No Image

USN-2865-1: GnuTLS vulnerability

2016-01-08 KENNETH 0

Ubuntu Security Notice USN-2865-1 8th January, 2016 gnutls26, gnutls28 vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary GnuTLS could be made to expose sensitive information over the network. Software description gnutls26 – GNU TLS library gnutls28 – GNU TLS library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.04: libgnutls-openssl27 3.3.8-3ubuntu3.2 libgnutls-deb0-28 3.3.8-3ubuntu3.2 libgnutlsxx28 3.3.8-3ubuntu3.2 Ubuntu 14.04 LTS: libgnutlsxx27 2.12.23-12ubuntu2.4 libgnutls-openssl27 2.12.23-12ubuntu2.4 libgnutls26 2.12.23-12ubuntu2.4 Ubuntu 12.04 LTS: libgnutlsxx27 2.12.14-5ubuntu3.11 libgnutls-openssl27 2.12.14-5ubuntu3.11 libgnutls26 2.12.14-5ubuntu3.11 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. [ more… ]

No Image

RHSA-2016:0016-1: Moderate: samba security update

2016-01-08 KENNETH 0

Red Hat Enterprise Linux: Updated samba packages that fix multiple security issues are now available for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330 Source: rhn-errata

No Image

RHSA-2016:0014-1: Moderate: libldb security update

2016-01-08 KENNETH 0

Red Hat Enterprise Linux: Updated libldb packages that fix two security issues are now available for Red Hat Gluster Storage 3.1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. CVE-2015-3223, CVE-2015-5330 Source: rhn-errata

No Image

USN-2864-1: NSS vulnerability

2016-01-08 KENNETH 0

Ubuntu Security Notice USN-2864-1 7th January, 2016 nss vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary NSS could be made to expose sensitive information over the network. Software description nss – Network Security Service library Details Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectlyallowed MD5 to be used for TLS 1.2 connections. If a remote attacker wereable to perform a man-in-the-middle attack, this flaw could be exploited toview sensitive information. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: libnss3 2:3.19.2.1-0ubuntu0.15.10.2 Ubuntu 15.04: libnss3 2:3.19.2.1-0ubuntu0.15.04.2 Ubuntu 14.04 LTS: libnss3 2:3.19.2.1-0ubuntu0.14.04.2 Ubuntu 12.04 LTS: libnss3 3.19.2.1-0ubuntu0.12.04.2 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart any applications [ more… ]

Using NGINX Logging for Application Performance Monitoring

2016-01-08 KENNETH 0

The live activity monitoring dashboard and API in NGINX Plus track many system metrics that you can use to analyze the load and performance of your system. If you need request-level information, the access logging in NGINX and NGINX Plus is very flexible – you can configure which data is logged, selecting from the large number of data points that can be included in a log entry in the form of variables. You can also define customized log formats for different parts of your application. One interesting use case for taking advantage of the flexibility of NGINX access logging is application performance monitoring (APM). There are certainly many APM tools to choose from and NGINX is not a complete replacement for them, but it’s simple to get detailed visibility into the performance of your applications by adding timing values to your code [ more… ]