2012年5月31日木曜日
31日 木曜日、友引
+ CentOS alert CESA-2012:0699 (openssl)
http://lwn.net/Alerts/499272/
http://lwn.net/Alerts/499273/
+ CentOS alert CESA-2012:0690 (kernel)
http://lwn.net/Alerts/499274/
+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr
+ FreeBSD-SA-12:02.crypt: Incorrect crypt() hashing
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
+ FreeBSD-SA-12:01.openss: OpenSSL multiple vulnerabilities
http://security.freebsd.org/advisories/FreeBSD-SA-12:01.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0985
+ Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2663
+ libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
+ Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/53728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2488
Trend Micro Portable Security 1.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1786
Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx
Security Patch http://www.postgresql.org/about/news/1397/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
Cisco Security Advisory: Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00149.html
[ MDVSA-2012:085 ] tomcat5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00141.html
FreeBSD Security Advisory FreeBSD-SA-12:02.crypt
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00148.html
FreeBSD Security Advisory FreeBSD-SA-12:01.openssl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00147.html
2 Buffer Overflows in Wireless Manager Sony VAIO
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00146.html
AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00144.html
AST-2012-007: Remote crash vulnerability in IAX2 channel driver.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00143.html
Mapserver for Windows (MS4W) Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00142.html
[SECURITY] [DSA 2480-2] request-tracker3.8 regression update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00140.html
個人ユーザーのセキュリティ対策、日本は24カ国中下から4位
http://itpro.nikkeibp.co.jp/article/NEWS/20120531/399562/?ST=security
RSA、中間者攻撃にボットを貸し出す犯罪者向けFaaSを報告
http://itpro.nikkeibp.co.jp/article/NEWS/20120530/399471/?ST=security
UPDATE: JVNVU#542123 複数の DNS ネームサーバの実装に問題
http://jvn.jp/cert/JVNVU542123/index.html
UPDATE: JVNVU#903934 ハッシュ関数を使用しているウェブアプリケーションにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU903934/index.html
JVNVU#773035 AutoFORM PDM に複数の脆弱性
http://jvn.jp/cert/JVNVU773035/index.html
JVNVU#722963 Bloxx Web Filtering に複数の脆弱性
http://jvn.jp/cert/JVNVU722963/index.html
Too Big to Fail / Too Big to Learn?
http://isc.sans.edu/diary.html?storyid=13324
What's in Your Lab?
http://isc.sans.edu/diary.html?storyid=13327
It's Phishing Season! In fact, it's ALWAYS Phishing Season!
http://isc.sans.edu/diary.html?storyid=13330
Cisco IOS XR Packet Processing Flaw Lets Remote Users Deny Service on Certain Devices
http://www.securitytracker.com/id/1027104
Asterisk Null Pointer Dereference in SCCP Channel Driver Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027103
Asterisk IAX2 Channel Driver Invalid Pointer Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027102
Drupal BrowserID Module Audience Identifier Spoofing Vulnerability
http://secunia.com/advisories/49227/
WordPress ALO EasyMail Newsletter Plugin Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49320/
Horde Groupware Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49310/
Horde Groupware Webmail Edition Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49321/
Red Hat update for openssl
http://secunia.com/advisories/49324/
SUSE update for chromium and v8
http://secunia.com/advisories/49278/
SUSE update for wireshark
http://secunia.com/advisories/49307/
SUSE update for net-snmp
http://secunia.com/advisories/49308/
SUSE update for mailman
http://secunia.com/advisories/49337/
AutoFORM PDM Archive Multiple Vulnerabilities
http://secunia.com/advisories/49335/
IBM Java 7 Multiple Vulnerabilities
http://secunia.com/advisories/49333/
Qemu Insecure Temporary File Security Issue
http://secunia.com/advisories/49283/
Asterisk Two Denial of Service Vulnerabilities
http://secunia.com/advisories/49303/
Restlet Framework Unspecified XML External Entity Processing Vulnerability
http://secunia.com/advisories/49251/
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50246
Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50237
Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231
Multiple DeltaV Products Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53591
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51563
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52181
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50239
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Apache Tomcat Parameter Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51447
Horde IMP Webmail Client Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53435
Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53357
Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53356
Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224
Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015
Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50215
Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
Oracle Java SE CVE-2012-0497 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52009
Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50250
Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50243
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218
Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194
Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234
Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50226
Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50216
Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
MPlayer SAMI Subtitle File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49149
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
Linux Kernel KVM 'kvm_apic_accept_pic_intr()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53488
Drupal Comment Moderation Module Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/53738
Mapserver for Windows CVE-2012-2950 Local File Include Vulnerability
http://www.securityfocus.com/bid/53737
Drupal Counter Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/53736
Sony VAIO Wireless Manager ActiveX Control 'WifiMan.dll' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53735
Drupal Mobile Tools Module Multiple Unspecified HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53734
Linux Kernel iptables '--syn' Rules Security Bypass Vulnerability
http://www.securityfocus.com/bid/53733
Drupal Amadou Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53732
NewsAdd Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53730
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
Cisco IOS XR Software Route Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/53728
GDL Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53727
WordPress ALO EasyMail Newsletter Plugin Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53726
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