:: IT Security Neophyte Investigator's MEMO ::: 24日月曜日、赤口

2011年10月24日月曜日

24日月曜日、赤口

+ Postfix stable release 2.8.6, 2.7.7, 2.6.13, 2.5.16
http://www.postfix.org/announcements/postfix-2.8.6.html
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.6.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.7.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.6.13.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.5.16.HISTORY

UPDATE: Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-24.html

CESA-2011:1386 (kernel)
http://lwn.net/Alerts/464073/

CESA-2011:1392 (httpd)
http://lwn.net/Alerts/464072/

Thunderbird Beta Channel: latest update available
http://www.mozilla.org/thunderbird/all-beta.html
http://www.mozilla.org/thunderbird/8.0beta/releasenotes/

phpMyAdmin 3.4.7 is released
http://sourceforge.net/news/?group_id=23067&id=304138

SA46491: Gentoo update for clamav
http://secunia.com/advisories/46491/

Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1985) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49968

+ MySQL Community Server 5.5.17 has been released
http://dev.mysql.com/tech-resources/interviews/thomas-ulin-mysql-55.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-17.html

+ Linux kernel 3.0.5, 3.0.6, 3.0.7 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.5
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.6
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.7

+ Sudo 1.7.8, 1.8.3 released
http://www.sudo.ws/sudo/news.html
http://www.sudo.ws/sudo/stable.html#1.7.8
http://www.sudo.ws/sudo/stable.html#1.8.3

+ Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

++ [CPUOct2011] Oracle Critical Patch Update Advisory - October 2011
http://www.oracle.com/technetwork/jp/topics/ojkb155517-518195-ja.html

[ANNOUNCE] Apache OpenWebBeans 1.1.2 release
http://www.apache.org/dyn/closer.cgi/openwebbeans/1.1.2/

Apache Subversion 1.7.1 Released
http://subversion.apache.org/download/#recommended-release

HPSBMP02713 SSRT100651 rev.2 - Replaced by Document ID c03058866 - HPSBMU02716 SSRT100651
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03054543%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03058866%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c01961959%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

HPSBPI02711 SSRT100647 rev.1 - HP MFP Digital Sending Software Running on Windows, Local Information Disclosure
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03052686%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

FreeBSD 9.0-RC1 released
http://www.freebsd.org/news/newsflash.html#event20111023:01

チャットサポートの一時的な停止につきまして（2011年11月5日）
http://www.trendmicro.co.jp/support/news.asp?id=1668

ペンタセキュリティ、WAFに仮想アプライアンス版を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20111021/371202/?ST=security

TeamSHATTER Security Advisory: SQL Injection Vulnerability in Oracle DROP INDEX for spatial datatype
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00135.html

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00134.html

TeamSHATTER Security Advisory: Buffer Overflow in Oracle Database (CTXSYS.DRVDISP.TABLEFUNC_ASOWN fu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00133.html

[ MDVSA-2011:158 ] phpmyadmin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00132.html

VUPEN Security Research - Microsoft Internet Explorer "X-UA-COMPATIBLE" Use-after
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00130.html

[ MDVSA-2011:157 ] freetype2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00129.html

inCommand Technologies, Inc. Cross-site Scripting Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00131.html

Metasploit 4.1.0 Web UI stored XSS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00128.html

tcpdump and IPv6
http://isc.sans.edu/diary.html?storyid=11872

Oracle Java SE Critical Patch Update
http://isc.sans.edu/diary.html?storyid=11869

Red Hat update for kernel
http://secunia.com/advisories/46543/

Elgg pg/search SQL Injection Vulnerability
http://secunia.com/advisories/46514/

Google Chrome NSS Insecure Library Loading Vulnerability
http://secunia.com/advisories/46471/

GNOME Empathy Nickname Script Insertion Vulnerability
http://secunia.com/advisories/46510/

Network Security Services Insecure Library Loading Vulnerability
http://secunia.com/advisories/46557/

Red Hat update for httpd
http://secunia.com/advisories/46456/

Red Hat update for httpd
http://secunia.com/advisories/46542/

WHMCompleteSolution "templatefile" Local File Inclusion Vulnerability
http://secunia.com/advisories/46312/

