+ glibc 2.11.2 released
http://ftp.gnu.org/gnu/glibc/?C=M;O=D
+ MySQL 5.1.47 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html
+ MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
http://securitytracker.com/alerts/2010/May/1024004.html
- A Security Vulnerability Exists if an OpenSolaris System was Joined to a Windows Domain Using kclient(1M) or smbadm(1M)
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021793.1-1
This Alert covers CVE-2010-0883 and CVE-2010-0884 for the Data Service for Oracle E-Business Suite component of the Sun Cluster product.
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021808.1-1
This Alert covers CVE-2010-0897 for the Sun Java System Directory Server product.
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021812.1-1
This Alert Covers CVE-2010-0888 for the Device Services Component of the Sun Ray Server Software Product
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021732.1-1
This Alert Covers CVE-2010-0894 for the Sun Java System Access Manager Product
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020934.1-1
+ MySQL 5.0.91 released
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html
+ BIND 9.7.0-P2, 9.6.2-P2, 9.6-ESV-R1, 9.5.2-P4, 9.4-ESV-R2 released
http://ftp.isc.org/isc/bind9/9.7.0-P2/9.7.0-P2
http://ftp.isc.org/isc/bind9/9.6.2-P2/9.6.2-P2
http://ftp.isc.org/isc/bind9/9.6-ESV-R1/9.6-ESV-R1
http://ftp.isc.org/isc/bind9/9.5.2-P4/9.5.2-P4
http://ftp.isc.org/isc/bind9/9.4-ESV-R2/9.4-ESV-R2
https://www.isc.org/files/release-notes/9.7.0-P2%20rel%20notes.txt
https://www.isc.org/files/release-notes/9.6.2-P2RelNote.txt
https://www.isc.org/files/release-notes/9.5.2P4%20Rel%20Notes.txt
+ Samba 3.5.3 Available for Download
http://news.samba.org/releases/3.5.3/
http://samba.org/samba/history/samba-3.5.3.html
+ RHSA-2010:0429-1: Moderate: postgresql security update
http://rhn.redhat.com/errata/RHSA-2010-0429.html
+ RHSA-2010:0428-1: Moderate: postgresql security update
http://rhn.redhat.com/errata/RHSA-2010-0428.html
- RHSA-2010:0427-1: Moderate: postgresql security update
http://rhn.redhat.com/errata/RHSA-2010-0427.html
- RHSA-2010:0430-1: Moderate: postgresql84 security update
http://rhn.redhat.com/errata/RHSA-2010-0430.html
- jetty 7.1.1 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-7/VERSION.txt
Servoy moves to PostgreSQL, goes Open Source
http://www.postgresql.org/about/news.1206
Cybercluster 2.0 - Synchronous replication for PostgreSQL
http://www.postgresql.org/about/news.1205
DbWrench Database Design & Synchronization v1.6.4
http://www.postgresql.org/about/news.1204
Independent Researcher : D-Link DI-724P+ Router - Cross Site Scripting Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32624
Red Hat : Important: kernel security and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32623
Apple : Java for Mac OS X 10.6 Update 2
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32620
Apple : Java for Mac OS X 10.5 Update 7
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32621
「Webブラウザーは“痕跡”を残す」、8割のユーザーは追跡可能
ブラウザーが送信する情報で識別、プラグイン使用なら9割以上
http://itpro.nikkeibp.co.jp/article/NEWS/20100520/348247/?ST=security
JVNDB-2010-001449 HP HP-UX におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001449.html
JVNDB-2010-001448 複数の Adobe 製品などで利用される Adobe Download Manager におけるバッファーオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001448.html
JVNDB-2009-002534 Perl における UTF-8 文字列の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002534.html
JVNDB-2010-001447 Java NPAPI plugin および Java Deployment Toolkit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001447.html
JVNDB-2010-001446 複数の Oracle 製品 の New Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001446.html
JVNDB-2010-001445 複数の Oracle 製品 の Java Deployment Toolkit コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001445.html
JVNDB-2010-001174 Apache HTTP Server の ap_read_request 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001174.html
JVNDB-2010-001043 BIND 9 の DNSSEC 検証コードに脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001043.html
JVNDB-2009-002205 Wireshark の erf ファイル処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002205.html
Metasploit 3.4.0 released
http://isc.sans.org/diary.html?storyid=8815
Wordpress blog attacks... again
http://isc.sans.org/diary.html?storyid=8818
MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability
http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html
HP-UX NFS/ONCplus Unspecified Vulnerability
http://secunia.com/advisories/39835/
Lokomedia CMS "file" Information Disclosure Vulnerability
http://secunia.com/advisories/39863/
DataTrack System "Work_Order_Summary" Script Insertion
http://secunia.com/advisories/39868/
Dell OpenManage "HelpViewer" Redirection Weakness
http://secunia.com/advisories/39879/
ManageEngine ADAudit Plus "reportList" Cross-Site Scripting
http://secunia.com/advisories/39876/
dradis File Upload Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39875/
Orbit Downloader metalink "name" Directory Traversal Vulnerability
http://secunia.com/advisories/39527/
MigasCMS "categorie" SQL Injection Vulnerability
http://secunia.com/advisories/39878/
Joomla SimpleDownload Component "controller" File Inclusion Vulnerability
http://secunia.com/advisories/39871/
Joomla JComments Component "name" Script Insertion Vulnerability
http://secunia.com/advisories/39842/
Shopzilla Affiliate Script PHP "s" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39877/
Fedora update for texlive
http://secunia.com/advisories/39817/
Fedora update for kernel
http://secunia.com/advisories/39813/
Apple Mac OS X update for Java
http://secunia.com/advisories/39819/
Ubuntu update for xorg-server
http://secunia.com/advisories/39834/
Fedora update for postgresql
