[월:] 2016년 05월

No Image

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities

2016-05-07 KENNETH 0

USN-2965-3: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-2965-3 6th May, 2016 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. (CVE-2016-4557) Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An [ more… ]

No Image

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability

2016-05-07 KENNETH 0

USN-2965-4: Linux kernel (Qualcomm Snapdragon) vulnerability Ubuntu Security Notice USN-2965-4 6th May, 2016 linux-snapdragon vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-snapdragon – Linux kernel for Snapdragon Processors Details Jann Horn discovered that the extended Berkeley Packet Filter (eBPF)implementation in the Linux kernel did not properly reference count filedescriptors, leading to a use-after-free. A local unprivileged attackercould use this to gain administrative privileges. Ralf Spenneberg discovered that the USB sound subsystem in the Linux kerneldid not properly validate USB device descriptors. An attacker with physicalaccess could use this to cause a denial of service (system crash).(CVE-2016-2184) Ralf Spenneberg discovered that the ATI Wonder Remote II USB driver in theLinux kernel did not properly validate USB device descriptors. An attackerwith physical access [ more… ]

No Image

WordPress 4.5.2 Security Release

2016-05-07 KENNETH 0

WordPress 4.5.2 Security Release WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues. Both issues were analyzed and reported by Mario Heiderich, Masato Kinugawa, and Filedescriptor from Cure53. Thanks to the team for practicing responsible disclosure, and to the Plupload and MediaElement.js teams for working closely with us to coördinate and fix these issues. Download WordPress 4.5.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that [ more… ]

3BetGaming Serves More Customers and Saves 75% Bandwidth with NGINX Plus

2016-05-06 KENNETH 0

3BetGaming Serves More Customers and Saves 75% Bandwidth with NGINX Plus   Situation 3BetGaming is a software provider for online sports betting companies. Whether before a match or in the middle of the game, 3BetGaming’s backend infrastructure powers the bidding behind thousands of games every day. The company offers the most extensive sports book application on the market, and supports nearly 12,000 active players, 14,000 live monthly events, and 100 million bets so far. 3BetGaming is based in Malta and has clients around the world – from growing startups to massive corporations. 3BetGaming consistently provides flexible and powerful software for its diverse range of clients. As its customer base grew, 3BetGaming faced a problem with its existing virtual load balancing appliances. The growth in traffic was bringing 3BetGaming close to exceeding the bandwidth limit imposed by its existing license. In [ more… ]

No Image

USN-2964-1: OpenJDK 7 vulnerabilities

2016-05-05 KENNETH 0

USN-2964-1: OpenJDK 7 vulnerabilities Ubuntu Security Notice USN-2964-1 4th May, 2016 openjdk-7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Summary Several security issues were fixed in OpenJDK 7. Software description openjdk-7 – Open Source Java implementation Details Multiple vulnerabilities were discovered in the OpenJDK JRE related to informationdisclosure, data integrity, and availability. An attacker could exploitthese to cause a denial of service, expose sensitive data over the network,or possibly execute arbitrary code. (CVE-2016-0686, CVE-2016-0687,CVE-2016-3427) A vulnerability was discovered in the OpenJDK JRE related to informationdisclosure. An attacker could exploit this to expose sensitive data overthe network. (CVE-2016-0695) A vulnerability was discovered in the OpenJDK JRE related to availability.An attacker could exploit this to cause a denial of service.(CVE-2016-3425) Update instructions The problem can be corrected by updating your system to [ more… ]