Ubuntu update for linux
http://secunia.com/advisories/46539/

Ubuntu update for open-iscsi
http://secunia.com/advisories/46535/

Pre Studio Business Cards Designer "id" SQL Injection Vulnerability
http://secunia.com/advisories/46545/

Joomla! Multiple NoNumber Extensions Local File Inclusion and PHP Code Execution
http://secunia.com/advisories/46459/

SUSE update for ldns
http://secunia.com/advisories/46470/

Debian update for wireshark
http://secunia.com/advisories/46482/

Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability
http://secunia.com/advisories/46534/

Check Point Products ByteRange Filter Denial of Service Vulnerability
http://secunia.com/advisories/46474/

Ubuntu update for acpid
http://secunia.com/advisories/46540/

Medium severity flaw in QNX Neutrino RTOS
http://securityreason.com/securityalert/8475

MS11-064 TCP/IP Stack Denial of Service
http://securityreason.com/securityalert/8474

MS11-077 .fon Kernel-Mode Buffer Overrun PoC
http://securityreason.com/securityalert/8473

Mozilla Firefox Array.reduceRight() Integer Overflow Exploit
http://securityreason.com/securityalert/8472

HP Onboard Administrator (OA), Remote Unauthorized Access
http://securityreason.com/securityalert/8471

Citect Buffer Overflow in UnitelWay Driver Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026234

REMOTE: Oracle AutoVue 20.0.1 AutoVueX ActiveX Control SaveViewStateToFile Vulnerability
http://www.exploit-db.com/exploits/18016

REMOTE: HP Power Manager 'formExportDataLogs' Buffer Overflow
http://www.exploit-db.com/exploits/18015

DoS/PoC: Google Chrome Denial Of Service (DoS)
http://www.exploit-db.com/exploits/18025

DoS/PoC: MS11-077 Win32k Null Pointer De-reference Vulnerability POC
http://www.exploit-db.com/exploits/18024

DoS/PoC: Google Chrome PoC, killing thread
http://www.exploit-db.com/exploits/18019

DoS/PoC: Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)
http://www.exploit-db.com/exploits/18017

Schneider Electric Products UnitelWay Device Driver Local Buffer Overflow
http://www.vupen.com/english/ADV-2011-2216.php

OCS Inventory NG Data Processing Cross Site Scripting Vulnerability
http://www.vupen.com/english/ADV-2011-2215.php

IBM WebSphere Application Server for z/OS WS-Security Vulnerability
http://www.vupen.com/english/ADV-2011-2214.php

Oracle Database Server Database Vault 'DV_ACCTMGR' Privileges Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/50219

Oracle Database 'CTXSYS.DRVDISP' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50199

Oracle Database CVE-2011-3512 SQL Injection Vulnerability
http://www.securityfocus.com/bid/50203

TYPO3 pdf_generator2 Extension Remote Commend Execution and Remote File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/50304

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

phpMyAdmin Setup Interface Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50175

phpMyAdmin Tracking Feature Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/49306

Progea Movicon Multiple Heap Based Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/49605

Cisco TelePresence Video Communication Server 'User-Agent' HTTP Header HTML Injection Vulnerability
http://www.securityfocus.com/bid/50084

Apple iOS Free Type Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155

X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
http://www.securityfocus.com/bid/50002

HP Power Manager 'formExportDataLogs' Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37867

Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50242

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224

Elgg 'limit' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/50327

SportsPHool 'mainnav' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/50325

Mozilla NSS 'NSS_NoDB_Init()' Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50324

Empathy 'nickname' Field Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50323

Linux Kernel 'ext4_ext_insert_extent()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50322

Oracle AutoVue 'AutoVueX.ocx' ActiveX Control 'SaveViewStateToFile()' Insecure Method Vulnerability
http://www.securityfocus.com/bid/50321

Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50320

:: IT Security Neophyte Investigator's MEMO ::

2011年10月24日月曜日

24日月曜日、赤口

0 件のコメント:

コメントを投稿

2011年10月24日月曜日

24日 月曜日、赤口

0 件のコメント:

コメントを投稿

24日月曜日、赤口