Unimog - Cloudflare’s edge load balancer

 

REF: https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/

[USN-4489-1] Linux kernel vulnerability

 ---------- Forwarded message ---------

From: Steve Beattie <steve.beattie@canonical.com>

Date: Sep 8, 2020 4:16PM

Or Cohen discovered that the AF_PACKET implementation in the Linux

kernel did not properly perform bounds checking in some situations. A

local attacker could use this to cause a denial of service (system

crash) or possibly execute arbitrary code.

References:

  https://usn.ubuntu.com/4489-1

  CVE-2020-14386

Check out this week's VizrTV shows on-demand

 

The next generation of Vizrt, the next chapter of your story Dr. Andrew Cross, Vizrt Group’s President of Product Development, examines how Vizrt’s 25 years of product revolution is charting the path forward in software-defined visual storytelling. Plus a sneak peek into the brand new Viz Vectar Plus.

[USN-4485-1] Linux kernel vulnerabilities

 ---------- Forwarded message ---------

From: Steve Beattie <steve.beattie@canonical.com>

Date: Sep 2, 2020 12:11PM

Timothy Michaud discovered that the i915 graphics driver in the Linux

kernel did not properly validate user memory locations for the

i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to

cause a denial of service or execute arbitrary code. (CVE-2018-20669)

It was discovered that the Kvaser CAN/USB driver in the Linux kernel did

not properly initialize memory in certain situations. A local attacker

could possibly use this to expose sensitive information (kernel memory).

(CVE-2019-19947)

Chuhong Yuan discovered that go7007 USB audio device driver in the Linux

kernel did not properly deallocate memory in some failure conditions. A

physically proximate attacker could use this to cause a denial of service

(memory exhaustion). (CVE-2019-20810)

It was discovered that the elf handling code in the Linux kernel did not

initialize memory before using it in certain situations. A local attacker

could use this to possibly expose sensitive information (kernel memory).

(CVE-2020-10732)

It was discovered that the Linux kernel did not correctly apply Speculative

Store Bypass Disable (SSBD) mitigations in certain situations. A local

attacker could possibly use this to expose sensitive information.

(CVE-2020-10766)

It was discovered that the Linux kernel did not correctly apply Indirect

Branch Predictor Barrier (IBPB) mitigations in certain situations. A local

attacker could possibly use this to expose sensitive information.

(CVE-2020-10767)

It was discovered that the Linux kernel could incorrectly enable Indirect

Branch Speculation after it has been disabled for a process via a prctl()

call. A local attacker could possibly use this to expose sensitive

information. (CVE-2020-10768)

Luca Bruno discovered that the zram module in the Linux kernel did not

properly restrict unprivileged users from accessing the hot_add sysfs file.

A local attacker could use this to cause a denial of service (memory

exhaustion). (CVE-2020-10781)

It was discovered that the XFS file system implementation in the Linux

kernel did not properly validate meta data in some circumstances. An

attacker could use this to construct a malicious XFS image that, when

mounted, could cause a denial of service. (CVE-2020-12655)

It was discovered that the bcache subsystem in the Linux kernel did not

properly release a lock in some error conditions. A local attacker could

possibly use this to cause a denial of service. (CVE-2020-12771)

It was discovered that the Virtual Terminal keyboard driver in the Linux

kernel contained an integer overflow. A local attacker could possibly use

this to have an unspecified impact. (CVE-2020-13974)

Kyungtae Kim discovered that the USB testing driver in the Linux kernel did

not properly deallocate memory on disconnect events. A physically proximate

attacker could use this to cause a denial of service (memory exhaustion).

(CVE-2020-15393)

It was discovered that the NFS server implementation in the Linux kernel

did not properly honor umask settings when setting permissions while

creating file system objects if the underlying file system did not support

ACLs. An attacker could possibly use this to expose sensitive information

or violate system integrity. (CVE-2020-24394)

It was discovered that the Kerberos SUNRPC GSS implementation in the Linux

kernel did not properly deallocate memory on module unload. A local

privileged attacker could possibly use this to cause a denial of service

(memory exhaustion). (CVE-2020-12656)

References:

  https://usn.ubuntu.com/4485-1

  CVE-2018-20669, CVE-2019-19947, CVE-2019-20810, CVE-2020-10732,

  CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10781,

  CVE-2020-12655, CVE-2020-12656, CVE-2020-12771, CVE-2020-13974,

  CVE-2020-15393, CVE-2020-24394

Cloudflare: Two clicks to add region-based Zero Trust compliance

 

