No Image

USN-4168-1: Libidn2 vulnerabilities

2019-10-29 KENNETH 0

USN-4168-1: Libidn2 vulnerabilities libidn2 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.04 LTS Summary Several security issues were fixed in Libidn2. Software Description libidn2 – Internationalized domain names (IDNA2008/TR46) command line tool Details It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. (CVE-2019-12290) It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. (CVE-2019-18224) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 idn2 – 2.0.5-1ubuntu0.3 libidn2-0 – 2.0.5-1ubuntu0.3 Ubuntu 18.04 LTS idn2 – 2.0.4-1.1ubuntu0.2 libidn2-0 – 2.0.4-1.1ubuntu0.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2019-12290 CVE-2019-18224 Source: [ more… ]

No Image

USN-4167-1: Samba vulnerabilities

2019-10-29 KENNETH 0

USN-4167-1: Samba vulnerabilities samba vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. (CVE-2019-10218) Simon Fonteneau and Björn Baumbach discovered that Samba incorrectly handled the check password script. This issue could possibly bypass custom password complexity checks, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 19.04, and Ubuntu 19.10. (CVE-2019-14833) Adam Xu discovered that Samba incorrectly handled the dirsync LDAP control. [ more… ]

No Image

USN-4166-2: PHP vulnerability

2019-10-29 KENNETH 0

USN-4166-2: PHP vulnerability php5 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary PHP could be made to run programs if it received specially crafted network traffic. Software Description php5 – HTML-embedded scripting language interpreter Details USN-4166-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cgi – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-cli – 5.5.9+dfsg-1ubuntu4.29+esm6 php5-fpm – 5.5.9+dfsg-1ubuntu4.29+esm6 Ubuntu 12.04 ESM libapache2-mod-php5 – 5.3.10-1ubuntu3.40 php5-cgi – 5.3.10-1ubuntu3.40 php5-cli – 5.3.10-1ubuntu3.40 php5-fpm [ more… ]

too big wp_options table of wordpress in mysql(mariadb)

2019-10-29 KENNETH 0

어느날 점검중… wordpress에서 사용중인 wp_options 테이블의 크기가 너무 커져있음을 알았다.   1. 시스템 상 용량 -rw-r—– 1 mysql mysql 3.0G Oct 29 16:37 wp_options.ibd 이거 뭐지… 이만한 테이블이 아닌데…   2. dump  용량 -rw-r–r– 1 mysql mysql 3.0M  Oct 29 16:37 /root/wp_options.sql   3. table status | wp_options | InnoDB | 10 | Dynamic | 733 | 4226513 | 3098034176 | 0 | 65536 | 5242880 | 835210 | 2019-10-29 16:23:27 | NULL | NULL | utf8mb4_unicode_ci | NULL | | |   4. dump 내용 확인 (일부 발췌) 도저히 select로 확인해볼 엄두가 안나서 ㅎ dump 파일의 내용으로 확인 –extended-insert=false 로 dump데이터를 획득 했다. INSERT INTO `wp_options` VALUES (402422,’_transient_feed_bf6558039e9a7c03e679d9b0aedfbb8d’,’a:4:{s: 이런 내용의 레코드가 몇개(수십개) 있었고 대략 이름은 “_transient_” 로 시작하는 형태 해당 레코드의 글자수가 적게는 “수만개” 부터 많게는 “수십만개(본인의 경우는 40만이상)” 까지도 있었다.   5. mysql 내에서 레코드 존재 확인 mysql> [ more… ]

[도서] 파워포인트 2016 기초

2019-10-29 KENNETH 0

[도서] 파워포인트 2016 기초 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]파워포인트 2016 기초 장경숙 저 | 시대인 | 2019년 11월 판매가 9,000원 (10%할인) | YES포인트 500원(5%지급) 본서는 ‘파워포인트 2016’을 활용하여 다양한 형식의 문서를 만들어 파워포인트 프로그램의 기능에 대해 배우는 도서이다. 발표(프레젠테이션)를 위한 파워포인트의 기본적인 용도뿐만 아니라 생활 속에 필요한 문 Source: [도서] 파워포인트 2016 기초