USN-5411-1: Firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass permission prompts, obtain sensitive information, bypass security restrictions, or execute arbitrary code. Source: USN-5411-1: Firefox vulnerabilities
USN-5412-1: curl vulnerabilities Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-27780) Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. (CVE-2022-27781) Harry Sintonen discovered that curl incorrectly reused a previous connection when certain options had been changed, contrary to expectations. (CVE-2022-27782) Source: USN-5412-1: curl vulnerabilities
AWS 주간 소식 모음 – Amazon CloudFront Functions 1주년 기념 등 :: 2022년 5월 둘째주 새로운 한 주가 시작됩니다. 다음은 지난 7일간의 있었던 AWS 주요 뉴스 모음입니다. 이번 주는 CloudFront 함수의 1주년 기념일이기도 합니다. 첫 1년 동안 고객이 무엇을 구축했는지 볼 수 있어 기분이 좋습니다. 지난주 출시 사항 다음은 지난주에 이목을 끌었던 몇 가지 출시 사항입니다. Amazon RDS는 PostgreSQL 14를 세 가지 수준의 캐스케이드된 읽기 전용 복제본 지원– 인스턴스당 5개의 복제본으로, 소스 인스턴스당 최대 155개의 읽기 전용 복제본을 지원하며 읽기 용량은 최대 30배까지 증가합니다. 이제 단일 AZ 또는 다중 AZ 캐스케이드된 읽기 전용 복제본 DB 인스턴스를 동일 또는 교차 리전에 생성할 수 있는 기능을 통해 더욱 강력한 재해 복구 아키텍처를 구축할 수 있습니다. 자세히 보기 Amazon RDS on AWS Outposts 스토리지 자동 크기 조정 — AWS Outposts는 AWS 인프라, 서비스, API 및 도구를 사실상 모든 데이터 센터로 확장합니다. Amazon RDS [ more… ]
USN-5410-1: NSS vulnerability Lenny Wang discovered that NSS incorrectly handled certain messages. A remote attacker could possibly use this issue to cause servers compiled with NSS to stop responding, resulting in a denial of service. Source: USN-5410-1: NSS vulnerability
USN-5259-3: Cron regression USN-5259-1 and USN-5259-2 fixed vulnerabilities in Cron. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the postinst maintainer script in Cron unsafely handled file permissions during package install or update operations. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2017-9525) Florian Weimer discovered that Cron incorrectly handled certain memory operations during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9704) It was discovered that Cron incorrectly handled user input during crontab file creation. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-9705) It was discovered that Cron contained a use-after-free vulnerability in its force_rescan_user function. An attacker could possibly use [ more… ]
Copyright © 2026 | WordPress Theme by MH Themes
