[월:] 2017년 10월

No Image

RHSA-2017:3086-1: Low: Red Hat 'Stand-Alone' Proxy – End Of Life Notice

2017-10-31 KENNETH 0

RHSA-2017:3086-1: Low: Red Hat 'Stand-Alone' Proxy – End Of Life Notice RHN Satellite and Proxy: This is the final notification for the End Of Life (EOL) of Red Hat 'Stand-Alone' Proxy. Red Hat Proxy ‘Stand-Alone’ (Proxy server directly connecting to the Red Hat Network): Systems registered as clients to RHN via a Red Hat Satellite Proxy server is no longer a Red Hat supported deployment, and will no longer function as required. Access a set of instructions for moving from Proxy to Satellite 6: https://access.redhat.com/articles/2859521. This guide describes the process for a Proxy-only user to install and configure a Satellite 6 installation and migrate clients to it. Source: RHSA-2017:3086-1: Low: Red Hat 'Stand-Alone' Proxy – End Of Life Notice

No Image

RHBA-2017:3085-1: Satellite 5.7 bug fix update

2017-10-31 KENNETH 0

RHBA-2017:3085-1: Satellite 5.7 bug fix update RHN Satellite and Proxy: Updated rhn-i18n-guides, spacewalk-backend, spacewalk-java, spacewalk-schema, satellite-doc-indexes, and satellite-schema packages that fix several bugs and add various enhancements are now available for Red Hat Satellite 5.7. Source: RHBA-2017:3085-1: Satellite 5.7 bug fix update

No Image

WordPress 4.8.3 Security Release

2017-10-31 KENNETH 0

WordPress 4.8.3 Security Release WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara. This release includes a change in behaviour for the esc_sql() function. Most developers will not be affected by this change, you can read more details in the developer note. Thank you to the reporter of this issue for practicing responsible disclosure. Download WordPress 4.8.3 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background [ more… ]

No Image

USN-3468-1: Linux kernel vulnerabilities

2017-10-31 KENNETH 0

USN-3468-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-3468-1 31st October, 2017 linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Summary Several security issues were fixed in the Linux kernel. Software description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details It was discovered that the KVM subsystem in the Linux kernel did notproperly bound guest IRQs. A local attacker in a guest VM could use this tocause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2017-10663) Anthony Perard discovered that the Xen virtual block driver did notproperly initialize some data structures before [ more… ]

No Image

USN-3468-2: Linux kernel (HWE) vulnerabilities

2017-10-31 KENNETH 0

USN-3468-2: Linux kernel (HWE) vulnerabilities Ubuntu Security Notice USN-3468-2 31st October, 2017 linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.This update provides the corresponding updates for the Linux HardwareEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did notproperly bound guest IRQs. A local attacker in a guest VM could use this tocause a denial of service (host system crash). (CVE-2017-1000252) It was discovered that the Flash-Friendly File System (f2fs) implementationin the Linux kernel did not properly validate superblock metadata. A localattacker could use this to cause a denial of [ more… ]