[월:] 2021년 09월

HP’s new Windows 11 devices provide wide range of choices for a hybrid world

2021-09-22 KENNETH 0

HP’s new Windows 11 devices provide wide range of choices for a hybrid world HP’s newest Windows 11 devices are designed for people who learn, play and work from home, at the office and on the go. Along with the company’s new premium and mainstream PCs, HP will also begin shipping Windows 11 across its existing portfolio beginning later this fall. Select devices will include a FREE Upgrade to Windows 11 when available (see below*). The HP Spectre x360 16 – the first HP consumer notebook made with recycled CNC aluminum to help reduce its environmental impact – includes a 5 MP IR camera that makes it easy to login using Windows Hello. The camera also features a physical shutter controlled by a hot key, with an on-screen display shown in all apps that use the camera to remind the [ more… ]

No Image

USN-5079-4: curl regression

2021-09-21 KENNETH 0

USN-5079-4: curl regression USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Original advisory details: Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Source: USN-5079-4: curl regression

No Image

USN-5084-1: LibTIFF vulnerability

2021-09-21 KENNETH 0

USN-5084-1: LibTIFF vulnerability It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. Source: USN-5084-1: LibTIFF vulnerability

No Image

USN-5079-3: curl vulnerabilities

2021-09-21 KENNETH 0

USN-5079-3: curl vulnerabilities USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-22945) Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. (CVE-2021-22946) Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. (CVE-2021-22947) Source: USN-5079-3: curl vulnerabilities

A Guide to Choosing an Ingress Controller, Part 3: Open Source vs. Default vs. Commercial

2021-09-21 KENNETH 0

A Guide to Choosing an Ingress Controller, Part 3: Open Source vs. Default vs. Commercial This is the third blog post in our series on how to choose a Kubernetes Ingress controller. How to Choose a Kubernetes Ingress Controller, Part 1: Identify Your Requirements How to Choose a Kubernetes Ingress Controller, Part 2: Risks and Future-Proofing How to Choose a Kubernetes Ingress Controller, Part 3: Open Source vs Default vs Commercial (this post) How to Choose a Kubernetes Ingress Controller, Part 4: NGINX Ingress Controller Options (coming soon) Congratulations! After reading Part 1 and Part 2 of our series, you’re almost ready to select an Ingress controller. Let’s recap where we’ve been so far: In Part 1, we discuss how to identify your requirements, including performance, budget, use cases, architecture, and ownership. In Part 2, we talk about risks that you might introduce by selecting the wrong [ more… ]