:: IT Security Neophyte Investigator's MEMO ::: 13日火曜日、友引

2009年10月13日火曜日

13日火曜日、友引

Linux kernel next-20091013
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=summary

Linux kernel 2.6.32-rc4-git2
http://www.kernel.org/diff/diffview.cgi?file=/pub/linux/kernel//v2.6/snapshots/patch-2.6.32-rc4-git2.bz2

Trend Micro InterScan VirusWall スタンダードエディション 7.0 Windows版公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1311

JVNDB-2009-002087 Sun Solaris の IPv6 ネットワーキングスタックにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002087.html

JVNDB-2009-002086 OpenOffice.org におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002086.html

JVNDB-2009-002085 OpenOffice.org における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002085.html

JVNDB-2009-002084 Mac OS X 用 Java の Java Web Start コマンドランチャーにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002084.html

JVNDB-2009-002083 Sun Java SE の Provider クラスにおける詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002083.html

JVNDB-2009-002082 Sun Java SE の Provider クラスにおける詳細不明な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002082.html

Kernel release: 2.6.31.4
http://www.linux.org/news/2009/10/12/0002.html

Kernel release: 2.6.27.37
http://www.linux.org/news/2009/10/12/0001.html

+ Solution 263529: Security Vulnerabilities in Solaris Bundled Tomcat May Lead to Unauthorized Access to Data or Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1

+ Solution 269468: Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1

+ Linux kernel 2.6.27.37, 2.6.31.4 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.37
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.4

[ANNOUNCE] BSF 3.0 released
http://jakarta.apache.org/bsf/

[ANNOUNCE] Jakarta BSF 3.0 released
http://jakarta.apache.org/bsf/

MySQL Server 5.4.3-beta has been released
http://mysql.com/products/enterprise/

[ntp:announce] NTP 4.2.5p230-RC Released
http://www.ntp.org/downloads.html

[ntp:announce] NTP 4.2.5p231-RC Released
http://www.ntp.org/downloads.html

[ANNOUNCE] Apache Buildr 1.3.5 Released
http://buildr.apache.org/#news

INN 2.5.1 released
https://www.isc.org/node/497

Solution 266908: Security vulnerability in Solaris Pidgin (see pidgin(1)), Versions Prior to 2.5.9 may Lead to Execution of Arbitrary Code or a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266908-1

FreeBSD: April-September, 2009 Status Report
http://www.freebsd.org/news/status/report-2009-04-2009-09.html

Dovecot 2.0 alpha released
http://www.dovecot.org/list/dovecot-news/2009-October/000139.html

Linux kernel 2.6.32-rc4 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc4

Which Perl for Win32 PCs with restricted rights?
http://use.perl.org/article.pl?sid=09/10/10/1344242&from=rss

Kernel release: 2.6.32-rc4
http://www.linux.org/news/2009/10/11/0001.html

Kernel release: 2.6.31.4-rc2
http://www.linux.org/news/2009/10/09/0003.html

Kernel release: 2.6.31.4-rc1
http://www.linux.org/news/2009/10/09/0002.html

Kernel release: 2.6.27.37-rc1
http://www.linux.org/news/2009/10/09/0001.html

WebSphere MQ File Transfer Edition V7.0.2 for distributed platforms and z/OS software announcement
http://www-01.ibm.com/support/docview.wss?rs=171&context=SSFKSJ&context=SSEP7X&dc=D600&uid=swg21406409&loc=en_US&cs=UTF-8&lang=en

Document ID: 334286: Veritas Storage Foundation High Availability for Windows 5.1 (SFWHA) and Veritas Cluster Server 5.1 for Windows (VCS) updated System Center Operations Manager 2007 (SCOM) Management Packs (MP)
http://seer.entsupport.symantec.com/docs/334286.htm

Debian : End-of-life announcement for clamav in stable and oldstable
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30592

Debian : New python-django packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30593

Mandriva : xmlsec1
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30596

Computer Associates : Security Notice for CA Anti-Virus Engine
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30584

Debian : New wget packages fix SSL certificate verification weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30581

Debian : New opensaml2 and shibboleth-sp2 packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30594

Independent Researcher : Multiple SQL-Injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30585

Justin C. Klein Keane : Wikitools 6.x-1.2 and 5.x-1.3 XSS Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30588

Justin C. Klein Keane : 5.20 and 6.14 Filter Module (Core) XSS Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30589

Justin C. Klein Keane : 5.20 and 6.14 (Core) XSS Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30590

Mandriva : imagemagick
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30577

Mandriva : graphicsmagick
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30578

Mandriva : awstats
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30597

Mandriva : gd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30598

Mandriva : egroupware
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30599

Mandriva : sympa
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30600

Mandriva : netpbm
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30601

Ubuntu Security Notice : devscripts vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30595

[SECURITY] [DSA 1904-1] New wget packages fix SSL certificate verification weakness
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00067.html

[USN-847-2] devscripts vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00068.html

Docebo Multiple SQL-Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00070.html

[ MDVSA-2009:262 ] netpbm
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00071.html

CA20091008-01: Security Notice for CA Anti-Virus Engine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00066.html

[ MDVSA-2009:260 ] imagemagick
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00069.html

[ MDVSA-2009:261 ] graphicsmagick
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00064.html

[USN-847-1] Devscripts vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00065.html

マイクロソフトとアドビ、「ゼロデイ攻撃」対処のパッチを公開へ
2009年10月14日にそれぞれ公開、リリース予定のパッチは多数
http://itpro.nikkeibp.co.jp/article/NEWS/20091013/338716/?ST=security

新種ウイルスを捕獲する“人柱型”ハニーポット，フォティーンフォティが発売
http://itpro.nikkeibp.co.jp/article/NEWS/20091009/338667/?ST=security

