:: IT Security Neophyte Investigator's MEMO ::: 13日金曜日、先勝

2012年4月13日金曜日

13日金曜日、先勝

+ Google Chrome 18.0.1025.162 released
http://googlechromereleases.blogspot.jp/2012/04/stable-channel-update_12.html

+ nginx 1.0.15 stable, 1.1.19 development versions released
http://nginx.org/en/CHANGES-1.0
http://nginx.org/en/CHANGES

+ Buffer overflow in the ngx_http_mp4_module
http://nginx.org/download/patch.2012.mp4.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089

+ squid 3.2.0.17 released
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html

+ PSN-2012-04-549 Weakness in generation of self-signed certificates for use in device administration
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-04-549&viewMode=view

+ PSN-2012-04-548 Certain IPv6 traffic can cause flowd memory corruption or crash on Data Center SRX
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-04-548&viewMode=view

+ PSN-2012-04-547 High rate of HTTP connections can send httpd into a spinlock
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-04-547&viewMode=view

+ PSN-2012-04-546 Corrupted MPLS payload causing in_checksum() errors leading to RE switchover
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-04-546&viewMode=view

+ PSN-2012-04-545 User authorization can result in incorrect permissions
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-04-545&viewMode=view

+ Oracle April 2012 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/53004

+ Apple QuickTime Java Extension Unspecified Security Vulnerability
http://www.securityfocus.com/bid/53003

+ Red Hat Enterprise MRG Management Console Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53000

+ nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52999

CentOS alert CESA-2012:0474 (tomcat5)
http://lwn.net/Alerts/492067/

CentOS alert CESA-2012:0475 (tomcat6)
http://lwn.net/Alerts/492068/

Oracle Critical Patch Update Pre-Release Announcement - April 2012
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html

プレス発表
IPAと米国NISTとの合意に基づく初の暗号モジュール共同認証を完了
http://www.ipa.go.jp/about/press/20120412.html

[SE-2012-01] Security weakness in Apple Quicktime Java extensions
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00083.html

[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00077.html

[ MDVSA-2012:057 ] freetype2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00079.html

[ MDVSA-2012:056 ] rpm
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00074.html

Crystal Office Suite v1.43 - Buffer Overflow Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00082.html

[SECURITY] [DSA 2449-1] sqlalchemy security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00081.html

Netjuke 1.0 RC1 - SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00075.html

[Suspected Spam] DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00076.html

TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00078.html

online newspaper university"newsdesc.php" SQL Injection Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00080.html

TeamSHATTER Security Advisory: Privilege escalation via internal sql injection in RESTORE DATABASE c
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00073.html

Windows XPとOffice 2003、サポート終了まであと2年に
日本マイクロソフトが移行を呼びかけ、Vistaは延長サポート期間に
http://itpro.nikkeibp.co.jp/article/NEWS/20120413/390842/?ST=security

HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
http://isc.sans.edu/diary.html?storyid=12964

wicd Privilege Escalation 0day exploit for Backtrack 5 R2
http://isc.sans.edu/diary.html?storyid=12967

Apple Java Updates for Mac OS X
http://isc.sans.edu/diary.html?storyid=12973

WordPress 'press-this.php' Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5RP3A0K6UA.html

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securiteam.com/securitynews/5JP390K6UK.html

Oracle Supply Chain Remote Agile Core Technology Vulnerability
http://www.securiteam.com/securitynews/5IP380K6UI.html

Oracle Oracle Enterprise Manager Grid Control Remote EMCTL Vulnerability
http://www.securiteam.com/securitynews/5HP370K6UG.html

Oracle Enterprise Manger Grid Control SQL Performance Advisories/UIs Vulnerability
http://www.securiteam.com/securitynews/5GP360K6UE.html

Red Hat Enterprise MRG Grid Input Validation Flaw in Cumin Management Console Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1026921

epesi BIM Event Description Script Insertion Vulnerability
http://secunia.com/advisories/48783/

Cobbler Multiple Vulnerabilities
http://secunia.com/advisories/48779/

Scrutinizer NetFlow and sFlow Analyzer Security Bypass Vulnerability
http://secunia.com/advisories/48795/

Scrutinizer NetFlow and sFlow Analyzer Multiple Vulnerabilities
http://secunia.com/advisories/48761/

SUSE update for freetype2
http://secunia.com/advisories/48805/

SUSE update for freetype2
http://secunia.com/advisories/48797/

SUSE update for taglib
http://secunia.com/advisories/48792/

SUSE update for python-pam
http://secunia.com/advisories/48746/

SUSE update for chromium
http://secunia.com/advisories/48763/

SUSE update for libpng
http://secunia.com/advisories/48665/

SUSE update for postgresql
http://secunia.com/advisories/48773/

SUSE update for phpPgAdmin
http://secunia.com/advisories/48774/

Ubuntu update for nvidia-graphics-drivers
http://secunia.com/advisories/48793/

NVIDIA Graphics Drivers for Linux GPU Device Node Access Privilege Escalation Vulnerability
http://secunia.com/advisories/48650/

