2010年8月2日月曜日

2日 月曜日、先負

Kernel release: 2.6.35
http://www.linux.org/news/2010/08/01/0001.html

Debian update for kvirc
http://secunia.com/advisories/40798/

Debian update for gmime2.2
http://secunia.com/advisories/40789/

EMC Disk Library Denial of Service Vulnerability
http://secunia.com/advisories/40828/

CometBird Plugin Parameter Array Dangling Pointer Vulnerability
http://secunia.com/advisories/40810/

Xerver 4.32 Source Disclosure and HTTP Authentication Bypass
http://www.exploit-db.com/exploits/14522/




+ GCC 4.5.1 has been released.
http://gcc.gnu.org/gcc-4.5/
http://gcc.gnu.org/gcc-4.5/changes.html

+ Linux kernel 2.6.35 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

+ rssh 2.3.3 released
http://www.pizzashack.org/rssh/

+ Sudo 1.7.4 released
http://www.sudo.ws/sudo/news.html
http://www.sudo.ws/sudo/stable.html#1.7.4

+ RHSA-2010:0578-1: Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2010-0578.html

+ RHSA-2010:0577-1: Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2010-0577.html

+- HS10-021: JP1/Integrated ManagerおよびJP1/Integrated Management製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-021/index.html

+ HS10-019: JP1/Automatic Job Management System 3 - Manager, JP1/Automatic Job Management System 2 - Manager 組み込みDB利用製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-019/index.html

+- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42102

- RHSA-2010:0576-1: Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice
http://rhn.redhat.com/errata/RHSA-2010-0576.html

- HS10-017: Cosminexus製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-017/index.html

- HS10-018: JP1/ServerConductor/Control ManagerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-018/index.html

- HS10-020: JP1/Performance Analysis - Manager, JP1/Performance Management - Analysis ManagerにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-020/index.html

- HS10-022: JP1/NETM製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-022/index.html

[ANNOUNCE] pgAdmin III v1.10.5 released
http://code.pgadmin.org/trac/query?milestone=1.10.5

[ANN] Apache Sling GWT Integration version 3.0.0 Released
http://sling.apache.org/site/downloads.cgi

[ANNOUNCE] PostgreSQL 9.0 Beta 4 available now!
http://developer.postgresql.org/pgdocs/postgres/release-9-0.html

[ANNOUNCE] Npgsql 2.0.10 released!
http://pgfoundry.org/forum/message.php?msg_id=1005598

マイクロソフト セキュリティ情報の事前通知 - 2010 年 8 月 (定例外)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-aug.mspx

Kernel release: 2.6.34.2-rc1
http://www.linux.org/news/2010/07/30/0004.html

Kernel release: 2.6.33.7-rc1
http://www.linux.org/news/2010/07/30/0003.html

Kernel release: 2.6.32.17-rc1
http://www.linux.org/news/2010/07/30/0002.html

Kernel release: 2.6.27.49-rc1
http://www.linux.org/news/2010/07/30/0001.html

HS10-016: Vulnerability in CA ARCserve Backup
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-016/index.html

HS10-015: Multiple vulnerabilities in JP1/Cm2/Network Node Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-015/index.html

HS10-014: DoS Vulnerability in HiRDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-014/index.html

HS10-013: Problem where JP1/ServerConductor/Deployment Manager instructs managed computers to shut down or reboot illegally
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-013/index.html

HS10-012: Vulnerability in CA ARCserve Replication
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-012/index.html

HS10-011: Cross-site Scripting Vulnerability in Groupmax World Wide Web Desktop
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-011/index.html

HS10-010: Multiple vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html

HS10-009: Vulnerability in Hitachi Web Server SSL Client Authentication CRLs
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-009/index.html

Independent Researcher : Akamai Download Manager - Arbitrary File Download & Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33276

Red Hat : RHSA-2010:0576-01 - Low: Red Hat Enterprise Linux 3 - 3-Month End Of Life Notice
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33274

SuSE : SUSE-SA:2010:032 - Mozilla Firefox - Various Security Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33278

Debian : DSA 2077-1 - New openldap packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33272

