2011年4月6日水曜日

6日 水曜日、赤口

Apache Gora 0.1-incubating Released
http://www.apache.org/dist/incubator/gora/0.1-incubating

コンピュータウイルス・不正アクセスの届出状況[3月分および第1四半期]について
http://www.ipa.go.jp/security/txt/2011/04outline.html

プレス発表
「安全なウェブサイトの作り方 改訂第5版」を公開
~携帯電話向けウェブサイトを開発する上での注意点を追加~
http://www.ipa.go.jp/about/press/20110406.html

JVNVU#107886 ISC DHCP クライアントに任意のコードを実行される脆弱性
http://jvn.jp/cert/JVNVU107886/index.html

JVNVU#648244 Oracle Solaris 10 に認証情報漏えいの脆弱性
http://jvn.jp/cert/JVNVU648244/index.html

JVNVU#598700 Dell Kace K2000 Systems Deployment Appliance に脆弱性
http://jvn.jp/cert/JVNVU598700/index.html

JVNVU#644812 Netgear Prosafe Wireless-N Access Point に複数の脆弱性
http://jvn.jp/cert/JVNVU644812/index.html

JVNDB-2010-002767 Apache Tomcat の HTML Manager Interface におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002767.html

JVNDB-2011-001185 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001185.html

JVNDB-2010-002768 Apache Tomcat におけるワーキングディレクトリ外のファイルを読み書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002768.html

JVNDB-2010-002300 Apache Portable Utility ライブラリの apr_brigade_split_line 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002300.html

JVNDB-2009-002392 Expat の libexpat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002392.html

JVNDB-2009-002415 Expat の big2_toUtf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002415.html

WebCalendar Input Validation Flaw in 'edit_entry.php' Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025298

policycoreutils 'seunshare' Directory Permission Settings Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025291

Internet Explorer(R) 9 日本語版の提供日について
http://www.microsoft.com/japan/presspass/news/default.aspx#110406

Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47060

TextPattern 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47182

Xilisoft Video Converter Ultimate '.flv' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47181

Graugon Forum 'admin.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47180




+ Courier-IMAP 4.9.0 released
http://www.courier-mta.org/download.php#imap
http://www.courier-mta.org/imap/changelog.html

+ Vulnerability Note VU#648244: Oracle Solaris 10 password hashes leaked through back-out patch files
http://www.kb.cert.org/vuls/id/648244
http://www.securityfocus.com/bid/47171

? PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952/references

? PHP 'iconv' Module 'iconv_mime_decode_headers()' Function Security-Bypass Vulnerability
http://www.securityfocus.com/bid/45954

? PHP 'EXTR_OVERWRITE' Parameter Security-Bypass Vulnerability
http://www.securityfocus.com/bid/46448

? PHP prior to 5.3.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/46168

- PHP GD Extension 'imagepstext()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45338

- ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46183

Squid Proxy 3.1.12, 3.2.0.6 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html

DHCP 4.2.1-P1, 4.1-ESV-R2, 3.1-ESV-R1 released
https://www.isc.org/software/dhcp/421-p1
http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES
https://www.isc.org/software/dhcp/41-esv-r2
http://ftp.isc.org/isc/dhcp/dhcp-4.1-ESV-R2-RELNOTES
https://www.isc.org/software/dhcp/31-esv-r1
http://ftp.isc.org/isc/dhcp/dhcp-3.1-ESV-R1-RELNOTES

dhclient does not strip or escape shell meta-characters
https://www.isc.org/software/dhcp/advisories/cve-2011-0997

GCC has been accepted to Google's Summer of Code 2011. We are currently accepting student applications.
http://gcc.gnu.org/

Independant Researcher : THOMSON Router XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35505

Mandriva : [MDVSA-2011:064] libtiff
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35503

Real : RealNetworks RealGames Commands Execution and Code Execution Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35504

Ubuntu Security Notice : [USN-1102-1] tiff vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35500

Ubuntu Security Notice : [USN-1103-1] tex-common vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35501

Ubuntu Security Notice : [USN-1104-1] FFmpeg vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35502

Debian : [DSA-2209-1] tgt - Double Free Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35486

Debian : [DSA-2210-1] tiff - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35487

Mandriva : [MDVSA-2011:059] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35482

Mandriva : [MDVSA-2011:060] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35483

Mandriva : [MDVSA-2011:061] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35484

Mandriva : [MDVSA-2011:062] ffmpeg - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35485

Mandriva : [MDVSA-2011:063] xmlsec1 - Data Loss Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35496

Ubuntu Security Notice : [USN-1101-1] Ubuntu - Qt - Man-in-the-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35488

ZDI : [ZDI-11-116] Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35508

Hewlett-Packard : [HPSBUX02639 SSRT100293] - HP-UX - Denial-of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35491

Hewlett-Packard : [HPSBMA02650 SSRT100429] - HP Operations - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35492

Hewlett-Packard : [HPSBUX02645 SSRT100387] HP-UX Apache - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35493

Hewlett-Packard : [HPSBUX02646 SSRT100396 ] HP-UX - Denial-of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35494

MustLive : MyBB - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35499

キヤノンITが震災被災者支援でウイルス対策ソフトを6カ月間無償提供
http://itpro.nikkeibp.co.jp/article/NEWS/20110405/359113/?ST=security

IPv6 MITM via fake router advertisements
http://isc.sans.edu/diary.html?storyid=10660

WebCalendar Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/44024/

Ubuntu update for ffmpeg
http://secunia.com/advisories/43971/

SUSE update for krb5 and nbd
http://secunia.com/advisories/44027/

GNU C Library "locale" Quoting Weakness
http://secunia.com/advisories/43976/

MyBB Multiple Vulnerabilities
http://secunia.com/advisories/43937/

Xymon Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44036/

Slackware update for proftpd
http://secunia.com/advisories/43978/

HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/44032/

Data Dynamics Reports Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/43953/

