2010年5月25日火曜日

25日 火曜日、先負

NTP 4.2.6p2-RC4 released
http://archive.ntp.org/ntp4/ChangeLog-stable-rc

NTP 4.2.7p32 Development released
http://archive.ntp.org/ntp4/ChangeLog-dev

RHBA-2010:0438-1: kexec-tools bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0438.html

プレス発表
2010年度IPA中小企業情報セキュリティセミナー開催について
http://www.ipa.go.jp/about/press/20100525.html

ウェブサイト運営者向けセキュリティ対策セミナー開催のお知らせ
~ウェブサイトを安全に運営するための勘どころ~
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_web_2010.html

JVNDB-2010-001462 Linux Kernel の ULE decapsulation functionality におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001462.html

JVNDB-2010-001461 Linux Kernel の azx_position_ok 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001461.html

JVNDB-2010-001460 Linux Kernel の processcompl_compat 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001460.html

JVNDB-2010-001459 RHEL の Linux kernel 用の特定のレッドハットパッチにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001459.html

JVNDB-2010-001458 X.Org の X server の fbComposite 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001458.html

JVNDB-2010-001457 PHP の xmlrpc 拡張におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001457.html

JVNDB-2010-001456 MySQL の mysql_uninstall_plugin 関数における任意のプラグインを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001456.html

JVNDB-2010-001333 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001333.html

JVNDB-2010-001332 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001332.html

JVNDB-2010-001331 複数の Oracle 製品の ImageIO コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001331.html

JVNDB-2010-001329 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001329.html

JVNDB-2010-001328 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001328.html

JVNDB-2010-001326 複数の Oracle 製品の Pack200 コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001326.html

JVNDB-2010-001325 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001325.html

JVNDB-2010-001324 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001324.html

JVNDB-2010-001323 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001323.html

JVNDB-2010-001322 複数の Oracle 製品の Java 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001322.html

JVNDB-2010-001319 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001319.html

JVNDB-2010-001318 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001318.html

Fedora update for pidgin
http://secunia.com/advisories/39918/

SolarWinds TFTP Server Read Request Processing Error Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/May/1024019.html

McAfee Email Gateway (IronMail) Access Control Flaw Lets Remtoe Authenticated Users Execute Privileged Commands
http://securitytracker.com/alerts/2010/May/1024018.html




- BIND 9.7.1b1 is now available
http://ftp.isc.org/isc/bind9/9.7.1b1/9.7.1b1

RHBA-2010:0436-1: gnome-vfs2 bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0436.html

Secunia : Ziproxy Two Integer Overflow Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32665

Debian : New barnowl packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32654

Debian : New dvipng packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32655

Independent Researcher : denial-of-service vulnerability in the Microsoft Malicious Software Removal Tool
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32668

Justin C. Klein Keane : Global Redirect 6.x-1.2 Arbitrary Redirection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32669

MustLive : New vulnerabilities in plugin DS-Syndicate for Joomla
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32667

rPath : openssl openssl-scripts
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32666

Independent Researcher : SDS Parent Connect SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32671

Maksymilian Arciemowicz : Sun Solaris 10 libc/*convert (*cvt) buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32672

Maksymilian Arciemowicz : Sun Solaris 10 filesystem rm(1), find(1), etc, Denial-of-service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32673

Maksymilian Arciemowicz : Sun Solaris 10 ftpd Cross-site request forgery
http://www.criticalwatch.com/support/security-advisories.aspx?AID=32674

米IBM、「ウイルス混入USBメモリー」を誤って配布
セキュリティ会議の会場で配布、古いウイルスが2種類混入
http://itpro.nikkeibp.co.jp/article/NEWS/20100525/348416/?ST=security

JVNDB-2010-001455 IBM DB2 の REPEAT 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001455.html

JVNDB-2010-001454 Linux 上で稼働する IBM DB2 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001454.html

JVNDB-2009-002540 Sun Solaris における lx ブランドゾーンに関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002540.html

JVNDB-2010-001453 Apache Tomcat における BASIC または DIGEST 認証の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001453.html

JVNDB-2010-001330 Oracle Sun Java が Java アプレットの署名を正しく検証しない脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001330.html