Hewlett-Packard : HPSBUX02556 SSRT100014 rev.2 - HP-UX Running rpc.ttdbserver - Remote Execution of Arbitrary Code
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33277

Insomnia Security : ISVA-100730.1 - EasyManage CMS - Multiple SQL injection Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33275

Red Hat : RHSA-2010:0574-01 - Critical: java-1.4.2-ibm security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33273

ESA-2010-012: EMC Disk Library (EDL) Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00269.html

XSS vulnerability in Campsite
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00267.html

XSS vulnerability in Campsite
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00268.html

Akamai Download Manager arbitrary file download & execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00266.html

Insomnia : ISVA-100730.1 - CMS Multiple SQL injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00264.html

Day of bugs in WordPress 2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-07/msg00265.html

JVNDB-2010-001750 Oracle Fusion Middleware の Application Server Control コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001750.html

JVNDB-2010-001749 Oracle Fusion Middleware の Application Server Control コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001749.html

JVNDB-2010-001748 Oracle Fusion Middleware の Wireless コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001748.html

JVNDB-2010-001747 Oracle Fusion Middleware の WebLogic Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001747.html

JVNDB-2010-001746 Microsoft Office Outlook における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001746.html

JVNDB-2010-001745 Microsoft Office Access の FieldList の ActiveX コントロール における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001745.html

JVNDB-2010-001744 Microsoft Office Access の Microsoft Access Wizard Controls における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001744.html

Evation because IPS fails to validate TCP checksums?
http://isc.sans.edu/diary.html?storyid=9310

Wireshark 1.2.10 released
http://isc.sans.edu/diary.html?storyid=9298

Microsoft LNK vulnerability fix coming on Monday
http://isc.sans.edu/diary.html?storyid=9304

Akamai Download Manager File Download Vulnerability
http://secunia.com/advisories/40785/

SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey
http://secunia.com/advisories/40795/

Fedora update for kvirc
http://secunia.com/advisories/40796/

Hitachi Products Two Vulnerabilities
http://secunia.com/advisories/40765/

Hitachi HiRDB Denial of Service Vulnerability
http://secunia.com/advisories/40768/

Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerability
http://secunia.com/advisories/40784/

Novell iPrint Client Multiple Vulnerabilities
http://secunia.com/advisories/40782/

Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/40783/

EasyManage CMS "id" Two SQL Injection Vulnerabilities
http://secunia.com/advisories/40774/

IBM Tivoli Directory Server DIGEST-MD5 Denial of Service Vulnerability
http://secunia.com/advisories/40791/

Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/40788/

OpenConnect SSL Hostname Verification Security Bypass
http://secunia.com/advisories/40787/

Debian update for openldap
http://secunia.com/advisories/40770/

Novell iPrint Client Browser Plugin Bugs Let Remote Users Delete Files and Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024270.html

Wireshark Buffer Oveflow in SigComp Universal Decompressor Virtual Machine Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024269.html

FreeType 2 Font File Processing Errors Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024266.html

EMC Disk Library Communications Module Flaw Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jul/1024265.html

Kayako eSupport v3.70.02 SQL Injection Vulnerability
http://securityreason.com/securityalert/7625

Kayako eSupport v3.70.02 (newsid) SQL Injection Vulnerability
http://securityreason.com/securityalert/7624

Joomla Component (com_oziogallery) SQL Injection Vulnerability
http://securityreason.com/securityalert/7623

TTVideo 1.0 Joomla Component SQL Injection Vulnerability
http://securityreason.com/securityalert/7622

Oracle Secure Backup Administration Authentication Bypass Vulnerability
http://www.securiteam.com/securitynews/5MP3U0A20A.html

HP Insight Software Installer for Windows Multiple Vulnerabilities
http://www.securiteam.com/windowsntfocus/5RP3Q0020S.html

CA XOsoft xosoapapi.asmx Multiple Code Execution Vulnerabilities
http://www.securiteam.com/windowsntfocus/5IP3P0A21Q.html

Winamp Player FLV Data Processing Integer Overflow Vulnerabilities
http://www.securiteam.com/windowsntfocus/5IP3Q0A20A.html

CA XOsoft Multiple Vulnerabilities
http://www.securiteam.com/securitynews/5QP3Y0A20A.html

