KENNETH – 페이지 220 – 지락문화예술공작단

USN-5880-2: Firefox regressions

2023-03-01 KENNETH 0

USN-5880-2: Firefox regressions USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. (CVE-2023-0767) Johan Carlsson discovered that Firefox did not properly manage child iframe’s unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. (CVE-2023-25728) Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. (CVE-2023-25729) Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could [ more… ]

People of WordPress: Hauwa Abashiya

2023-03-01 KENNETH 0

People of WordPress: Hauwa Abashiya This month we feature Hauwa Abashiya, a project manager in Nigeria and the UK, whose passion for community support led her to an adventure in open source. The People of WordPress series features inspiring stories of how people’s lives can change for the better through WordPress and its global community of contributors. As we travel through life, sometimes we are drawn to a particular cause, one to which we can get behind and join in. This cause, in whatever field it may be, can help lift us beyond our everyday lives and can help us take stock. This is the journey that depicts Hauwa’s finding a global sense of place and providing a way to re-look at her life and plans. That change agent was discovering and becoming part of open source through WordPress. Learning development and [ more… ]

USN-5900-1: tar vulnerability

2023-03-01 KENNETH 0

USN-5900-1: tar vulnerability It was discovered that tar incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or cause a crash. Source: USN-5900-1: tar vulnerability

Get Me to the Cluster…with BGP?

2023-03-01 KENNETH 0

Get Me to the Cluster…with BGP? Creating and managing a robust Kubernetes environment demands smooth collaboration between your Network and Application teams. But their priorities and working styles are usually quite different, leading to conflicts with potentially serious consequences – slow app development, delayed deployment, and even network downtime. Only the success of both teams, working towards a common goal, can ensure today’s modern applications are delivered on time with proper security and scalability. So, how do you leverage the skills and expertise of each team, while helping them work in tandem? In our whitepaper Get Me to the Cluster, we detail a solution for enabling external access to Kubernetes services that enables Network and Application teams to combine their strengths without conflict. How to Expose Apps in Kubernetes Clusters The solution works specifically for Kubernetes clusters hosted on premises, with [ more… ]

USN-5903-1: lighttpd vulnerabilities

2023-03-01 KENNETH 0

USN-5903-1: lighttpd vulnerabilities It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could possibly use this issue to cause a denial of service (DoS). (CVE-2022-22707, CVE-2022-41556) Source: USN-5903-1: lighttpd vulnerabilities