[월:] 2017년 10월

No Image

USN-3430-2: Dnsmasq vulnerabilities

2017-10-03 KENNETH 0

USN-3430-2: Dnsmasq vulnerabilities Ubuntu Security Notice USN-3430-2 3rd October, 2017 dnsmasq vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in Dnsmasq. Software description dnsmasq – Small caching DNS proxy and DHCP/TFTP server Details USN-3430-1 fixed several vulnerabilities in Dnsmasq. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-14491) Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of [ more… ]

No Image

USN-3435-1: Firefox vulnerabilities

2017-10-03 KENNETH 0

USN-3435-1: Firefox vulnerabilities Ubuntu Security Notice USN-3435-1 2nd October, 2017 firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit these to read uninitialized memory, obtain sensitiveinformation, bypass phishing and malware protection, spoof the origin inmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denialof service via application crash, or execute arbitrary code.(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812,CVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819,CVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824) Martin Thomson discovered that NSS incorrectly generated handshake hashes.A remote attacker could potentially exploit this [ more… ]

No Image

Histogram statistics in MySQL

2017-10-03 KENNETH 0

Histogram statistics in MySQL As of MySQL 8.0.3, you now have the ability to create histogram statistics in order to provide more statistics to the optimizer. In this blog post, we will have a look at how you can create histogram statistics, and we will explain when it might be useful to have histogram statistics.… Source: Histogram statistics in MySQL

Microsoft to bring Spotify to Groove Music Pass customers

2017-10-03 KENNETH 0

Microsoft to bring Spotify to Groove Music Pass customers With the continued advancement of music streaming today, all the world’s music has become easily accessible across a variety of devices, unlocking new ways to discover and experience music. As we continue to listen to what our customers want in their music experience we know that access to the best streaming service, the largest catalog of music, and a variety of subscriptions is top of the list. Which is why we’re excited to announce that we’re expanding our partnership with Spotify to bring the world’s largest music streaming service to our Groove Music Pass customers. Beginning this week*, Groove Music Pass customers can easily move all their curated playlists and collections directly into Spotify. Plus, you may be eligible for a 60-day free trial of Spotify Premium.** We will continue to [ more… ]

No Image

USN-3434-1: Libidn vulnerability

2017-10-03 KENNETH 0

USN-3434-1: Libidn vulnerability Ubuntu Security Notice USN-3434-1 2nd October, 2017 libidn vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Libidn could be made to crash or run programs if it processed specially crafted input. Software description libidn – implementation of IETF IDN specifications Details It was discovered that Libidn incorrectly handled decoding certain digits.A remote attacker could use this issue to cause Libidn to crash, resultingin a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.04: libidn11 1.33-1ubuntu0.1 Ubuntu 16.04 LTS: libidn11 1.32-3ubuntu1.2 Ubuntu 14.04 LTS: libidn11 1.28-1ubuntu2.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]