No Image

RHSA-2016:0049-1: Critical: java-1.8.0-openjdk security update

2016-01-21 KENNETH 0

Red Hat Enterprise Linux: Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494 Source: rhn-errata

No Image

USN-2876-1: eCryptfs vulnerability

2016-01-21 KENNETH 0

Ubuntu Security Notice USN-2876-1 20th January, 2016 ecryptfs-utils vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary mount.ecryptfs_private could be used to run programs as an administrator. Software description ecryptfs-utils – eCryptfs cryptographic filesystem utilities Details Jann Horn discovered that mount.ecryptfs_private would mount over certaindirectories in the proc filesystem. A local attacker could use this to escalatetheir privileges. (CVE-2016-1572) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: ecryptfs-utils 108-0ubuntu1.1 Ubuntu 15.04: ecryptfs-utils 107-0ubuntu1.3 Ubuntu 14.04 LTS: ecryptfs-utils 104-0ubuntu1.14.04.4 Ubuntu 12.04 LTS: ecryptfs-utils 96-0ubuntu3.5 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2016-1572 Source: ubuntu-usn

Flawless Application Delivery – NGINX’s Vision to Enable the Digital Future

2016-01-20 KENNETH 0

The following is adapted from a talk given by NGINX CEO Gus Robertson at nginx.conf 2015, held in San Francisco in September. Watch a video of the talk here. Table of Contents 0:00 Introduction 1:04 NGINX – Powering the World’s Busiest Websites 2:10 Where We’re Heading 4:36 Extraordinary Things 6:00 Changing the World 8:22 Flawless Application Delivery 0:00 Introduction Welcome to the second annual NGINX User Conference. My name is Gus Robertson. I’m the CEO of NGINX and I’ve been in open source now for well over a decade. I’ve been with NGINX for around three years, and I’ve seen some amazing milestones in those three years that I wanted to share with you this morning. 1:04 NGINX – Powering the World’s Busiest Websites Back in 2013, we became the number one web server for the 1,000 busiest websites in [ more… ]

Introducing the OAuth Technology Preview in NGINX Plus R8

2016-01-20 KENNETH 0

Getting identity management right in modern application and API development is an increasingly important and demanding challenge. A number of developments in the industry are putting pressure on existing identity solutions. Integrated web experiences enable users to navigate seamlessly between different applications without requiring multiple login events. User experience is improved by giving users a choice about which identity they use with a given application, instead of requiring yet another password in yet another isolated, proprietary database. Microservices architectures (and decomposed monoliths) can require developers to reimplement the same authentication and authorization logic over and over. Applications deployed at scale (in a cluster) need to offload as many non-core operations as possible, for example encryption and authentication. Supporting the numerous existing identity standards involves undifferentiated heavy lifting that impinges on time spent on the application itself. At NGINX we are [ more… ]