+ MySQL 5.0.91 released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
- マイクロソフト セキュリティ アドバイザリ (2028859): Canonical Display Driver の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2028859.mspx
JPCERT/CC WEEKLY REPORT 2010-05-19
http://www.jpcert.or.jp/wr/2010/wr101801.html
Linux Kernel Use-After-Free Flaw in tcp_v6_conn_request() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1023992.html
Windows Memory Error in Canonical Display Driver Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/May/1023991.html
+ HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02115103
+ Velocity 1.6.4 released
http://velocity.apache.org/news.html#engine164
+ VelocityTools 2.0 released
http://velocity.apache.org/news.html#tools20
+ Perl 5.12.1 now available
http://use.perl.org/article.pl?sid=10/05/18/1534218
+ RHSA-2010:0423-1: Important: krb5 security update
http://rhn.redhat.com/errata/RHSA-2010-0423.html
+ MOPS-2010-032: PHP iconv_mime_decode() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/18/mops-2010-032-php-iconv_mime_decode-interruption-information-leak-vulnerability/
+ MOPS-2010-033: PHP iconv_substr() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/18/mops-2010-033-php-iconv_substr-interruption-information-leak-vulnerability/
+ MOPS-2010-034: PHP iconv_mime_encode() Interruption Information Leak Vulnerability
http://php-security.org/2010/05/18/mops-2010-034-php-iconv_mime_encode-interruption-information-leak-vulnerability/
+- Linux Kernel Btrfs Cloned File Security Bypass Vulnerability
http://www.securityfocus.com/bid/40241
-? DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00148.html
- jetty 7.1.1 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
- Microsoft Security Advisory (2028859): Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://www.vupen.com/english/advisories/2010/1178
http://www.securityfocus.com/bid/40237
- Samba Packets Processing Remote Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1175
HT4170: About the security content of Java for Mac OS X 10.5 Update 7
http://support.apple.com/kb/HT4170
HT4171: About the security content of Java for Mac OS X 10.6 Update 2
http://support.apple.com/kb/HT4171
Nexaweb Launches Industry’s First Commercial FX/MM Customer Service Software
http://www.nexaweb.com/about/news-events/press-releases/default.cfm?id=49
Document ID: 354412: Server bugcheck 0x3B when using SCSI-3 reservations
http://seer.entsupport.symantec.com/docs/354412.htm
Document ID: 354321: V-16-10-65 "Could not load :-hacf" appears when the templates option is selected from the VCS Cluster Manager - Veritas Storage Foundation HA for Windows
http://seer.entsupport.symantec.com/docs/354321.htm
Document ID: 352031: Device Driver Installation Package 1 (DDI-1) for Veritas Storage Foundation (tm) 5.1 Service Pack 1 (SP1) for Windows (SFW)
http://seer.entsupport.symantec.com/docs/352031.htm
RHBA-2010:0417-1: gdb bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0417.html
RHBA-2010:0418-1: xen bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0418.html
RHBA-2010:0420-1: quagga bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0420.html
RHBA-2010:0421-1: vnc bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0421.html
RHBA-2010:0422-1: net-snmp bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0422.html
Due to a possible dead lock on rpmdb, upgrading ESX 4.0 to 4.0 Update 1 can fail or time out and leave the host in an unusable state
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1016070&sliceId=1&docTypeID=DT_KB_1_1
Hewlett-Packard : HP System Management Homepage (SMH), Information Disclosure, Data Modification, DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32614
Hewlett-Packard : Certain Broadcom Integrated NIC Firmware, Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32615
Mandriva : pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32604
MustLive : DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32609
Check Point Software Technologies : GhostScript Vulnerability Clarification - CVE-2010-1869
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32607
Debian : New pidgin packages fix regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32605
Debian : New aria2 packages fix directory traversal
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32606
「Twitterウイルス」の作成ツール出現、ツイートで感染PCを操作
マウスクリックで簡単作成、DDoS攻撃やウイルス感染の踏み台に
http://itpro.nikkeibp.co.jp/article/NEWS/20100519/348174/?ST=security
シマンテックが情報漏えい対策ソフトの新版を発表、ソーシャルメディア対策を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20100518/348167/?ST=security
JVNDB-2010-001444 Apple Mac OS X 上で稼働する Safari における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001444.html
JVNDB-2010-001443 KDE の KDM における制御ソケットの処理に関する権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001443.html
JVNDB-2010-001442 Free Software Foundation Berkeley DB の NSS モジュールにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001442.html
[ MDVSA-2010:099 ] wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00155.html
MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00153.html
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized A
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00152.html
Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00151.html
[ MDVSA-2010:097 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00144.html
DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00148.html
[security bulletin] HPSBGN02511 SSRT100022 rev.3 - Certain HP Small Form Factor, Microtower and
