USN-5192-2: Apache Log4j 2 vulnerability USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. Source: USN-5192-2: Apache Log4j 2 vulnerability
아시아 지역 AWS AI/ML GameDay에서 우승한 자랑스런 한국 개발자들 AWS GameDay는 AWS 아키텍처에서 생길 수 있는 다양한 문제를, 게임화된 환경에서 직접 대처하며 AWS에 대한 이해를 높일 수 있는 인터랙티브 콘텐츠입니다. 참가자들은 팀을 이루어서 참여하며, 팀 내 역할분담을 통해 AWS GameDay에서 주어지는 상황에 대처하고 기존 아키텍처를 개선해 나가게 됩니다. 지난 2021년 11월 10일, AWS 코리아 DNB(Digital Native Business)팀에서는 AWS GameDay를 다른 국가들과 함께 경험할 수 있도록 AWS의 ASEAN 팀과 협업하여, AWS Tour de Machine Learning GameDay를 개최하게 되었습니다. 한국에서 총 두 팀이 AI/ML을 주제로 한 AWS GameDay를 참여하였고, 참여한 두 팀이 AWS GameDay에서 나란히 1, 2등을 수상하여 ASEAN 팀 모두 한국 팀의 실력에 놀랐는데요. 이 글에서는 우승한 두 팀인 chihuahua OR muffin 팀과 Keep Calm, Karrot On 팀을 인터뷰한 내용을 소개합니다. 1위 chihuahua OR muffin 팀: 김보현(매쉬코리아), 김영록(버추얼랩), 박새미(데브시스터즈), 변준우(하이퍼커넥트) 2위 Keep Calm, Karrot On 팀: 박병진(Claud, 당근페이), 서진형(Jeremy, 당근마켓), 유경윤(Yoon, [ more… ]
USN-5202-1: OpenJDK vulnerabilities Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information (rudimentary port scans). This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2341) Markus Loewe discovered that OpenJDK did not properly handle JAR files containing multiple manifest files. An attacker could possibly use this to bypass JAR signature verification. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. (CVE-2021-2369) Huixin Ma discovered that the Hotspot VM in OpenJDK did not properly perform range check elimination in some situations. An attacker could possibly use this to construct a Java class that could bypass Java [ more… ]
Rewinding 2021: The Year’s Top 5 NGINX Videos Despite any offline disruptions we all experienced during 2021, it was a fantastic year for video, livestreams, and webinars here at NGINX. We enjoyed great conversations with our community of users, customers, and partners, and took a look at trends and topics of interest in the world of digital transformation, app security, open source, DevOps, and Kubernetes. In this blog post, we review the five video broadcasts that were most popular with our viewers over the past year, giving you a second chance to learn from our leading experts on current topics of interest. (You might notice that some videos first appeared in previous years – we like to think that means we’re ahead of the curve!) We hope you enjoy. How to Improve Visibility in Kubernetes with Prometheus, Grafana, and NGINX Kubernetes is [ more… ]
USN-5198-1: HTMLDOC vulnerability It was discovered that HTMLDOC improperly handled malformed URIs from an input html file. An attacker could use this to cause a denial of service. Source: USN-5198-1: HTMLDOC vulnerability
Copyright © 2024 | WordPress Theme by MH Themes
