2010年8月12日木曜日

12日 木曜日、先負

About the security content of the iOS 3.2.2 Update for iPad
http://support.apple.com/kb/HT4292

About the security content of the iOS 4.0.2 Update for iPhone and iPod touch
http://support.apple.com/kb/HT4291

Google Chrome 5.0.375.126 has been release
http://googlechromereleases.blogspot.com/search/label/Stable%20updates

APSB10-19: Security update available for Adobe Flash Media Server
http://www.adobe.com/support/security/bulletins/apsb10-19.html

APSB10-18: Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb10-18.html

APSB10-16: Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb10-16.html

JVNTA10-223A Adobe Flash および AIR に脆弱性
http://jvn.jp/cert/JVNTA10-223A/index.html

JVNVU#660993 Adobe Flash の ActionScript の処理に脆弱性
http://jvn.jp/cert/JVNVU660993/index.html

JVNTA10-222A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-222A/index.html

Apple iPad Integer Overflow in IOSurface Properties Lets Local Users Gain System Privileges
http://securitytracker.com/alerts/2010/Aug/1024327.html

FTP Server v1.7.0.11 RNFR, DELE, RMD, STOR Commands Remote Buffer Overflow Exploit (Post Auth)
http://www.exploit-db.com/exploits/14623/




+ curl 7.21.1 released
http://curl.haxx.se/
http://curl.haxx.se/changes.html#7_21_1

+ RHSA-2010:0625-1: Moderate: wireshark security update
http://rhn.redhat.com/errata/RHSA-2010-0625.html

+ Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption (MS10-051)
http://www.exploit-db.com/exploits/14609/

+ Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054)
http://www.exploit-db.com/exploits/14607/

[ANNOUNCE] Apache Jackrabbit 2.1.1 released
http://jackrabbit.apache.org/downloads.html

[ANNOUNCE] Apache CouchDB 0.11.2 has been released
http://couchdb.apache.org/downloads.html

Solaris 10 Kernel Patch May Cause Multiple Instances of ifconfig(1M) and netstat(1M) to Panic the System
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1172324.1-1

View Bulletin PSN-2010-08-896: STRM SSLv2 Server Vulnerabilities
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-08-896&viewMode=view

View Bulletin PSN-2010-08-895: NSM Web Server HTTP TRACE Method Enables Cross-Site Tracing Vulnerability
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-08-895&viewMode=view

Firefox 4 Beta 3 now available for download
http://www.mozilla.com/firefox/4.0b3/releasenotes/

POI 3.7 beta 2 available
http://www.apache.org/dist/poi/release/bin/RELEASE-NOTES.txt
http://poi.apache.org/changes.html

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
http://www.cisco.com/warp/public/707/cisco-amb-20100811-ace.shtml

Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System
http://www.cisco.com/warp/public/707/cisco-sa-20100811-wcs.shtml

Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the SQL Injection Vulnerability in Cisco Wireless Control System
http://www.cisco.com/warp/public/707/cisco-amb-20100811-wcs.shtml

JVNDB-2010-001813 OpenLDAP の IA5StringNormalize 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001813.html

JVNDB-2010-001812 OpenLDAP の slap_modrdn2mods 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001812.html

JVNDB-2010-001811 Microsoft Windows のショートカットファイルの処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001811.html

JVNDB-2010-001810 Apple iTunes におけるバッファーオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001810.html

JVNDB-2010-001809 BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001809.html

JVNDB-2010-001808 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001808.html

JVNDB-2009-002411 BIND 9 の DNSSEC 検証処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002411.html

US-CERT Technical Cyber Security Alert TA10-223A -- Adobe Flash and AIR Vulnerabilit
http://www.derkeiler.com/Mailing-Lists/Cert/2010-08/msg00001.html

ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Executio
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00133.html

Secunia Research: glpng PNG Processing Two Integer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00135.html

Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00136.html

Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00132.html

ZDI-10-150: Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnera
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00131.html

Collisions in PDF signatures
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00130.html

PR10-07: Unauthenticated File Retrieval (traversal) within ColdFusion administration console
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00129.html

Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-190
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00128.html

VUPEN Security Research - Microsoft Internet Explorer Table Element Use-after-free Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00126.html

