Fedora 17 Install MEMO

Fedora 17 のインストールメモ

1. DVD インストールメディアからブート、"Install or ..." を選択

2, ブート中

3. インストーラの言語選択、"Japanese（日本語)" を選択

4. キーボードの選択

5. ストレージデバイスの選択

6. ストレージに関する警告

7. ホスト名の入力

8. タイムゾーンの選択

9. root パスワードの入力

10. インストール方法の選択

11. パーティションに関する警告

12. インストールの準備

13. マシンの利用用途の選択

14. パッケージの依存関係を確認中

15. インストールの開始

16. インストール中

17. インストール完了

18. 再起動

19. セットアップ開始

20. ライセンス情報の確認

21. 一般ユーザの作成

22. 日付と時刻の設定

23. ハードウェアのプロファイルの確認

24. ログイン画面

背景に花火が上がりました。(^^;;

31日 木曜日、友引

+ CentOS alert CESA-2012:0699 (openssl)
http://lwn.net/Alerts/499272/
http://lwn.net/Alerts/499273/

+ CentOS alert CESA-2012:0690 (kernel)
http://lwn.net/Alerts/499274/

+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr

+ FreeBSD-SA-12:02.crypt: Incorrect crypt() hashing
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

+ FreeBSD-SA-12:01.openss: OpenSSL multiple vulnerabilities
http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110

+ Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0985

+ Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663

+ libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/53728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2488

Trend Micro Portable Security 1.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1786

Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx

Security Patch http://www.postgresql.org/about/news/1397/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00149.html

[ MDVSA-2012:085 ] tomcat5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00141.html

FreeBSD Security Advisory FreeBSD-SA-12:02.crypt
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00148.html

FreeBSD Security Advisory FreeBSD-SA-12:01.openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00147.html

2 Buffer Overflows in Wireless Manager Sony VAIO
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00146.html

AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00144.html

AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00143.html

Mapserver for Windows (MS4W) Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00142.html

[SECURITY] [DSA 2480-2] request-tracker3.8 regression update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00140.html

個人ユーザーのセキュリティ対策、日本は24カ国中下から4位
http://itpro.nikkeibp.co.jp/article/NEWS/20120531/399562/?ST=security

RSA、中間者攻撃にボットを貸し出す犯罪者向けFaaSを報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120530/399471/?ST=security

UPDATE: JVNVU#542123 複数の DNS ネームサーバの実装に問題
http://jvn.jp/cert/JVNVU542123/index.html

UPDATE: JVNVU#903934 ハッシュ関数を使用しているウェブアプリケーションにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU903934/index.html

JVNVU#773035 AutoFORM PDM に複数の脆弱性
http://jvn.jp/cert/JVNVU773035/index.html

JVNVU#722963 Bloxx Web Filtering に複数の脆弱性
http://jvn.jp/cert/JVNVU722963/index.html

Too Big to Fail / Too Big to Learn?
http://isc.sans.edu/diary.html?storyid=13324

What's in Your Lab?
http://isc.sans.edu/diary.html?storyid=13327

It's Phishing Season! In fact, it's ALWAYS Phishing Season!
http://isc.sans.edu/diary.html?storyid=13330

Cisco IOS XR Packet Processing Flaw Lets Remote Users Deny Service on Certain Devices
http://www.securitytracker.com/id/1027104

Asterisk Null Pointer Dereference in SCCP Channel Driver Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027103

Asterisk IAX2 Channel Driver Invalid Pointer Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027102

Drupal BrowserID Module Audience Identifier Spoofing Vulnerability
http://secunia.com/advisories/49227/

WordPress ALO EasyMail Newsletter Plugin Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49320/

Horde Groupware Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49310/

Horde Groupware Webmail Edition Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49321/

Red Hat update for openssl
http://secunia.com/advisories/49324/

SUSE update for chromium and v8
http://secunia.com/advisories/49278/

SUSE update for wireshark
http://secunia.com/advisories/49307/

SUSE update for net-snmp
http://secunia.com/advisories/49308/

SUSE update for mailman
http://secunia.com/advisories/49337/

AutoFORM PDM Archive Multiple Vulnerabilities
http://secunia.com/advisories/49335/

IBM Java 7 Multiple Vulnerabilities
http://secunia.com/advisories/49333/

Qemu Insecure Temporary File Security Issue
http://secunia.com/advisories/49283/

Asterisk Two Denial of Service Vulnerabilities
http://secunia.com/advisories/49303/

Restlet Framework Unspecified XML External Entity Processing Vulnerability
http://secunia.com/advisories/49251/

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50246

Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50237

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Multiple DeltaV Products Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53591

OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51563

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181

OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50239

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447

Horde IMP Webmail Client Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53435

Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53357

Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53356

Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224

Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015

Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50215

Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236

Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161

Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009

Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50250

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50226

Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50216

Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248

Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019

MPlayer SAMI Subtitle File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49149

Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

Drupal Comment Moderation Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53738

Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
http://www.securityfocus.com/bid/53737

Drupal Counter Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/53736

Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53735

Drupal Mobile Tools Module Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53734

Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733

Drupal Amadou Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53732

NewsAdd Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53730

libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729

Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/53728

GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53727

WordPress ALO EasyMail Newsletter Plugin Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53726

30日 水曜日、先勝

+ RHSA-2012:0699 Moderate: openssl security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0699.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333

+ RHSA-2012:0690 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0690.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136

+ Fedora 17 released
http://fedoraproject.org/ja/get-fedora-options

+ Dovecot 2.1.7 released
http://www.dovecot.org/list/dovecot-news/2012-May/000226.html

+ Sudo 1.8.5p2 released
http://www.sudo.ws/sudo/stable.html#1.8.5p2

+ Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136

ウイルスバスター コーポレートエディション 10.0 Service Pack 1 Patch 4.1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1784

DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00139.html

[ MDVSA-2012:084 ] ncpfs
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00138.html

[ MDVSA-2012:083 ] util-linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00137.html

グーグルの法人向けサービス、セキュリティ規格「ISO 27001」を取得
「Google Apps for Business」が対象
http://itpro.nikkeibp.co.jp/article/NEWS/20120530/399403/?ST=security

