Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

Adobe Flash Player 신규 취약점 보안 업데이트 권고

2016-04-09 KENNETH 0

출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=24164   □ 개요 o Adobe社는 Flash Player에서 발생하는 취약점을 해결한 보안 업데이트를 발표[1] o 낮은 버전 사용자는 악성코드 감염에 취약할 수 있으므로 해결방안에 따라 최신버전으로 업데이트 권고 □ 설명 o Adobe Flash Player의 24개 취약점에 대한 보안 업데이트를 발표[1] · JIT 스프레잉 공격을 통해 메모리 보호기법을 우회할 수 있는 취약점(CVE-2016-1006) · 임의코드 실행으로 이어질 수 있는 Type confusion 취약점(CVE-2016-1015, CVE-2016-1019) · 임의코드 실행으로 이어질 수 있는 Use-Ater-Free 취약점(CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, CVE-2016-1031) · 임의코드 실행으로 이어질 수 있는 메모리 손상 취약점(CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, CVE-2016-1033) · 임의코드 실행으로 이어질 수 있는 스택 오버플로우 취약점(CVE-2016-1018) · 기존에 패치된 취약점에 대한 보안 우회 취약점(CVE-2016-1030) · 디렉토리 검색 경로가 취약하여 임의코드 실행이 가능한 취약점(CVE-2016-1014) □ 영향 받는 소프트웨어 o Adobe Flash Player 소프트웨어 명 동작환경 영향 받는 버전 Adobe Flash Player Desktop Runtime 윈도우즈, [ more… ]

No Image

RHSA-2016:0610-1: Critical: flash-plugin security update

2016-04-08 KENNETH 0

RHSA-2016:0610-1: Critical: flash-plugin security update Red Hat Enterprise Linux: An update for flash-plugin is now available for Red Hat Enterprise Linux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033 Source: RHSA-2016:0610-1: Critical: flash-plugin security update

No Image

USN-2917-2: Firefox regressions

2016-04-08 KENNETH 0

USN-2917-2: Firefox regressions Ubuntu Security Notice USN-2917-2 7th April, 2016 firefox regressions A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary USN-2917-1 introduced several regressions in Firefox. Software description firefox – Mozilla Open Source web browser Details USN-2917-1 fixed vulnerabilities in Firefox. This update caused severalregressions that could result in search engine settings being lost, thelist of search providers appearing empty or the location bar breakingafter typing an invalid URL. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of [ more… ]

No Image

Contributor Weekend: Global WordPress Translation Day

2016-04-08 KENNETH 0

Contributor Weekend: Global WordPress Translation Day Global WordPress Translation Day is a one-day contributor initiative organised by the WordPress project’s Polyglots team that is dedicated to helping new contributors who would like to translate WordPress in one of the 160 languages WordPress is available in. Global WordPress Translation Day will be on Sunday, April 24th, starting at 0:00 UTC and will go on for 24 hours covering all time zones. What are we doing? Live training: A 24h live streaming of tutorials about translating WordPress in different languages and making your code translatable (30min/1h sessions in different languages including a general instruction and specifics for that particular language). The internationalization sessions will be in English. The sessions will be presented by some of the most experienced WordPress translators and internationalization experts. The Schedule can be found on the website. Local translation contributor days: Groups of [ more… ]