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00142.html
Security Awareness for kids
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00147.html
Stored XSS vulnerability in NPDS REvolution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00146.html
XSS vulnerability in JComments, Joomla
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00143.html
XSS vulnerability in NPDS REvolution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00145.html
[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00140.html
[security bulletin] HPSBOV02497 SSRT090245 rev.3 - HP TCP/IP Services for OpenVMS Running NTP, R
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00149.html
[SECURITY] [DSA 2038-2] New pidgin packages fix regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00141.html
EFF paper about browser tracking
http://isc.sans.org/diary.html?storyid=8812
Canonical Display Driver Vulnerability
http://isc.sans.org/diary.html?storyid=8809
Metasploit Framework 3.4.0 Released
http://www.metasploit.com/framework/download/
Kerberos GSS-API Library Null Pointer Dereference Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2010/May/1023989.html
PostgreSQL Flaws in Safe.pm and PL/Perl Let Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1023988.html
PostgreSQL Insecure Permissions on pltcl_modules Table Lets Remote Authenticated Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/May/1023987.html
HP Performance Manager Apache Tomcat Multiple Vulnerabilities
http://secunia.com/advisories/39847/
WebLOADER "vid" SQL Injection Vulnerability
http://secunia.com/advisories/39859/
CompactCMS TinyBrowser File Upload Security Issues
http://secunia.com/advisories/39841/
LFTP Insecure "Content-Disposition" Suggested Filename Handling Weakness
http://secunia.com/advisories/39861/
JE CMS "categoryid" SQL Injection Vulnerability
http://secunia.com/advisories/39851/
HP System Management Homepage TLS/SSL Vulnerability
http://secunia.com/advisories/39777/
Palo Alto Networks PAN-OS "role" Script Insertion Vulnerability
http://secunia.com/advisories/39798/
SpringSource tc Server Encrypted Password Security Bypass
http://secunia.com/advisories/39778/
Magtrb MyNews Multiple Vulnerabilities
http://secunia.com/advisories/39848/
PostgreSQL Two Vulnerabilities
http://secunia.com/advisories/39845/
Hitachi EUR Products Code Execution Vulnerability
http://secunia.com/advisories/39855/
Hitachi XMAP3 Products Code Execution Vulnerability
http://secunia.com/advisories/39853/
Debian update for aria2
http://secunia.com/advisories/39759/
Microsoft Windows Canonical Display Driver Aero Theme Vulnerability
http://www.vupen.com/english/advisories/2010/1178
MIT Kerberos GSS-API Missing Checksum Field Denial of Service
http://www.vupen.com/english/advisories/2010/1177
HP Performance Manager Tomcat Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1176
Samba Packets Processing Remote Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1175
HP System Management Homepage TLS/SSL Renegotiation Vulnerability
http://www.vupen.com/english/advisories/2010/1174
Palo Alto PAN-OS "role" Parameter Cross Site Sripting Vulnerability
http://www.vupen.com/english/advisories/2010/1173
Hitachi Web Server SSL Security Bypass and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/1172
Hitachi TP1/Message Control Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1171
Hitachi Collaboration Common Utility Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1170
Hitachi XMAP3 Products Unspecified Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1169
Hitachi EUR Products Unspecified Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/1168
PostgreSQL PL/perl and PL/tcl Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1167
NEC CapsSuite Small Edition PatchMeister Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1166
Fujitsu Interstage Application Server Servlet Service Vulnerability
http://www.vupen.com/english/advisories/2010/1165
Debian Security Update Fixes Aria2 Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/1164
Mandriva Security Update Fixes teTeX Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1163
Linux Kernel Ext4 'move extents' ioctl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37277
Linux Kernel ReiserFS Security Bypass Vulnerability
http://www.securityfocus.com/bid/39344
Linux Kernel RTL8169 NIC 'RxMaxSize' Frame Size Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37521
BibTeX '.bib' File Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34332
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215
dvipng '.dvi' File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39969
TeX Live 'dospecial.c' '.dvi' File Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/39500
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
X.Org X Server RENDER Extension 'mod()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39758
xvfb-run Insecure Magic Cookie Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34828
Oracle Java SE and Java for Business CVE-2010-0848 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39078
Oracle Java SE and Java for Business CVE-2010-0849 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39073
Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39062
Oracle Java SE and Java for Business CVE-2010-0847 Remote Java 2D Vulnerability
http://www.securityfocus.com/bid/39071
Oracle Java SE and Java for Business Unspecified Vulnerabilities
http://www.securityfocus.com/bid/39492