高度なターゲット型マルウエア「Flame」、政府主導の攻撃か
http://itpro.nikkeibp.co.jp/article/NEWS/20120529/399281/?ST=security

JVN#85934986 LAN-W300N/R シリーズにおけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN85934986/index.html

JVNDB-2012-002571 dotCMS に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002571.html

JVNDB-2012-002570 Lotus Quickr for Domino の ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002570.html

JVNDB-2012-002569 HP Linux Imaging and Printing の send_data_to_stdout 関数における任意のファイルを上書される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002569.html

JVNDB-2012-002568 xArrow のサーバ機能における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002568.html

JVNDB-2012-002567 xArrow のサーバ機能における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002567.html

JVNDB-2012-002566 xArrow のサーバ機能におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002566.html

JVNDB-2012-002565 xArrow の サーバにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002565.html

JVNDB-2012-002564 Measuresoft ScadaPro Client および ScadaPro Server における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002564.html

JVNDB-2012-002563 Cryptographp の cryptographp.inc.php における CRLF インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002563.html

JVNDB-2012-002562 HAProxy のヘッダキャプチャ機能のトラッシュバッファにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002562.html

JVNDB-2012-002561 Yandex.Server の search/ におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002561.html

JVNDB-2012-002560 MediaChance Real-DRAW PRO におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002560.html

JVNDB-2012-002559 Travelon Express における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002559.html

JVNDB-2012-002558 Travelon Express におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002558.html

JVNDB-2012-002557 Pligg CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002557.html

JVNDB-2012-002556 Pligg CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002556.html

JVNDB-2012-002555 Pligg CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002555.html

JVNDB-2012-002554 Pligg CMS の captcha モジュールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002554.html

JVNDB-2012-002553 OSCommerce Online Merchant におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002553.html

JVNDB-2012-002552 OSCommerce Online Merchant におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002552.html

JVNDB-2012-002551 Support Incident Tracker におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002551.html

JVNDB-2012-002550 Zen Cart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002550.html

JVNDB-2012-002511 Seagate BlackArmor NAS に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002511.html

Speeding up the Web and your IDS / Firewall
http://isc.sans.edu/diary.html?storyid=13318

D-Link DCS-5605 PTZ ActiveX Control 'SelectDirectory()' Method Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5UP3G2K75S.html

VU#773035 AutoFORM PDM Archive contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/773035

VU#722963 Bloxx Web Filter multiple vulnerabilities
http://www.kb.cert.org/vuls/id/722963

Yamamah Database Download Authorisation Security Issue
http://secunia.com/advisories/49298/

TopicsViewer Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/49296/

SUSE update for jakarta-poi
http://secunia.com/advisories/49292/

SUSE update for sudo
http://secunia.com/advisories/49291/

SUSE update for python-django
http://secunia.com/advisories/46841/

TFTPD32 DNS Server Denial of Service Vulnerability
http://secunia.com/advisories/49301/

WinRadius Access-Request Packet Parsing Denial of Service Vulnerability
http://secunia.com/advisories/49299/

LOCAL: ispVM System XCF File Handling Overflow
http://www.exploit-db.com/exploits/18947

DoS/PoC: WinRadius Server 2009 Denial Of Service
http://www.exploit-db.com/exploits/18945

DoS/PoC: Tftpd32 DNS Server 4.00 Denial Of Service
http://www.exploit-db.com/exploits/18946

OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476

Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53569

util-linux Package 'mount' and 'umount' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50941

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Cobbler Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/53666

ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53562

Asterisk SCCP Skinny Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53723

Asterisk IAX2 Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53722

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

Xinetd CVE-2012-0862 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53720

SCLIntra Enterprise Multiple SQL Injection and Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/53718

PBBoard Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53717

AutoFORM PDM Archive Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53716

Bloxx Web Filter Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/53715

Restlet Framework XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53713

unixODBC 'SQLDriverConnect()' 'FILEDSN' and 'DRIVER' Options Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53712

WHMCS 'boleto_bb.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53711

29日 火曜日、赤口

+ PHP vulnerability CVE-2012-1823 being exploited in the wild
http://isc.sans.edu/diary.html?storyid=13312

+ SA49300 VMware vMA Library Loading Privilege Escalation Vulnerability
http://secunia.com/advisories/49300/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2752

+ REMOTE: Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability
http://www.exploit-db.com/exploits/18942

+ DoS/PoC: LibreOffice 3.5.3 .rtf FileOpen Crash
http://www.exploit-db.com/exploits/18940
http://www.securityfocus.com/bid/53700

Trend Micro InterScan Messaging Security Virtual Appliance8.2 Patch 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1781

情報漏えいで生じた費用は1企業当たり2億円、シマンテック調査
http://itpro.nikkeibp.co.jp/article/NEWS/20120529/399261/?ST=security

AXSEEDがMDMとウイルス対策ソフトの連携機能をサービスに追加
http://itpro.nikkeibp.co.jp/article/NEWS/20120528/399240/?ST=security

[ MDVSA-2012:082 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00136.html

[SE-2011-01] Security of SAT TV set-to-boxes and DVB chipsets (details released)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00135.html

WinRadius Server Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00134.html

Tftpd32 DNS Server Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00133.html

JVNDB-2012-002549 Linux Kernel の crypto/ghash-generic.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002549.html

JVNDB-2012-002548 Linux Kernel の sysrq_sysctl_handler 関数におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002548.html

JVNDB-2012-002547 Linux Kernel の setup_cifs_sb 関数におけるサービス運用妨害 (システムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002547.html

JVNDB-2012-002546 Linux Kernel の dma_rx 関数におけるサービス運用妨害 (システムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002546.html

JVNDB-2012-002545 Linux Kernel の fuse_notify_inval_entry 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002545.html

JVNDB-2012-002544 Linux Kernel の CIFSFindNext 関数における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002544.html

JVNDB-2012-002543 Linux Kernel の IPv4 と IPv6 の実装におけるサービス運用妨害 (ネットワーク障害) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002543.html

