Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-3991-1: Firefox vulnerabilities

2019-05-22 KENNETH 0

USN-3991-1: Firefox vulnerabilities firefox vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description firefox – Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821) It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If [ more… ]

No Image

WordPress 5.2.1 Maintenance Release

2019-05-22 KENNETH 0

WordPress 5.2.1 Maintenance Release WordPress 5.2.1 is now available! This maintenance release fixes 33 bugs, including improvements to the block editor, accessibility, internationalization, and the Site Health feature introduced in 5.2. You can browse the full list of changes on Trac. WordPress 5.2.1 is a short-cycle maintenance release. Version 5.2.2 is expected to follow in approximately two weeks. You can download WordPress 5.2.1 or visit Dashboard → Updates and click Update Now. Sites that support automatic background updates have already started to update automatically. Jonathan Desrosiers and William Earnhardt co-led this release, with contributions from 52 other contributors. Thank you to everyone that made this release possible! Alex Dimitrov, Alex Shiels, Andrea Fercia, Andrew Duthie, Andrew Ozz, Andrey “Rarst” Savchenko, Andy Fragen, anischarolia, Birgir Erlendsson (birgire), chesio, Chetan Prajapati, daxelrod, Debabrata Karfa, Dima, Dion Hulse, Dominik Schilling, Ella van Durpe, Emil Dotsev, ghoul, Grzegorz [ more… ]

No Image

How to get the Windows 10 May 2019 Update

2019-05-22 KENNETH 0

How to get the Windows 10 May 2019 Update In early April, we announced enhancements to the Windows update process to improve the user experience with more control, transparency, and the initial availability of the Windows 10 May 2019 Update through the Windows Insider Program’s Release Preview ring to focus on and improve quality. Based on positive data and the feedback we’ve seen from this longer preview phase; I’m pleased today to share that we are beginning to make the Windows 10 May Update available. We will be taking a measured and throttled approach, allowing us to study device health data as we increase availability via Windows Update. This post will provide details on how you can get the May 2019 Update, including update options. I’ll also cover how commercial organizations can begin targeted deployments and offer insight into how [ more… ]

Introducing NGINX 1.16 and 1.17

2019-05-22 KENNETH 0

Introducing NGINX 1.16 and 1.17 Today we release NGINX 1.17.0 – the latest version of the NGINX open source project, which is now the most popular web server on the Internet. This release also signals the start of the NGINX 1.17 development branch, following the release of NGINX 1.16.0 last month. In this blog we discuss the NGINX versioning scheme, look back at what happened during the NGINX 1.15 development cycle, and look forward to what is in store with NGINX 1.17. NGINX Versioning Explained At NGINX, we maintain two branches in the NGINX source code repository, named mainline and stable: Mainline is the active development branch where the latest features and bug fixes get added. It is denoted by an odd number in the second part of the version number, for example 1.17.0. Stable receives fixes for high‑severity bugs, but is not updated with new features. [ more… ]

No Image

USN-3990-1: urllib3 vulnerabilities

2019-05-21 KENNETH 0

USN-3990-1: urllib3 vulnerabilities python-urllib3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in urllib3. Software Description python-urllib3 – HTTP library with thread-safe connection pooling for Python Details It was discovered that urllib3 incorrectly removed Authorization HTTP headers when handled cross-origin redirects. This could result in credentials being sent to unintended hosts. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-20060) It was discovered that urllib3 incorrectly stripped certain characters from requests. A remote attacker could use this issue to perform CRLF injection. (CVE-2019-11236) It was discovered that urllib3 incorrectly handled situations where a desired set of CA certificates were specified. This could result in certificates being accepted by the default CA certificates contrary to expectatons. [ more… ]