Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

Announcing Windows 11 Insider Preview Build 25309

2023-03-03 KENNETH 0

Announcing Windows 11 Insider Preview Build 25309 Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25309 to the Dev Channel. TL;DR With this build, we’re beginning to roll out a new enhanced volume mixer in Quick Settings. We’re also re-introducing an update for the touch keyboard settings, some changes to File Explorer, graphics, and input. And we have some voice access improvements. As always, this build also includes a good set of fixes too. What’s new New volume mixer experience in Quick Settings We’re introducing a new enhanced volume mixer into Quick Settings! The updated audio quick settings experience brings a modern volume mixer that allows for quick customization of audio on a per-app basis, with additional control to swap devices on the fly. We’ve also added a new keyboard shortcut (WIN + CTRL + V) [ more… ]

No Image

USN-5910-1: Rack vulnerabilities

2023-03-03 KENNETH 0

USN-5910-1: Rack vulnerabilities It was discovered that Rack did not properly structure regular expressions in some of its parsing components, which could result in uncontrolled resource consumption if an application using Rack received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-44570, CVE-2022-44571) It was discovered that Rack did not properly structure regular expressions in its multipart parsing component, which could result in uncontrolled resource consumption if an application using Rack to parse multipart posts received specially crafted input. A remote attacker could possibly use this issue to cause a denial of service. This issue was only fixed in Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. (CVE-2022-44572) Source: USN-5910-1: Rack vulnerabilities

Best Practices for Configuring Microservices Apps

2023-03-03 KENNETH 0

Best Practices for Configuring Microservices Apps The guidelines known as the twelve‑factor app were first published more than ten years ago. Since then, nearly all its mandated practices have become the de facto standard way to write and deploy web apps. And while they have remained applicable in the face of changes to the way apps are organized and deployed, in some cases additional nuance is required to understand how the practices apply to microservices patterns for developing and deploying apps. This blog focuses on Factor 3, Store config in the environment, which states: Configuration is everything that varies between deployment environments (which the twelve‑factor app calls deploys). Configuration must be strictly separated from the app’s code – otherwise how can it vary across deploys? Configuration data is stored in environment variables. As you move into microservices, you can still honor these [ more… ]

No Image

USN-5909-1: Linux kernel (Azure CVM) vulnerabilities

2023-03-03 KENNETH 0

USN-5909-1: Linux kernel (Azure CVM) vulnerabilities It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform bounds checking in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3628) It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-3640) Khalid Masum discovered that the NILFS2 file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-3649) It was [ more… ]

No Image

USN-5821-4: pip regression

2023-03-03 KENNETH 0

USN-5821-4: pip regression USN-5821-3 fixed a vulnerability in pip. The update introduced a minor regression in Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-5821-4: pip regression