SECURITY – 페이지 1453 – 지락문화예술공작단

USN-2915-1: Django vulnerabilities

2016-03-02 KENNETH 0

USN-2915-1: Django vulnerabilities Ubuntu Security Notice USN-2915-1 1st March, 2016 python-django vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in Django. Software description python-django – High-level Python web development framework Details Mark Striemer discovered that Django incorrectly handled user-suppliedredirect URLs containing basic authentication credentials. A remoteattacker could possibly use this issue to perform a cross-site scriptingattack or a malicious redirect. (CVE-2016-2512) Sjoerd Job Postmus discovered that Django incorrectly handled timing whendoing password hashing operations. A remote attacker could possibly usethis issue to perform user enumeration. (CVE-2016-2513) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: python3-django 1.7.9-1ubuntu5.2 python-django 1.7.9-1ubuntu5.2 Ubuntu 14.04 LTS: python-django 1.6.1-2ubuntu0.12 Ubuntu 12.04 LTS: python-django 1.3.1-4ubuntu1.20 To update your system, [ more… ]

USN-2914-1: OpenSSL vulnerabilities

2016-03-02 KENNETH 0

USN-2914-1: OpenSSL vulnerabilities Ubuntu Security Notice USN-2914-1 1st March, 2016 openssl vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in OpenSSL. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL wasvulnerable to a side-channel attack on modular exponentiation. On certainCPUs, a local attacker could possibly use this issue to recover RSA keys.This flaw is known as CacheBleed. (CVE-2016-0702) Adam Langley discovered that OpenSSL incorrectly handled memory whenparsing DSA private keys. A remote attacker could use this issue to causeOpenSSL to crash, resulting in a denial of service, or possibly executearbitrary code. (CVE-2016-0705) Guido Vranken discovered that OpenSSL incorrectly handled hex digitcalculation in the BN_hex2bn function. A remote attacker [ more… ]

RHBA-2016:0330-1: Red Hat Enterprise Linux 7.2.2 Container Image Update

2016-03-02 KENNETH 0

RHBA-2016:0330-1: Red Hat Enterprise Linux 7.2.2 Container Image Update An updated Red Hat Enterprise Linux 7.2.2 container image is now available. Source: RHBA-2016:0330-1: Red Hat Enterprise Linux 7.2.2 Container Image Update

RHSA-2016:0301-1: Important: openssl security update

2016-03-02 KENNETH 0

RHSA-2016:0301-1: Important: openssl security update Red Hat Enterprise Linux: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800 Source: RHSA-2016:0301-1: Important: openssl security update

RHSA-2016:0302-1: Important: openssl security update

2016-03-02 KENNETH 0

RHSA-2016:0302-1: Important: openssl security update Red Hat Enterprise Linux: Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-3197, CVE-2016-0797, CVE-2016-0800 Source: RHSA-2016:0302-1: Important: openssl security update