Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-3506-1: rsync vulnerabilities

2017-12-07 KENNETH 0

USN-3506-1: rsync vulnerabilities Ubuntu Security Notice USN-3506-1 7th December, 2017 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details It was discovered that rsync proceeds with certain file metadata updatesbefore checking for a filename. An attacker could use this to bypass accessrestrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and alsodoes not apply the sanitize_paths protection mechanism to pathnames. An attackercould use this to bypass access restrictions. (CVE-2017-17434) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 17.10: rsync 3.1.2-2ubuntu0.1 Ubuntu 17.04: rsync 3.1.2-1ubuntu0.1 Ubuntu 16.04 LTS: rsync 3.1.1-3ubuntu1.1 Ubuntu 14.04 LTS: rsync [ more… ]

No Image

USN-3506-2: rsync vulnerabilities

2017-12-07 KENNETH 0

USN-3506-2: rsync vulnerabilities Ubuntu Security Notice USN-3506-2 7th December, 2017 rsync vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in rsync. Software description rsync – fast, versatile, remote (and local) file-copying tool Details USN-3506-1 fixed two vulnerabilities in rsync. This update providesthe corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that rsync proceeds with certain file metadata updates before checking for a filename. An attacker could use this to bypass access restrictions. (CVE-2017-17433) It was discovered that rsync does not check for fnamecmp filenames and also does not apply the sanitize_paths protection mechanism to pathnames. An attacker could use this to bypass access restrictions. (CVE-2017-17434) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 [ more… ]

No Image

RHBA-2017:3397-1: libvirt bug fix update

2017-12-07 KENNETH 0

RHBA-2017:3397-1: libvirt bug fix update Red Hat Enterprise Linux: Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 7. Source: RHBA-2017:3397-1: libvirt bug fix update

How To Downgrade DigitalOcean Droplets

2017-12-07 KENNETH 0

디지털 오션 사용중 droplet(DO의 가상서버 명칭)의 사양을 낮춰야 하는 일이 생김 AWS만 사용하다보니… 디지털 오션의 관리콘솔 사용 및 특징에 대한 인지를 제대로 못하고 있었는데.. 오늘 들어가 봤다.. ㅋ 결론은 디지털오션의 관리콘솔에서 기본 제공 하는 기능이 아님 – 업그레이드는 가능 하지만 – 다운그레이드는 지원 하지 않음 스냅샷을 뜬 후에, 해당 스냅샷으로 다시 droplet을 생성하려 해도… 스냅샷 원본 서버의 사양과 동일하거나 그 이상의 사양으로만 생성이 가능 한마디로 편한 방법은 없지만 리눅스 서버의 경우 튜토리얼을 통해 소개를 하고 있다. 물론 약간의 지식이 있어야 하지만 rsync로 옮기라고… ㅋ URL : https://www.digitalocean.com/community/tutorials/how-to-downgrade-digitalocean-droplets Introduction To downsize a Droplet’s CPU, RAM, disk, or overall plan, follow the steps below. As you create and use your Droplets, you may find that the plan you’ve chosen for any given Droplet is above your needs at this time, and downsizing is appropriate. This guide will help you accomplish this quickly [ more… ]

No Image

MySQL 8.0: Query Optimizer Takes Data Buffering into Account

2017-12-07 KENNETH 0

MySQL 8.0: Query Optimizer Takes Data Buffering into Account In earlier versions of MySQL, the query optimizer did not distinguish between data that was cached in the database buffer and data that had to be read from disk. The main reason was that the optimizer had no information about whether a table would have to be (partially) read from disk or already was present in the buffer pool.… Source: MySQL 8.0: Query Optimizer Takes Data Buffering into Account