2009年8月17日月曜日

17日 月曜日、友引

JVNDB-2009-001890 FCKEditor におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001890.html

JVNDB-2009-001889 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001889.html

JVNDB-2009-001888 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001888.html

JVNDB-2009-001887 IBM WebSphere Application Server の IBM Stax XMLStreamWriter におけるデータを改ざん可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001887.html

JVNDB-2009-001886 Microsoft Video ActiveX control における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001886.html

JVNDB-2009-001885 Microsoft Windows の MPEG2TuneRequest ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001885.html

JVNDB-2009-001329 NTP の ntpq における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001329.html

JVNDB-2009-001297 Pango の pango_glyph_string_set_size 関数 における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001297.html

JVNDB-2008-000009 Apache Tomcat において不正な Cookie を送信される脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000009.html

ウイルスバスター コーポレートエディション 8.0 Critical Patch (ビルド 3356)のリパック版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1290

InterScan WebManager 6.0 Service Pack 1用 Patch1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1289

中国政府が全PCへの「Green Dam」導入を断念,中国メディアが報じる
http://itpro.nikkeibp.co.jp/article/NEWS/20090817/335582/?ST=security




+ Linux Kernel 2.6.27.30, 2.6.30.5 released
http://www.linux.org/news/2009/08/16/0002.html
http://www.linux.org/news/2009/08/16/0001.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.30
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

+ Solution 255308: A Security Vulnerability May Allow Popup Windows to Appear Through the Solaris XScreenSaver Program
http://sunsolve.sun.com/search/document.do?assetkey=1-66-255308-1

+ Solution 265808: Multiple Integer Overflow Vulnerabilities in the libtiff(3) Image Conversion Tools tiff2rgba and rgb2ycbcr May Lead to Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265808-1

+ The deprecated HTTP/1.1 connector does not reject request URIs containing null bytes
http://tomcat.apache.org/security-4.html

- Linux Kernel Null Pointer Dereference Due to Incorrect proto_ops Initialization Lets Local Users Gain Elevated Privilege
http://securitytracker.com/alerts/2009/Aug/1022732.html

MySQL Workbench 5.1.17 GA Available
http://dev.mysql.com/workbench/?page_id=49

Solution 259988: Devices May Not Appear After Reboot When Using Only One Port of a Sun StorageTek PCIe SAS Host Bus Adapter
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259988-1

Solution 265488: A Security Vulnerability in Sun Virtual Desktop Infrastructure (VDI) Software 3.0 may Lead to Inadvertent use of an Insecure LDAP Connection
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265488-1

Solution 264408: Solaris 10 Systems Using the hme(7D) Driver May Hang On Boot if the Install Image Contains Patch 140179-02
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264408-1

Solution 257329: A Security Vulnerability in Certain System Board Firmware Revisions of Sun Fire V215 Servers with XVR-100 Graphic Cards may Allow an Unprivileged User to Panic the System
http://sunsolve.sun.com/search/document.do?assetkey=1-66-257329-1

The latest snapshot for the stable Linux kernel tree is: 2.6.31-rc6-git1
http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=summary

Suhosin-Extension 0.9.29 released
http://www.hardened-php.net/suhosin/changelog.html#version_0.9.29

Document ID: 329885: Unable to import a diskgroup with harddisks using hardware replication
http://seer.entsupport.symantec.com/docs/329885.htm

Independent Researcher : ByPass a BlueCoat Proxy 8100 Serie authentification
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30124

ShineShadow : ICQ 6.5 HTML-injection vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30123

SuSE : subversion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30116

Debian : New libxml packages fix several issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30117

Google Security Team : Linux NULL pointer dereference due to incorrect proto_ops initializations
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30121

Hewlett-Packard : Insight Control Suite For Linux (ICE-LX) CSRF, Code Execution, DoS, and Other Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30125

Independent Researcher : Elkapax CMS Cross site scripting vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30126

Justin C. Klein Keane : Drupal Print Module Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30120

Red Hat : Moderate: curl security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30118

Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30119

「意味不明なメール」の目的はアドレス収集、スパムやウイルスの予兆
米シマンテックが「ディレクトリハーベスト攻撃」を警告
http://itpro.nikkeibp.co.jp/article/NEWS/20090817/335597/?ST=security

[SECURITY] [DSA 1862-1] New Linux 2.6.26 packages fix privilege escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00124.html

ClubHack2009: Call for Papers/Speakers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00123.html

[ MDVSA-2009:202 ] memcached
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00122.html

ICQ 6.5 HTML-injection vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00121.html

Surviving a third party onsite audit
http://isc.sans.org/diary.html?storyid=6970

Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692) vulnerability
http://isc.sans.org/diary.html?storyid=6964

Deja Vu - 2 Analysis Links
http://isc.sans.org/diary.html?storyid=6967

Linux Kernel Null Pointer Dereference Due to Incorrect proto_ops Initialization Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2009/Aug/1022732.html

SAP NetWeaver Input Validation Flaw in UDDI Client Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Aug/1022731.html

cURL NULL Character Flaw in Server Name Fields Lets Remote Users Spoof Certficiates
http://securitytracker.com/alerts/2009/Aug/1022728.html

Avaya CMS / IR Solaris SCTP Packet Denial of Service
http://secunia.com/advisories/36318/

Avaya Products Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/36317/

Avaya CMS Solaris rpc.nisd NIS+ Server Denial of Service
http://secunia.com/advisories/36315/

GnuTLS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35952

VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35500

Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36038

Memcached Multiple Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35989

Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35983

Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185

Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34673

Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34934

Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/34205

Xen 'hypervisor_callback()' Guest Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/34957

Sun Solaris 'IP(7P)' Multicast Reception Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35474

Sun Solaris 'rpc.nisd(1M)' Daemon NIS+ Server Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35276

Sun Solaris SCTP Packet Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35712

ICQ Incoming Message HTML Injection Vulnerability
http://www.securityfocus.com/bid/36041

0 件のコメント:

コメントを投稿