Some interesting SSL SPAM
http://isc.sans.org/diary.html?storyid=7333

Cyber Security Awareness Month - Day 11 - RPCBind aka Portmapper
http://isc.sans.org/diary.html?storyid=7324

Cyber Security Awareness Month - Day 12 Ports 161/162 Simple Network Management Protocol (SNMP)
http://isc.sans.org/diary.html?storyid=7327

User Notification for Possible Infected Systems
http://isc.sans.org/diary.html?storyid=7315

Cyber Security Awareness Month - Day 10 - The Questionsable Ports
http://isc.sans.org/diary.html?storyid=7318

THAWTE to discontinue free Email Certificate Services and Web of Trust Service
http://isc.sans.org/diary.html?storyid=7306

AT&T Cell Phone Phish
http://isc.sans.org/diary.html?storyid=7309

Unbound NSEC3 Signature Validation Bypass Security Issue
http://secunia.com/advisories/36996/

Quick.Cart Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/36994/

Debian update for python-django
http://secunia.com/advisories/36968/

Django forms Library Regular Expressions Denial of Service Vulnerability
http://secunia.com/advisories/36948/

Debian update for wget
http://secunia.com/advisories/36998/

Reflection for Secure IT Active Template Library Vulnerabilities
http://secunia.com/advisories/36993/

ezRecipe-Zee "cfg[prePath]" Remote File Inclusion Vulnerability
http://secunia.com/advisories/36992/

httpdx "h_handlepeer()" Buffer Overflow Vulnerability
http://secunia.com/advisories/36991/

Ubuntu update for devscripts
http://secunia.com/advisories/36987/

Red Hat update for squirrelmail
http://secunia.com/advisories/36986/

aria2 DHT Routing Table Buffer Overflow Vulnerability
http://secunia.com/advisories/36985/

Ubuntu update for icu
http://secunia.com/advisories/36984/

Adobe Reader/Acrobat Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/36983/

Ubuntu update for pan
http://secunia.com/advisories/36981/

Ubuntu update for mimetex
http://secunia.com/advisories/36980/

CA Anti-Virus Engine RAR Processing Two Vulnerabilities
http://secunia.com/advisories/36976/

vBulletin User Profile Script Insertion Vulnerability
http://secunia.com/advisories/36970/

Fedora update for deltarpm
http://secunia.com/advisories/36963/

Fedora update for aria2
http://secunia.com/advisories/36962/

PBBoard Cross-Site Scripting Vulnerability
http://secunia.com/advisories/36947/

HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access
http://www.securiteam.com/unixfocus/6S0032KPPQ.html

TrustPort Antivirus and PC Security Privilege Escalation Vulnerability
http://www.securiteam.com/unixfocus/6T0042KPPE.html

FlatPress FP-includes Remote Command Execution Vulnereability
http://www.securiteam.com/unixfocus/6Q0012KPPI.html

Adobe Photoshop Elements Active File Monitor Service Local Elevation Of Privileges
http://www.securiteam.com/unixfocus/6R0022KPPU.html

CA Anti-Virus arclib RAR Processing Flaws Let Remote Users Deny Service and Potentially Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1022999.html

Adobe Acrobat and Adobe Reader Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1022998.html

VMware Authorization Service Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1022997.html

IBM AIX Buffer Overflow in 'rpc.cmsd' Lets Remote Users Obtain Root Privileges
http://securitytracker.com/alerts/2009/Oct/1022996.html

PostgreSQL Bugs Let Remote Authenticated Users Deny Service and Remote Users Obtain Access
http://securitytracker.com/alerts/2009/Oct/1022992.html

HP LaserJet Printers, Color LaserJet Printers, and Digital Senders Input Validation Flaw Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Oct/1022991.html

Unbound NSEC3 Signature Validation Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/2875

httpdx "h_handlepeer()" Function Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/2874

Reflection for Secure IT Active Template Library Vulnerabilities
http://www.vupen.com/english/advisories/2009/2873

Django Forms Library "EmailField" or "URLField" Denial of Service Issue
http://www.vupen.com/english/advisories/2009/2871

CA Anti-Virus Engine RAR Heap Corruption and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2009/2852

Adobe Reader and Acrobat Unspecified Code Execution Vulnerability
http://www.vupen.com/english/advisories/2009/2851

HP LaserJet Printers Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2850

Symantec SecurityExpressions Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2849

Palm Pre WebOS File Disclosure and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/2848

Omni-NFS Enterprise FTP Remote Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2009/2847

strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35452

Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888

libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33235

libmikmod '.XM' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33240

Multiple Vendor OpenSSL 'DSA_verify' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33151

IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671

Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408

Mono Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/30471

Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36260

Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36596

Apache mod_proxy_ftp Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/36254

Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36604

kses Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/28599

AWStats 'awstats.pl' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/30730

PHP 5.2.3 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/25498

IBM AIX 'rpc.cmsd' Calendar Daemon Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36615

Sympa 'sympa.pl' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/30727

Symantec Altiris eXpress NS SC Download ActiveX Control Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/36346

Netpbm 'pamperspective' Utility Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/31871

Debian devscripts 'uscan' Input Validation Vulnerability
http://www.securityfocus.com/bid/36227

Docebo Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/36654

Wget NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36205

Attachmate Reflection for Secure IT Active Template Library Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/36652

aria2 'DHTRoutingTableDeserializer::deserialize()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36332

Computer Associates Anti-Virus Engine 'arclib' Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36653

ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111

FreeBSD 'kqueue' NULL Pointer Dereference Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36375

SquirrelMail Form Submissions Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/36196

Zlib Compression Library Decompression Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/14340

Django 'EmailField' and 'URLField' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36655

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)