2011年4月8日金曜日

8日 金曜日、友引

- Linux Kernel 'net/bridge/br_multicast.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46433
CVE-2011-0716
コメント:Red Hat 4/5 に含まれていない

マイクロソフト セキュリティ情報の事前通知 - 2011 年 4 月
http://www.microsoft.com/japan/technet/security/bulletin/ms11-apr.mspx

GNOME 3.0 released: better for users, developers
http://www.gnome.org/press/2011/04/gnome-3-0-released-better-for-users-developers-3/
http://library.gnome.org/misc/release-notes/3.0/

RHSA-2011:0421-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2011-0421.html

ウイルスバスター2011 プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1560

「マニュアル」のGR4000/GS4000/GS3000マニュアルと訂正資料(Ver.10-10-/J対応)を更新しました。
http://www.hitachi.co.jp/Prod/comp/network/manual/manualtop.html

「マニュアル」のGR2000マニュアル訂正資料(Ver.08-04対応)を更新しました。
http://www.hitachi.co.jp/Prod/comp/network/manual/manualtop.html

JVN#11424086 Password Vault Web Access におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN11424086/index.html

JVNDB-2010-002793 Linux kernel の bcm_connect 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002793.html

JVNDB-2010-002792 Linux kernel の ACPI サブシステムにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002792.html

JVNDB-2010-002791 Linux kernel の install_special_mapping 関数における mmap_min_addr 制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002791.html

JVNDB-2011-001381 OpenLDAP の modrdn.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001381.html

JVNDB-2011-001380 OpenLDAP の bind.cpp におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001380.html

JVNDB-2011-001379 OpenLDAP の chain.c における内部プログラムの認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001379.html

JVNDB-2010-002790 IBM WebSphere Application Server の Security コンポーネントにおけるサーバへアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002790.html

JVNDB-2010-002789 IBM WebSphere Application Server の Security コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002789.html

JVNDB-2010-002788 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002788.html

JVNDB-2010-002787 IBM WebSphere Application Server の Administrative Scripting Tools における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002787.html

JVNDB-2011-000023 Password Vault Web Access におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000023.html

JVNDB-2011-001284 Samba におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001284.html

JVNDB-2010-002483 Linux kernel の KVM 実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002483.html

JVNDB-2010-002679 Linux kernel の udp_queue_rcv_skb 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002679.html

JVNDB-2010-002678 Linux kernel の _exit_signal 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002678.html

JVNDB-2010-002677 Linux kernel の net/ipv4/inet_diag.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002677.html

JVNDB-2011-001007 Linux kernel の net/packet/af_packet.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001007.html

JVNDB-2011-001006 Linux kernel の hci_uart_tty_open 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001006.html

JVNDB-2010-002676 Linux kernel の hci_uart_tty_open 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002676.html

JVNDB-2010-002675 Linux kernel の ioc_general 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002675.html

Dark Black Tuesday Coming Up: 17 Microsoft Bulletins
http://isc.sans.edu/diary.html?storyid=10669

Being a good internet neighbour
http://isc.sans.edu/diary.html?storyid=10663

Red Hat Spice-xpi Bugs Let Local Users Gain Elevated Privileges and Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025304

Linux Kernel 'net/bridge/br_multicast.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46433

Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47056

Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/46839

Linux Kernel 'install_special_mapping()' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/45323

Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46069

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Linux Kernel 'task_show_regs()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46421

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Linux Kernel 'CHELSIO_GET_QSET_NUM' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43221

Linux Kernel SCTP Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45661

Linux Kernel TKIP Countermeasures Security Vulnerability
http://www.securityfocus.com/bid/46322




+ Zimbra Collaboration Suite Open Source Edition 7.1.0 GA Release
http://files.zimbra.com/website/docs/7.0/7_1_OS_Zimbra_Release_Note.pdf

+ MySQL Community Server 5.5.11 has been released
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-11.html

MicroOLAP Database Designer for PostgreSQL 1.8.0 Beta available
http://www.microolap.com/support/

Release of Apache MyFaces Extensions CDI 0.9.4
http://myfaces.apache.org/extensions/cdi/download.html

RHSA-2011:0426-1: Moderate: spice-xpi security update
http://rhn.redhat.com/errata/RHSA-2011-0426.html

New development channels and repositories for rapid releases
https://developer.mozilla.org/devnews/index.php/2011/04/07/new-development-channels-and-repositories-for-rapid-releases/

MySQL 5.1.57 (Not yet released)
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-57.html

Microsoft Security Bulletin Advance Notification for April 2011
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx

「俳優の死亡説」や「漫画家の安否リスト」、ネットのデマにご用心
「デマの拡散に加担してはいけない」、公式サイトなどで確認を
http://itpro.nikkeibp.co.jp/article/NEWS/20110408/359251/?ST=security

