Bruin Learn access is restored. UCLA Digital and Technology Solutions and Bruin Learn administrators are continuing to monitor for delays or unexpected issues with the restoration of UCLA’s Canvas environment. If you continue to experience any issues with Bruin Learn, please reach out to BruinLearn-Support@it.ucla.edu

Apache Security Update

July 08, 2020
Security Advisory

The Apache Software Foundation has released security advisories to address multiple vulnerabilities in ApacheTomcat CVE-2020-13934 and CVE-2020-13935. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Versions Affected

Apache Tomcat 10.0.0-M1 to 10.0.0-M6
Apache Tomcat 9.0.0.M5 to 9.0.36
Apache Tomcat 8.5.1 to 8.5.56

Description

An h2c direct connection did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.

Mitigation

Upgrade to Apache Tomcat 10.0.0-M7 or later
Upgrade to Apache Tomcat 9.0.37 or later
Upgrade to Apache Tomcat 8.5.57 or later

Office of the Chief Information Security Officer

Apache Security Update

Versions Affected

Description

Mitigation

Reference

Apache Security Update

Versions Affected

Description

Mitigation

Reference

Bruin Learn Access Restored

Security Incident at Instructure (Canvas)

Linux Kernel Local Privilege Escalation Vulnerability (Copy Fail)

Action Required: New Logon Security Protocols to Access UCPath

Beware of Impersonation and Social Engineering During Emergencies