JVNDB-2012-002542 Linux Kernel のパフォーマンスイベントサブシステムにおけるサービス運用妨害 (システムハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002542.html

JVNDB-2012-002541 Linux Kernel の pmcraid_ioctl_passthrough 関数における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002541.html

JVNDB-2012-002540 Linux Kernel の net/packet/af_packet.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002540.html

JVNDB-2012-002539 Linux Kernel の ptrace_setxregs 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002539.html

JVNDB-2012-002538 Linux Kernel の IPv6 の実装におけるサービス運用妨害 (ネットワーク障害) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002538.html

JVNDB-2012-002537 Linux Kernel の x86_assign_hw_event 関数におけるサービス運用妨害 (パニック) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002537.html

JVNDB-2012-002536 Linux Kernel の tomoyo_mount_acl 関数におけるサービス運用妨害 (OOPS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002536.html

JVNDB-2012-002535 Linux Kernel の net/wireless/nl80211.c におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002535.html

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securiteam.com/securitynews/5LP3H2A75A.html

Joomla JCE Component Security Bypass and Cross-Site Scripting Vulnerabilities
http://www.securiteam.com/securitynews/5KP3G2A75A.html

Seagate BlackArmor Administrative Password Reset Security Issue
http://secunia.com/advisories/49282/

AzDGDatingMedium Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/49294/

activeCollab LDAP Module Information Disclosure Weaknesses
http://secunia.com/advisories/49313/

activeCollab Multiple Vulnerabilities
http://secunia.com/advisories/49274/

VMware vMA Library Loading Privilege Escalation Vulnerability
http://secunia.com/advisories/49300/

VMware vMA Library Loading Privilege Escalation Vulnerability
http://secunia.com/advisories/49322/

Gentoo update for chromium and v8
http://secunia.com/advisories/49306/

iOS 5.1.1 Safari Browser Denial Of Service
http://cxsecurity.com/issue/WLB-2012050204

QuickShare File Share 1.2.1 Directory Traversal
http://cxsecurity.com/issue/WLB-2012050203

Santilga CMS 1.2.6.3 SQL Injection / Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012050202

Symantec Web Gateway 5.0.2 Local File Inclusion
http://cxsecurity.com/issue/WLB-2012050201

Small CMS PHP Code Injection
http://cxsecurity.com/issue/WLB-2012050200

PHP List 2.10.9 PHP Code Injection
http://cxsecurity.com/issue/WLB-2012050199

AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal
http://cxsecurity.com/issue/WLB-2012050198

WhyWeb SQL Injection
http://cxsecurity.com/issue/WLB-2012050197

REMOTE: Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability
http://www.exploit-db.com/exploits/18942

DoS/PoC: LibreOffice 3.5.3 .rtf FileOpen Crash
http://www.exploit-db.com/exploits/18940

Symantec Web Gateway Remote Shell Command Execution Vulnerability
http://www.securityfocus.com/bid/53444

Pidgin MSN Denial of Service Vulnerability
http://www.securityfocus.com/bid/53400

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

Microsoft Windows Partition Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53378

Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53349

Microsoft Windows Firewall CVE-2012-0174 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53352

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865

ikiwiki CVE-2012-0220 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53599

pidgin-otr 'log_message_cb()' Function Format String Vulnerability
http://www.securityfocus.com/bid/53557

Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650

RubyGems mail Directory Traversal and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/53257

Moodle Multiple Access Permissions Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52631

Sectool DBus File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52884

Bind DynDB LDAP 'bind-dyndb-ldap' Package Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53236

WordPress Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53192

Perl Config::IniFiles Module Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53361

DokuWiki 'target' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53041

OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570

OpenStack Dashboard Horizon Session Fixation Vulnerability
http://www.securityfocus.com/bid/53399

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

Linux Kernel NFS Client 'decode_getacl()' Incomplete Fix Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53615

Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655

WeBid 'converter.php' Multiple Remote PHP Code Injection Vulnerabilities
http://www.securityfocus.com/bid/48554

Techphoebe QuickShare File Server FTP Directory Traversal Vulnerability
http://www.securityfocus.com/bid/46165

PHP Volunteer Management Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53707

Tftpd32 DNS Server Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53704

WinRadius Password Option Size Validation Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53702

PHP Volunteer Management Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53701

LibreOffice '.rtf' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/53700

AzDGDatingMedium Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53692

Santilga CMS SQL Injection Vulnerability
http://www.securityfocus.com/bid/53691

b2ePMS Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53690

Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/53703

PHPList 'Sajax.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/53693

28日 月曜日、大安

+ iptables 1.4.14 released
http://www.netfilter.org/projects/iptables/files/changes-iptables-1.4.14.txt

トレンドマイクロ オンラインストレージ SafeSyncにおいて新規ユーザ登録および契約更新ができない現象について
http://www.trendmicro.co.jp/support/news.asp?id=1788

VMSA-2012-0010 VMware vMA addresses a security issue
http://www.vmware.com/security/advisories/VMSA-2012-0010.html

libmnl 1.0.3 released
http://www.netfilter.org/projects/libmnl/downloads.html#libmnl-1.0.3

conntrack-tools 1.2.0 released
http://www.netfilter.org/projects/conntrack-tools/downloads.html

libnetfilter_cttimeout 1.0.0 released
http://www.netfilter.org/projects/libnetfilter_cttimeout/downloads.html

Samba 4.0.0α21が出ました
http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8

プレス発表
「LAN-W300N/R」シリーズにおけるセキュリティ上の弱点（脆弱性）の注意喚起
http://www.ipa.go.jp/about/press/20120525.html

DIT、SSH公開鍵の把握/管理を容易にするソフトを出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20120525/399076/?ST=security

JVN#85934986 LAN-W300N/R シリーズにおけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN85934986/

JVNVU#898083 dotCMS に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU898083/index.html

JVNDB-2012-002534 Google Chrome で使用される Google V8 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002534.html

JVNDB-2012-002533 Google Chrome の PDF 機能におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002533.html

JVNDB-2012-002532 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002532.html

JVNDB-2012-002531 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002531.html

