[월:] 2019년 09월

No Image

USN-4135-2: Linux kernel vulnerabilities

2019-09-18 KENNETH 0

USN-4135-2: Linux kernel vulnerabilities linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-lts-xenial – Linux hardware enablement kernel from Xenial for Trusty linux-lts-trusty – Linux hardware enablement kernel from Trusty for Precise ESM Details Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. (CVE-2019-14835) It was discovered that the Linux kernel on PowerPC [ more… ]

No Image

USN-4135-1: Linux kernel vulnerabilities

2019-09-18 KENNETH 0

USN-4135-1: Linux kernel vulnerabilities linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in the Linux kernel. Software Description linux – Linux kernel linux-aws – Linux kernel for Amazon Web Services (AWS) systems linux-azure – Linux kernel for Microsoft Azure Cloud systems linux-gcp – Linux kernel for Google Cloud Platform (GCP) systems linux-kvm – Linux kernel for cloud environments linux-raspi2 – Linux kernel for Raspberry Pi 2 linux-snapdragon – Linux kernel for Snapdragon processors linux-gke-4.15 – Linux kernel for Google Container Engine (GKE) systems linux-gke-5.0 – Linux kernel for Google Container Engine (GKE) systems linux-hwe – Linux hardware enablement (HWE) kernel linux-oem – Linux kernel for OEM processors linux-oracle – [ more… ]

No Image

Windows 10 SDK Preview Build 18980 available now!

2019-09-18 KENNETH 0

Windows 10 SDK Preview Build 18980 available now! Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18980 or greater). The Preview SDK Build 18980 contains bug fixes and under development changes to the API surface area. The Preview SDK can be downloaded from developer section on Windows Insider. For feedback and updates to the known issues, please see the developer forum. For new developer feature requests, head over to our Windows Platform UserVoice. Things to note: This build works in conjunction with previously released SDKs and Visual Studio 2017 and 2019. You can install this SDK and still also continue to submit your apps that target Windows 10 build 1903 or earlier to the Microsoft Store. The Windows SDK will now formally only be supported by Visual Studio 2017 [ more… ]

Windows Admin Center Preview 1909

2019-09-18 KENNETH 0

Windows Admin Center Preview 1909 Hello Windows Insiders! Thanks for staying up to date on the Windows Admin Center journey! This release contains incremental changes and quality improvements for the new functionality released in the preceding previews. Specific updates to Packetmon, and a couple visual changes are described below. This will be the last preview release in anticipation of the next generally available release of Windows Admin Center coming in the next two months. Specific connection type for Azure VMs In new Add connection experience, Azure VMs are now a top-level connection type. This functionality previously lived under the “Azure” tab when adding a server. When a server is added this way, it appears in the connections list as “Server (Azure VM)” so you can easily see which of your servers are Azure VMs. Unified connection type for clusters The [ more… ]

No Image

USN-4113-2: Apache HTTP Server regression

2019-09-17 KENNETH 0

USN-4113-2: Apache HTTP Server regression apache2 regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4113-1 introduced a regression in Apache. Software Description apache2 – Apache HTTP server Details USN-4113-1 fixed vulnerabilities in the Apache HTTP server. Unfortunately, that update introduced a regression when proxying balancer manager connections in some configurations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Stefan Eissing discovered that the HTTP/2 implementation in Apache did not properly handle upgrade requests from HTTP/1.1 to HTTP/2 in some situations. A remote attacker could use this to cause a denial of service (daemon crash). This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.04. (CVE-2019-0197) Craig Young discovered that a memory overwrite error existed in Apache when performing HTTP/2 very early pushes [ more… ]