Gallery Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48767/

Debian update for sqlalchemy
http://secunia.com/advisories/48771/

Wicd "SetWiredProperty()" Privilege Escalation Vulnerability
http://secunia.com/advisories/48759/

Red Hat update for tomcat5
http://secunia.com/advisories/48790/

Red Hat update for tomcat6
http://secunia.com/advisories/48791/

atvise webMI2ADS Multiple Vulnerabilities
http://secunia.com/advisories/48814/

Minerva Infotech CMS "ID" SQL Injection Vulnerability
http://secunia.com/advisories/48803/

Tufin SecureTrack Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/48727/

Drupal Fivestar Module Security Bypass Weakness
http://secunia.com/advisories/48788/

CGIProxy Multiple Unspecified Vulnerabilities
http://secunia.com/advisories/48768/

LOCAL: wicd Local Privilege Esclation Exploit
http://www.exploit-db.com/exploits/18733

DoS/PoC: EMC IRM License Server DoS Server 4.6.1.1995
http://www.exploit-db.com/exploits/18734

GNU glibc 'svc_run()' EMFILE Error Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51439

GNU glibc 'addmntent()' Mount Helper Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46740

GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50898

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

'glibc' Library 'locale/programs/locale.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47370

Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973

GNU glibc 'fnmatch()' Function Stack Corruption Vulnerability
http://www.securityfocus.com/bid/46563

Apache Tomcat Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51200

Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Virtual Desktop Infrastructure (VDI) CVE-2011-3571 Remote Vulnerability
http://www.securityfocus.com/bid/51467

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456

Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762

Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
http://www.securityfocus.com/bid/46174

libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891

FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

Microsoft Internet Explorer CVE-2012-0170 OnReadyStateChange Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52904

Microsoft Internet Explorer CVE-2012-0171 SelectAll Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52905

Microsoft Internet Explorer CVE-2012-0169 JScript9 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52902

Microsoft Internet Explorer CVE-2012-0172 VML Style Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52906

Microsoft Internet Explorer CVE-2012-0168 Print Feature Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52889

Wireshark 'call_dissector()' NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52735

Wireshark MP2T Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/52736

Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737

Moodle Multiple Access Permissions Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52631

Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379

libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

OpenStack Compute (Nova) Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52831

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/52381

Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/52687

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

libzip Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52658

GNU Libtasn1 ASN1 Length DER Decoding Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52668

Asterisk 'ast_parse_digest()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52815

Asterisk 'Milliwatt()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52523

taglib Memory Corruption and Infinite Loop Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52290

taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52284

phpCAS Proxy Authorization Security Bypass Vulnerability
http://www.securityfocus.com/bid/52279

phpCAS Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/52280

SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52330

python-paste-script Root GID Files Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/52147

nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52578

RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865

Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52921

Python 'trytond' Module 'Many2Many' Field Security Bypass Vulnerability
http://www.securityfocus.com/bid/52804

Certec atvise webMI2ADS Web Server Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/50048

PHP EXT/Session HTTP Response Header Injection Vulnerability
http://www.securityfocus.com/bid/24268

PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/49249

PHP NULL Character Security Bypass Vulnerability
http://www.securityfocus.com/bid/44951

PHP 'Zip' Extension 'stream_get_contents()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/46969

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

PHP Zend Engine (CVE-2010-4697) Use-after-free Heap Corruption Vulnerability
http://www.securityfocus.com/bid/45952

PHP 'xml_utf8_decode()' UTF-8 Input Validation Vulnerability
http://www.securityfocus.com/bid/44605

PHP 'php_filter_validate_email()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/43926

Wicd 'SetWirelessProperty()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52987

Oracle April 2012 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/53004

Apple QuickTime Java Extension Unspecified Security Vulnerability
http://www.securityfocus.com/bid/53003

Cobbler Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53002

Red Hat Enterprise MRG Management Console Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53000

nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52999

Invision Power Board Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/52998

Minerva Infotech CMS 'ID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52997

Gallery Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52996

Netjuke 'search.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52995

SchoolCenter 'et' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52993

DHTMLX SQL Injection and Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/52991

Scrutinizer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52989

:: IT Security Neophyte Investigator's MEMO ::

2012年4月13日金曜日

13日金曜日、先勝

0 件のコメント:

コメントを投稿

2012年4月13日金曜日

13日 金曜日、先勝

0 件のコメント:

コメントを投稿

13日金曜日、先勝