[월:] 2020년 01월

No Image

USN-4230-2: ClamAV vulnerability

2020-01-24 KENNETH 0

USN-4230-2: ClamAV vulnerability clamav vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ClamAV could be made to crash if it opened a specially crafted file. Software Description clamav – Anti-virus utility for Unix Details USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM clamav – 0.102.1+dfsg-0ubuntu0.12.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. This update uses a new upstream [ more… ]

No Image

Announcing Windows 10 Insider Preview Build 19551

2020-01-24 KENNETH 0

Announcing Windows 10 Insider Preview Build 19551 Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 19551.1005 to Windows Insiders in the Fast ring.  If you want a complete look at what build is in which Insider ring, head over to Flight Hub. You can also check out the rest of our documentation here, including a list of new features and updates.  Not seeing any of the features in this build? Check your Windows Insider Settings to make sure you’re on the Fast ring. Submit feedback here to let us know if things weren’t working the way you expected.   Other updates for Insiders We’re continuing to look at ways we can improve the update experience on Windows 10 PCs for our customers. As part of this effort, we are conducting an experiment related to how we deliver driver [ more… ]

Debug z-index stacking content with 3D View in the Microsoft Edge DevTools

2020-01-24 KENNETH 0

Debug z-index stacking content with 3D View in the Microsoft Edge DevTools We are thrilled to announce the next iteration of 3D View in the Microsoft Edge DevTools, with a new feature to help debug z-index stacking context. The general 3D View shows a representation of the DOM (Document Object Model) depth using color and stacking, and the z-Index view helps you isolate the different stacking contexts of your page. 3D view is enabled by default in the Canary branch – to enable it in other branches, open the DevTools “Experiments” settings (Ctrl-Shift-P -> “Experiments“) and turn on “Enable 3D View.” If you don’t see that item, navigate to edge://flags and make sure you have enabled “Developer Tools experiments.” Once 3D view is enabled, you can find it under the “More tools” menu (or via search: Ctrl-Shift-P -> “3D View“). [ more… ]

No Image

USN-4233-2: GnuTLS update

2020-01-24 KENNETH 0

USN-4233-2: GnuTLS update gnutls28 update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary USN-4233-1 marked SHA1 as untrusted in GnuTLS with no workaround. Software Description gnutls28 – GNU TLS library Details USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Original advisory details: As a security improvement, this update marks SHA1 as being untrusted for digital signature operations. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libgnutls30 – 3.5.18-1ubuntu1.3 Ubuntu 16.04 LTS libgnutls30 – 3.4.10-4ubuntu1.7 To update your system, [ more… ]

No Image

USN-4247-3: python-apt vulnerabilities

2020-01-24 KENNETH 0

USN-4247-3: python-apt vulnerabilities python-apt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary Several security issues were fixed in python-apt. Software Description python-apt – Python interface to libapt-pkg Details USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. (CVE-2019-15795) It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. (CVE-2019-15796) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM python-apt – 0.9.3.5ubuntu3+esm2 python3-apt – 0.9.3.5ubuntu3+esm2 Ubuntu [ more… ]