JVNDB-2012-002530 Google Chrome で使用される Google V8 におけるサービス運用妨害 (不正な読み取り操作) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002530.html

JVNDB-2012-002529 Linux 上で動作する Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002529.html

JVNDB-2012-002528 Linux 上で動作する Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002528.html

JVNDB-2012-002527 Google Chrome における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002527.html

JVNDB-2012-002526 Google Chrome におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002526.html

JVNDB-2012-002525 Google Chrome の WebSocket の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002525.html

JVNDB-2012-002524 Google Chrome の Cascading Style Sheets の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002524.html

JVNDB-2012-002523 Google Chrome で使用される Skia におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002523.html

JVNDB-2012-002522 Google Chrome で使用される Google V8 におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002522.html

JVNDB-2012-002521 Adobe Illustrator における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002521.html

JVNDB-2012-002520 Windows Server 2003 上で稼働する Symantec Endpoint Protection におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002520.html

JVNDB-2012-002519 Symantec Endpoint Protection の Manager サービスにおけるファイル挿入攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002519.html

JVNDB-2012-002518 Symantec Endpoint Protection の Manager サービスにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002518.html

JVNDB-2012-002517 Symantec Endpoint Protection および Symantec Network Access Control におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002517.html

JVNDB-2012-000051 (JVN#85934986) LAN-W300N/R シリーズにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000051.html

JVNDB-2012-000050 (JVN#21422837) Roundcube Webmail において任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000050.html

JVNDB-2012-000049 (JVN#39707339) Opera における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000049.html

JVNDB-2012-000047 (JVN#47662377) Sybase 製 EAServer におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000047.html

JVNDB-2012-000048 (JVN#77947437) RSSOwl において任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000048.html

JVNDB-2012-002516 GR Board における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002516.html

JVNDB-2012-002515 GR Board におけるデータを変更または削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002515.html

JVNDB-2012-002514 Tornado の tornado.web.RequestHandler.set_header 関数における CRLF インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002514.html

JVNDB-2012-002513 Pidgin 用の OTR pidgin-otr プラグインにおけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002513.html

JVNDB-2012-002511 (JVNVU#515283) Seagate BlackArmor NAS に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002511.html

JVNDB-2012-002510 Atlassian JIRA および Atlassian Confluence 用 Gliffy プラグインにおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002510.html

JVNDB-2012-002509 Atlassian JIRA 用 TM Software Tempo プラグインにおけるサービス運用妨害 (リソース消費)の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002509.html

JVNDB-2012-002508 WordPress 用 Login With Ajax プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002508.html

JVNDB-2012-002507 Schneider Electric Kerweb および Kerwin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002507.html

GreHack 2012 - Call For Papers (Grenoble, France)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00130.html

Samba NDR PULL DFS EnumArray1 Heap Overflow Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5QP3I1F75S.html

Oracle Industry Applications 'Web UI' Remote Siebel Clinical Vulnerability
http://www.securiteam.com/securitynews/5PP3H1F75G.html

Apple Quicktime "sean atoms" Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5OP3G1F75U.html

New e-mail scam targeting Colombian Internet users: This time claiming to be from the Transport authority
http://isc.sans.edu/diary.html?storyid=13309

Google Publish Transparency Report
http://isc.sans.edu/diary.html?storyid=13300

Technical Analysis of Flash Player CVE-2012-0779
http://isc.sans.edu/diary.html?storyid=13303

VU#898083 dotCMS template permissions allow arbitrary code execution
http://www.kb.cert.org/vuls/id/898083

EMC AutoStart Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027100

VMware vMA Library Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027099

dotCMS Template Processing Code Execution Vulnerability
http://secunia.com/advisories/49276/

ResEdit Named Resources Processing Two Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49267/

PyCrypto ElGamal Key Generation Weakness
http://secunia.com/advisories/49263/

Astaro update for IPsec
http://secunia.com/advisories/49222/

SUSE update for cobbler
http://secunia.com/advisories/49265/

RSSOwl Feed Parsing Script Insertion Vulnerability
http://secunia.com/advisories/49287/

Ubuntu update for openssl
http://secunia.com/advisories/49293/

Debian update for request-tracker3.8
http://secunia.com/advisories/49275/

Logitec LAN-W300N Multiple Products Security Bypass Vulnerability
http://secunia.com/advisories/49289/

EMC AutoStart Multiple Buffer Overflow Vulnerabilities
http://secunia.com/advisories/49302/

bsnes v0.87 Local Daniel Of Service
http://cxsecurity.com/issue/WLB-2012050196

RabidHamster R4 Log Entry sprintf() Buffer Overflow
http://cxsecurity.com/issue/WLB-2012050195

pragmaMx 1.12.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050194

Pligg CMS 1.2.1 Cross Site Scripting / Local File Inclusion
http://cxsecurity.com/issue/WLB-2012050193

DornCMS 1.4 (add_page.php) Arbitrary File Upload
http://cxsecurity.com/issue/WLB-2012050192

DynPage 1.0 Cross Site Request Forgery / Shell Upload
http://cxsecurity.com/issue/WLB-2012050191

WeBid converter.php Remote PHP Code Injection
http://cxsecurity.com/issue/WLB-2012050190

Gekko CMS File Disclosure
http://cxsecurity.com/issue/WLB-2012050189

LogAnalyzer 3.4.2 Cross Site Scripting / SQL Injection / File Read
http://cxsecurity.com/issue/WLB-2012050188

Apache Commons Compress / Apache Ant Denial Of Service
http://cxsecurity.com/issue/WLB-2012050187

Social Engine 4.2.2 Cross Site Request Forgery / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050186

Wireshark 1.6.7 and 1.4.12 Multiple Vulns
http://cxsecurity.com/issue/WLB-2012050185

ResEdit Buffer Overflow Vulnerabilities
http://cxsecurity.com/issue/WLB-2012050184

EMC AutoStart Multiple Buffer Overflows
http://cxsecurity.com/issue/WLB-2012050183

Jaow 2.4.5 Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012050182

REMOTE: QuickShare File Share 1.2.1 Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/18933

