+ RHSA-2010:0020-1: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2010-0020.html
[Announce] libassuan 2.0.0 released
ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.0.0.tar.bz2
JVNDB-2009-002399 MySQL における権限チェックを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002399.html
JVNDB-2009-002398 MySQL における SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002398.html
JVNDB-2009-002397 Microsoft Windows の kernel における SMB 応答パケットの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002397.html
Adobe Illustrator Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023418.html
JUNOS Unspecified Bug Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jan/1023417.html
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/26943
Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37519
Linux e1000e Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37523
+ 「NTP プロトコルに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp568372.html
+ 「TCP プロトコルに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/tcp723308.html
+ Samba 3.4.4 Available for Download
http://samba.org/samba/history/samba-3.4.4.html
+ Linux kernel 2.6.31.11 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.11
+ RHSA-2010:0018-1: Moderate: dbus security update
http://rhn.redhat.com/errata/RHSA-2010-0018.html
http://www.securityfocus.com/bid/31602
+ RHSA-2010:0019-1: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2010-0019.html
- Samba 3.5.0rc1 Available for Download
http://samba.org/samba/ftp/rc/WHATSNEW-3-5-0rc1.txt
- Oracle Critical Patch Update Pre-Release Announcement - January 2010
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://www.securityfocus.com/bid/37668
- RHEA-2010:0014-1: tzdata enhancement update
http://rhn.redhat.com/errata/RHEA-2010-0014.html
- Microsoft January 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/37664
APSB10-02: Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-02.html
APSB10-01: Security updates available for Adobe Illustrator CS4 and CS3
http://www.adobe.com/support/security/bulletins/apsb10-01.html
Debian : New horde3 packages fix cross-site scripting
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31385
Mandriva : apache-conf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31382
Mandriva : apache-conf
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31383
VMware : ESX Service Console updates for nss and nspr
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31389
Debian : New phpldapadmin packages fix remote file inclusion
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31384
FreeBSD : bind
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31386
FreeBSD : ntpd
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31387
FreeBSD : zfs
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31388
Independent Researcher : Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31390
2009年は「USBウイルス」の届け出が最多、Web経由の攻撃も“定番”に
トレンドマイクロが年間レポートを公表、「届け出数は年間4万5000件以上」
http://itpro.nikkeibp.co.jp/article/NEWS/20100107/342967/?ST=security
「ガンブラー被害を食い止めるには?」---トレンドマイクロが不正プログラム動向を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20100107/342965/?ST=security
Web サイト改ざん及びいわゆる Gumblar ウイルス感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100001.txt
[SECURITY] [DSA 1967-1] New transmission packages fix directory traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00042.html
Security contact at Lexmark?
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00043.html
[SECURITY] [DSA 1966-1] New horde3 packages fix cross-site scripting
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00038.html
[USN-880-1] GIMP vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00040.html
[ MDVSA-2009:300-2 ] apache-conf
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00035.html
[ MDVSA-2009:300-1 ] apache-conf
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00037.html
VMSA-2010-0001 ESX Service Console updates for nss and nspr
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00041.html
FreeBSD Security Advisory FreeBSD-SA-10:03.zfs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00039.html
FreeBSD Security Advisory FreeBSD-SA-10:02.ntpd
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00036.html
FreeBSD Security Advisory FreeBSD-SA-10:01.bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00034.html
Static analysis of malicous PDFs (Part #2)
http://isc.sans.org/diary.html?storyid=7906
Juniper routers may crash on certain malformed packets
http://isc.sans.org/diary.html?storyid=7909
FreeBSD ZFS Intent Log "setattr" Transaction Replay Weakness
http://secunia.com/advisories/38124/
FreeBSD update for ntpd
http://secunia.com/advisories/38123/
Drupal Wunderbar! Module Script Insertion Vulnerability
http://secunia.com/advisories/38122/
Drupal Currency Exchange Module Script Insertion Vulnerability
http://secunia.com/advisories/38121/
FreeBSD update for bind
http://secunia.com/advisories/38120/
Dada Mail Bridge Plugin Unspecified Security Bypass
http://secunia.com/advisories/38111/
Debian update for phpldapadmin
http://secunia.com/advisories/38110/
Fedora update for condor
http://secunia.com/advisories/38095/
VMware ESX / vMA update for nss and nspr
http://secunia.com/advisories/38091/
Couffin "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38077/
JBoss Enterprise Web Server update for httpd and httpd22
http://secunia.com/advisories/38069/
Fedora update for pdns-recursor
http://secunia.com/advisories/38068/
AWCM Information Disclosure Security Issue
http://secunia.com/advisories/38065/
PHPDirector Game Edition Multiple Vulnerabilities
http://secunia.com/advisories/38042/
PHPDug "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38041/
Lebisoft zdefter Database Disclosure Security Issue
http://secunia.com/advisories/38039/
Erolife AjxGaleri VT Information Disclosure Security Issue
http://secunia.com/advisories/38033/
Sniggabo CMS "q" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38029/
Joomla Document Seller for Docman Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/38024/
