+ ProFTPD 1.3.2a released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2a
+ PostgreSQL JDBC Driver 8.0-324, 8.1-414, 8.2-510, 8.3-605, 8.4-701 released
http://jdbc.postgresql.org/changes.html#version_8.0-324
http://jdbc.postgresql.org/changes.html#version_8.1-414
http://jdbc.postgresql.org/changes.html#version_8.2-510
http://jdbc.postgresql.org/changes.html#version_8.3-605
http://jdbc.postgresql.org/changes.html#version_8.4-701
+ [Security-announce] VMSA-2009-0008 ESX Service Console update for krb5
http://lists.vmware.com/pipermail/security-announce/2009/000059.html
ProFTPD 1.3.3rc1 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3rc1
Sun VirtualBox 3.0.0 released
http://dlc.sun.com/virtualbox/vboxdownload.html
JVNDB-2009-001551: Pidgin の msn_slplink_process_msg 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001551.html
JVNDB-2009-001550: Pidgin の PurpleCircBuffer 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001550.html
JVNDB-2009-001549: Pidgin の decrypt_out 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001549.html
JVNDB-2009-001548: Pidgin の XMPP SOCKS5 バイトストリームサーバにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001548.html
JVNDB-2009-001547: Sun Solaris の sadmind における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001547.html
JVNDB-2009-001546: Sun Solaris の sadmind におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001546.html
JVNDB-2009-001545: Cosminexus、Processing Kit for XML および Hitachi Developer's Kit for Java における不正 zip ファイル走査 API による不正アクセスの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001545.html
JVNDB-2009-001544: Cosminexus、Processing Kit for XML および Hitachi Developer's Kit for Java におけるエンコーディング処理に関する不正アクセスの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001544.html
JVNDB-2009-001166: JDK および JRE の Java プラグインにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001166.html
JVNDB-2009-001062: Linux kernel の sctp 実装におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001062.html
JVNDB-2008-001465: FreeType2 における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001465.html
JVNDB-2007-000997: OpenSSH における信頼されるクッキーの取り扱いの問題
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000997.html
JVNDB-2006-000589: OpenSSH の GSSAPI 認証に特定ユーザ名の妥当性不備による異常終了の脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000589.html
JVNDB-2006-000295: FreeType における複数の整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000295.html
JVNDB-2006-000069: OpenSSH の scp コマンド におけるシェルコマンドを挿入される脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000069.html
JVNDB-2004-000172: ProFTPD における CIDR 形式の ACL によりアクセス制御を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000172.html
ウイルスバスターコーポレートエディション・Trend Microビジネスセキュリティにおける修正プログラム公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1275
ウイルスバスター コーポレートエディション 8.0 SP1 Patch 3.1 及び ウイルスバスター コーポレートエディション 7.3 Patch 6 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1274
2010年上半期(1月~6月)のサポートサービス終了予定製品のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1272
Kernel release: 2.6.30.1-rc1
http://www.linux.org/news/2009/06/30/0003.html
Kernel release: 2.6.29.6-rc1
http://www.linux.org/news/2009/06/30/0002.html
Kernel release: 2.6.27.26-rc1
http://www.linux.org/news/2009/06/30/0001.html
Installing VMware Tools
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=340&sliceId=1&docTypeID=DT_KB_1_1
「簡単な在宅ワークで月5000ドル以上!」――うまい話にはご用心
「お金をかけずに始められます」、実際には月額80ドルの会費を徴収
http://itpro.nikkeibp.co.jp/article/NEWS/20090701/332989/?ST=security
CPNI-957037: SSH 通信において一部データが漏えいする可能性
http://jvn.jp/niscc/CPNI-957037/index.html
JPCERT/CC WEEKLY REPORT 2009-07-01
http://www.jpcert.or.jp/wr/2009/wr092501.html
Sun Java System Access Manager Input Validation Hole in Cross-Domain Controller Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Jun/1022483.html
MySQL Connector/Net is Missing SSL Certificate Validation
http://securitytracker.com/alerts/2009/Jun/1022482.html
osTicket Staff Username Input Validation Flaw Lets Remote Users Inject SQL Commands
http://securitytracker.com/alerts/2009/Jun/1022480.html
Sun Java Web Console Input Validation Holes Permit Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Jun/1022479.html
libc gdtoa Array Overrun May Let Remote or Local Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Jun/1022478.html
+ libiconv 1.13.1 released
http://www.gnu.org/software/libiconv/
+ PHP 5.3.0 Released!