REMOTE: Symantec Web Gateway 5.0.2 Remote LFI Root Exploit
http://www.exploit-db.com/exploits/18932

LOCAL: OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
http://www.exploit-db.com/exploits/18923

DoS/PoC: bsnes v0.87 Local Denial Of Service
http://www.exploit-db.com/exploits/18926

Rugged Operating System Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/53215

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

RabidHamster R4 File Disclosure and Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/51967

OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

dotCMS CVE-2012-1826 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53688

Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687

RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53686

Logitec Multiple LAN-W300N Products Security Bypass Vulnerability
http://www.securityfocus.com/bid/53685

bsnes '.nes' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53684

25日 金曜日、友引

+ curl and libcurl 7.26.0 released
http://curl.haxx.se/changes.html#7_26_0

+ SA49286 Apache Ant Bzip2 Compression Denial of Service Vulnerability
http://secunia.com/advisories/49286/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098

+ SA49255 Apache Commons Compress bzip2 Denial of Service Vulnerability
http://secunia.com/advisories/49255/
http://www.securityfocus.com/bid/53676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098

+ SA49191 Linux Kernel Huge Pages Memory Leak Denial of Service Vulnerability
http://www.securityfocus.com/bid/53676
http://secunia.com/advisories/49191/

+ IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53678

Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx

Changes to the Monthly Supplementary CD
http://www.sophos.com/en-us/support/knowledgebase/116933.aspx

Sudo 1.7.10b1 released
http://www.sudo.ws/sudo/devel.html#1.7.10b1

確認画面が「黒」になったら注意、不審なAndroidアプリに気を付けろ
個人情報を盗むアプリが再び出現、公式マーケット以外で配布
http://itpro.nikkeibp.co.jp/article/NEWS/20120524/399027/?ST=security

IBMが『Siri』を禁止：社内情報漏洩を懸念
http://itpro.nikkeibp.co.jp/article/NEWS/20120524/399026/?ST=security

JVNVU#515283 Seagate BlackArmor NAS に脆弱性
http://jvn.jp/cert/JVNVU515283/index.html

[SECURITY] [DSA 2480-1] request-tracker3.8 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00125.html

[ MDVSA-2012:081 ] firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00124.html

[SECURITY] [DSA 2479-1] libxml2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00123.html

[SECURITY] [DSA 2478-1] sudo security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00122.html

[ MDVSA-2012:080 ] wireshark
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00121.html

[CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00129.html

Multiple vulnerabilities in LogAnalyzer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00128.html

Multiple vulnerabilities in Pligg CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00127.html

Multiple XSS in pragmaMx
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00126.html

IPv6 security: New IETF I-Ds, slideware and videos for recent presentations, trainings, etc...
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00120.html

ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00119.html

Social Engine Multiple XSS and CSRF Vulnerabilities
http://www.securiteam.com/securitynews/5YP3H1575W.html

Multiple vBulletin Products Unspecified Security Vulnerability
http://www.securiteam.com/securitynews/5XP3G1575E.html

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027098

Lotus Quickr for Domino ActiveX Control Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027097

Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
http://www.securitytracker.com/id/1027096

Citrix XenApp Unspecified Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027095

Wireshark Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1027094

Symantec Endpoint Protection Bugs Let Remote Users Delete Files and Execute Arbitrary Code and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027093

ISC Feature of the Week: Country Report
http://isc.sans.edu/diary.html?storyid=13291

Symantec End Point Protection Network Access Control 11 Code Execution
http://cxsecurity.com/issue/WLB-2012050181

OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
http://cxsecurity.com/issue/WLB-2012050180

Mod_Auth_OpenID Session Stealing
http://cxsecurity.com/issue/WLB-2012050179

appRain CMF Arbitrary PHP File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2012050178

PHPCollab 2.5 Unauthenticated Access
http://cxsecurity.com/issue/WLB-2012050177

PHPCollab 2.5 Unauthenticated File Upload
http://cxsecurity.com/issue/WLB-2012050176

YDFramework 2.0-Beta1 File Disclosure
http://cxsecurity.com/issue/WLB-2012050175

Drupal Search API 7.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050174

Drupal Taxonomy List 6.x Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050173

Drupal BrowserID 7.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012050172

Jaow CMS "add_ons" SQL Injection Vulnerability
http://secunia.com/advisories/49266/

Drupal Search API Module Script Insertion Vulnerabilities
http://secunia.com/advisories/49236/

SocialEngine Multiple Vulnerabilities
http://secunia.com/advisories/49271/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/49277/

Apache Ant Bzip2 Compression Denial of Service Vulnerability
http://secunia.com/advisories/49286/

Apache Commons Compress bzip2 Denial of Service Vulnerability
http://secunia.com/advisories/49255/

IBM Lotus Quickr for Domino qp2.cab ActiveX Control Vulnerability
http://secunia.com/advisories/49285/

Linux Kernel Huge Pages Memory Leak Denial of Service Vulnerability
http://secunia.com/advisories/49191/

Drupal Taxonomy List Module Taxonomy Information Script Insertion Vulnerability
http://secunia.com/advisories/49238/

Debian update for libxml2
http://secunia.com/advisories/49243/

Debian update for sudo
http://secunia.com/advisories/49244/

Ubuntu update for net-snmp
http://secunia.com/advisories/49279/

LOCAL: Mod_Auth_OpenID Session Stealing Vulnerability
http://www.exploit-db.com/exploits/18917

DoS/PoC: Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.exploit-db.com/exploits/18920

DoS/PoC: Wireshark Multiple Dissector Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/18919

DoS/PoC: Wireshark DIAMETER Dissector Denial of Service
http://www.exploit-db.com/exploits/18918

Request Tracker Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53660

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53228

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0473 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53231

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0478 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53227

Mozilla Firefox/Thunderbird/SeaMonkey 'cairo-dwrite' CVE-2012-0472 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53218

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53223

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0477 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53229

Mozilla Firefox/SeaMonkey/Thunderbird Site Identity Spoofing Vulnerability
http://www.securityfocus.com/bid/53224

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-0470 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53225