Oracle Secure Backup Administration Command Injection Code Execution Vulnerability
http://www.securiteam.com/securitynews/5LP3T0A20A.html

SAP Graphical User Interface Code Execution Vulnerability
http://www.securiteam.com/securitynews/5OP3W0A20A.html

Oracle Secure Backup Scheduler Service Code Execution Vulnerability
http://www.securiteam.com/securitynews/5JP3R0A20A.html

HP OpenView Network Node Manager Web Server Execution of Code Vulnerability
http://www.securiteam.com/securitynews/5KP3S0A20A.html

Mozilla Firefox Cross Document DOM Node Moving Code Execution Vulnerability
http://www.securiteam.com/securitynews/5PP3X0A20A.html

Apple QuickTime Pict BkPixPat Code Execution Vulnerability
http://www.securiteam.com/securitynews/5NP3V0A20A.html

HP Insight Control for Linux Multiple Vulnerabilities
http://www.securiteam.com/unixfocus/5TP3S0020S.html

Sun Java Runtime Environment MixerSequencer Invalid Array Index Code Execution Vulnerability
http://www.securiteam.com/securitynews/5VP3U0020S.html

Mozilla Firefox CSS font-face Code Execution Vulnerability
http://www.securiteam.com/securitynews/5RP3P0021C.html

Quicksilver Forums Cross-Site Request Forgery Vulnerability
http://www.securiteam.com/securitynews/5XP3W0020I.html

Sun Java Runtime Environment JPEGImageDecoderImpl Code Execution Vulnerability
http://www.securiteam.com/securitynews/5ZP3Y0020I.html

Sun Java Runtime Environment Trusted Methods Chaining Code Execution Vulnerability
http://www.securiteam.com/securitynews/5YP3X0020Q.html

HP OpenView SNMP Emanate Master Agent Unauthorized Access Vulnerability
http://www.securiteam.com/securitynews/5UP3T0020G.html

HP Virtual Connect Enterprise Manager for Windows Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5SP3R0020G.html

Sun Java Runtime CMM readMabCurveData Code Execution Vulnerability
http://www.securiteam.com/securitynews/5WP3V0020Q.html

Barcodewiz v3.29 Barcode ActiveX Control Remote Heap Spray Exploit (IE6/IE7)
http://www.exploit-db.com/exploits/14519/

SigPlus Pro v3.74 ActiveX LCDWriteString() Remote BoF JIT Spray - aslr/dep bypass
http://www.exploit-db.com/exploits/14514/

GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41945

Multiple Mozilla Products 'importScripts()' Method Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41871

Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41853

Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability
http://www.securityfocus.com/bid/41852

Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41933

Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41842

Multiple Mozilla Products Script Filename Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41860

Mozilla Firefox and Sea Monkey Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/41968

Mozilla Firefox and Thunderbird 'SJOW' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/41868

FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41663

Hitachi JP1/ServerConductor/DeploymentManager DPM Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41219

Hitachi Groupmax World Wide Web Desktop Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41028

Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1211 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41859

Mozilla Firefox and SeaMonkey DOM Cloning Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41849

Mozilla Firefox, Thunderbird, and SeaMonkey CVE-2010-1212 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/41865

Mozilla Firefox and Thunderbird Character Mapping Security Weakness
http://www.securityfocus.com/bid/41866

Mozilla Firefox and SeaMonkey 'NodeIterator' Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41845

libpng Memory Corruption and Memory Leak Vulnerabilities
http://www.securityfocus.com/bid/41174

Mozilla Firefox and Thunderbird Canvas Element Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41878

Multiple Mozilla Products CSS Selectors Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/41872

Mozilla Firefox 'about:blank' Document URI Spoofing Vulnerability
http://www.securityfocus.com/bid/41055

Pidgin 'X-Status' Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/41881

KVIrc '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/42026

HTML Email Creator HTML Tags Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34487

Sourcefabric Campsite Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/42107

EMC Disk Library Communication Module Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42105

Akamai Download Manager Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/42104

Hitachi HiRDB Unspecified Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42103

Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42102

JP1/Cm2/Network Node Manager Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42101

GetMySystem BarCodeWiz BarcodeWiz.dll ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42097

0 件のコメント:

コメントを投稿