[월:] 2017년 01월

No Image

USN-3170-1: Linux kernel vulnerabilities

2017-01-11 KENNETH 0

USN-3170-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3170-1 11th January, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Dmitry Vyukov discovered that the KVM implementation in the Linux kerneldid not properly initialize the Code Segment (CS) in certain error cases. Alocal attacker could use this to expose sensitive information (kernelmemory). (CVE-2016-9756) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-powerpc-smp 4.8.0.34.43 linux-image-powerpc-e500mc 4.8.0.34.43 linux-image-4.8.0-34-lowlatency 4.8.0-34.36 linux-image-generic 4.8.0.34.43 linux-image-generic-lpae [ more… ]

No Image

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities

2017-01-11 KENNETH 0

USN-3170-2: Linux kernel (Raspberry Pi 2) vulnerabilities Ubuntu Security Notice USN-3170-2 11th January, 2017 linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Summary Several security issues were fixed in the kernel. Software description linux-raspi2 – Linux kernel for Raspberry Pi 2 Details Andrey Konovalov discovered that the ipv6 icmp implementation in the Linuxkernel did not properly check data structures on send. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9919) Andrey Konovalov discovered that signed integer overflows existed in thesetsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capabilitycould use this to cause a denial of service (system crash or memorycorruption). (CVE-2016-9793) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: linux-image-4.8.0-1022-raspi2 4.8.0-1022.25 [ more… ]

No Image

RHSA-2017:0057-1: Critical: flash-plugin security update

2017-01-11 KENNETH 0

RHSA-2017:0057-1: Critical: flash-plugin security update Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2017-2925, CVE-2017-2926, CVE-2017-2927, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931, CVE-2017-2932, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, CVE-2017-2936, CVE-2017-2937, CVE-2017-2938 Source: RHSA-2017:0057-1: Critical: flash-plugin security update

No Image

WordPress 4.7.1 Security and Maintenance Release

2017-01-11 KENNETH 0

WordPress 4.7.1 Security and Maintenance Release WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues: Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be [ more… ]

[도서] 도커 컨테이너

2017-01-11 KENNETH 0

[도서] 도커 컨테이너 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]도커 컨테이너 크리스토퍼 네거스 저/남기혁 역 | 에이콘출판사 | 2017년 01월 판매가 27,000원 (10%할인) | YES포인트 1,500원(5%지급) 이 책은 도커를 처음 접하는 이들이 도커의 기본 개념과 기능을 쉽게 익힐 수 있도록 실습 중심으로 설명한다. 전체 주제를 총 5부로 나눠서, 컨테이너의 개념과 도커의 설치 및 기본 사용법, 개별 컨테이너를 다루 Source: [도서] 도커 컨테이너