[월:] 2015년 12월

No Image

USN-2835-1: Git vulnerability

2015-12-16 KENNETH 0

Ubuntu Security Notice USN-2835-1 15th December, 2015 git vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Git could be made to run programs as your login if it processed an untrusted repository. Software description git – fast, scalable, distributed revision control system Details Blake Burkhart discovered that the Git git-remote-ext helper incorrectlyhandled recursive clones of git repositories. A remote attacker couldpossibly use this issue to execute arbitrary code by injecting commandsvia crafted URLs. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: git 1:2.5.0-1ubuntu0.1 Ubuntu 15.04: git 1:2.1.4-2.1ubuntu0.1 Ubuntu 14.04 LTS: git 1:1.9.1-1ubuntu0.2 Ubuntu 12.04 LTS: git 1:1.7.9.5-1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all [ more… ]

No Image

USN-2836-1: GRUB vulnerability

2015-12-16 KENNETH 0

Ubuntu Security Notice USN-2836-1 15th December, 2015 grub2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GRUB password protection can be bypassed. Software description grub2 – GRand Unified Bootloader Details Hector Marco and Ismael Ripoll discovered that GRUB incorrectly handledthe backspace key when configured to use authentication. A local attackercould use this issue to bypass GRUB password protection. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: grub2-common 2.02~beta2-29ubuntu0.2 Ubuntu 15.04: grub2-common 2.02~beta2-22ubuntu1.4 Ubuntu 14.04 LTS: grub2-common 2.02~beta2-9ubuntu1.6 Ubuntu 12.04 LTS: grub2-common 1.99-21ubuntu3.19 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2015-8370 Source: ubuntu-usn

Installing NGINX and NGINX Plus with Chef

2015-12-16 KENNETH 0

In an earlier blog post, we talked about using Ansible to install NGINX or NGINX Plus. As for many other types of software out there, there lots of alternatives when it comes to configuration management software. Along with Ansible, one of the most popular is Chef. Both tools have their fans, and there are plenty of articles that compare them. Here we’ll focus on showing how to use Chef to install and configure NGINX and NGINX Plus. Opscode, the company behind Chef, provides an extensive collection of cookbooks that are easy to install onto your Chef server with a single command. Out of the box, the base cookbook for NGINX is a very powerful tool for installing and configuring NGINX. It can be rather overwhelming for newer Chef users, however, so in this post we’ll go over how to use it to [ more… ]