:: IT Security Neophyte Investigator's MEMO ::: 25日月曜日、赤口

2009年5月25日月曜日

25日月曜日、赤口

Ryan Gordon On Linux UT3: "still on its way"
http://www.linux.org/news/2009/05/24/0001.html

Postfix 2.7 Snapshot 20090524
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20090524.HISTORY

YouTube動画のコメントにマルウエアへのリンク，自動化ツールで急増か
http://itpro.nikkeibp.co.jp/article/NEWS/20090525/330580/?ST=security

JVNDB-2009-001252 IBM AIX の muxatmd におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001252.html

Gentoo update for ipsec-tools
http://secunia.com/advisories/35212/

Gentoo update for gnutls
http://secunia.com/advisories/35211/

Gentoo update for freetype
http://secunia.com/advisories/35210/

Gentoo update for acpid
http://secunia.com/advisories/35209/

+ Sysstat 9.0.3 released
http://pagesperso-orange.fr/sebastien.godard/

+ Solution 259468: Multiple Vulnerabilities in the Solaris 8 and 9 sadmind(1M) Daemon May Lead to Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1

+ Solution 259028: Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1

+ Solution 245806: A Buffer Overflow Security Vulnerability in the Solaris sadmind(1M) Daemon May Lead to Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245806-1

+ RHSA-2009:1062-1: Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2009-1062.html
+ RHSA-2009:0329-1: Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2009-0329.html
+ RHSA-2009:1061-1: Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2009-1061.html

- RHSA-2009:1059-1: Important: pidgin security update
http://rhn.redhat.com/errata/RHSA-2009-1059.html

[ANN] Apache Felix UPnP Extra version 0.4.0 Released
http://felix.apache.org/site/apache-felix-upnp.html

[ANN] Apache Felix UPnP Tester version 0.4.0 Released
http://felix.apache.org/site/apache-felix-upnp.html

MySQL 6.0.11 Alpha has been released!
http://www.mysql.com/mysql60/

MySQL Workbench 5.2.1 Alpha
http://dev.mysql.com/downloads/workbench

[ANNOUNCE] JMeter 2.3.3 r776386.
http://jakarta.apache.org/jmeter/

Kernel release: 2.6.30-rc7
http://www.linux.org/news/2009/05/23/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc7

Still No Chrome For Linux?
http://www.linux.org/news/2009/05/22/0014.html

Linux on the company desktop
http://www.linux.org/news/2009/05/22/0013.html

Install the GNU ARM toolchain under Linux
http://www.linux.org/news/2009/05/22/0012.html

How do you roll out Linux in an organization?
http://www.linux.org/news/2009/05/22/0011.html

Vista launch best argument for Linux says IBM exec
http://www.linux.org/news/2009/05/22/0010.html

A+ for Dell's new Ubuntu Linux netbook
http://www.linux.org/news/2009/05/22/0009.html

Puppy Linux 4.2.1 Launched
http://www.linux.org/news/2009/05/22/0008.html

Exec Predicts 50 Percent Share For Linux Netbooks
http://www.linux.org/news/2009/05/22/0007.html

Moblin makes the Linux 'desktop' more Mac-like
http://www.linux.org/news/2009/05/22/0006.html

Deploy Linux desktops for non-technical users, says study
http://www.linux.org/news/2009/05/22/0005.html

Alleged Nokia Linux smartphone plans exposed by leak
http://www.linux.org/news/2009/05/22/0004.html

Report Recommends How to Switch to Linux
http://www.linux.org/news/2009/05/22/0003.html

Linux Desktop Stats: Wrong Question, Wrong Answers
http://www.linux.org/news/2009/05/22/0002.html

Windows server has Linux in crosshairs
http://www.linux.org/news/2009/05/22/0001.html

NTP 4.2.5p179 (Development)
http://archive.ntp.org/ntp4/ChangeLog-dev

Solution 256588: A Cross-Site Scripting (XSS) Vulnerability in Sun Java System Portal Server's Error Page May Lead to Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256588-1

RHSA-2009:0329-02: Important: freetype security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29341

RHSA-2009:1059-02: Important: pidgin security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29342

RHSA-2009:1060-02: Important: pidgin security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29343

RHSA-2009:1061-02: Important: freetype security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29344

RHSA-2009:1062-01: Important: freetype security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29345

TZO-24-2009: Panda generic evasion (CAB)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29348

TZO-25-2009: Panda generic evasion (TAR)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29349

DSA 1802-2: New squirrelmail packages correct incomplete fix
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29340

DDIVRT-2009-25: IPsession SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29347

NTPD-SA-05/21/2009: FYI: ntpd, CVE-2009-1252, remote code execution with enabled Autokey authentication
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29346