http://secunia.com/advisories/39815/
Fedora update for dvipng
http://secunia.com/advisories/39814/
Red Hat update for kernel
http://secunia.com/advisories/39652/
Red Hat update for krb5
http://secunia.com/advisories/39799/
Kerberos GSS-API NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/39762/
Microsoft Windows Canonical Display Driver Memory Corruption
http://secunia.com/advisories/39577/
[ MDVSA-2010:101 ] mysql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00164.html
Secunia Research: Orbit Downloader metalink "name" Directory Traversal
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00163.html
[ MDVSA-2010:100 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00162.html
The New ISO Hacking Standard
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00160.html
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00161.html
Metasploit Framework 3.4.0 Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00159.html
[security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of S
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00158.html
[Suspected Spam][USN-939-1] X.org vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-05/msg00156.html
ClamAV 0.96.1 released
http://lurker.clamav.net/message/20100519.150330.91387f9d.en.html
HP-UX Unspecified Flaw in ONCPlus Lets Remote Users Gain Full Access
http://securitytracker.com/alerts/2010/May/1023994.html
Apple Mac OS X Security Update Fixes Multiple Java Vulnerabilities
http://www.vupen.com/english/advisories/2010/1191
Mandriva Security Update Fixes KDE KGet Directory Traversal Issue
http://www.vupen.com/english/advisories/2010/1190
Mandriva Security Update Wireshark Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1189
Mandriva Security Update Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1188
Slackware Security Update Pidgin Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1187
Turbolinux Security Update Fixes MySQL Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1186
Ubuntu Security Update Fixes xorg-server Two Vulnerabilities
http://www.vupen.com/english/advisories/2010/1185
Fedora Security Update Fixes Kernel Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/1184
Fedora Security Update Fixes dvipng Array Indexing Vulnerabilities
http://www.vupen.com/english/advisories/2010/1183
Fedora Security Update Fixes PostgreSQL Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1182
Fedora Security Update Fixes TeXLive Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1181
Redhat Security Update Fixes Kernel Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1180
Redhat Security Update Fixes krb5 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1179
Google Chrome 4.1.249.1059 Cross Origin Bypass in Google URL (GURL)
http://www.exploit-db.com/exploits/12657
SyncBack Freeware V3.2.20.0
http://www.exploit-db.com/exploits/12662
X.Org X Server RENDER Extension 'mod()' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39758
Ghostscript PostScript Identifier Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40103
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/39599
MIT Kerberos 'gss_accept_sec_context()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38904
MIT Kerberos KDC Cross-Realm Referral NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37486
MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38260
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
MIT Kerberos Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/26750
MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39247
PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973
PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333
PostgreSQL JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38619
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215
Google Chrome Google URL Cross Domain Security Bypass Vulnerability
http://www.securityfocus.com/bid/39813
Shopzilla Affiliate Script PHP 'search.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40246
ALFTP FTP Client 'LIST' Command Directory Traversal Vulnerability
http://www.securityfocus.com/bid/29585
Orbit Downloader Metalink File Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40245
Multiple Percha Components for Joomla 'controller' Parameter Local File Include Vulnerabilities
http://www.securityfocus.com/bid/40244
Microsoft Windows Canonical Display Driver Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40237
NetBSD 'hack(6)' Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35542
Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40138
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39016
TinyBrowser Multiple Vulnerabilities
http://www.securityfocus.com/bid/35855
Drupal CAPTCHA Module Description HTML Injection Vulnerability
http://www.securityfocus.com/bid/40263
Wordpress Import Drupal Module Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40262
D-Link DI-724P+ Router 'wlap.htm' HTML Injection Vulnerability
http://www.securityfocus.com/bid/40261
Debliteck DBCMS 'section.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/40259
McAfee Email Gateway 'systemWebAdminConfig.do' Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/40255
Battle Scrypt 'upload.php' Remote Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/40254
ManageEngine ADAudit Plus 'reportList' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/40253
e107 BBCode Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/40252
Caucho Resin Professional 'resin-admin/digest.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/40251
HP-UX ONCplus Unspecified Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/40248
Dell OpenManage 'file' Parameter URI Redirection Vulnerability
http://www.securityfocus.com/bid/40247
0 件のコメント:
コメントを投稿