SECURITY

No Image

RHSA-2015:2685-1: Important: openstack-ironic-discoverd security update

2015-12-22 KENNETH 0

Red Hat Enterprise Linux: Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-5306 Source: rhn-errata

No Image

RHSA-2015:2684-1: Moderate: openstack-nova secuity and bug fix advisory

2015-12-22 KENNETH 0

Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve one security issue and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-7713 Source: rhn-errata

No Image

Juniper ScreenOS 취약점 보안 업데이트 권고

2015-12-21 KENNETH 0

Juniper ScreenOS 취약점 보안 업데이트 권고   출처 : http://www.boho.or.kr/data/secNoticeView.do?bulletin_writing_sequence=23847 □ 개요 o Juniper社는 ScreenOS에서 발생하는 취약점을 해결한 보안 업데이트를 발표[1] □ 설명 o ScreenOS 방화벽에 SSH 또는 TELNET 원격접속을 통한 관리자 권한 탈취가 가능한 취약점(CVE-2015-7755) o ScreenOS VPN 방화벽 암호화 데이터 트래픽을 복호화하여 스니핑이 가능한 취약점(CVE-2015-7756) □ 영향 받는 소프트웨어 o Juniper ScreenOS 6.2.0.r15 ~ 6.2.0.r18 o Juniper ScreenOS 6.3.0.r12 ~ 6.3.0.r20 □ 해결 방안 o 해당 취약점에 영향 받는 제품을 운영하고 있는 관리자는 참고사이트에 명시되어 있는 업데이트 버전을 확인하여 패치 적용 [1] □ 용어 정리 o ScreenOS : Juniper社에서 개발한 방화벽 제품에서 사용하는 운영체제 □ 기타 문의사항 o 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118 [참고사이트] [1] http://kb.juniper.net/JSA10713

No Image

RHSA-2015:2671-1: Important: jakarta-commons-collections security update

2015-12-21 KENNETH 0

Red Hat Enterprise Linux: Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-7501 Source: rhn-errata

No Image

USN-2854-1: Linux kernel (Vivid HWE) vulnerabilities

2015-12-20 KENNETH 0

Ubuntu Security Notice USN-2854-1 20th December, 2015 linux-lts-vivid vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-vivid – Linux hardware enablement kernel from Vivid Details Felix Wilhelm discovered a race condition in the Xen paravirtualizeddrivers which can cause double fetch vulnerabilities. An attacker in theparavirtualized guest could exploit this flaw to cause a denial of service(crash the host) or potentially execute arbitrary code on the host.(CVE-2015-8550) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to cause a denial of service (NULL dereference) on the host.(CVE-2015-8551) Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does notperform sanity checks on the device's state. An attacker could exploit thisflaw to [ more… ]