[월:] 2021년 09월

No Image

Work-life balance: How to be both an engaged employee and a happy human

2021-09-08 KENNETH 0

Work-life balance: How to be both an engaged employee and a happy human Lots of people have found that working from home isn’t all they thought it’d be, in large part because they haven’t learned how to unplug from work. Thankfully, finding the ideal work-life balance is within reach.  The Windows Resource Center has compiled a listing of tools and ways to help you work smarter so you can cut loose sooner. They include: Microsoft 365 to help you be more productive on the go, setting your Outlook calendar to carve out free time, ways to managing your notifications so they don’t disturb your private time, Together Mode in Microsoft Teams to help you gather with friends online, and more.  Head over to the Windows Resource Center and remember: you have permission to pause.   Source: Work-life balance: How to be both an engaged employee and a happy [ more… ]

No Image

USN-5066-2: PySAML2 vulnerability

2021-09-08 KENNETH 0

USN-5066-2: PySAML2 vulnerability USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents. Source: USN-5066-2: PySAML2 vulnerability

No Image

USN-5068-1: GD library vulnerabilities

2021-09-08 KENNETH 0

USN-5068-1: GD library vulnerabilities It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. (CVE-2017-6363) It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. (CVE-2021-381) It was discovered that GD Graphics Library incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. (CVE-2021-40145) Source: USN-5068-1: GD library vulnerabilities

No Image

USN-5069-1: mod-auth-mellon vulnerability

2021-09-08 KENNETH 0

USN-5069-1: mod-auth-mellon vulnerability It was discovered that mod-auth-mellon incorrectly filtered certain URLs. A remote attacker could possibly use this issue to perform an open redirect attack. Source: USN-5069-1: mod-auth-mellon vulnerability

No Image

USN-5067-1: SSSD vulnerabilities

2021-09-08 KENNETH 0

USN-5067-1: SSSD vulnerabilities Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-10852) It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16838) It was discovered that SSSD incorrectly handled users with no home directory set. When no home directory was set, SSSD would return the root directory instead of an empty string, possibly bypassing security measures. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-3811) Cedric Buissart discovered that SSSD incorrectly handled the sssctl command. In certain environments, [ more… ]