18日 火曜日、先負

JVNDB-2009-001895 IBM AIX の ToolTalk ライブラリにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001895.html

JVNDB-2009-001894 Microsoft Office Web コンポーネントのスプレッドシート ActiveX コントロールに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001894.html

JVNDB-2009-001893 Hitachi Business Logic におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001893.html

JVNDB-2009-001892 Apache httpd の mod_deflate モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001892.html

JVNDB-2009-001891 Daniel J. Bernstein djbdns における DNS レスポンスに任意のレコードを登録される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001891.html

Adobe JRun Management Console Input Validation Flaws Permit Cross-Site Scripting and Directory Traversal Attacks
http://securitytracker.com/alerts/2009/Aug/1022737.html

Adobe ColdFusion Bugs Permit Cross-Site Scripting, Information Disclosure, and Session Fixation Attacks
http://securitytracker.com/alerts/2009/Aug/1022736.html

IBM WebSphere Application Server Flaw in SCA Feature Pack Lets Remote Authenticated Users Bypass Access Controls
http://securitytracker.com/alerts/2009/Aug/1022735.html

Sun Virtual Desktop Infrastructure May Use an Insecure LDAP Connection
http://securitytracker.com/alerts/2009/Aug/1022734.html




+ Dovecot 1.2.4 released
http://www.dovecot.org/list/dovecot-news/2009-August/000133.html

+ Linux Kernel release: 2.6.27.31
http://www.linux.org/news/2009/08/17/0013.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.31

Torvalds bashes vendor-sec private Linux security list
http://www.linux.org/news/2009/08/17/0012.html

10 reasons Linux should be your netbook operating system
http://www.linux.org/news/2009/08/17/0011.html

Linux from Scratch 6.5: The DIY operating system guide
http://www.linux.org/news/2009/08/17/0010.html

Red Hat Increases Investment In Partner Ecosystem, Launches Enhanced Partner Program
http://www.linux.org/news/2009/08/17/0009.html

Red Hat Names 2009 Red Hat Certified Engineers of the Year
http://www.linux.org/news/2009/08/17/0008.html

Dell Vouches for Quality of Linux Netbooks
http://www.linux.org/news/2009/08/17/0007.html

Happy sweet 16 Debian - where now?
http://www.linux.org/news/2009/08/17/0006.html

The greatest open source software of all time
http://www.linux.org/news/2009/08/17/0005.html

Working (Really) Remotely with Linux
http://www.linux.org/news/2009/08/17/0004.html

Critical vulnerability in the Linux kernel affects all versions since 2001
http://www.linux.org/news/2009/08/17/0003.html

Boom in requests for Linux drivers
http://www.linux.org/news/2009/08/17/0002.html

IBM halves mainframe Linux engine prices
http://www.linux.org/news/2009/08/17/0001.html

Should businesses support Linux?
http://www.linux.org/news/2009/08/16/0003.html

RHEA-2009:1214-1: tzdata enhancement update
http://rhn.redhat.com/errata/RHEA-2009-1214.html

Mandriva : wxgtk
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30129

Sense of Security : Piwigo SQL Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30135

Debian : New Linux 2.6.24 packages fix privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30132

Debian : New Linux 2.6.18 packages fix several vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30133

Debian : New zope2.10/zope2.9 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30131

Mandriva : curl
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30128

Debian : New Linux 2.6.26 packages fix privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30130

TheGreenBow VPN Client tgbvpn.sys DoS and Potential Local
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00137.html

[DSECRG-09-052] Adobe JRun 4 Directory Traversal Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00134.html

[DSECRG-09-051] Adobe JRun 4 Multiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00135.html

[DSECRG-09-022] Adobe Coldfusion 8 Multiple Linked XSS Vulnerabilies
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00129.html

Piwigo SQL Injection Vulnerability - Security Advisory - SOS-09-007
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00127.html

[ MDVSA-2009:204 ] wxgtk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00132.html

[SECURITY] [DSA 1865-1] New Linux 2.6.18 packages fix several vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00136.html

DUgallery 3.0 / Remote Admin Bug
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00128.html

[SECURITY] [DSA 1864-1] New Linux 2.6.24 packages fix privilege escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00130.html

[ MDVSA-2009:203 ] curl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00126.html

[SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00125.html

DeepSec 2009 - Preliminary Schedule is online
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00133.html

Easy Music Player 1.0.0.2 (wav) Universal Local Buffer Exploit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-08/msg00131.html

YAMWD: Yet Another Mass Web Defacement
http://isc.sans.org/diary.html?storyid=6973

Fedora update for thunderbird
http://secunia.com/advisories/36340/

Fedora update for wordpress-mu
http://secunia.com/advisories/36339/

Fedora update for mingw32-libxml2
http://secunia.com/advisories/36338/

Fedora update for libxml
http://secunia.com/advisories/36337/

Fedora update for kernel
http://secunia.com/advisories/36336/

Piwigo "items_number" SQL Injection Vulnerability
http://secunia.com/advisories/36333/

Sun Solaris Virtual Desktop Infrastructure Secure LDAP Vulnerability
http://secunia.com/advisories/36330/

Sniper Elite Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/36328/

Debian update for linux-2.6
http://secunia.com/advisories/36327/

Slackware update for curl
http://secunia.com/advisories/36326/

Debian update for linux-2.6
http://secunia.com/advisories/36325/

Debian update for zope2.10 and zope2.9
http://secunia.com/advisories/36324/

Debian update for linux-2.6.24
http://secunia.com/advisories/36322/

IBM WebSphere Application Server Feature Pack for SCA Security Bypass
http://secunia.com/advisories/36306/

Sun Solaris LibTIFF tiff2rgba and rgb2ycbcr Integer Overflows
http://secunia.com/advisories/36276/

Hiki 0.8.8.1 is now released
http://sourceforge.jp/projects/hiki/releases/
http://svn.sourceforge.jp/svnroot/hiki/hiki/tags/v0_8_8_1/ChangeLog

Adobe ColdFusion Cross Site Scripting and Session Fixation Vulnerabilities
http://www.vupen.com/english/advisories/2009/2286

Adobe JRun Directory Traversal and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2285

IBM WebSphere Application Server SCA Feature Pack Vulnerability
http://www.vupen.com/english/advisories/2009/2284

Sun Solaris LibTIFF "tiff2rgba" and "rgb2ycbcr" Integer Overflow Issues
http://www.vupen.com/english/advisories/2009/2283

Sun Virtual Desktop Infrastructure Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2009/2282

HP Insight Control Suite For Linux (ICE-LX) Multiple Remote Vulnerabilities
http://www.vupen.com/english/advisories/2009/2281

Linux Kernel "proto_ops" NULL Pointer Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/2272