No Image

USN-2864-1: NSS vulnerability

2016-01-08 KENNETH 0

Ubuntu Security Notice USN-2864-1 7th January, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information over the network. Software description nss – Network Security Service library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.19.2.1-0ubuntu0.15.10.2 Ubuntu 15.04: libnss3 2:3.19.2.1-0ubuntu0.15.04.2 Ubuntu 14.04 LTS: libnss3 2:3.19.2.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.19.2.1-0ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications [ more… ]

Using NGINX Logging for Application Performance Monitoring

2016-01-08 KENNETH 0

The live activity monitoring dashboard and API in NGINX Plus track many system metrics that you can use to analyze the load and performance of your system. If you need request-level information, the access logging in NGINX and NGINX Plus is very flexible – you can configure which data is logged, selecting from the large number of data points that can be included in a log entry in the form of variables. You can also define customized log formats for different parts of your application. One interesting use case for taking advantage of the flexibility of NGINX access logging is application performance monitoring (APM). There are certainly many APM tools to choose from and NGINX is not a complete replacement for them, but it’s simple to get detailed visibility into the performance of your applications by adding timing values to your code [ more… ]

No Image

USN-2863-1: OpenSSL vulnerability

2016-01-08 KENNETH 0

Ubuntu Security Notice USN-2863-1 7th January, 2016 openssl vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary OpenSSL could be made to expose sensitive information over the network. Software description openssl – Secure Socket Layer (SSL) cryptographic library and tools Details Karthikeyan Bhargavan and Gaetan Leurent discovered that OpenSSLincorrectly allowed MD5 to be used for TLS 1.2 connections. If a remoteattacker were able to perform a man-in-the-middle attack, this flaw couldbe exploited to view sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.33 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to reboot your computer to makeall the necessary changes. References CVE-2015-7575 Source: ubuntu-usn

No Image

RHSA-2016:0012-1: Moderate: gnutls security update

2016-01-08 KENNETH 0

Red Hat Enterprise Linux: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. CVE-2015-7575 Source: rhn-errata

No Image

RHSA-2016:0011-1: Moderate: samba security update

2016-01-08 KENNETH 0

Red Hat Enterprise Linux: Updated samba packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-5252, CVE-2015-5296, CVE-2015-5299 Source: rhn-errata