VUPEN Security Research - Microsoft Internet Explorer "CIframeElement" Object Use-after-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00127.html

VUPEN Security Research - Microsoft Internet Explorer "boundElements" Property Use-after-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00124.html

VUPEN Security Research - Microsoft Internet Explorer "OnPropertyChange_Src()" Use-after-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00125.html

iDefense Security Advisory 08.10.10: Microsoft Word RTF File Parsing Heap Buffer Overflow Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-08/msg00123.html

Protect your privates!
http://isc.sans.edu/diary.html?storyid=9367

SSH - new brute force tool?
http://isc.sans.edu/diary.html?storyid=9370

RSA, The Security Division of EMC, informs about potential security vulnerability in RSA enVision® versions prior to 3.7 SP
http://securityreason.com/securityalert/7653

MantisBT "Add Category" Script Insertion Vulnerability
http://securityreason.com/securityalert/7652

Cisco Wireless Control System XSS
http://securityreason.com/securityalert/7651

Apple iPhone Integer Overflow in IOSurface Properties Lets Local Users Gain System Privileges
http://securitytracker.com/alerts/2010/Aug/1024324.html

Cisco Application Control Engine RTSP/SIP/SSL Inspection Flaws Let Remote Users Deny Service
http://securitytracker.com/alerts/2010/Aug/1024322.html

Cisco Wireless Control System Input Validation Flaw Lets Remote Authenticated Users Inject SQL Commands
http://securitytracker.com/alerts/2010/Aug/1024321.html

glpng PNG Processing Integer Overflow Vulnerabilities
http://secunia.com/advisories/40354/

Microsoft Windows Service Isolation Bypass Security Issue
http://secunia.com/advisories/40825/

SopCast WebPlayer ActiveX Control "SetSopAddress" Buffer Overflow Vulnerability
http://secunia.com/advisories/40940/

TYPO3 Branchenbuch (Yellow Pages) Extension Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40951/

TYPO3 Questionnaire Extension Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/40950/

Google Chrome Update for Flash Plugin
http://secunia.com/advisories/40917/

Play Framework One File Disclosure Vulnerability
http://secunia.com/advisories/40939/

Adobe Flash Media Server Multiple Vulnerabilities
http://secunia.com/advisories/40910/

Red Hat update for dbus-glib
http://secunia.com/advisories/40925/

dbus-glib D-Bus GLib Bindings Property Access Security Bypass
http://secunia.com/advisories/40908/

Adobe ColdFusion Directory Traversal Vulnerability
http://secunia.com/advisories/40909/

Red Hat update for kernel
http://secunia.com/advisories/40938/

Fedora update for openconnect
http://secunia.com/advisories/40943/

Fedora update for iputils
http://secunia.com/advisories/40944/

Adobe Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/40907/

Google Chrome Security Update Fixes Flash Plugin Vulnerabilities
http://www.vupen.com/english/advisories/2010/2067

Adobe Flash Media Server Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/2066

Adobe ColdFusion Administrator Page Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/2065

Adobe Flash Player and AIR Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/2064

Redhat Security Update Fixes dbus-glib Security Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/2063

Redhat Security Update Fixes libvirt Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/2062

Redhat Security Update Fixes Kernel Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/2061

Fedora Security Update Fixes iputils ping Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2060

Fedora Security Update Fixes OpenConnect Certificate Validation Issue
http://www.vupen.com/english/advisories/2010/2059

Mandriva Security Update Fixes Firefox Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2058

Mediacoder 0.7.5.4710 Buffer Overflow Exploit
http://www.exploit-db.com/exploits/14612/

Abac Karaoke 2.15 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/14621/

RightMark Audio Analyzer 6.2.3 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/14620/

Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service http://www.exploit-db.com/exploits/14613/

Adobe Flash Player and AIR (CVE-2010-2213) Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/42364

Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42362

Adobe Flash Player and AIR ActionScript AVM1 ActionPush Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42363

Adobe Flash Player and AIR (CVE-2010-2215) Unspecified Clickjacking Vulnerability
http://www.securityfocus.com/bid/42361

Adobe Flash Player and AIR (CVE-2010-2214) Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42358

Microsoft Windows TCP/IP Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42254