Joomla! FLEXIcontent Component Insecure Permissions and Command Injection
http://secunia.com/advisories/44007/

Ubuntu update for tex-common
http://secunia.com/advisories/43973/

Ubuntu update for tiff
http://secunia.com/advisories/43974/

Joomla! Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/44028/

Red Hat update for policycoreutils
http://secunia.com/advisories/44034/

Novell File Reporter Agent XML Parsing Buffer Overflow
http://secunia.com/advisories/43975/

Vulnerability Note VU#107886: ISC dhclient vulnerability
http://www.kb.cert.org/vuls/id/107886

Vulnerability Note VU#648244: Oracle Solaris 10 password hashes leaked through back-out patch files
http://www.kb.cert.org/vuls/id/648244

Vulnerability Note VU#598700: Dell Kace K2000 Appliance unauthenticated access and information disclosure vulnerability
http://www.kb.cert.org/vuls/id/598700

Vulnerability Note VU#644812: NetGear WNAP210 remote password disclosure and password bypass vulnerability
http://www.kb.cert.org/vuls/id/644812

DoS/PoC: eXPert PDF Convert to Word v7 Denial of Service Exploit
http://www.exploit-db.com/exploits/17122/

DoS/PoC: GNU glibc < 2.12.2 'fnmatch()' Function Stack Corruption Vulnerability
http://www.exploit-db.com/exploits/17120/

HP Network Node Manager i Remote Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0871

TP-LINK Products "NDSContext" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0870

Encore ENPS-2012 "NDSContext" Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0869

DoceboLMS Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0868

Thomson Gateway "url" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0867

Novell File Reporter "NFRAgent.exe" Remote Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0866

Joomla! Error Checking Unspecified Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0865

Redhat Security Update Fixes Policycoreutils Local Privilege Escalation
http://www.vupen.com/english/advisories/2011/0864

Redhat Security Update Fixes Glibc Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2011/0863

Ubuntu Security Update Fixes FFmpeg Memory Corruption Vulnerabilities
http://www.vupen.com/english/advisories/2011/0862

Ubuntu Security Update Fixes TeX-Common Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0861

Ubuntu Security Update Fixes LibTIFF 4-Thunder Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0860

Mandriva Security Update Fixes LibTIFF Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0859

Mandriva Security Update Fixes Xmlsec File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2011/0858

Slackware Security Update Fixes ProFTPD Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0857

Glibc Memory Corruption Flaw in fnmatch() May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025290

Glibc Regression Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1025289

HP Network Node Manager i Bug Lets Remote Authenticated Users Obtain Information
http://www.securitytracker.com/id/1025288

Ruby on Rails Cross Site Scripting and Cross Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/46291

Ruby on Rails Security Bypass and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/46292

rsync Client Incremental File List Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47064

Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159

Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323

Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/45014

Linux Kernel TIOCGICOUNT CVE-2010-4077 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45059

Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44758

Linux Kernel Block Layer Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44793

Linux Kernel 'x25_parse_facilities()' CVE-2010-4164 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45055

Linux Kernel TIOCGICOUNT 'serial_core.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43806

Wireshark Visual C++ Analyzer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46416

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Linux Kernel 'load_mixer_volumes()' Multiple Vulnerabilities
http://www.securityfocus.com/bid/45629

Quagga BGP Daemon 'AS_PATHLIMIT' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46943

Quagga BGP Daemon Null Pointer Deference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46942

OTRS Unspecified Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/46947

KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability
http://www.securityfocus.com/bid/46789

OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164

OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884

OpenSSL J-PAKE Security Bypass Vulnerability
http://www.securityfocus.com/bid/45163

GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063

PHP prior to 5.3.4 Multiple Vulnerabilities
http://www.securityfocus.com/bid/46168

PHP 'EXTR_OVERWRITE' Parameter Security-Bypass Vulnerability
http://www.securityfocus.com/bid/46448

PHP Exif Extension 'exif_read_data()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46365

PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/44980

PHP 'iconv' Module 'iconv_mime_decode_headers()' Function Security-Bypass Vulnerability
http://www.securityfocus.com/bid/45954

PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952

PHP GD Extension 'imagepstext()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45338

PHP 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/45668

logrotate Insecure Default File Permissions Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47108

logrotate 'shred_file()' Log Filename Command Injection Vulnerability
http://www.securityfocus.com/bid/47103

logrotate 'writeState()' Function Logfile Name Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47107

phpThumb() 'fltr[]' Parameter Command Injection Vulnerability
http://www.securityfocus.com/bid/39605

ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46183

TutorialMS 'show' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/47178

python-feedparser 'feedparser/feedparser.py' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47177

ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47176

NETGEAR WNAP210 Information Disclosure and Security Bypass Vulnerability
http://www.securityfocus.com/bid/47175

Dell Kace K2000 Hidden CIFS Fileshare Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47172

Oracle Solaris CVE-2011-0412 Password Hash Local Information Disclosure Weakness
http://www.securityfocus.com/bid/47171

logrotate Gentoo Linux 'var/log/' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47170

logrotate Debian Linux 'var/log/postgresql' Symlink Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47167

UseBB 'admin.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/47166

WebCalendar 'edit_entry_handler.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47165

Eleanor CMS Cross Site Scripting and Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47164

SUSE openSUSE cobbler daemon Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47163

HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47162

Joomla! FLEXIcontent Component Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/47160

Joomla! Prior to 1.5.23 Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47159

0 件のコメント:

コメントを投稿