http://php.net/releases/5_3_0.php
+ Solution 256788: Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause a Denial of Service (DoS) (Adobe Security Bulletin APSB09-04)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1
+ RHBA-2009:1133-2: kernel bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1133.html
+ RHSA-2009:1132-01: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1132.html
+ Linux Kernel 'kvm_arch_vcpu_ioctl_set_sregs()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35529/
NTTコムがドイツのセキュリティ企業買収へ
http://itpro.nikkeibp.co.jp/article/NEWS/20090630/332954/?ST=security
MySQL Workbench 5.1.16 GA Available
http://dev.mysql.com/workbench/?page_id=49
Dovecot 1.2.rc8 released
http://www.dovecot.org/list/dovecot-news/2009-June/000118.html
Danfoss Embeds MySQL for Improved Software Availability & Flexibility
http://www.mysql.com/news-and-events/generate-article.php?id=2009_12
pgAdmin v1.10.0 now available!
http://www.postgresql.org/about/news.1107
Is deporting all disks groups an acceptable process for upgrading from previous versions of Veritas Storage Foundation for Windows and High Availability Solutions (SFW/HA) to SFW/HA 5.1 with Dynamic Multipathing (DMP) and having multiple paths enabled?
http://seer.entsupport.symantec.com/docs/327185.htm
GLSA 200906-05: Wireshark: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29707
RHSA-2009:1132-01: Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29704
SSA:2009-181-01: ghostscript
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29703
GLSA 200906-03: phpMyAdmin: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29705
GLSA 200906-04: Apache Tomcat JK Connector: Information disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29706
MDVSA-2009:146: imap
http://www.criticalwatch.com/support/security-advisories.aspx?AID=29702
RHSA-2009:1134-1: Important: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-1134.html
[ MDVSA-2009:147 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00260.html
dedecms v5.3 Arbitrary File Upload Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00262.html
Empire Cms 5.1 sql injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00261.html
XAMPP for Windows (Xss/PHPinfo) Multiple Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00258.html
SIPS v0.2.2 Remote File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00256.html
[ GLSA 200906-05 ] Wireshark: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00255.html
Multiple Flaws in Huawei D100
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00254.html
[ GLSA 200906-04 ] Apache Tomcat JK Connector: Information disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00253.html
[ GLSA 200906-03 ] phpMyAdmin: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-06/msg00252.html
Firefox 3.5 is available
http://isc.sans.org/diary.html?storyid=6688
PunBB Affiliation Module SQL Injection Vulnerabilities
http://secunia.com/advisories/35654/
PunBB Vote For Us Module SQL Injection Vulnerabilities
http://secunia.com/advisories/35653/
Sun Java System Access Manager CDC Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35651/
HP-UX Apache Web Server Suite Multiple Vulnerabilities
http://secunia.com/advisories/35650/
TangoCMS "Html::textarea()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/35642/
IBM AIX update for OpenSSL
http://secunia.com/advisories/35640/
Avaya CMS Solaris Event Port API Race Condition Vulnerabilities
http://secunia.com/advisories/35637/
Avaya CMS Solaris Ultra-SPARC T2 Crypto Provider Device Driver Vulnerability
http://secunia.com/advisories/35636/
Gentoo update for phpMyAdmin
http://secunia.com/advisories/35635/
Gentoo update for mod-jk
http://secunia.com/advisories/35634/
osTicket Administrator Login SQL Injection Vulnerability
http://secunia.com/advisories/35629/
Gizmo SSL Certificate Validation Security Issue
http://secunia.com/advisories/35628/
DM FileManager "SECURITY_FILE" File Inclusion Vulnerability
http://secunia.com/advisories/35622/
WordPress DM Albums Plugin "SECURITY_FILE" File Inclusion Vulnerability
http://secunia.com/advisories/35619/
NEWSolved Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/35611/
Audio Article Directory "file" Local File Disclosure Vulnerability
http://secunia.com/advisories/35609/
Joomla BookFlip Component "book_id" SQL Injection Vulnerability
http://secunia.com/advisories/35608/
Clicknet CMS "side" PHP Source Disclosure Weakness
http://secunia.com/advisories/35607/
Red Hat update for kernel
http://secunia.com/advisories/35601/
HT-MP3Player ".ht3" Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35599/
SCMPX Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/35596/
NEWSolved "newsscript.php" Multiple SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2009/1739
Audio Article Directory "file" Parameter File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1738
BookFlip Component for Joomla "book_id" SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1737
Clicknet CMS "side" Parameter Processing File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1736
PHP-Sugar "t" Parameter Processing File Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1735
Almnzm "customer" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1734
K2 Component for Joomla "category" Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1733
com_php for Joomla "id" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1732
Messages Library "CatID" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1731
Whois.Cart "cpanel_1_log.htm" Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/1730
SCMPX M3U Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1729
HT-MP3Player ".ht3" File Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1728
HP-UX Web Server Suite Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/1727
osTicket Administrative Login Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2009/1726
IBM AIX OpenSSL DTLS Data Handling Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/1720
HP OpenView Network Node Manager "rping" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1719
Baofeng Storm "smpl" Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1718
