No Image

USN-2908-2: Linux kernel (Wily HWE) vulnerabilities

2016-02-23 KENNETH 0

USN-2908-2: Linux kernel (Wily HWE) vulnerabilities Ubuntu Security Notice USN-2908-2 22nd February, 2016 linux-lts-wily vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary Several security issues were fixed in the kernel. Software description linux-lts-wily – Linux hardware enablement kernel from Wily Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's [ more… ]

No Image

USN-2908-1: Linux kernel vulnerabilities

2016-02-23 KENNETH 0

USN-2908-1: Linux kernel vulnerabilities Ubuntu Security Notice USN-2908-1 22nd February, 2016 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,incorrectly propagated file attributes, including setuid. A localunprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectlypropagated security sensitive extended attributes, such as POSIX ACLs. Alocal unprivileged attacker could use this to gain privileges.(CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimitsfor file descriptors sent over UNIX domain sockets. A local attacker coulduse this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)implementation did not handle [ more… ]

[도서] 엑셀 2016 매크로&VBA 바이블

2016-02-23 KENNETH 0

[도서] 엑셀 2016 매크로&VBA 바이블 분야별 신상품 – 국내도서 – 컴퓨터와 인터넷 [도서]엑셀 2016 매크로&VBA 바이블 최준선 저 | 한빛미디어 | 2016년 03월 판매가 40,500원 (10%할인) | YES포인트 2,250원(5%지급) 마이크로소프트 엑셀 MVP 최준선이 제안하는 든든한 업무 파트너! 엑셀 업무 자동화의 거의 모든 것! 회사에서 필요한 코드는 모두 있다! 엑셀 매크로 활용에 필요한 기본기는 물론 VBA를 제대로 배워 업무에 써 Source: [도서] 엑셀 2016 매크로&VBA 바이블

No Image

USN-2906-1: GNU cpio vulnerabilities

2016-02-23 KENNETH 0

USN-2906-1: GNU cpio vulnerabilities Ubuntu Security Notice USN-2906-1 22nd February, 2016 cpio vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several security issues were fixed in GNU cpio. Software description cpio – a tool to manage archives of files Details Alexander Cherepanov discovered that GNU cpio incorrectly handled symboliclinks when used with the –no-absolute-filenames option. If a user orautomated system were tricked into extracting a specially-crafted cpioarchive, a remote attacker could possibly use this issue to write arbitraryfiles. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2015-1197) Gustavo Grieco discovered that GNU cpio incorrectly handled memory whenextracting archive files. If a user or automated system were tricked intoextracting a specially-crafted cpio archive, a remote attacker could usethis issue to cause GNU cpio to crash, resulting [ more… ]

No Image

RHEA-2016:0285-1: nodejs010 bug fix and enhancement update

2016-02-22 KENNETH 0

RHEA-2016:0285-1: nodejs010 bug fix and enhancement update Red Hat Enterprise Linux: Updated nodejs010 packages that fix two bugs and add one enhancement are now available for Red Hat Software Collections. Source: RHEA-2016:0285-1: nodejs010 bug fix and enhancement update