[월:] 2015년 12월

No Image

RHSA-2015:2684-1: Moderate: openstack-nova secuity and bug fix advisory

2015-12-22 KENNETH 0

Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve one security issue and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-7713 Source: rhn-errata

No Image

Juniper ScreenOS 취약점 보안 업데이트 권고

2015-12-21 KENNETH 0

Juniper ScreenOS 취약점 보안 업데이트 권고   출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=23847 □ 개요 o Juniper社는 ScreenOS에서 발생하는 취약점을 해결한 보안 업데이트를 발표[1] □ 설명 o ScreenOS 방화벽에 SSH 또는 TELNET 원격접속을 통한 관리자 권한 탈취가 가능한 취약점(CVE-2015-7755) o ScreenOS VPN 방화벽 암호화 데이터 트래픽을 복호화하여 스니핑이 가능한 취약점(CVE-2015-7756) □ 영향 받는 소프트웨어 o Juniper ScreenOS 6.2.0.r15 ~ 6.2.0.r18 o Juniper ScreenOS 6.3.0.r12 ~ 6.3.0.r20 □ 해결 방안 o 해당 취약점에 영향 받는 제품을 운영하고 있는 관리자는 참고사이트에 명시되어 있는 업데이트 버전을 확인하여 패치 적용 [1] □ 용어 정리 o ScreenOS : Juniper社에서 개발한 방화벽 제품에서 사용하는 운영체제 □ 기타 문의사항 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118 [참고사이트] [1] http://kb.juniper.net/JSA10713

No Image

RHSA-2015:2671-1: Important: jakarta-commons-collections security update

2015-12-21 KENNETH 0

Red Hat Enterprise Linux: Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-7501 Source: rhn-errata

No Image

USN-2853-1: Linux kernel (Wily HWE) vulnerabilities

2015-12-20 KENNETH 0

Ubuntu Security Notice USN-2853-1 20th December, 2015 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to [ more… ]

No Image

USN-2854-1: Linux kernel (Vivid HWE) vulnerabilities

2015-12-20 KENNETH 0

Ubuntu Security Notice USN-2854-1 20th December, 2015 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to [ more… ]