OpenType Sanitizer Off By One Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53222

Mozilla Firefox/Thunderbird/SeaMonkey IDBKeyRange Use-After-Free Vulnerability
http://www.securityfocus.com/bid/53220

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53221

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53219

xArrow Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52307

OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/28819

Symantec Endpoint Protection Manager Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50358

appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/51576

EMC AutoStart CVE-2012-0409 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53682

Measuresoft ScadaPro DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53681

SocialEngine Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53680

Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53679

IBM Lotus Quickr 'qp2.cab' ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53678

Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53676

phpCollab Unauthorized Access and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/53675

24日 木曜日、先勝

+ Google Chrome 19.0.1084.52 released
http://googlechromereleases.blogspot.jp/2012/05/stable-channel-update_23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3115

+ UPDATE: APSB12-10 Security bulletin for Adobe Illustrator
http://www.adobe.com/support/security/bulletins/apsb12-10.html

+ Multiple vulnerabilities in Adobe Flashplayer
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0773

+ CVE-2012-0884 Cryptographic Issue in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0884_cryptographic_issue1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884

+ CVE-2012-1182 Arbitrary code execution vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1182_arbitrary_code
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182

+ CVE-2012-0444 Memory corruption vulnerability in Ogg Vorbis
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0444_memory_corruption
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444

+ Multiple vulnerabilities in Adobe Flashplayer
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769

+ Nmap 6.00 Released
http://nmap.org/6/

+ Wireshark DIAMETER Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/53652

+ Wireshark Multiple Dissector Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53651

+ UPDATE: Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.securityfocus.com/bid/53653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394

+ Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

+ Microsoft Windows Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53657

+ SA49200: Microsoft Windows Keyboard Layout Processing Vulnerability
http://secunia.com/advisories/49200/

+ PHP 5.3.12 CGI Argument Injection (PHP Exploit)
http://cxsecurity.com/issue/WLB-2012050165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823

DHCP 4.1-ESV-R5rc2 released
https://deepthought.isc.org/article/AA-00690

Android OSを標的とした不審なアプリに関する注意喚起
http://www.ipa.go.jp/security/topics/alert20120523.html

なりすましメール撲滅に向けたSPF（Sender Policy Framework）導入の手引き
http://www.ipa.go.jp/security/topics/20120523_spf.html

ヤフーが「秘密のID」を導入、なりすまし対策を強化
ユーザーが自分でログイン用IDを設定可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20120524/398743/?ST=security

検索結果に「感染してますよ」、グーグルが「DNS Changer」対策
感染パソコンはネットに接続できなくなる恐れあり
http://itpro.nikkeibp.co.jp/article/NEWS/20120524/398741/?ST=security

JVNDB-2012-002506 Simple PHP Agenda の engine.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002506.html

JVNDB-2012-002505 Hypermethod eLearning Server の admin/setup.inc.php における PHP リモートファイルインクルージョンの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002505.html

JVNDB-2012-002504 Hypermethod eLearning Server の news.php4 における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002504.html

JVNDB-2012-002503 Drupal の includes/bootstrap.inc 内の request_path 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002503.html

JVNDB-2012-002502 Drupal 用 Contact Forms モジュールにおけるモジュールの設定を変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002502.html

JVNDB-2012-002501 Drupal 用 Glossary モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002501.html

JVNDB-2012-002500 Drupal 用 Aberdeen テーマの aberdeen_breadcrumb 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002500.html

JVNDB-2012-002499 Universal Feed Parser におけるサービス運用妨害 (メモリ消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002499.html

JVNDB-2012-002498 WordPress 用 User Photo プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002498.html

JVNDB-2012-002497 WordPress 用 Share and Follow プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002497.html

JVNDB-2012-002496 WordPress 用 Sabre プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002496.html

JVNDB-2012-002495 WordPress 用 Leaflet プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002495.html

JVNDB-2012-002494 WordPress 用 LeagueManager プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002494.html

JVNDB-2012-002493 Chevereto の Upload/engine.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002493.html

JVNDB-2012-002492 Chevereto の Upload/engine.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002492.html

JVNDB-2012-002491 Galette の includes/picture.class.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002491.html

JVNDB-2012-002490 SkinCrafter の InitLicenKeys 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002490.html

JVNDB-2012-002489 Lattice Semiconductor PAC-Designer におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002489.html

JVNDB-2012-002488 Unijimpe Captcha の captchademo.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002488.html

JVNDB-2012-002487 SiliSoftware backupDB() の backupDB.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002487.html

JVNDB-2012-002486 SiliSoftware phpThumb() におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002486.html

JVNDB-2012-002485 Artiphp CMS の artpublic/recommandation/index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002485.html

JVNDB-2012-002484 Artiphp CMS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002484.html

JVNDB-2012-002437 (JVNVU#859230) HP Business Service Management に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002437.html

JVNDB-2012-002483 Viscacha におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002483.html

JVNDB-2012-002482 Viscacha の admin/bbcodes.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002482.html

JVNDB-2012-002481 LongTail JW Player の player.swf におけるクロスサイトスクリプティング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002481.html

JVNDB-2012-002480 PHP Address Book におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002480.html

JVNDB-2012-002479 Joomla! 用の JCE コンポーネントにおける任意の PHP コードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002479.html

JVNDB-2012-002478 Joomla! 用の JCE コンポーネントにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002478.html

JVNDB-2012-002477 複数の Atlassian 製品における任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002477.html

JVNDB-2012-002476 (JVNVU#464683) Android 用の Xelex MobileTrack アプリケーションにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002476.html

JVNDB-2012-002475 (JVNVU#464683) Android 用の Xelex MobileTrack アプリケーションにおけるコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002475.html

JVNDB-2012-002474 Symantec Web Gateway の管理画面における任意のコードをアップロードされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002474.html

JVNDB-2012-002473 Symantec Web Gateway の管理画面のファイル管理スクリプトにおける任意のファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002473.html

JVNDB-2012-002472 Symantec Web Gateway の管理画面における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002472.html

JVNDB-2012-002471 Symantec Web Gateway の管理画面におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002471.html