東日本大震災に乗じた標的型攻撃が増加、企業・公的機関がターゲット
http://itpro.nikkeibp.co.jp/article/NEWS/20110407/359230/?ST=security

Debian : [DSA-2211-1] vlc: missing input sanitising
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35527

SEC Consult : [SA-20110407-0] Libmodplug ReadS3M Stack Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35534

Solutionary, Inc. : [SERT-VDN-1005] Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35530

Solutionary, Inc. : [SERT-VDN-1006] Sonexis ConferenceManager SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35531

Ubuntu Security Notice : [USN-1106-1] NSS vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35526

Ubuntu Security Notice : [USN-1107-1] x11-xserver-utils vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35521

Being a good internet neighbour
http://isc.sans.edu/diary.html?storyid=10663

Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
http://www.securitytracker.com/id/1025303

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
http://securityreason.com/securityalert/8182

Heap overflow in RealPlayer 14.0.1.633
http://securityreason.com/securityalert/8181

Douran Portal File Download/Source Code Disclosure Vulnerability
http://securityreason.com/securityalert/8180

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
http://securityreason.com/securityalert/8179

SUSE update for wireshark
http://secunia.com/advisories/44018/

SUSE pure-ftpd Privilege Escalation Vulnerability
http://secunia.com/advisories/44039/

TYPO3 WEC Discussion Forum Extension Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/44055/

VLC Media Player libmodplug Buffer Overflow Vulnerability
http://secunia.com/advisories/44064/

libmodplug "CSoundFile::ReadS3M()" Buffer Overflow Vulnerability
http://secunia.com/advisories/44054/

GreenPants Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/44035/

rsyslog Memory Leak Denial of Service Weaknesses
http://secunia.com/advisories/44053/

Anfibia Reactor "email" Cross-Site scripting Vulnerability
http://secunia.com/advisories/44042/

Drupal Node Quick Find Module Information Disclosure Weakness
http://secunia.com/advisories/44046/

Slackware update for dhcp
http://secunia.com/advisories/44048/

Debian update for vlc
http://secunia.com/advisories/44009/

Debian update for vlc
http://secunia.com/advisories/44019/

Redmine Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43999/

RoundCube Webmail Arbitrary Mail Relay Vulnerability
http://secunia.com/advisories/44050/

SUSE update for dbus-1-glib
http://secunia.com/advisories/43933/

SUSE update for telepathy-gabble
http://secunia.com/advisories/44023/

Red Hat update for postfix
http://secunia.com/advisories/44020/

SUSE update for freetype2
http://secunia.com/advisories/44008/

Fedora update for php
http://secunia.com/advisories/44057/

Moonlight Multiple Vulnerabilities
http://secunia.com/advisories/44002/

Ubuntu update for x11-xserver-utils
http://secunia.com/advisories/44010/

WordPress Cross-Site Scripting and Denial of Service Vulnerabilities
http://secunia.com/advisories/44038/

WEC Discussion Extension for TYPO3 Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0896

Redmine URL Processing Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2011/0895

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2011/0894

VLC Media Player Libmodplug "CSoundFile::ReadS3M()" Stack Overflow
http://www.vupen.com/english/advisories/2011/0893

Libmodplug "CSoundFile::ReadS3M()" Function Stack Overflow Vulnerability
http://www.vupen.com/english/advisories/2011/0892

Redhat Security Update Fixes Pure-FTPd STARTTLS Command Injection
http://www.vupen.com/english/advisories/2011/0891

Fedora Security Update Fixes PHP Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2011/0890

Ubuntu Security Update Fixes X.Org X11 Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0889

Ubuntu Security Update Fixes NSS Fraudulent SSL Certificates Issue
http://www.vupen.com/english/advisories/2011/0888

Debian Security Update Fixes VLC Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2011/0887

Slackware Security Update Fixes DHCP Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0886

Mandriva Security Update Fixes Subversion Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0885

Linux Kernel 'drivers/media/dvb/ttpci/av7110_ca' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45986

Linux Kernel 'load_mixer_volumes()' Multiple Vulnerabilities
http://www.securityfocus.com/bid/45629

Linux Kernel 'ethtool.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45972

Logwatch Log File Special Characters Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/46554

libuser 'luseradd' Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/45791

Linux Kernel SCTP Local Race Condition Vulnerability
http://www.securityfocus.com/bid/45661

rsync Client Incremental File List Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47064

NetBSD IPComp Implementation Stack Overflow Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47123

WordPress Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47187

Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/30691

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767

o2 DSL Router Classic Cross Site Request Forgery and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/47261

S40 CMS Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/47260

WampServer 'index.php' Arbitrary File Download Vulnerability
http://www.securityfocus.com/bid/47259

TYPO3 WEC Discussion Forum Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/47257

Microsoft April 2011 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/47255

Viscacha Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/47254

phpCollab Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/47253

0 件のコメント:

コメントを投稿