KENNETH – 페이지 3862 – 지락문화예술공작단

3123479 – Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program – Version: 1.0

2016-01-12 KENNETH 0

Revision Note: V1.0 (January 12, 2016): Advisory published.Summary: Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy no longer allows root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing as of January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Source: ms-security

MS16-005 – Critical: Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (3124584) – Version: 1.0

2016-01-12 KENNETH 0

Severity Rating: CriticalRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to visit a malicious website. Source: ms-security

MS16-007 – Important: Security Update for Microsoft Windows to Address Remote Code Execution (3124901) – Version: 1.0

2016-01-12 KENNETH 0

Severity Rating: ImportantRevision Note: V1.0 (January 12, 2016): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application. Source: ms-security

Using NGINX and NGINX Plus to Load Balance Apache Tomcat Servers

2016-01-12 KENNETH 0

NGINX and NGINX Plus are commonly used to enhance performance and fault tolerance by acting as a load balancer for many application servers, including Apache TomcatTM. To help customers get the most out of their Tomcat deployments, NGINX, Inc. has published a new deployment guide, Using NGINX and NGINX Plus to Load Balance Apache Tomcat Servers. This guide details how NGINX and NGINX Plus can be utilized as a load balancer and application delivery controller for Apache Tomcat application servers. Why NGINX and NGINX Plus? Many Apache Tomcat deployments use the Apache HTTP Server for application delivery, as specified in the Tomcat installation instructions. Apache HTTP Server’s thread-per-connection architecture delivers acceptable performance under low to medium load, but under heavy load the limitations of the architecture begin to surface. In one common scenario, the thread pool becomes exhausted when there is a large [ more… ]

USN-2860-1: Oxide vulnerabilities

2016-01-12 KENNETH 0

Ubuntu Security Notice USN-2860-1 11th January, 2016 oxide-qt vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary Several security issues were fixed in Oxide. Software description oxide-qt – Web browser engine library for Qt (QML plugin) Details A race condition was discovered in the MutationObserver implementation inBlink. If a user were tricked in to opening a specially crafted website,an attacker could potentially exploit this to cause a denial of servicevia renderer crash, or execute arbitrary code with the privileges of thesandboxed render process. (CVE-2015-6789) An issue was discovered with the page serializer in Blink. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to inject arbitrary script or HTML.(CVE-2015-6790) Multiple security issues were discovered in Chromium. If a user weretricked in to [ more… ]