Motorola Timbuktu "PlughNTCommand" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1717
Tor Remote Denial of Service and DNS Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/1716
Unisys Business Information Server Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/1715
TFM MMPlayer 2.0 (m3u/ppl) Universal Buffer Overflow Exploit (SEH)
http://www.milw0rm.com/exploits/9047
fuzzylime (cms) Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/35541
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -14 through -22 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/34656
4homepages 4images Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35342
Mozilla Firefox/Thunderbird/SeaMonkey Null Owner Document Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/35383
Mozilla Firefox/Thunderbird/SeaMonkey Multiple JavaScript Engine Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35372
Mozilla Firefox/Thunderbird/SeaMonkey Double Frame Construction Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35371
Mozilla Firefox and SeaMonkey JavaScript Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35373
Mozilla Firefox/Thunderbird/SeaMonkey Multiple Browser Engine Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/35370
Mozilla Thunderbird/Seamonkey Multipart Alternative Message Memory Corruption Vulnerability
http://www.securityfocus.com/bid/35461
fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/30213
Edraw PDF Viewer Component Active X Control Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/35428
Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
http://www.securityfocus.com/bid/35380
Serene Bach Session Hijacking Vulnerability
http://www.securityfocus.com/bid/35254
TSEP Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/35539
BIGACE Web CMS 'cmd' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/35537
Mahara 'Artefact' in Saved View Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35535
WordPress Related Sites Plugin 'guid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35538
Simple Machines Forum Member Awards 'index.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/35536
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
http://www.securityfocus.com/bid/35451
FireStats Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/35533
Wireshark PCNFSD Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/35081
Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34457
Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/33690
Wireshark PN-DCP Data Format String Vulnerability
http://www.securityfocus.com/bid/34291
Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31838
Wireshark 1.0.4 SMTP Denial of Service Vulnerability
http://www.securityfocus.com/bid/32422
TBDEV.NET Multiple Cross Site Scripting And HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/35366
FireStats 'firestats-wordpress.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/35367
Pidgin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35067
phpMyAdmin 'db' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35531
Linux Kernel 'kvm_arch_vcpu_ioctl_set_sregs()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35529
Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34445
Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34184
Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35530
Palm webOS Prior to 1.0.4 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/35528
Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673
Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205
Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34957
phpMyAdmin 'export page' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/34251
phpMyAdmin 'setup.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/34236
International Components for Unicode Invalid Byte Sequence Handling Vulnerability
http://www.securityfocus.com/bid/34974
PCRE Regular Expression Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30087
Joomla! BookFlip Component 'book_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/35519
DM Albums 'album.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/35521
Green Dam Youth Escort Filter File Processing Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35343
Green Dam Youth Escort 'SurfGd.dll' URI Processing Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35341
Mahara Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/35534
LightOpenCMS 'smarty.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/35497
Sun Solaris Ultra-SPARC T2 Crypto Provider Device Driver Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35438
Sun Solaris Event Port API Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35437
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sun Java System Access Manager Cross-Domain Controller (CDC) Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/35527
PHP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/30649
PHP SAPI 'php_getuid()' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32688
RETIRED: JoomlaPraise Projectfork Joomla! Component Local File Include Vulnerability
http://www.securityfocus.com/bid/35378
PHP ZipArchive::extractTo() '.zip' Files Directory Traversal Vulnerability
http://www.securityfocus.com/bid/32625
PHP 'mbstring' Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/32948
PHP 'imageRotate()' Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33002
PHP 'chdir()' and 'ftok()' 'safe_mode' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/29796
PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31612
PHP 'error_log' Safe Mode Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/32383
PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/29009
PHP 'rfc822_write_address()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/29829
PHP 5 'posix_access()' Function 'safe_mode' Bypass Directory Traversal Vulnerability
http://www.securityfocus.com/bid/29797
Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/27234
Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34412
Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/25653
0 件のコメント:
コメントを投稿