REF: https://blog.cloudflare.com/two-clicks-to-enable-regional-zero-trust-compliance/

[USN-4481-1] FreeRDP vulnerabilities

 ---------- Forwarded message ---------

From: Marc Deslauriers <marc.deslauriers@canonical.com>

Date: Sep 1, 2020 10:31PM

It was discovered that FreeRDP incorrectly handled certain memory

operations. A remote attacker could use this issue to cause FreeRDP to

crash, resulting in a denial of service, or possibly execute arbitrary

code.

References:

  https://usn.ubuntu.com/4481-1

  CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098,

  CVE-2020-11099, CVE-2020-15103, CVE-2020-4030, CVE-2020-4031,

  CVE-2020-4032, CVE-2020-4033

Viz Virtual Summit on VizrTV

 

Sign up for a month full of unique live shows that will help you adjust to the changing world and achieve your production goals.

[USN-4477-1] Squid vulnerabilities

 ---------- Forwarded message ---------

From: Marc Deslauriers <marc.deslauriers@canonical.com>

Date: Aug 28, 2020 2:17AM

Amit Klein discovered that Squid incorrectly validated certain data. A

remote attacker could possibly use this issue to perform an HTTP request

smuggling attack, resulting in cache poisoning. (CVE-2020-15810)

Régis Leroy discovered that Squid incorrectly validated certain data. A

remote attacker could possibly use this issue to perform an HTTP request

splitting attack, resulting in cache poisoning. (CVE-2020-15811)

Lubos Uhliarik discovered that Squid incorrectly handled certain Cache

Digest response messages sent by trusted peers. A remote attacker could

possibly use this issue to cause Squid to consume resources, resulting in a

denial of service. (CVE-2020-24606)

References:

  https://usn.ubuntu.com/4477-1

  CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

Telestream: transcode with speed and automation

 

Since media companies around the world use a wide variety of codecs and containers, it is critical to have speed and automation on your side—to free up your resources to focus on more of the creative work and less of the mundane tasks.

[USN-4476-1] NSS vulnerability

 ---------- Forwarded message ---------

From: Leonidas S. Barbosa <leo.barbosa@canonical.com>

Date: Aug 28, 2020 1:49AM

It was discovered that NSS incorrectly handled some inputs.

An attacker could possibly use this issue to expose sensitive information.

References:

  https://usn.ubuntu.com/4476-1

  CVE-2020-12403

Plex: From the people who brought you Skip Intro...

 

What if we told you that with your Plex Pass, plus an antenna and tuner you can watch and record local shows, news, and sports? And, what if we told you that as of this month you can also skip commercials (without getting rid of them) for all the stuff you record? Looks like we just did.

NewTek: Join the Elite. Trade-in Your TriCaster®️ Today.

The newest member of the TriCaster family, TriCaster® 2 Elite, has the tools you already use and love, plus now offers you integration with Zoom, Skype, Microsoft® Teams, Discord, Slack and Tencent – so you can continue to reach your customers and engage with new audiences. This new feature is called Live Call Connect. 

REF: https://www.newtek.com/tricaster/2-elite/

Cloudflare: August 30th 2020: Analysis of CenturyLink/Level(3) Outage

 

The diverse set of network providers Cloudflare connects to. Source: https://bgp.he.net/AS13335#_asinfo

REF: https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/

[USN-4475-1] Chrony vulnerability

 ---------- Forwarded message ---------

From: Leonidas S. Barbosa <leo.barbosa@canonical.com>

Date: Aug 27, 2020 9:59PM

It was discovered that Chrony incorrectly handled certain symbolic links.

An attacker could possibly use this issue to cause a denial of service or

expose sensitive information.

References:

  https://usn.ubuntu.com/4475-1

  CVE-2020-14367

Roku: Are you ready for game day? 🏈

 

Ready, set… hut, hut, stream!

Football kicks off tonight as Houston takes on Kansas City. See how to catch the game and the rest of the action this season.