Oracle Java SE and Java for Business Sound Component MIDI Stream Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39084
Oracle Java SE and Java for Business 'XNewPtr()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39083
Oracle Java SE and Java for Business 'readMabCurveData()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39069
Oracle Java SE and Java for Business CVE-2010-0837 Remote Vulnerability
http://www.securityfocus.com/bid/39072
Oracle Java SE and Java for Business CVE-2010-0093 Remote Vulnerability
http://www.securityfocus.com/bid/39088
Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39077
Oracle Java SE and Java for Business ImageIO 'JPEGImageReader' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39067
Oracle Java SE and Java for Business CVE-2010-0095 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39086
Oracle Java SE and Java for Business JRE Trusted Method Chaining Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39065
Oracle Java SE and Java for Business CVE-2010-0094 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39075
Oracle Java SE and Java for Business CVE-2010-0092 Remote Vulnerability
http://www.securityfocus.com/bid/39090
Oracle Java SE and Java for Business CVE-2010-0091 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39096
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/40141
Oracle Java SE and Java for Business CVE-2010-0090 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39091
Oracle Java SE and Java for Business CVE-2010-0089 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/39095
Oracle Java SE and Java for Business CVE-2010-0088 Remote Java Runtime Environme Vulnerability
http://www.securityfocus.com/bid/39081
Oracle Java SE and Java for Business CVE-2010-0087 Remote Vulnerability
http://www.securityfocus.com/bid/39068
Oracle Java SE and Java for Business CVE-2010-0085 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/39094
Oracle Java SE and Java for Business CVE-2010-0082 HotSpot Server Remote Vulnerability
http://www.securityfocus.com/bid/39085
Oracle Java SE and Java for Business CVE-2010-0084 Remote Vulnerability
http://www.securityfocus.com/bid/39093
Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39559
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Wireshark DOCSIS Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/39950
Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40138
Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37942
Apache Tomcat Windows Installer Insecure Password Vulnerability
http://www.securityfocus.com/bid/36954
Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37945
Apache Tomcat XML Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35416
Apache Tomcat WAR File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37944
Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
http://www.securityfocus.com/bid/35196
Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
http://www.securityfocus.com/bid/35193
Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35263
Broadcom NetXtreme ASF Packet Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38759
NTP 'ntpq' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34481
NTP 'ntpd' Autokey Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35017
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Microsoft Visual Basic for Applications Text Parsing Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39931
Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294
ESTsoft InternetDisk Arbitrary File Upload and Script Execution Vulnerability
http://www.securityfocus.com/bid/18279
Ghostscript PostScript Infinite Recursion Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40107
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/38898
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
Linux Kernel VM/VFS 'invalidatepage()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39569
Mozilla Firefox/Thunderbird/SeaMonkey 'nsIContentPolicy' Security Bypass Vulnerability
http://www.securityfocus.com/bid/39479
TeX Live '.dvi' File Parsing Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/39966
Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40243
TeamViewer Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40242
Linux Kernel Btrfs Cloned File Security Bypass Vulnerability
http://www.securityfocus.com/bid/40241
Apple Mac OS X Java Window Drawing Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40240
Apple Mac OS X Java 'mediaLibImage' Object Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40238
Microsoft Windows Canonical Display Driver Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40237
TS Special Edition Unauthorized-Access and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/40234
JoomlaTune JComments Joomla! Component 'ComntrNam' Parameter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40230
NPDS Revolution 'stats.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/40229
NPDS Revolution 'download.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40227
Hitachi Web Server SSL Certificate Revocation Security Bypass Vulnerability
http://www.securityfocus.com/bid/40226
Hitachi Collaboration Common Utility Unspecified Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40224
Hitachi Web Server with SSL Enabled Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40223
Hitachi TP1/Message Control Malformed Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40222
Joomla! 'com_event' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/40214
0 件のコメント:
コメントを投稿