No Image

USN-4298-1: SQLite vulnerabilities

2020-03-10 KENNETH 0

USN-4298-1: SQLite vulnerabilities sqlite3 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in SQLite. Software Description sqlite3 – C library that implements an SQL database engine Details It was discovered that SQLite incorrectly handled certain shadow tables. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13734, CVE-2019-13750, CVE-2019-13753) It was discovered that SQLite incorrectly handled certain corrupt records. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-13751) It was discovered that SQLite incorrectly handled certain queries. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or [ more… ]

[CVE-2020-1938] apache tomcat 취약점에 따른 업데이트시 참고 사항

2020-03-10 KENNETH 0

CVE-2020-1938 취약점 CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938 KISA : https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35292APACHE : http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100   취약점 해결을 위해서는 tomcat 을 최신버전으로 업데이트 해줘야 한다. 2020.03.10 기준 tomcat7 의 경우 7.0.100 버전 으로 tomcat8 의 경우 8.5.51 버전 으로 tomcat9 의 경우 9.0.31 버전 으로 업데이트를 해줘야 한다.   발단 tomcat7 을 사용중인 서버가 있어 기존 : tomcat-7.0.64 변경 : tomcat-7.0.100 으로 계획후 작업을 진행 별다른 이슈가 없을것으로 보였고, 작업을 진행했으나 문제 발생   발생한 문제점 1. 에러로그 발생 The AJP Connector is configured with secretRequired=”true” but the secret attribute is either null or “”. 기존에 존재하지 않았던 로그   2. 503 오류 발생 jsp 페이지 자체가 로딩되지 않는 문제가 있었다.     해결 1. secretRequired=”true” 참조 : https://tomcat.apache.org/tomcat-7.0-doc/changelog.html Rename the requiredSecret attribute of the AJP/1.3 Connector to secret and add a new attribute secretRequired that defaults to true. When secretRequired is true the AJP/1.3 [ more… ]

No Image

Latest ‘Simply Windows’ video can help you make your PC easier to use

2020-03-10 KENNETH 0

Latest ‘Simply Windows’ video can help you make your PC easier to use The newest “Simply Windows” video is now available, focusing on ways to customize the settings on your PC.  If you’re new to Windows 10 or want to learn more about how to get the most out of it, this video series can help you get up to speed on using it.  In this episode, writers Jackie Tidwell and Doug Thomas help viewers change the size of text in Windows 10, increase contrast on their screens and show you how Microsoft Edge can read webpages to you, among other things you can personalize in the Ease of Access settings.  Find out more about “Simply Windows” and check out a playlist of previous shows.  And if you like this, check out other Windows 10 Tips.  The post Latest ‘Simply Windows’ video can help you make your PC easier to use appeared first on [ more… ]

No Image

USN-4297-1: runC vulnerabilities

2020-03-09 KENNETH 0

USN-4297-1: runC vulnerabilities runc vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in runc. Software Description runc – Open Container Project Details It was discovered that runC incorrectly checked mount targets. An attacker with a malicious container image could possibly mount over the /proc directory and excalate privileges. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-16884) It was discovered that runC incorrectly performed access control. An attacker could possibly use this issue to escalate privileges. (CVE-2019-19921) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 runc – 1.0.0~rc10-0ubuntu1~19.10.2 Ubuntu 18.04 LTS runc – 1.0.0~rc10-0ubuntu1~18.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References [ more… ]

[도서] 알기 쉬운 파이썬 SQL 코딩하기

2020-03-09 KENNETH 0

[도서] 알기 쉬운 파이썬 SQL 코딩하기 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]알기 쉬운 파이썬 SQL 코딩하기 정현희 저 | 크라운출판사 | 2020년 03월 판매가 13,500원 (10%할인) | YES포인트 750원(5%지급) 파이썬 프로그램을 통해 단계적으로 코딩을 습득해 볼 수 있도록 구성되었다. 특히 파이썬을 데이터베이스 관리 프로그램언어인 SQL과 연동해 활용할 수 있는 기초 지식을 습득할 수 있는 데에 주안점을 맞추고 있다 Source: [도서] 알기 쉬운 파이썬 SQL 코딩하기