No Image

PHP 지원기간 안내 (PHP Supported Versions)

2015-04-03 KENNETH 0

Supported Versions Each release branch of PHP is fully supported for two years from its initial stable release. During this period, bugs and security issues that have been reported are fixed and are released in regular point releases. After this two year period of active support, each branch is then supported for an additional year for critical security issues only. Releases during this period are made on an as-needed basis: there may be multiple point releases, or none, depending on the number of reports. Once the three years of support are completed, the branch reaches its end of life and is no longer supported. A table of end of life branches is available. Currently Supported Versions Branch Initial Release Active Support Until Security Support Until 5.4 1 Mar 2012 3 years, 1 month ago 14 Sep 2014 6 months ago [ more… ]

No Image

openssl 보안취약점을 해결한 신규버전 배포

2015-03-19 KENNETH 0

URL : http://openssl.org/news/vulnerabilities.html CVE-2015-0291: [High severity] 19th March 2015 ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an invalid signature algorithms extension a NULL pointer dereference will occur. This can be exploited in a DoS attack against the server. (original advisory). Reported by David Ramos (Stanford University). * 패치된 사항은 여러가지가 있으나, 가장 중요한 내용인듯 합니다. 3월 19일자로 출시된 버전은 openssl-1.0.2a openssl-1.0.1m openssl-1.0.0r openssl-0.9.8zf 입니다. 배포본들은 아직 적용이 안된듯 하네요… 심각하다고 사전경고가 있었으니 하루정도면 올라오지 싶습니다.

No Image

openssl 에서 심각한 보안 취약점 발생

2015-03-18 KENNETH 0

참고URL : https://mta.openssl.org/pipermail/openssl-announce/2015-March/000020.html http://cve.mitre.org/ 사이트에 아직 등록되지 않음 배포주최인 openssl.org 에서는 정확히 어떤 문제인지 밝히지 않았으며 (다만, 작년에 한창 이슈화 되었던 heartbleed 수준일 것이라는 내용) 현지시간으로 3월 19일에 새로운 업데이트 버전에서 해결될 것이라고만 안내.   패치가 적용된 차기버전 openssl-1.0.2a openssl-1.0.1m openssl-1.0.0r openssl-0.9.8zf   openssl.org 에서 아직 어떠한 정보도 나온것이 없고, 패치버전 역시 나온것이 없으므로 각 리눅스 배포판역시 19일 이후에나 적용예정임

No Image

삼바에서 “smb_pwd_check_ntlmv1: incorrect password length” 에러가 발생할때

2015-03-18 KENNETH 0

    http://wiki.nas4free.org/doku.php?id=faq:0033  Q: How can I fix the “smb_pwd_check_ntlmv1: incorrect password length” errors I keep seeing in my logs? A: People have reported different causes / solutions for this error. The most likely solutions are #1 & #2 but feel free to try the others. If you are using Windows 7 or Vista clients you might want to check your LAN Manager Authentication settings as in –dead link {[SOLVED] smb_pwd_check_ntlmv1: incorrect password length} –. See also –dead link {SMB Errors When Copying Files [SOLVED] Windows 7} –. Read Authentication Issues; Microsoft Article ID: 954387 for more details. If you are using Domain Authentication, the CIFS/SMB (Samba) auxiliary parameter use spnego = false has been reported to prevent this error. This may also work with other authentication methods. See –dead link {Windows 7 and Nas4Free} – If you enabled LDAP [ more… ]

No Image

CVE-2015-0235

2015-02-04 KENNETH 0

<pre> #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #define CANARY "in_the_coal_mine" struct {   char buffer[1024];   char canary[sizeof(CANARY)]; } temp = { "buffer", CANARY }; int main(void) {   struct hostent resbuf;   struct hostent *result;   int herrno;   int retval;   /*** strlen (name) = size_needed – sizeof (*host_addr) – sizeof (*h_addr_ptrs) – 1; ***/   size_t len = sizeof(temp.buffer) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;   char name[sizeof(temp.buffer)];   memset(name, ‘0’, len);   name[len] = ‘\0’;   retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);   if (strcmp(temp.canary, CANARY) != 0) {     puts("vulnerable");     exit(EXIT_SUCCESS);   }   if (retval == ERANGE) {     puts("not vulnerable");     exit(EXIT_SUCCESS);   }   puts("should not happen");   exit(EXIT_FAILURE); } </pre>