 되었다고… (솔직히 몰랐다;;;;)   라이센스 문제(라기 보다는 주체랄까..) 해결 libmysqlclient 라이브러리가 더이상 필요 없음 같은 얘기지만 내장되어있는 기능을 활성화 시키는 것이기 때문에 설치가 쉽다. PHP의 메모리 관리 시스템의 사용하기 때문에 성능개선(이 있을수 [ more… ]

WordPress 4.3.1 Security and Maintenance Release

2015-10-13 KENNETH 0

출처 : https://wordpress.org/news/2015/09/wordpress-4-3-1/ WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. A separate cross-site scripting vulnerability was found in the user list table. Reported by Ben Bidner of the WordPress security team. Finally, in certain cases, users without proper permissions could publish private posts and make them sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of Check Point. Our thanks to those who have practiced responsible disclosure of security issues. WordPress 4.3.1 also fixes twenty-six bugs. For more information, see the release notes or consult the list of changes. Download WordPress 4.3.1 or venture over [ more… ]