[월:] 2018년 04월

No Image

RHSA-2018:0627-1: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

2018-04-04 KENNETH 0

RHSA-2018:0627-1: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update Red Hat Enterprise Linux: An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2018-8088 Source: RHSA-2018:0627-1: Important: Red Hat JBoss Enterprise Application Platform 6.4 security update

No Image

WordPress 4.9.5 Security and Maintenance Release

2018-04-04 KENNETH 0

WordPress 4.9.5 Security and Maintenance Release WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5: Don't treat localhost as same host by default. Use safe redirects when redirecting the login page if SSL is forced. Make sure the version string is correctly escaped for use in generator tags. Thank you to the reporters of these issues for practicing coordinated security disclosure: xknown of the WordPress Security Team, Nitin Venkatesh (nitstorm), and Garth Mortensen of the WordPress Security Team. Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were: The previous styles on [ more… ]

No Image

USN-3617-2: Linux (HWE) vulnerabilities

2018-04-04 KENNETH 0

USN-3617-2: Linux (HWE) vulnerabilities linux-hwe, linux-gcp, linux-oem vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors Details USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the [ more… ]

No Image

USN-3617-1: Linux kernel vulnerabilities

2018-04-04 KENNETH 0

USN-3617-1: Linux kernel vulnerabilities linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel Details It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could [ more… ]