[USN-4474-1] Firefox vulnerabilities

 ---------- Forwarded message ---------

From: Chris Coulson <chris.coulson@canonical.com>

Date: Aug 27, 2020 3:03AM

Multiple security issues were discovered in Firefox. If a user were

tricked in to opening a specially crafted website, an attacker could

potentially exploit these to cause a denial of service, trick the user

in to installing a malicious extension, spoof the URL bar, leak sensitive

information between origins, or execute arbitrary code. (CVE-2020-15664,

CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)

It was discovered that NSS incorrectly handled certain signatures.

An attacker could possibly use this issue to expose sensitive information.

(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)

A data race was discovered when importing certificate information in to

the trust store. An attacker could potentially exploit this to cause an

unspecified impact. (CVE-2020-15668)

References:

  https://usn.ubuntu.com/4474-1

  CVE-2020-12400, CVE-2020-12401, CVE-2020-15664, CVE-2020-15665,

  CVE-2020-15666, CVE-2020-15668, CVE-2020-15670, CVE-2020-6829

Cloudflare: What Happens When The Whole World Goes Remote?

 

REF: https://blog.cloudflare.com/what-happens-when-the-whole-world-goes-remote-not-to-worry-we-were-built-for-this/

[Openvpn-announce] OpenVPN 2.5-beta4 released

 ---------- Forwarded message ---------

From: Samuli Seppänen <samuli@openvpn.net>

Date: Sat, Sep 12, 2020 at 1:20 AM

OpenVPN 2.5 is a new major release with many new features:

•     Client-specific tls-crypt keys (--tls-crypt-v2)
•     Added support for using the ChaCha20-Poly1305 cipher in the OpenVPN
• data channel
•     Improved Data channel cipher negotiation
•     Removal of BF-CBC support in default configuration
•     Asynchronous (deferred) authentication support for auth-pam plugin
•     Deferred client-connect
•     Faster connection setup
•     Netlink support
•     Wintun support
•     IPv6-only operation
•     Improved Windows 10 detection
•     Linux VRF support
•     TLS 1.3 support
•     Support setting DHCP search domain
•     Handle setting of tun/tap interface MTU on Windows
•     HMAC based auth-token support
•     VLAN support
•     Support building of .msi installers for Windows
•     Allow unicode search string in --cryptoapicert option (Windows)
•     Support IPv4 configs with /31 netmasks now
•     New option --block-ipv6 to reject all IPv6 packets (ICMPv6)

Roku: 100 new titles on Hulu in September

 

 

100 new titles on Hulu in September

 

Check out our list of all the new titles arriving on Hulu, including Woke, Trolls World Tour, Because I Said So, Madagascar: A Little Wild, The Addams Family, and more.

MagicSoft Playout release 7.6.3

 it adds Mpeg2 UDP output for SD, HD720p and HD1080i modes. 

H264 UDP works for the all video modes :

SD / HD 720p / HD1080i / HD 1080p / 4K ( from 23.98 to 60 fps )

REF: https://www.magicsoft.tv

Asynchronous HTMLRewriter for Cloudflare Workers

 

REF: https://blog.cloudflare.com/asynchronous-htmlrewriter-for-cloudflare-workers/

These Python tools should be in every developer’s toolbox

 

Ever need to pull information from multiple websites, generate dummy data, blur image details or create a set of thumbnails? If you've had to do any of these kinds of menial tasks more than once, you should be automating it.

Roku: What’s arriving this month on Netflix

 

 

What’s arriving this month on Netflix

 

Watch Millie Bobby Brown and Henry Cavill star in the new Enola Holmes series, or catch Robert Pattinson in the original thriller The Devil All the Time. See our guide to Netflix in September.

[Checkmk Announce] New Checkmk stable release 1.5.0p25

 ---------- Forwarded message ---------

From: Checkmk Announcements <checkmk-announce@lists.mathias-kettner.de>

Date: Fri, Aug 21, 2020 at 3:52 AM

This maintenance release ships with 29 changes affecing all editions of Checkmk,

1 Enterprise Edition specific changes and 1 Managed Services Edition specific changes.

WATO:

* 11030 FIX: Service Discovery: Skip not existing checks

* 11027 FIX: LDAP: Validate usage of suffix

* 11024 FIX: Analyze configuration: Avoid crash on timeout when contacting remote sites

User interface:

* 10750 FIX: Reduce long waiting times for some users when loading sites

* 11035 FIX: Fixed pnp4nagios graphs on systems with php-7.4

* 11191 FIX: Fixed misleading snmp error message

HW/SW inventory:

* 10987 FIX: HW/SW Inventory Service: Fix "State when inventory fails"

Event console:

* 11029 FIX: Prevent duplicated rule packs when updating mkp

Core & setup:

* 11263 SEC: Fix piggyback path traversal

NOTE: Please refer to the migration notes!

