No Image

USN-4471-2: Net-SNMP regression

2020-09-01 KENNETH 0

USN-4471-2: Net-SNMP regression USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. (CVE-2020-15861) It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-15862) Source: USN-4471-2: Net-SNMP regression

No Image

USN-4480-1: OpenStack Keystone vulnerabilities

2020-09-01 KENNETH 0

USN-4480-1: OpenStack Keystone vulnerabilities It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. (CVE-2020-12689, CVE-2020-12691) It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. (CVE-2020-12690) It was discovered that OpenStack Keystone incorrectly handled EC2 signature TTL checks. A remote attacker could possibly use this issue to reuse Authorization headers. (CVE-2020-12692) Source: USN-4480-1: OpenStack Keystone vulnerabilities

No Image

USN-4479-1: Django vulnerabilities

2020-09-01 KENNETH 0

USN-4479-1: Django vulnerabilities It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions. Source: USN-4479-1: Django vulnerabilities

No Image

The Month in WordPress: August 2020

2020-09-01 KENNETH 0

The Month in WordPress: August 2020 August was special for WordPress lovers, as one of the most anticipated releases, WordPress 5.5, was launched. The month also saw several updates from various contributor teams, including the soft-launch of the Learn WordPress project and updates to Gutenberg. Read on to find out about the latest updates from the WordPress world. WordPress 5.5 Launch The team launched WordPress 5.5 on August 11. The major release comes with a host of features like automatic updates for plugins and themes, enabling updates over uploaded ZIP files, a block directory, XML sitemaps, block patterns, inline image editing, and lazy-loading images, to name a few. WordPress 5.5 is now available in 50 languages too! You can update to the latest version directly from your WordPress dashboard or download it directly from WordPress.org. Subsequent to the 5.5 release, [ more… ]

미국 로스엔젤레스 지역 내 두번째 AWS Local Zone 공개

2020-09-01 KENNETH 0

미국 로스엔젤레스 지역 내 두번째 AWS Local Zone 공개 2019년 12월에 미국 로스앤젤레스에 새로운 형태의 인프라 서비스인 AWS Local Zone을 발표했습니다. AWS Local Zone은 기존 AWS 리전을 최종 사용자에게 가깝게 확대하여 해당 리전의 AWS 서비스 하위 집합에 대해 10ms 미만으로 지연을 낮춰줍니다. AWS Local Zone은 상위 리전(오레곤 리전)에 연결되고, 서비스 및 리소스 액세스는 상위 리전의 엔드포인트를 통해 실행됩니다. 따라서 Local Zone이 애플리케이션과 최종 사용자에게 투명해집니다. Local Zone에서 실행되는 애플리케이션은 Amazon의 중복되고 대역폭이 매우 높은 사설 네트워크 백본을 통해 상위 리전에 연결되어 해당 리전의 하위 집합 서비스뿐만 아니라 모든 AWS 서비스에 액세스할 수 있습니다. 게시물 말미에 Jeff는 “(Andy Jassy가 종종 말하듯) 때가 무르익으면 모든 지역에 2개 이상의 Local Zone이 생길 것입니다. 2020년에는 로스앤젤레스(us-west-2-lax-1b)에서 두 번째 Local Zone을 열 계획이며 다른 지역도 고려하고 있습니다.”라고 적었습니다. 이제 그 시기가 왔습니다! 고객의 요청에 따라 AWS에서는 이 지역(및 전체 남부 캘리포니아) 고객들이 매우 낮은 지연으로 [ more… ]