Flash Quiz-SA-05/21/2009: MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29351

MDVSA-2009:120: openssl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29338

MDVSA-2009:121: lcms
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29339

GroupWise-SA-05/21/2009: Novell GroupWise Web Access Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29350

[SECURITY] [DSA 1805-1] New pidgin packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00222.html

[TZO-25-2009] Panda generic evasion (TAR)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00221.html

[TZO-24-2009] Panda generic evasion (CAB)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00220.html

LxBlog
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00219.html

Serena Dimensions CM Desktop Client does not validate the server SSL certificate
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00218.html

Novell GroupWise Internet Agent Remote Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00216.html

DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00215.html

Bugtraq [ MDVSA-2009:121 ] lcms
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00214.html

[SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-05/msg00217.html

[Internal] Changing hostd logging levels
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1011215&sliceId=1&docTypeID=DT_KB_1_1

JVNVU#710316 NSD におけるバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU710316/index.html

Wireshark 1.0.8 Released
http://www.wireshark.org/news/20090521.html

「感染すると、さまざまな被害に」――最新Webウイルスを徹底解説
パスワード盗聴、迷惑メールの送信、検索結果の改ざん、偽ソフト、対策ソフトの無効化
http://itpro.nikkeibp.co.jp/article/NEWS/20090522/330541/?ST=security

IP Filter ippool Buffer Overflow in 'lib/load_http.c' May Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id?1022272

Solaris Secure Digital Slot Driver Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id?1022271

Sun Solaris "sadmind" Two Vulnerabilities
http://secunia.com/advisories/32473/

Red Hat update for freetype
http://secunia.com/advisories/35204/

Fedora update for quagga
http://secunia.com/advisories/35203/

Red Hat update for pidgin
http://secunia.com/advisories/35202/

Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://secunia.com/advisories/35201/

Red Hat update for freetype
http://secunia.com/advisories/35200/

Red Hat update for freetype
http://secunia.com/advisories/35198/

Pidgin Multiple Vulnerabilities
http://secunia.com/advisories/35194/

ZaoCMS Insecure Cookie Handling and Local File Inclusion
http://secunia.com/advisories/35193/

Your Articles Directory SQL Injection Vulnerabilities
http://secunia.com/advisories/35192/

ASP Inline Corporate Calendar Multiple Vulnerabilities
http://secunia.com/advisories/35187/

Novell GroupWise Multiple Vulnerabilities
http://secunia.com/advisories/35177/

a-News Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35171/

NC LinkList "votename" PHP Code Execution Vulnerability
http://secunia.com/advisories/35168/

Sun Solaris GSS-API Library Code Execution Vulnerability
http://secunia.com/advisories/35151/

Drupal Email Verification Module Script Insertion and Security Bypass
http://secunia.com/advisories/35150/

Web Conference Room Free Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35148/

Douran Portal Multiple Vulnerabilities
http://secunia.com/advisories/35141/

Drupal Views Bulk Operations Module Security Bypass
http://secunia.com/advisories/35117/

Apple QuickTime PICT Parsing Buffer Overflow Vulnerability
http://secunia.com/advisories/35091/

SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916

Sun Solstice AdminSuite 'sadmind' 'adm_build_path()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31751

Cscope Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34805

Zeeways PHOTOVIDEOTUBE Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35080

Multiple Mole Group Products 'admin.php' Remote Password Change Vulnerability
http://www.securityfocus.com/bid/35079

ZaoCMS 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/35078

Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067

Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35052

ZaoCMS 'admin/modules/Users/edit_user.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35077

IPFilter 'ippool' 'lib/load_http.c' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35076

Tutorial Share Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35075

Serena Dimensions CM SSL Certificate Signature Verification Vulnerability
http://www.securityfocus.com/bid/35073

DotNetNuke 'ErrorPage.aspx' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/35074

LxBlog Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35071

Multiple Panda Products TAR/CAB Files Scan Evasion Vulnerability
http://www.securityfocus.com/bid/35072

a-News Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35070

VICIDIAL Call Center Suite 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/35056

Web Conference Room Free Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35068

FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/29639

FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/24074

FreeType Printer Font Binary Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/29637

FreeType LWFN Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/18034

FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550

Quagga Autonomous System Number Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34817

Sun Solaris Secure Digital Slot Driver (sdhost(7D)) Local Code Execution Vulnerability
http://www.securityfocus.com/bid/35069

Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993

Novell GroupWise WebAccess Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35066

Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35065

Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35064

ZaoCMS Insecure Cookie Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35063

Sun Solaris 'sadmind' Daemon Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35083

Sun Java System Portal Server Error Page Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35082

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)