No Image

The Safety Boat: Kubernetes and Rust

2020-04-30 KENNETH 0

The Safety Boat: Kubernetes and Rust Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and is primarily written in the Go programming language. While there have … The Safety Boat: Kubernetes and Rust Read More » The post The Safety Boat: Kubernetes and Rust appeared first on Microsoft Security Response Center. Source: The Safety Boat: Kubernetes and Rust

No Image

USN-4348-1: Mailman vulnerabilities

2020-04-29 KENNETH 0

USN-4348-1: Mailman vulnerabilities mailman vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in Mailman. Software Description mailman – Web-based mailing list manager (legacy branch) Details It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. (CVE-2018-0618) It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text on a web page. (CVE-2018-13796) It was discovered that Mailman incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-12137) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS mailman – 1:2.1.26-1ubuntu0.1 Ubuntu 16.04 LTS mailman – 1:2.1.20-1ubuntu0.4 To update [ more… ]

No Image

USN-4347-1: WebKitGTK vulnerability

2020-04-29 KENNETH 0

USN-4347-1: WebKitGTK vulnerability webkit2gtk vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in WebKitGTK. Software Description webkit2gtk – Web content engine library for GTK+ Details A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.20.04.1 Ubuntu 19.10 libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.19.10.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.19.10.1 Ubuntu 18.04 LTS libjavascriptcoregtk-4.0-18 – 2.28.2-0ubuntu0.18.04.1 libwebkit2gtk-4.0-37 – 2.28.2-0ubuntu0.18.04.1 To update your system, [ more… ]

No Image

USN-4341-3: Samba regression

2020-04-29 KENNETH 0

USN-4341-3: Samba regression samba regression A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Summary USN-4341-1 introduced a regression in Samba. Software Description samba – SMB/CIFS file, print, and login server for Unix Details USN-4341-1 fixed vulnerabilities in Samba. The updated packages for Ubuntu 16.04 LTS introduced a regression when using LDAP. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could possibly use this issue to cause Samba to consume resources, resulting in a denial of service. (CVE-2020-10704) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS samba – 2:4.3.11+dfsg-0ubuntu0.16.04.27 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make [ more… ]

No Image

멜론 플레이리스트 데이터 탐색 – 카카오 아레나 3회 대회(Part.2)

2020-04-29 KENNETH 0

멜론 플레이리스트 데이터 탐색 – 카카오 아레나 3회 대회(Part.2) 이 글은 멜론 플레이리스트 데이터 탐색 – 카카오 아레나 3회 대회(Part.2)라는 이름으로 카카오 정책산업연구 브런치에 동시 개제되었습니다. 카카오 아레나 3회 대회가 개최되었습니다. 이번 대회는 멜론에서 제공 중인 DJ플레이리스트와 관련된 주제로, 플레이리스트에 수록된 곡과 태그 정보를 기반으로 추천 곡들과 태그를 예측하는 것을 목표로 합니다. 지난 Part.1 글을 통해서 대회 참가자 분들의 이해를 돕기 위해 ‘멜론의 음악 추천 방법‘에 대해 설명드렸고, 이번 […] Source: 멜론 플레이리스트 데이터 탐색 – 카카오 아레나 3회 대회(Part.2)