Microsoft Windows SMB Stack Exhaustion Denial of Service Vulnerability
http://www.securityfocus.com/bid/42267

Microsoft Windows SMB Variable Validation Denial of Service Vulnerability
http://www.securityfocus.com/bid/42263

Microsoft Windows SMB Pool Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42224

Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42251

Microsoft Windows Tracing Memory Corruption Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42259

Microsoft Internet Explorer 'boundElements' Use-After-Free Error Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42288

Microsoft Internet Explorer Table Element Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42292

Microsoft Internet Explorer Event Handler Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42258

Microsoft Internet Explorer 'OnPropertyChange_Src()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42257

Microsoft Internet Explorer Uninitialized Memory CVE-2010-2559 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42290

Microsoft Internet Explorer "CIframeElement" Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42289

WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42038

Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42269

WebKit HTML Button Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40644

Microsoft Windows CVE-2010-1895 User Pool Overflow Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42245

Microsoft Windows CVE-2010-1896 User Input Validation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42210

Microsoft Windows 'xxxCreateWindowEx()' Window Creation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42206

Microsoft Windows 'SfnLOGONNOTIFY' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39630

Microsoft Windows CVE-2010-1887 Bounds Checking Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42250

Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
http://www.securityfocus.com/bid/41732

Microsoft Word HTML Linked Object Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42130

WebKit Right-to-Left Displayed Text Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/38689

FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42241

Apple iOS Multiple Vulnerabilities
http://www.securityfocus.com/bid/42151

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Microsoft XML Core Service Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42300

GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41945

Microsoft Windows SChannel Certificate Request Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42246

Microsoft Windows Kernel Access Control Lists Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42221

Microsoft Windows Kernel Threads Creation Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42211

Microsoft Windows Kernel Double Free Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42213

myPhile 'myuser' Parameter Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/42333

SEIL IPv6 Denial of Service Vulnerability
http://www.securityfocus.com/bid/42330

Microsoft Word 'sprmCMajority' Record Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/42136

RETIRED: PHP Multi User Randomizer 'getid3.php' Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/42353

RETIRED: clearBudget 'controller.class.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/42351

RETIRED: Adobe Flash Player 10.1.53.64 and AIR 2.0.2.12610 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/42341

RETIRED: Adobe Flash Media Server Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/42344

SEIL/X Series and SEIL/B1 Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36896

Play! Framework Directory Traversal Vulnerability
http://www.securityfocus.com/bid/42340

Adobe ColdFusion CVE-2010-2861 Unspecified Directory Traversal Vulnerability
http://www.securityfocus.com/bid/42342

MediaCoder Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38405

Drupal Pathauto Module Token Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/42394

Drupal Privatemsg Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/42392

Drupal DRUPAL-SA-CORE-2010-002 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/42391

Drupal FileField Sources Module Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42390

Drupal Ubercart Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/42389

Drupal OpenID Module User Account Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/42388

VLC Media Player Meta-Information Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42386

KnowledgeTree 'search box' and 'search criteria' Fields Multiple HTML Injection Vulnerability
http://www.securityfocus.com/bid/42383

Webkit PDFs For TYPO3 SQL Injection Vulnerability and Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/42381

TYPO3 Event Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/42380

Cisco ACE 4710 HTTP, RTSP, and SIP Inspection Denial of Service Vulnerability
http://www.securityfocus.com/bid/42378

Portable Document Format Specification Signature Collision Vulnerability
http://www.securityfocus.com/bid/42377

Cisco ACE Application Control Engine Module SSL Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/42376

Cisco ACE Module and Engine SIP Inspection Denial of Service Vulnerability
http://www.securityfocus.com/bid/42375

SAP Crystal Reports 'ebus-3-3-2-6.dll' Module Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/42374

xaJax Shoutbox (vx_xajax_shoutbox) For TYPO3 Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42373

Cisco ACE Module and Engine RTSP Inspection Denial of Service Vulnerability
http://www.securityfocus.com/bid/42371

TYPO3 Questionnaire (ke_questionnaire) Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/42369

Cisco Wireless Control System (WCS) Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/42368

TYPO3 Fe user statistic Extension Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/42366

TYPO3 Branchenbuch 'mh_branchenbuch' Extension Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42365

0 件のコメント:

コメントを投稿