2016년 01월 – 페이지 42 – 지락문화예술공작단

USN-2855-1: Samba vulnerabilities

2016-01-06 KENNETH 0

Ubuntu Security Notice USN-2855-1 5th January, 2016 samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Samba. Software description samba – SMB/CIFS file, print, and login server for Unix Details Thilo Uttendorfer discovered that the Samba LDAP server incorrectly handledcertain packets. A remote attacker could use this issue to cause the LDAPserver to stop responding, resulting in a denial of service. This issueonly affected Ubuntu 14.04 LTS, Ubuntu 15.04 and Ubuntu 15.10.(CVE-2015-3223) Jan Kasprzak discovered that Samba incorrectly handled certain symlinks. Aremote attacker could use this issue to access files outside the exportedshare path. (CVE-2015-5252) Stefan Metzmacher discovered that Samba did not enforce signing whencreating encrypted connections. If a remote attacker were able to perform aman-in-the-middle attack, this flaw [ more… ]

USN-2856-1: ldb vulnerabilities

2016-01-06 KENNETH 0

Ubuntu Security Notice USN-2856-1 5th January, 2016 ldb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in ldb. Software description ldb – LDAP-like embedded database Details Thilo Uttendorfer discovered that the ldb incorrectly handled certain zerovalues. A remote attacker could use this issue to cause applications usingldb, such as Samba, to stop responding, resulting in a denial of service.(CVE-2015-3223) Douglas Bagnall discovered that ldb incorrectly handled certain stringlengths. A remote attacker could use this issue to possibly accesssensitive information from memory of applications using ldb, such as Samba.(CVE-2015-5330) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libldb1 2:1.1.20-2ubuntu0.1 Ubuntu 15.04: libldb1 1:1.1.18-1ubuntu0.1 Ubuntu 14.04 LTS: libldb1 1:1.1.16-1ubuntu0.1 Ubuntu 12.04 LTS: [ more… ]

RHBA-2016:0003-1: grub2 bug fix update

2016-01-05 KENNETH 0

Red Hat Enterprise Linux: Updated grub2 packages that fix a bug are now available for Red Hat Enterprise Linux 7. Source: rhn-errata

RHBA-2016:0002-1: kernel bug fix update

2016-01-05 KENNETH 0

Red Hat Enterprise Linux: Updated kernel packages that fix one bug are now available for Red Hat Enterprise Linux 7. Source: rhn-errata

Version Tokens in MySQL 5.7

2016-01-05 KENNETH 0

In MySQL 5.7.8 we added support for version tokens. This is a new feature that enables you to prevent accessing incorrect or out-of-date data, and stray modifications executing on the wrong server. For some backstory When there are multiple MySQL instances running on a Linux machine, there is a reasonable chance that clients could connect to the wrong instance.… Source: mysqlserverteam.com