No Image

RHBA-2018:0525-1: Red Hat Certification bug fix and enhancement update

2018-03-15 KENNETH 0

RHBA-2018:0525-1: Red Hat Certification bug fix and enhancement update Red Hat Enterprise Linux: An updated redhat-certification package that fixes several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Source: RHBA-2018:0525-1: Red Hat Certification bug fix and enhancement update

No Image

USN-3597-2: Linux kernel (HWE) vulnerabilities

2018-03-15 KENNETH 0

USN-3597-2: Linux kernel (HWE) vulnerabilities linux-hwe vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-hwe – Linux hardware enablement (HWE) kernel Details USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. USNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this [ more… ]

No Image

USN-3597-1: Linux kernel vulnerabilities

2018-03-15 KENNETH 0

USN-3597-1: Linux kernel vulnerabilities linux, linux-raspi2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-raspi2 – Linux kernel for Raspberry Pi 2 Details USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details: Jann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754) Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. [ more… ]

AWS 도움말 문서, GitHub에서 오픈 소스로 공개

2018-03-15 KENNETH 0

AWS 도움말 문서, GitHub에서 오픈 소스로 공개 올해 초, AWS SDK 개발자 가이드를 제작해 GitHub repo(모두 awsdocs 조직에 있음)로 제공했으며, 관심 있는 사람은 누구나 풀 요청(pull request)의 형태로 문서를 변경하고 개선하는 데 참여할 수 있습니다. 여기에 오늘 개발자 가이드와 사용 설명서 138개를 조직에 추가하며, 앞으로도 여러분의 요청을 받고자 합니다. 버그를 수정하고, 코드 샘플을 개선하거나 새 코드 샘플을 제출하고, 세부 정보를 추가하며, 문장과 단락을 다듬어 정확성이나 명확성을 높일 수 있습니다. 커밋 기록을 확인하여 새로운 기능 및 서비스의 발표에 대해 자세히 알아보고 문서의 개정 내역을 추적할 수 있습니다. 문서 공헌 참여하기 시작하기 전에 Amazon 오픈 소스 약관을 읽고 해당 AWS 서비스의 참여 가이드 문서(일반적으로 CONTRIBUTING.md라는 이름의 문서)를 살펴보시기 바랍니다. 그런 다음 GitHub 계정이 없으면 하나 만듭니다. 변경하거나 개선할 내용이 발견되면 문서의 HTML 버전에서 페이지 상단에 있는 Edit on GitHub 버튼을 클릭합니다. 그러면 소스 형태(일반적으로 Markdown 또는 reStructuredText)로 문서를 편집할 수 있습니다. 이 [ more… ]

No Image

Speculative Execution Bounty Launch

2018-03-15 KENNETH 0

Speculative Execution Bounty Launch Today, Microsoft is announcing the launch of a limited-time bounty program for speculative execution side channel vulnerabilities. This new class of vulnerabilities was disclosed in January 2018 and represented a major advancement in the research in this field.  In recognition of that threat environment change, we are launching a bounty program to encourage research into the new class of vulnerability and the mitigations Microsoft has put in place to help mitigate this class of issues. Quick Facts: Bounty Duration: Open until December 31, 2018 Full Details: Speculative Execution Bounty Program Bounty Terms: Standard terms and conditions apply Bounty Tiers: (below)  Tier  Payout (USD) Tier 1: New categories of speculative execution attacks  Up to $250,000 Tier 2: Azure speculative execution mitigation bypass  Up to $200,000 Tier 3: Windows speculative execution mitigation bypass  Up to $200,000 Tier 4: [ more… ]