[월:] 2019년 09월

No Image

USN-4132-1: Expat vulnerability

2019-09-13 KENNETH 0

USN-4132-1: Expat vulnerability expat vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Expat could be made to expose sensitive information if it received a specially crafted XML file. Software Description expat – XML parsing C library Details It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 libexpat1 – 2.2.6-1ubuntu0.19.5 Ubuntu 18.04 LTS libexpat1 – 2.2.5-3ubuntu0.2 Ubuntu 16.04 LTS lib64expat1 – 2.1.0-7ubuntu0.16.04.5 libexpat1 – 2.1.0-7ubuntu0.16.04.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-15903 Source: USN-4132-1: Expat vulnerability

No Image

NGINX Conf 2019 Day 2: Empowering the Full Range of Today’s Architectures

2019-09-12 KENNETH 0

NGINX Conf 2019 Day 2: Empowering the Full Range of Today’s Architectures Day 1 at NGINX Conf 2019 in Seattle was packed with insights into how the application landscape is evolving, and how F5 and NGINX are coming together to create the industry’s most comprehensive offering for app delivery, from code to customer. On Day 2, F5 CEO François Locoh-Donou kicked things off, reiterating F5’s commitment to continuing NGINX’s strong legacy of open source contribution while bringing new innovations to market that combine the best the companies have to offer. The rest of the morning’s sessions featured a lineup of experts and special guests, with product demos and customer case studies outlining the scope of NGINX’s accomplishments over the past year. Here are three of my key takeaways from Day 2. Takeaway #1: With NGINX, F5 Is Investing in the Open Source Community [ more… ]

No Image

Attacking the VM Worker Process

2019-09-12 KENNETH 0

Attacking the VM Worker Process In the past year we invested a lot of time making Hyper-V research more accessible to everyone. Our first blog post, “First Steps in Hyper-V Research”, describes the tools and setup for debugging the hypervisor and examines the interesting attack surfaces of the virtualization stack components. We then published “Fuzzing para-virtualized devices in Hyper-V”, which … Attacking the VM Worker Process Read More » The post Attacking the VM Worker Process appeared first on Microsoft Security Response Center. Source: Attacking the VM Worker Process

No Image

USN-4131-1: VLC vulnerabilities

2019-09-12 KENNETH 0

USN-4131-1: VLC vulnerabilities vlc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in VLC. Software Description vlc – multimedia player and streamer Details It was discovered that VLC incorrectly handled certain media files. If a user were tricked into opening a specially-crafted file, a remote attacker could use this issue to cause VLC to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 vlc – 3.0.8-0ubuntu19.04.1 Ubuntu 18.04 LTS vlc – 3.0.8-0ubuntu18.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 [ more… ]

Announcing Windows 10 Insider Preview Build 18980

2019-09-12 KENNETH 0

Announcing Windows 10 Insider Preview Build 18980 Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 18980 (20H1) to Windows Insiders in the Fast ring. IMPORTANT: As is normal with pre-release builds, these builds may contain bugs that might be painful for some. If you take this flight, you won’t be able to switch Slow or Release Preview rings without doing a clean-install on your PC. If you want a complete look at what build is in which Insider ring, head over to Flight Hub. You can also check out the rest of our documentation here including a complete list of new features and updates that have gone out as part of Insider flights for the current development cycle. Not seeing any of the features in this build? Check your Windows Insider Settings to make sure you’re on [ more… ]