JVNDB-2010-001321 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001321.html

JVNDB-2010-001313 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001313.html

JVNDB-2010-001312 複数の Oracle 製品の Java Web Start または Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001312.html

JVNDB-2010-001311 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001311.html

JVNDB-2010-001310 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001310.html

JVNDB-2010-001309 複数の Oracle 製品の Java Web Start または Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001309.html

JVNDB-2010-001308 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001308.html

McAfee Email Gateway Web Access Security Bypass Vulnerability
http://secunia.com/advisories/39881/

WordPress Simple:Press Plugin Multiple Vulnerabilities
http://secunia.com/advisories/39923/

Kingsoft WebShield KAVSafe.sys IOCTL Handling Vulnerability
http://secunia.com/advisories/39916/

SolarWinds TFTP Server Denial of Service Vulnerability
http://secunia.com/advisories/39896/

ECShop "encode" SQL Injection Vulnerability
http://secunia.com/advisories/39930/

Ziproxy Two Integer Overflow Vulnerabilities
http://secunia.com/advisories/39941/

Ubuntu update for postgresql
http://secunia.com/advisories/39907/

Debian update for dvipng
http://secunia.com/advisories/39914/

IBM AIX update for OpenSSL
http://secunia.com/advisories/39932/

Debian update for barnowl
http://secunia.com/advisories/39908/

Blogsa FlashTagCloud Widget "tagcloud" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39936/

Apache Axis2/Java "modules" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/39906/

Flash Tag Cloud control for ASP.NET "tagcloud" Cross Site Scripting Vulnerability
http://secunia.com/advisories/39902/

Fedora update for aria2
http://secunia.com/advisories/39872/

ScriptsFeed Recipes Listing Portal "loginid" SQL Injection Vulnerability
http://secunia.com/advisories/39929/

Employee Timeclock Software Backup Information Disclosure
http://www.securiteam.com/windowsntfocus/5JP3H151FM.html

Apache mod_isapi Dangling Pointer Vulnerability
http://www.securiteam.com/windowsntfocus/5PP3N151FS.html

GNU Tar and GNU Cpio Heap Based Buffer Overflow Vulnerability
http://www.securiteam.com/unixfocus/5IP3G151FA.html

Skype URI Handler Input Validation Vulnerability
http://www.securiteam.com/securitynews/5LP3J151FO.html

Apple iTunes ColorSync Profile Integer Overflow Vulnerability
http://www.securiteam.com/securitynews/5IP3F151GA.html

HP Performance Insight Remote Execution of Arbitrary Commands Vulnerability
http://www.securiteam.com/securitynews/5QP3O151FS.html

XnView DICOM Parsing Integer Overflow Vulnerability
http://www.securiteam.com/securitynews/5KP3I151FY.html

IBM AIX Security Update Fixes OpenSSL Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/1216

Apache Axis2/Java "modules" Parameter Cross Site Sripting Vulnerability
http://www.vupen.com/english/advisories/2010/1215

ClamAV "cli_pdf()" and "cli_scanicon()" Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1214

HP-UX "rpc.pcnfsd" Daemon Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1213

SGI IRIX "rpc.pcnfsd" Daemon Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1212

IBM AIX and VIOS "rpc.pcnfsd" Remote Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1211

Pidgin 'msn_slplink_process_msg()' NULL Pointer Dereference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36071

Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277

Pidgin Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/38294

Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719

Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524

Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40138

OpenSSL 'ssl3_get_record()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39013

Cisco DPC2100 Multiple Security Bypass and Cross-Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/40346

aria2 Metalink File Handling Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40142

Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/38545

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

Xpdf JBIG2 Processing Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34568

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

DS-Syndicate Joomla! Component 'feed_id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/31819

e107 BBCode Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/40252

OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38533

OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
http://www.securityfocus.com/bid/38562

BarnOwl 'owl_message_get_cc_without_recipient()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38809

GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37128

OpenOffice EMF File Parser Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/36291

OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36200

Simple:Press Plugin for WordPress Security Bypass and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/40345

Ziproxy Image Parsing Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40344

Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/40343

0 件のコメント:

コメントを投稿