+ Linux Kernel 2.6.35.7 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.7
http://www.linux.org/news/2010/09/29/0001.html
UPDATE: Microsoft Security Bulletin Summary for September 2010
http://www.microsoft.com/technet/security/bulletin/MS10-sep.mspx
UPDATE: 2010 年 9 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms10-sep.mspx
UPDATE: マイクロソフト セキュリティ アドバイザリ (2416728): ASP.NET の脆弱性により、情報漏えいが起こる
http://www.microsoft.com/japan/technet/security/advisory/2416728.mspx
GCC 4.4.5 Release Candidate available
http://gcc.gnu.org/ml/gcc/2010-09/msg00471.html
Linux Kernel release: 2.6.36-rc6
http://www.linux.org/news/2010/09/29/0002.html
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6
JPCERT/CC WEEKLY REPORT 2010-09-29
http://www.jpcert.or.jp/wr/2010/wr103701.html
JVNDB-2010-002068 複数の Mozilla 製品の nsTreeContentView 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002068.html
JVNDB-2010-002067 複数の Mozilla 製品における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002067.html
JVNDB-2010-002066 複数の Mozilla 製品の nsTreeSelection 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002066.html
JVNDB-2010-002065 複数の Mozilla 製品の nsTextFrameUtils::TransformText 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002065.html
JVNDB-2010-002064 複数の Mozilla 製品の navigator.plugins の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002064.html
JVNDB-2010-002063 複数の Mozilla 製品の FRAMESET 要素の実装における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002063.html
JVNDB-2010-002062 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002062.html
JVNDB-2010-002061 Red Hat Package Manager の lib/fsm.c における 権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002061.html
JVNDB-2010-002060 Red Hat Package Manager の lib/fsm.c における 権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002060.html
JVNDB-2010-002059 sudo における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002059.html
JVNDB-2010-001731 Cisco Industrial Ethernet 3000 シリーズに SNMP Community String がハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001731.html
JVNDB-2010-001700 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001700.html
JVNDB-2010-001697 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001697.html
JVNDB-2010-001696 IBM HTTP Server の mod_ibm_ssl におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001696.html
FFmpeg FLIC Processing Multiple Array Indexing Vulnerabilities
http://secunia.com/advisories/41626/
+ BIND 9.4-ESV-R3, 9.6-ESV-R2, 9.7.2-P2 released
http://ftp.isc.org/isc/bind9/9.4-ESV-R3/9.4-ESV-R3
http://ftp.isc.org/isc/bind9/9.6-ESV-R2/9.6-ESV-R2
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+ MS10-070 - 重要: ASP.NET の脆弱性により、情報漏えいが起こる (2418042)
http://www.microsoft.com/japan/technet/security/Bulletin/MS10-070.mspx
+ MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
http://www.microsoft.com/technet/security/Bulletin/MS10-070.mspx
+ RHSA-2010:0720-2: Moderate: mikmod security update
https://rhn.redhat.com/errata/RHSA-2010-0720.html
+ RHSA-2010:0718-2: Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2010-0718.html
+ CVE-2010-1797 Buffer Overflow Vulnerability in FreeType
http://blogs.sun.com/security/entry/cve_2010_1797_buffer_overflow
+ Microsoft Internet Information Services Remote Script Code Execution Vulnerability
http://www.securityfocus.com/bid/43561
- Security Advisory Regarding Unexpected ACL Behavior in BIND 9.7.2
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
- CVE-2010-0629 Resource Management Errors in Kerberos
http://blogs.sun.com/security/entry/cve_2010_0629_resource_management
- Linux Kernel 'PKT_CTRL_CMD_STATUS' Invalid Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/43551
HPSBMA02558 SSRT100158 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02290344
Microsoft : Vulnerability in ASP.NET Could Allow Information Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33754
Mandriva : [MDVSA-2010:188] kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33753
[oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00206.html
国内98サイトのバナー広告に「わな」、「偽ソフト」に感染する恐れ
「毎日.jp」や「価格.com」などが影響、現在では解消済み
http://itpro.nikkeibp.co.jp/article/NEWS/20100929/352427/?ST=security
Strange packet: "daylight rekick", anyone?
http://isc.sans.edu/diary.html?storyid=9628
Supporting the economy (in Russia and Ukraine)
http://isc.sans.edu/diary.html?storyid=9622
MS10-070 OOB Patch for ASP.NET vulnerability (Infocon YELLOW)
http://isc.sans.edu/diary.html?storyid=9625
Red Hat update for mikmod
http://secunia.com/advisories/41623/
iBrowser "lang" Local File Inclusion Vulnerability
http://secunia.com/advisories/41634/
Synology DiskStation Manager Script Insertion Vulnerability
http://secunia.com/advisories/41487/
iWorkstation Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/41610/
Achievo Cross-Site Request Forgery and Security Bypass Vulnerabilities
http://secunia.com/advisories/41617/
Nero Products Insecure Library Loading Vulnerabilities
http://secunia.com/advisories/41568/
PBBoard Multiple Vulnerabilities
http://secunia.com/advisories/41608/
Open Text ECM Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/41553/
Nero Products Insecure Library Loading Vulnerabilities
http://secunia.com/advisories/41612/
Digital Music Pad Insecure Library Loading Vulnerability
http://secunia.com/advisories/41643/
Digital Music Pad Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/41613/
Fedora update for libmspack and cabextract
http://secunia.com/advisories/41641/
Horde IMP Webmail Client "fm_id" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2513
e107 Data Processing Multiple Remote SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/2512
Barracuda Spam and Virus Firewall Directory Traversal Vulnerability
http://www.vupen.com/english/advisories/2010/2511
ndCMS "indx" Parameter Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2510
PBBoard Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/2509
E-Soft Digital Music Pad Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2508
E-Soft iWorkstation Playlist Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2507
SAP Management Console Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2506
Fedora Security Update Fixes Sudo Runas Group Matching Vulnerability
http://www.vupen.com/english/advisories/2010/2505
Fedora Security Update Fixes Cabextract Code Execution and DoS
http://www.vupen.com/english/advisories/2010/2504
VMware Server Unspecified Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/43456
RETIRED: PHPJunkYard GBook 'guestbook.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43479
FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42241
MIT Kerberos kadmind 'server_stubs.c' Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/39247
Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43316
Todd Miller Sudo Runas Group Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43019
RETIRED: PHPJunkYard GBook 'guestbook.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43523
libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33235
Winamp and libmikmod Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37374
cabextract '.cab' File Code Execution Vulnerability
http://www.securityfocus.com/bid/42173
cabextract MS-ZIP and Quantum Decompressed '.cab' File Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42131
Linux Kernel 'video4linux' IOCTL and IP Multicast 'getsockopt' Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43239
Microsoft Internet Information Services Remote Script Code Execution Vulnerability
http://www.securityfocus.com/bid/43561
phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43560
Micro CMS 'name' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/43556
Linux Kernel 'PKT_CTRL_CMD_STATUS' Invalid Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/43551
WebAvail Aleza Portal 'alezalogin' Cookie Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/43547
FFmpeg libavcodec 'flicvideo.c' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43546
JE CMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/43541
AtomatiCMS 'fckeditor' Multiple Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/43540
SLURM 'slurm' and 'slurmdbd' Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/43537
0 件のコメント:
コメントを投稿