USN-5374-1: libarchive vulnerability It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to expose sensitive information. Source: USN-5374-1: libarchive vulnerability
USN-5373-2: Django vulnerabilities USN-5373-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. (CVE-2021-32052) Source: USN-5373-2: Django vulnerabilities
USN-5373-1: Django vulnerabilities It was discovered that Django incorrectly handled certain certain column aliases in the QuerySet.annotate(), aggregate(), and extra() methods. A remote attacker could possibly use this issue to perform an SQL injection attack. (CVE-2022-28346) It was discovered that Django incorrectly handled certain option names in the QuerySet.explain() method. A remote attacker could possibly use this issue to perform an SQL injection attack. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 21.10. (CVE-2022-28347) It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-32052) Source: USN-5373-1: Django vulnerabilities
USN-5331-2: tcpdump vulnerabilities USN-5331-1 fixed several vulnerabilities in tcpdump. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tcpdump incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-16301) It was discovered that tcpdump incorrectly handled certain captured data. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-8037) Source: USN-5331-2: tcpdump vulnerabilities
인터넷을 통해 유입되는 트래픽을 보호하기 위한 AWS 기반 방화벽 배포방식 설계 인터넷을 통해서 서비스가 연결되는 애플리케이션들은, 외부로 부터의 여러 위협 및 원치 않은 접근을 제한하기 위한 보안 통제 조치들을 충분히 고려하여 구성하여야 합니다. 이러한 보안 통제 조치들은 애플리케이션의 유형이나, 크기, 요구되는 컴플라이언스 수준, 운영상의 조건 등 다양한 고려사항에 따라서 구현될 수 있습니다. 어떤 경우에는 Network Access Control List(NACL)나, Security Group(SG)만을 활용하여도 효과적으로 애플리케이션을 보호할 수 있을 것이며, 좀더 다양한 형태의 위협에 대한 대응이 필요할 경우에는 추가적인 방화벽 구성이 필요할 수도 있습니다. 추가적인 방화벽 구성의 경우, NACL이나 SG외에 AWS Web Application Firewall (AWS WAF) 혹은 3rd party security appliance 고려할 수 있을 것입니다. 또한 AWS Network Firewall이나, AWS Gateway Load Balancer 같은 새롭게 추가된 서비스들을 사용하여 더욱 유연한 방화벽 아키텍처를 AWS상에서 설계할 수 있습니다. 우리는 이러한 각 서비스들을 활용하는 다양한 구성방법들을 기존 블로그들에서 다룬 바 있습니다 : Network Firewall Deployments Models, [ more… ]
Copyright © 2026 | WordPress Theme by MH Themes