Drupal Forward Module Script Insertion Vulnerabilities
http://secunia.com/advisories/38011/
Zeeways eBay Clone Auction Script "id" SQL Injection Vulnerability
http://secunia.com/advisories/38006/
Transmission "name" Key Directory Traversal Vulnerability
http://secunia.com/advisories/38005/
PowerDNS Recursor Spoofing and Buffer Overflow Vulnerabilities
http://secunia.com/advisories/38004/
Avaya Products TLS Session Renegotiation Plaintext Injection Vulnerability
http://secunia.com/advisories/38003/
Avaya Products Two Vulnerabilities
http://secunia.com/advisories/37922/
Avaya Products Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/37919/
Avaya CMS Multiple Vulnerabilities
http://secunia.com/advisories/37883/
OpenSolaris 'hald' Daemon May Fail to Write Records to the Audit Log
http://securitytracker.com/alerts/2010/Jan/1023416.html
Kingston DataTraveler USB Flash Drive Password Validation Flaw Lets Local Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Jan/1023410.html
Verbatim Corporate Secure USB Flash Drive Password Validation Flaw Lets Local Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Jan/1023409.html
SanDisk Cruzer Enterprise USB Flash Drive Password Validation Flaw Lets Local Users Bypass Access Controls
http://securitytracker.com/alerts/2010/Jan/1023408.html
FreeBSD ZFS Intent Log Mechanism May Let Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Jan/1023407.html
JcomBand toolbar on IE ActiveX Buffer Overflow Exploit
http://www.exploit-db.com/exploits/11059
Drupal Currency Exchange Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0063
Drupal Wunderbar Module Username Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/0062
VMware ESX and vMA Security Update Fixes NSS and NSPR Issues
http://www.vupen.com/english/advisories/2010/0061
PowerDNS Recursor Buffer Overflow and Domain Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2010/0054
TYPO3 Diocese of Portsmouth Calendar Unspecified SQL Injection Vulnerability
2010-12-15
http://www.securityfocus.com/bid/37618
ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111
Symantec Altiris Deployment Solution Authentication Handshake Race Condition Security Vulnerability
http://www.securityfocus.com/bid/36112
Million Pixel Script 'pa' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37315
Adobe Reader and Acrobat 'newplayer()' JavaScript Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37331
Adobe Illustrator Encapsulated Postscript File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37192
D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
http://www.securityfocus.com/bid/31602
Transmission Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/37659
Symantec Altiris Deployment Solution 'DBManager' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/36110
Linux Kernel 'drivers/firewire/ohci.c' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/37339
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Linux Kernel Ext4 'move extents' ioctl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37277
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 'net/mac80211/' Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/37170
Linux Kernel 'drivers/scsi/gdth.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37068
Linux Kernel 'ip_frag_reasm() ' Null Pointer Deference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37231
Linux Kernel 'fuse_direct_io()' Invalid Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/37069
Linux Kernel 'megaraid_sas' Driver Insecure File Permission Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37019
Linux Kernel 'hfc_usb.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37036
Linux Kernel Keyring 'refcount' Local Integer Underflow Vulnerability
http://www.securityfocus.com/bid/36793
GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040
GIMP BMP Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37006
Symantec Altiris Deployment Solution 'Aclient' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36111
Apache HTTP TRACE Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36990
Drupal Forward Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/37658
Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37351
Multiple Horde Products Cross-Site Scripting Vulnerabilities and File Overwrite Vulnerability
http://www.securityfocus.com/bid/36382
FreeBSD ZFS ZIL Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/37657
Sun OpenSolaris 'hald' Daemon Unspecified Vulnerability
http://www.securityfocus.com/bid/37656
QuickPlayer '.m3u' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/30252
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
HP OpenView Data Protector Application Recovery Manager Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37250
Condor Job Submission Security Bypass Vulnerability
http://www.securityfocus.com/bid/37443
PowerDNS Recursor Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37653
PowerDNS Recurser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37650
HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37396
Novell iManager Importing/Exporting Schema Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37672
Juniper Networks JUNOS Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/37670
dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37669
Oracle January 2010 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/37668
Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37667
Adobe Illustrator Unspecified Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37666
TTPlayer '.m3u' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37665
Microsoft January 2010 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/37664
Kantaris Media Player '.m3u' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37662
Dada Mail Dada Bridge Plugin Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/37661
Joomla! Document Seller for Docman 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37660
Joomla! DM Orders Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37655
0 件のコメント:
コメントを投稿