Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-4446-2: Squid regression

2020-08-27 KENNETH 0

USN-4446-2: Squid regression USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. (CVE-2019-12520) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. (CVE-2019-12523) Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. (CVE-2019-12524) Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to [ more… ]

spark-submit를 사용하여 사용자 애플리케이션 제출

2020-08-27 KENNETH 0

spark-submit를 사용하여 사용자 애플리케이션 제출 Francisco Oliveira는 AWS Professional Services의 컨설턴트입니다. 빅 데이터로의 전환을 시작하는 고객은 종종 사용자 애플리케이션을 Amazon EMR에서 실행되는 Spark에 제출하는 방법에 대한 지침을 요청합니다. 예를 들어, 고객은 애플리케이션에 사용할 수 있는 메모리 및 계산 리소스의 크기를 조정하는 방법이나 사용 사례에 가장 적합한 리소스 할당 모델에 대한 지침에 대해 문의합니다. 이 게시물에서는 EMR에서 실행 중인 Spark에 제출된 애플리케이션에서 사용할 수 있는 메모리 및 계산 리소스를 제어하기 위해 spark-submit 플래그를 설정하는 방법을 알아보도록 하겠습니다. 어떤 경우에 maximizeResourceAllocation 구성 옵션과 실행자의 동적 할당을 사용하는지 설명합니다. Spark 실행 모델 크게 봤을 때, 각 애플리케이션에는 클러스터의 여러 노드에서 실행되는 실행자 간에 태스크 형식의 작업을 배포하는 드라이버 프로그램이 있습니다.   드라이버는 데이터 세트에 적용되는 변환 및 작업을 정의하는 애플리케이션 코드입니다. 드라이버는 그 내부에서 SparkContext 클래스의 개체를 인스턴스화합니다. 이 개체를 사용하면 드라이버가 클러스터에 대한 연결을 얻고 리소스를 요청하며 애플리케이션이 해야할 일을 작업으로 분할하고 [ more… ]

Achieving FIPS Compliance with NGINX Plus

2020-08-27 KENNETH 0

Achieving FIPS Compliance with NGINX Plus If you work in government or a regulated industry, you’ve no doubt heard of the Federal Information Processing Standards, perhaps better known by the acronym FIPS. FIPS is a very broad set of standards publications, but in the software industry the term usually refers to the publication specifically about cryptography, FIPS 140-2 Security Requirements for Cryptographic Modules. FIPS 140-2 is a product of the joint effort between the United States and Canada called the Cryptographic Module Validation Program. It standardizes the testing and certification of cryptographic modules that are accepted by the federal agencies of both countries for the protection of sensitive information. FIPS 140-2 defines four security levels (1–4) which correlate to the level of protection a FIPS‑certified module must provide. Security Level 1 relates specifically to software cryptographic modules. It stipulates which cryptographic [ more… ]

No Image

USN-4474-1: Firefox vulnerabilities

2020-08-27 KENNETH 0

USN-4474-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. (CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668) Source: USN-4474-1: Firefox vulnerabilities