[월:] 2019년 05월

No Image

USN-3967-1: FFmpeg vulnerabilities

2019-05-07 KENNETH 0

USN-3967-1: FFmpeg vulnerabilities FFmpeg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary FFmpeg could be made to crash if it opened a specially crafted file. Software Description ffmpeg – Tools for transcoding, streaming and playing of multimedia files Details It was discovered that FFmpeg contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause a denial of service via application crash. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 ffmpeg – 7:4.1.3-0ubuntu1 libavcodec-extra58 – 7:4.1.3-0ubuntu1 libavcodec58 – 7:4.1.3-0ubuntu1 libavdevice58 – 7:4.1.3-0ubuntu1 libavfilter-extra7 – 7:4.1.3-0ubuntu1 libavfilter7 – 7:4.1.3-0ubuntu1 libavformat58 – 7:4.1.3-0ubuntu1 libavresample4 – 7:4.1.3-0ubuntu1 libavutil56 – 7:4.1.3-0ubuntu1 libpostproc55 – 7:4.1.3-0ubuntu1 libswresample3 – 7:4.1.3-0ubuntu1 libswscale5 – [ more… ]

No Image

USN-3968-1: Sudo vulnerabilities

2019-05-07 KENNETH 0

USN-3968-1: Sudo vulnerabilities sudo vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary Several security issues were fixed in Sudo. Software Description sudo – Provide limited super user privileges to specific users Details Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. (CVE-2016-7076) It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. (CVE-2017-1000368) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS sudo – 1.8.16-0ubuntu1.6 sudo-ldap – 1.8.16-0ubuntu1.6 To update [ more… ]

Developing people-centered experiences with Microsoft 365

2019-05-07 KENNETH 0

Developing people-centered experiences with Microsoft 365 Today at Microsoft Build 2019, Rajesh Jha and I will have the opportunity to share how developers can connect with customers in new ways and build people-centric experiences using the Microsoft 365 platform. I’ll focus on the two most ubiquitous canvases for developers – Windows and Microsoft Edge. Windows as a canvas for moving the world forward With over 800 million active devices on the Windows 10 platform, Windows is the canvas people use when they want to move the world forward. The opportunity is even greater when we consider the 1 billion+ people across work, life, and school using Microsoft 365 services, like Office and Windows combined. When people are at the center of the experience, it frees us to dream about the most optimal experiences for our employees or customers – allowing [ more… ]

Microsoft Edge – All the news from Build 2019

2019-05-07 KENNETH 0

Microsoft Edge – All the news from Build 2019 Today kicks off Microsoft Build 2019, and with it, lots of exciting announcements for the next version of Microsoft Edge! Less than a month ago, we shipped our first Dev and Canary channel preview builds of the next version of Microsoft Edge, built on the Chromium open-source project.  Today, we’re sharing a bit more about how Microsoft Edge will simplify development and improve productivity for our core customer constituencies: consumers, developers, and enterprises. A first look at new productivity concepts In Satya’s vision keynote, we previewed a set of new features we’re exploring, designed to make Microsoft Edge users more productive than ever and feel more in control when getting things done on the web. Collections We’ve heard a consistent problem from our customers in user studies, interviews, and feedback: The [ more… ]

No Image

USN-3965-1: aria2 vulnerability

2019-05-06 KENNETH 0

USN-3965-1: aria2 vulnerability aria2 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Summary aria2 stores authentication information in plain text. Software Description aria2 – High speed command-line download utility Details Dhiraj Mishra discovered that aria2 incorrectly stored authentication information. A local attacker could possibly use this issue to obtain credentials. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 aria2 – 1.34.0-3ubuntu0.1 libaria2-0 – 1.34.0-3ubuntu0.1 Ubuntu 18.10 aria2 – 1.34.0-2ubuntu0.1 libaria2-0 – 1.34.0-2ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-3500 Source: USN-3965-1: aria2 vulnerability