[월:] 2020년 05월

No Image

USN-4376-1: OpenSSL vulnerabilities

2020-05-28 KENNETH 0

USN-4376-1: OpenSSL vulnerabilities openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in OpenSSL. Software Description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. (CVE-2019-1547) Matt Caswell discovered that OpenSSL incorrectly handled the random number generator (RNG). This may result in applications that use the fork() system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-1549) Guido Vranken discovered that OpenSSL [ more… ]

No Image

USN-4360-4: json-c vulnerability

2020-05-28 KENNETH 0

USN-4360-4: json-c vulnerability json-c vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary json-c could be made to execute arbitrary code if it received a specially crafted JSON file. Software Description json-c – JSON manipulation library Details USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. Original advisory details: It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libjson-c4 – 0.13.1+dfsg-7ubuntu0.3 Ubuntu 19.10 libjson-c4 – 0.13.1+dfsg-4ubuntu0.3 Ubuntu 18.04 [ more… ]

No Image

Deploying NGINX and NGINX Plus with Docker

2020-05-28 KENNETH 0

Deploying NGINX and NGINX Plus with Docker Note: This post was updated in May 2020 to make the Docker commands comply with current standards and to provide an updated NGINX Plus Dockerfile for Debian and Alpine Linux distributions. Docker is an open platform for building, shipping, and running distributed applications as containers (lightweight, standalone, executable packages of software that include everything needed to run an application). Containers can in turn be deployed and orchestrated by container orchestration platforms such as Kubernetes. (In addition to the Docker container technology for NGINX Open Source and NGINX Plus discussed in this blog, NGINX provides the NGINX Open Source and NGINX Plus Ingress Controllers for Kubernetes; for NGINX Plus subscribers, support is included at no extra cost.) As software applications, NGINX Open Source and NGINX Plus are great use cases for Docker, and we publish an NGINX Open Source image on Docker Hub, the repository [ more… ]

Serverless-First Function 온라인 이벤트에 참여하세요!

2020-05-28 KENNETH 0

Serverless-First Function 온라인 이벤트에 참여하세요! 서버리스 애플리케이션을 개발할 때, 서버 관리 및 운영, 데이터베이스 또는 스토리지 시스템에 대해 걱정하는 대신 구축하고자 하는 핵심 기능에 집중할 수 있습니다. 서버리스 기술을 간단하게 채택하고 사용할 수 있도록 하기 위해 지난 몇 달간 많은 신기능을 출시했습니다. 몇 가지만 예를 들어 보겠습니다. AWS Lambda는 Provisioned Concurrency, Destinations를 도입했고 Node.js, Python, Java 및 .NET Core의 런타임을 업데이트했습니다. Amazon API Gateway는 새로운 HTTP API의 비용 및 지연 시간을 줄입니다. AWS SAM CLI는 배포 경험을 단순화했습니다. AWS Step Functions는 이제 더 높은 처리량의 워크플로우를 지원하며 Amazon EMR 및 AWS CodeBuild와 같은 더 많은 서비스와 통합됩니다. Amazon EventBridge는 이벤트 스키마 발견 및 카탈로그 작성을 자동화합니다. 여러분이 클라우드를 최대한 활용할 수 있도록 도움을 제공하기 위해 AWS Serverless-First Function이라는 일련의 가상 이벤트를 시작했습니다. 지난 5월 21일 목요일, 첫 이벤트로 조직을 위한 서버리스가 개최되었습니다. Amazon CTO인 Werner Vogels 박사의 개회사와 AWS VP이자 [ more… ]

No Image

USN-4375-1: PHP vulnerability

2020-05-28 KENNETH 0

USN-4375-1: PHP vulnerability php5, php7.0, php7.2, php7.3, php7.4 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 20.04 LTS Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary PHP could be made to crash if it received a specially crafted file. Software Description php7.4 – server-side, HTML-embedded scripting language (metapackage) php7.3 – server-side, HTML-embedded scripting language (metapackage) php7.2 – HTML-embedded scripting language interpreter php7.0 – HTML-embedded scripting language interpreter php5 – HTML-embedded scripting language interpreter Details It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libapache2-mod-php7.4 – 7.4.3-4ubuntu2.2 php7.4-cgi – 7.4.3-4ubuntu2.2 php7.4-cli – 7.4.3-4ubuntu2.2 php7.4-fpm – 7.4.3-4ubuntu2.2 php7.4-mbstring [ more… ]