* 10620 FIX: Fix parsing of invalid state history files

* 10621 FIX: Fix bug where scheduler would become inactive

Checks & agents:

* 10497 FIX: solaris_services: Fixed discovery of services if output additionally contains time information

* 10633 FIX: skype: fixed magnitude of latency value

* 10835 FIX: mssql_counters.cache_hits: Services go stale if no data is sent from agent

* 10997 FIX: mk_postgres: Fixed query "Last vaccum"

* 11228 FIX: hp_proliant_temp: Do not discover temperature sensors if temperature could not be determined

* 11226 FIX: hitachi_hus_dku: Fixed informational text about component: "Processor" -> "Power Supply"

* 10996 FIX: f5_bigip_vserver: Fixed scaling of connections duration min/max/mean

* 10073 FIX: f5_bigip_vserver: Fixed ValueError while ip parsing

NOTE: Please refer to the migration notes!

* 10994 FIX: f5_bigip_mem: Discover only if memory total and used values are available

* 10998 FIX: df.include: Fix discovery of empty filesystem groups

* 10817 FIX: check_dns: Act case-insensitive

* 10692 FIX: Windows Agent supports UNC-like paths in section fileinfo

* 10984 FIX: Show upper levels in bandwidth graph

* 10988 FIX: Periodic service discovery: Fix not working "rediscovery scheduled" on clusters

* 10831 FIX: HW/SW Inventory: Unsorted branches may pollute inventory archive

* 11028 FIX: Fixed plugins README

* 10840 FIX: Fix evaluation of time specific parameters if default parameters are tuple based

* 10992 FIX: Check_MK Service: Fix "'ascii' codec can't decode byte" while collecting service results

You can download Checkmk from our download page:

 * https://checkmk.com/download.php

New in September on The Roku Channel

 

 

New in September on The Roku Channel

 

Check out this month’s new arrivals like Con Air, Time Traveler's Wife, and Dumb & Dumber: When Harry Met Lloyd—all streaming free.

FSF: Meet the star witness: Your "smart" speaker

From August 23rd by Sidney Fussell

Not controlling the software you run on your smart device gives new meaning to the phrase "everything you say can be used against you." In this article, we learn about the frightening upswing in use of these devices in police investigations. Remember, if you don't control your devices, they can be used to control you, and the smartest thing you can do with "smart" devices is avoid them!

REF: https://www.wired.com/story/star-witness-your-smart-speaker/

Rendering React on the Edge with Flareact and Cloudflare Workers

 

REF: https://blog.cloudflare.com/rendering-react-on-the-edge-with-flareact-and-cloudflare-workers/

DebConf20 online closes

 ---------- Forwarded message ---------

From: Laura Arjona Reina <larjona@debian.org>

Date: Aug 30, 2020 8:27AM

On Saturday 29 August 2020, the annual Debian Developers and

Contributors Conference came to a close.

DebConf20 has been held online for the first time, due to the

coronavirus (COVID-19) disease pandemic.

All of the sessions have been streamed, with a variety of ways of

participating: via IRC messaging, online collaborative text documents,

and video conferencing meeting rooms.

With more than 850 attendees from 80 different countries and a total of

over 100 event talks, discussion sessions, Birds of a Feather (BoF)

gatherings and other activities, DebConf20 [1] was a large success.

REF: https://debconf20.debconf.org

Roku: Save big on smooth streaming

 

Super-charged streaming

Save $20 on our most powerful and feature-packed streaming player. From fast channel launch and personal shortcut buttons to private listening and lost remote finder, Roku Ultra has all the bells and whistles.

ActivePython 3.8.2 CE Available

 ActivePython 3.8.2 Community Edition is now available for download from the ActiveState Platform. Python 3.8 offers a number of minor improvements including the walrus operator (:=), which assigns values to variables as part of a larger expression.

Python 2.7 Security Fix

If you’re still using Python 2, you might be aware that urllib3 was recently found to have a critical vulnerability. For our enterprise users, we’ve released ActivePython 2.7.18.1 to address this issue. Learn more about our Python 2 support offering.

Get caught up on all the latest ActiveState Platform updates.