QNAP QTS versions prior to 4.2.4 suffer from a sensitive data exposure vulnerability that allows for privilege escalation.
Monthly Archives: March 2017
AVG Business at MSPWorld 2017 Conference in New Orleans
AVG Business by Avast is proud to be a Gold sponsor of MSPWorld®, the premier conference for cloud and managed services professionals.
You may have thought the New Orleans Jazz and Heritage Festival was the highlight of springtime in “The Big Easy”, but for MSPs across the country, the event of the year is MSPWorld which takes place in New Orleans, Louisiana from March 26th to 28th. MSPWorld is the perfect place for people working in the managed services industry to learn from their peers, because this world-class conference is run by MSPs, for MSPs.
Visit AVG Business by Avast MSPWorld 2017 to get a 50% discount on a full conference pass, and stop by booth #33 to meet the AVG Business by Avast team. We are there to share our expertise on how to develop pricing models to support revenue growth, provide cost effective 24/7 support, and ensure your customers’ environments are secure and performing optimally.
We want to have some fun with you too, so plan to arrive early and join us Tuesday from 11:00am – 4:00pm at the Lakewood Golf Club for the MSPWorld Golf Tournament. Reserve your spot to chill with us afterwards for an exclusive AVG Business Partner Event cruising on the Steamboat Natchez Tuesday evening.
Your schedule can get busy quickly at MSPWorld, so mark your calendar in advance for the following speaking sessions:
Creating a competitive MSP Pricing Model
Date: March 27, 2017
Time: 9:45am to 10:15am
Location: Gallery 1-3
Ryan Vallee, Product Management Lead for AVG Business by Avast, will be speaking about the importance of properly pricing your service to stimulate business growth. The science to calculating labor cost, overhead, software solution, etc. to achieve a desired margin can be a bit of a mystery to many. Whether you offer reactive, proactive, or fixed-fee models, this session will guide you to develop profitable service plans that take into consideration all known costs to provide a Managed Service to your customers; AND, help you evolve your business into higher levels of profitability.
Scaling your Managed Services for NOC & Help Desk
Date: March 27, 2017
Time: 2:15pm to 3:00pm
Location: Gallery 1
Staale Swift, Chief Executive Officer at NOCDOC will address what is going on in the market today and its impact on managed service providers. He will answer questions MSPs have about growing or expanding their businesses, what you can offer your clients, considerations when you are building up your offering, and the value you bring to the table.
We look forward to seeing you at MSPWorld. Visit our website to get your MSPWorld discount and for our exclusive partner event cruising the Mississippi River. Stay a few more days for Jazz Fest 2017.
Red Hat Security Advisory 2017-0831-01
Red Hat Security Advisory 2017-0831-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 7.0.5 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.
Red Hat Security Advisory 2017-0834-01
Red Hat Security Advisory 2017-0834-01 – The eap7-jboss-ec2-eap package provides scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.5.
Red Hat Security Advisory 2017-0829-01
Red Hat Security Advisory 2017-0829-01 – The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.14. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
Red Hat Security Advisory 2017-0828-01
Red Hat Security Advisory 2017-0828-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
Ubuntu Security Notice USN-3242-1
Ubuntu Security Notice 3242-1 – Jann Horn discovered that Samba incorrectly handled symlinks. An authenticated remote attacker could use this issue to access files on the server outside of the exported directories.
Ubuntu Security Notice USN-3243-1
Ubuntu Security Notice 3243-1 – It was discovered that Git incorrectly sanitized branch names in the PS1 variable when configured to display the repository status in the shell prompt. If a user were tricked into exploring a malicious repository, a remote attacker could use this issue to execute arbitrary code.
Red Hat Security Advisory 2017-0827-01
Red Hat Security Advisory 2017-0827-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
Red Hat Security Advisory 2017-0826-01
Red Hat Security Advisory 2017-0826-01 – Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.13, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group. On systems using classic /etc/init.d init scripts, the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.