[월:] 2017년 02월

No Image

USN-3187-1: Linux kernel vulnerabilities

2017-02-03 KENNETH 0

USN-3187-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3187-1 3rd February, 2017 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). (CVE-2016-9555) It was discovered that multiple memory leaks existed in the XFSimplementation in the Linux kernel. A local attacker could use this tocause a denial of service (memory consumption). (CVE-2016-9685) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.2.0-121-powerpc-smp 3.2.0-121.164 linux-image-powerpc-smp 3.2.0.121.136 linux-image-3.2.0-121-highbank 3.2.0-121.164 linux-image-3.2.0-121-powerpc64-smp 3.2.0-121.164 linux-image-3.2.0-121-virtual 3.2.0-121.164 linux-image-3.2.0-121-generic 3.2.0-121.164 linux-image-3.2.0-121-generic-pae 3.2.0-121.164 linux-image-generic-pae 3.2.0.121.136 linux-image-highbank 3.2.0.121.136 linux-image-3.2.0-121-omap [ more… ]

No Image

USN-3188-1: Linux kernel vulnerability

2017-02-03 KENNETH 0

USN-3188-1: Linux kernel vulnerability Ubuntu Security Notice USN-3188-1 3rd February, 2017 linux vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary The system could be made to crash if it received specially crafted network traffic. Software description linux – Linux kernel Details Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: linux-image-powerpc-smp 3.13.0.108.116 linux-image-powerpc-e500mc 3.13.0.108.116 linux-image-3.13.0-108-generic 3.13.0-108.155 linux-image-generic 3.13.0.108.116 linux-image-3.13.0-108-powerpc-e500 3.13.0-108.155 linux-image-powerpc64-emb 3.13.0.108.116 linux-image-3.13.0-108-generic-lpae 3.13.0-108.155 linux-image-3.13.0-108-powerpc-smp 3.13.0-108.155 linux-image-3.13.0-108-powerpc-e500mc 3.13.0-108.155 linux-image-3.13.0-108-lowlatency 3.13.0-108.155 linux-image-3.13.0-108-powerpc64-emb 3.13.0-108.155 linux-image-generic-lpae 3.13.0.108.116 linux-image-powerpc-e500 3.13.0.108.116 linux-image-lowlatency 3.13.0.108.116 linux-image-3.13.0-108-powerpc64-smp 3.13.0-108.155 linux-image-powerpc64-smp 3.13.0.108.116 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a [ more… ]

No Image

USN-3188-2: Linux kernel (Trusty HWE) vulnerability

2017-02-03 KENNETH 0

USN-3188-2: Linux kernel (Trusty HWE) vulnerability Ubuntu Security Notice USN-3188-2 3rd February, 2017 linux-lts-trusty vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary The system could be made to crash if it received specially crafted network traffic. Software description linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise Details USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04LTS. This update provides the corresponding updates for the LinuxHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu12.04 LTS. Andrey Konovalov discovered that the SCTP implementation in the Linuxkernel improperly handled validation of incoming data. A remote attackercould use this to cause a denial of service (system crash). Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: linux-image-3.13.0-108-generic-lpae 3.13.0-108.155~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.108.99 linux-image-3.13.0-108-generic 3.13.0-108.155~precise1 [ more… ]

5 Reasons to Switch from F5 BIG-IP to NGINX Plus

2017-02-03 KENNETH 0

5 Reasons to Switch from F5 BIG-IP to NGINX Plus Last year we compared the price and performance of NGINX Plus to several models of F5 BIG‑IP application delivery controllers. We determined that you can save over 80% in Year 1 by switching to NGINX Plus, while equaling or exceeding the performance of F5 appliances. BIG‑IP ADCs are costly because of their custom hardware, such as Cavium Nitrox chips to accelerate SSL/TLS connections and a custom ASIC to do Layer 4 load balancing in hardware. Custom hardware for load balancing used to be a cost‑effective approach because the equivalent processing power in commodity servers was either not available or far more expensive. But servers have gotten significantly cheaper and faster over time, so custom hardware is now the more expensive option. Also, by focusing on building hardware appliances, F5 has neglected the needs of modern applications, which [ more… ]

No Image

RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update

2017-02-03 KENNETH 0

RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update Red Hat Enterprise Linux: An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656 Source: RHSA-2017:0250-1: Important: jboss-ec2-eap security, bug fix, and enhancement update