IP Fragmentation Attacks
http://isc.sans.edu/diary.html?storyid=13282

Problems with MS12-035 affecting XP, SBS and Windows 2003?
http://isc.sans.edu/diary.html?storyid=13285

Apple Quicktime "handling of Sorenson" Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5DP3H0U75G.html

Apple OS X Lion V10.7.4 "libarchive" Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5CP3G0U75U.html

Symantec Endpoint Protection Bug Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1027092

Xelex MobileTrack Information Disclosure and Security Bypass Vulnerabilities
http://secunia.com/advisories/49268/

Symantec Endpoint Protection Arbitrary File Deletion Vulnerability
http://secunia.com/advisories/49248/

Adiscon LogAnalyzer Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/49223/

Symantec Endpoint Protection Denial of Service Vulnerability
http://secunia.com/advisories/49221/

WordPress Profile Builder Plugin Multiple Vulnerabilities
http://secunia.com/advisories/49201/

Ubuntu update for feedparser
http://secunia.com/advisories/49256/

Citrix XenApp Unspecified Denial of Service Vulnerability
http://secunia.com/advisories/49245/

feedparser DOCTYPE and ENTITY XML Declaration Denial of Service Vulnerability
http://secunia.com/advisories/49254/

pragmaMx "img_url" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49280/

pragmaMx Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49242/

mod_auth_openid Database File Insecure Permissions
http://secunia.com/advisories/49247/

Pligg CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49257/

Red Hat update for flash-plugin
http://secunia.com/advisories/49250/

Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/49226/

RT Multiple Vulnerabilities
http://secunia.com/advisories/49259/

RuubikCMS Multiple Vulnerabilities
http://secunia.com/advisories/49235/

Microsoft Windows Keyboard Layout Processing Vulnerability
http://secunia.com/advisories/49200/

Novell Client 4.91 SP3/4 Privilege Escalation
http://cxsecurity.com/issue/WLB-2012050171

Tftpd32 DHCP Serve 4.00 Denial Of Service
http://cxsecurity.com/issue/WLB-2012050170

RuubikCMS 1.1.0 Beta XSS / Disclosure / Directory Traversal
http://cxsecurity.com/issue/WLB-2012050169

Ajaxmint Gallery 1.0 Local File Inclusion
http://cxsecurity.com/issue/WLB-2012050168

Supernews 2.6.1 SQL Injection
http://cxsecurity.com/issue/WLB-2012050167

PHPCollab 2.5 Database Backup Disclosure
http://cxsecurity.com/issue/WLB-2012050166

PHP 5.3.12 CGI Argument Injection (PHP Exploit)
http://cxsecurity.com/issue/WLB-2012050165

REMOTE: FlexNet License Server Manager lmgrd Buffer Overflow
http://www.exploit-db.com/exploits/18915

DoS/PoC:  Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE POC
http://www.exploit-db.com/exploits/18916

Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53569

Wireshark DIAMETER Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/53652

Wireshark Multiple Dissector Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53651

Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.securityfocus.com/bid/53653

Symantec Endpoint Protection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51795

feedparser CVE-2012-2921 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53654

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

IBM WebSphere Application Server Unspecified Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/43875

Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53395

Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53326

Drupal BrowserID (Mozilla Persona) Module Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53673

Drupal Search API Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53672

Drupal Taxonomy List Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53671

BlackArmor Network Administrator Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/53670

PragmaMX CVE-2012-2452 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53669

Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

WordPress Profile Builder Plugin 'key' Parameter Security Bypass Vulnerability
http://www.securityfocus.com/bid/53667

WordPress Profile Builder Plugin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/53665

Adiscon LogAnalyzer Multiple SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53664

Pligg CMS CVE-2012-2436 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53662

Request Tracker Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53660

Ajaxmint Gallery Local File Include Vulnerability
http://www.securityfocus.com/bid/53659

SuperNews SQL Injection Vulnerability
http://www.securityfocus.com/bid/53658

Microsoft Windows Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53657

phpCollab Database Backup Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53656

RuubikCMS Cross Site Scripting, Information Disclosure and Directory Traversal Vulnerabilities
http://www.securityfocus.com/bid/53655

23日 水曜日、赤口

+ Perl 5.16.0 released
http://www.perl.org/get.html

+ Linux kernel 3.4 released
http://www.kernel.org/

+ SYM12-008: Symantec Endpoint Protection Multiple Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0295

+ SYM12-007: Symantec Endpoint Protection Manager 11.x Denial of Service
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1821

+ DBI 1.621 released
http://search.cpan.org/~timb/DBI-1.621/

+ PHP Windows com_print_typeinfo() Buffer Overflow Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027089
http://www.securityfocus.com/bid/53621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2376

+ Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.securityfocus.com/bid/53653

+ PHP Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/53643

DHCP 4.2.4rc2 released
https://deepthought.isc.org/article/AA-00688

CentOS alert CESA-2012:0677 (postgresql)
http://lwn.net/Alerts/498083/

CentOS alert CESA-2012:0678 (postgresql84)
http://lwn.net/Alerts/498084/

CentOS alert CESA-2012:0676 (kvm)
http://lwn.net/Alerts/498085/

CentOS alert CESA-2012:0678 (postgresql)
http://lwn.net/Alerts/498195/

CentOS alert CESA-2012:0683 (bind-dyndb-ldap)
http://lwn.net/Alerts/498196/

ウイルスバスター ビジネスセキュリティ7.0公開とサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1783

ウイルスバスター コーポレートエディション 10.5 Patch 3 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1782

Reporting Security Vulnerabilities to Citrix
http://support.citrix.com/article/CTX081743

MySQL 5.5.26 (Not yet released)
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-26.html

[ MDVSA-2012:079 ] sudo
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00109.html

DC4420 - London DEFCON - May meet - Tuesday May 22nd 2012
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00117.html

Tftpd32 DHCP Server Denial Of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00118.html

[Announcement] CHMags Issue 28, May 2012 Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00116.html

[SECURITY] [DSA 2477-1] sympa security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00115.html

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00114.html

Acuity CMS 2.6.x <= Arbitrary File Upload
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00113.html

Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00112.html

[SECURITY] [DSA 2476-1] pidgin-otr security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00111.html

Call for Papers: The 7th International Conference for Internet Technology and Secured Transactions (
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00110.html

ネット接続できなくなる「DNS Changer」ウイルス、感染確認サイトが公開
サイトにアクセスするだけで感染の有無を判定、JPCERT/CCが構築
http://itpro.nikkeibp.co.jp/article/NEWS/20120523/398383/?ST=security

JVNVU#464683 MobileTrack に複数の脆弱性
http://jvn.jp/cert/JVNVU464683/index.html

JVNDB-2012-002470 ConnMan の dhcpv6_get_option 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002470.html

JVNDB-2012-002469 ConnMan の loopback プラグインにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002469.html

JVNDB-2012-002468 ConnMan におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002468.html

JVNDB-2012-002467 X.Org X11 の os/log.c 内の LogVHdrMessageVerb 関数におけるフォーマットストリングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002467.html

JVNDB-2012-002466 Gajim の src/common/latex.py における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002466.html

JVNDB-2012-002465 texlive-extra-utils の latex2man における任意のファイルを上書される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002465.html

JVNDB-2012-002464 PHP の com_print_typeinfo 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002464.html

JVNDB-2012-002463 RealNetworks RealPlayer におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002463.html

JVNDB-2012-002462 RealNetworks RealPlayer における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002462.html

JVNDB-2012-002461 sudo におけるコマンドの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002461.html

JVNDB-2012-002460 Drupal 用 Take Control モジュールにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002460.html

JVNDB-2012-002459 HP OpenVMS の ACMELOGIN の実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002459.html

Oracle Database Server Remote Enterprise Manager Base Platform Vulnerability
http://www.securiteam.com/securitynews/5LP3J0A75A.html

Apple Safari 5.1.7 Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5KP3I0A75A.html

Apple Quicktime Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5JP3H0A75A.html

Apple OS X Lion Bluetooth Arbitrary Code Execution Vulnerability
http://www.securiteam.com/securitynews/5IP3G0A75A.html

nmap 6 released
http://isc.sans.edu/diary.html?storyid=13267

The "Do Not Track" header
http://isc.sans.edu/diary.html?storyid=13273

When factors collapse and two factor authentication becomes one.
http://isc.sans.edu/diary.html?storyid=13276

Xen PV Bootloader Bug Lets Local Guest Users Crash the System
http://www.securitytracker.com/id/1027090

Linux Kernel KVM Memory Slot Management Flaw Lets Local Guest Users Deny Service on the Guest Operating System
http://www.securitytracker.com/id/1027083

Serendipity Input Validation Flaw in 'functions_trackbacks.inc.php' Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027079

Nmap Port Scanner 6.00 Released
http://cxsecurity.com/issue/WLB-2012050164

PHP <= 5.4.3 (com_event_sink) Code Execution Proof of Concept
http://cxsecurity.com/issue/WLB-2012050163

Yandex.Server 2010 9.0 Enterprise Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050162

Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow
http://cxsecurity.com/issue/WLB-2012050161

HP StorageWorks P4000 Virtual SAN Appliance Command Execution
http://cxsecurity.com/issue/WLB-2012050160

CHICCO SnoopyClub Cross Site Scripting / SQL Injection
http://cxsecurity.com/issue/WLB-2012050159

FlexNet License Server Manager lmgrd Buffer Overflow
http://cxsecurity.com/issue/WLB-2012050158

Plogger Photo Gallery SQL Injection
http://cxsecurity.com/issue/WLB-2012050157

Active Collab "chat module" 2.3.8 Remote PHP Code Injection
http://cxsecurity.com/issue/WLB-2012050156

phAlbum PHP Gallery Script Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050155

LOCAL: Novell Client 4.91 SP4 Privilege Escalation Exploit
http://www.exploit-db.com/exploits/18914

Xen PyGrub Kernel Decompression Denial of Service Vulnerability
http://secunia.com/advisories/49184/

Red Hat update for JBoss Enterprise Web Server
http://secunia.com/advisories/49270/

Red Hat update for bind-dyndb-ldap
http://secunia.com/advisories/49269/

Red Hat update for postgresql
http://secunia.com/advisories/49272/

Red Hat update for postgresql and postgresql84
http://secunia.com/advisories/49273/

Mosh Escape Sequence Denial of Service Vulnerability
http://secunia.com/advisories/49260/

HAProxy Trash Buffer Overflow Vulnerability
http://secunia.com/advisories/49261/

Vanilla Forums FirstLastNames Plugin Profile Two Script Insertion Vulnerabilities
http://secunia.com/advisories/49215/

Astaro update for openssl
http://secunia.com/advisories/49214/

Ubuntu update for libxml2
http://secunia.com/advisories/49258/

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488

Bind DynDB LDAP 'bind-dyndb-ldap' Package Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53236

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0458 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52460

Symantec Endpoint Protection Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51795

Apache Tomcat Request Object Security Bypass Vulnerability
http://www.securityfocus.com/bid/51442

Apache Tomcat Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51200

Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456

Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447

Apache Tomcat AJP Protocol Security Bypass Vulnerability
http://www.securityfocus.com/bid/49353

Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
http://www.securityfocus.com/bid/49762

Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48667

Perl Config::IniFiles Module Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53361

Moodle Multiple Access Permissions Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52631

Novell Client for Windows 'nicm.sys 'Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/27209

PHP 'com_print_typeinfo()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53621

FlexNet License Server Manager 'lmgrd' Component Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52718

Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

SuperNews 'noticia' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/38988

feedparser CVE-2012-2921 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53654

Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.securityfocus.com/bid/53653

HAProxy Trash Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53647

Mosh Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53646

Plogger Photo Gallery SQL Injection Vulnerability
http://www.securityfocus.com/bid/53644

PHP Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/53643

Symantec Endpoint Protection CVE-2012-0295 File Include Vulnerability
http://www.securityfocus.com/bid/53183

Symantec Endpoint Protection CVE-2012-0294 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53182

Symantec Endpoint Protection Manager Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50358