[월:] 2016년 09월

No Image

MySQL 신규 취약점 주의 권고

2016-09-14 KENNETH 0

원문 : http://krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24563   □ 개요 o 오라클社 MySQL에서 원격코드 실행 및 권한상승 등의 피해를 발생시킬 수 있는 취약점이 발견됨[1] ※ MySQL : 오라클에서 개발한 오픈소스 관계형 데이터베이스 관리 시스템 – 공격자가 원격코드 실행 취약점을 이용하여 MySQL 설정 파일을 변경할 경우 공격에 악용될 수 있음 o 영향 받는 버전의 사용자는 피해가 발생할 수 있으므로, 아래 임시 권고 사항 참고 ※ 해당 보안 업데이트 발표시 재공지 □ 내용 o MySQL에서 발생하는 원격코드 실행 및 권한상승 취약점(CVE-2016-6662, CVE-2016-6663) □ 영향 받는 소프트웨어 ㅇ MySQL 5.7.15, 5.6.33, 5.5.52 □ 임시 권고 사항 o 해당 취약점에 대한 보안 업데이트가 발표되지 않아 패치가 발표 될 때까지 MySQL 환경설정 파일이 노출되지 않도록 주의 o 공격자의 익스플로잇 시도를 방해하기 위해 사용하지 않는 환경설정 파일의 더미 파일 생성 o 패치가 발표 될 때까지, 해당 취약점을 해결한 MySQL 기반의 데이터베이스 관리 시스템인 MariaDB, PerconaDB 사용 권고[2][3] □ 기타 문의사항 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 [ more… ]

Accessibility and your app design

2016-09-14 KENNETH 0

Accessibility and your app design Accessibility is about making your app usable to the largest possible audience. For some apps, accessibility is required by law. For others, it’s part of the service you are offering to a specific audience and a way to make your app more generally appealing. Choosing to incorporate accessibility features is a good idea no matter what your motivation. Thinking about accessibility, in turn, will help you to become a better designer because you will be considering the user experience much more broadly for a greater variety of users. Be accessible Accessibility options include features relating to mobility, vision, color perception, hearing, speech, cognition and literacy. However, you can address most requirements by providing: support for keyboard interactions and screen readers support for user customization, such as font, zoom setting (magnification), color, and high-contrast settings alternatives [ more… ]

No Image

RHEA-2016:1864-1: virtio-win enhancement update

2016-09-14 KENNETH 0

RHEA-2016:1864-1: virtio-win enhancement update Red Hat Enterprise Linux: An updated virtio-win package that adds one enhancement is now available for the Supplementary channel of Red Hat Enterprise Linux 7. Source: RHEA-2016:1864-1: virtio-win enhancement update

No Image

USN-3078-1: MySQL vulnerability

2016-09-14 KENNETH 0

USN-3078-1: MySQL vulnerability Ubuntu Security Notice USN-3078-1 13th September, 2016 mysql-5.5, mysql-5.7 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary MySQL could be made to run programs as an administrator. Software description mysql-5.5 – MySQL database mysql-5.7 – MySQL database Details Dawid Golunski discovered that MySQL incorrectly handled configurationfiles. A remote attacker could possibly use this issue to execute arbitrarycode with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.Ubuntu 16.04 LTS has been updated to MySQL 5.7.15. In addition to security fixes, the updated packages contain bug fixes,new features, and possibly incompatible changes. Please see the following for more information:http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-51.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-14.htmlhttp://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 [ more… ]

No Image

September 2016 security update release

2016-09-14 KENNETH 0

September 2016 security update release Today we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and advisories can be found in the Security TechNet Library. MSRC Team Source: September 2016 security update release