No Image

USN-5090-2: Apache HTTP Server vulnerabilities

2021-09-28 KENNETH 0

USN-5090-2: Apache HTTP Server vulnerabilities USN-5090-1 fixed several vulnerabilities in Apache. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438) [ more… ]

A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options

2021-09-28 KENNETH 0

A Guide to Choosing an Ingress Controller, Part 4: NGINX Ingress Controller Options This is the third blog post in our series on how to choose a Kubernetes Ingress controller. How to Choose a Kubernetes Ingress Controller, Part 1: Identify Your Requirements How to Choose a Kubernetes Ingress Controller, Part 2: Risks and Future-Proofing How to Choose a Kubernetes Ingress Controller, Part 3: Open Source vs. Default vs. Commercial How to Choose a Kubernetes Ingress Controller, Part 4: NGINX Ingress Controller Options (this post) According to the Cloud Native Computing Foundation’s (CNCF) Survey 2020, NGINX is the most commonly used data plane in Ingress controllers for Kubernetes – but did you know there’s more than one “NGINX Ingress Controller”? A previous version of this blog, published in 2018 under the title Wait, Which NGINX Ingress Controller for Kubernetes Am I Using?, was prompted by a conversation with [ more… ]

No Image

Upcoming Gallery Block improvements

2021-09-28 KENNETH 0

Upcoming Gallery Block improvements Thanks to @javiarce & @annezazu for design and copy contributions. An exciting update to the Gallery Block gives you more ways to show off images in your posts and pages. While this change won’t be available for most folks until WordPress 5.9’s launch in December, we wanted to share some of what’s to come to get you excited about the future. Style individual images You can now use the same tools that are available for individual image blocks on each image in the Gallery Block! This added flexibility means you can do more customization – from adding links to each individual image, inline cropping to edit on the fly, apply unique styles for more visually compelling images, and apply an array of duotone filters. Add custom styles For more advanced folks who like to go a [ more… ]

No Image

USN-5090-1: Apache HTTP Server vulnerabilities

2021-09-27 KENNETH 0

USN-5090-1: Apache HTTP Server vulnerabilities James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-33193) It was discovered that the Apache HTTP Server incorrectly handled certain malformed requests. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. (CVE-2021-36160) It was discovered that the Apache HTTP Server incorrectly handled escaping quotes. If the server was configured with third-party modules, a remote attacker could [ more… ]

AWS 주간 소식 모음 – 2021년 9월 27일 :: Amazon Lex 및 ElastiCache Auto Scaling 서울 리전 출시 등

2021-09-27 KENNETH 0

AWS 주간 소식 모음 – 2021년 9월 27일 :: Amazon Lex 및 ElastiCache Auto Scaling 서울 리전 출시 등 안녕하세요! 여러분~ 추석 연휴 잘 보내셨나요? 습니다. 매주 월요일 마다 지난 주 업데이트된 국내 AWS관련 콘텐츠를 정리해 드리는 AWS 주간 소식 모음으로 새로운 한 주 출발하세요. AWS 클라우드에 대한 새로운 소식을 확인하시는데 많은 도움 되시길 바랍니다. AWS Builders – “Graviton2” 특집 세션 (9월 28일) AWS Graviton2 특집 세션에서는 최신 고객 사례를 기반으로 Graviton2 도입 효과에 대해서 발표하고, EC2, 컨테이너, AWS 관리형 서비스 기반의 AWS Graviton2 서비스에 대해서 자세히 설명드립니다. AWS Graviton2 프로세서는 훨씬 더 많은 선택권을 제공하여 고객이 워크로드의 성능과 비용을 최적화할 수 있도록 지원합니다. 지금 등록하기 >> AWSome Day 온라인 컨퍼런스 (9월 30일) AWSome Day 온라인 컨퍼런스는 AWS 공인 강사가 진행하는 1일 무료 클라우드 교육 행사로 AWS 클라우드 개념, 핵심 AWS 서비스, 그리고 이러한 서비스를 통해 다양한 응용 분야 및 [ more… ]