2012年5月8日火曜日
8日 火曜日、友引
+ RHSA-2012:0546 Critical: php security update
http://rhn.redhat.com/errata/RHSA-2012-0546.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
+ RHSA-2012:0544 Moderate: ImageMagick security update
http://rhn.redhat.com/errata/RHSA-2012-0544.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1798
+ VMware Player 4.0.3 released
http://www.vmware.com/support/player40/doc/releasenotes_player403.html
+ HPSBMU02775 SSRT100853 rev.1 - HP Performance Insight for Networks Running on HP-UX, Linux, Solaris, and Windows, Remote SQL Injection, Cross Site Scripting (XSS), Privilege Elevation
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03312417%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2009
+ RHSA-2012:0547 Critical: php53 security update
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
+ Dovecot 2.1.6 released
http://www.dovecot.org/list/dovecot-news/2012-May/000223.html
+ Linux kernel 3.0.31, 3.3.5 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.31
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5
+ PHP 5.3.12 and 5.4.2 and the CGI flaw (CVE-2012-1823)
http://www.php.net/archive/2012.php#id2012-05-06-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
+ Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs
http://www.securitytracker.com/id/1027028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0674
+ Symantec Web Gateway Input Validation Hole in 'spywall/timer.php' Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027025
+ Mac OS X FileVault Discloses Passwords to Local Users in Certain Cases
http://www.securitytracker.com/id/1027024
+ PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172
+ Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401
Adobe Flash Player の脆弱性について(APSB12-09)(CVE-2012-0779)
http://www.ipa.go.jp/security/ciadr/vul/20120507-adobe.html
コンピュータウイルス・不正アクセスの届出状況[4月分]について
http://www.ipa.go.jp/security/txt/2012/05outline.html
4月のウイルス検出数は34.7%減、IPA調査
http://itpro.nikkeibp.co.jp/article/NEWS/20120508/394961/?ST=security
Flash Playerに危険な脆弱性、悪用した標的型攻撃が相次ぐ
メールの添付ファイルにわな、ターゲットは防衛関連企業
http://itpro.nikkeibp.co.jp/article/NEWS/20120508/394941/?ST=security
インテック、外部システムとRESTで相互連携できるID管理ソフト新版を出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20120507/394782/?ST=security
ヴイエムウェアが仮想化製品のパッチ、ESXのコード盗難に対応して提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120507/394681/?ST=security
JVNVU#520827 PHP-CGI の query string の処理に脆弱性
http://jvn.jp/cert/JVNVU520827/index.html
JPCERT/CC Alert 2012-05-07 Adobe Flash Player の脆弱性 (APSB12-09) に関する注意喚起
http://www.jpcert.or.jp/at/2012/at120014.html
iOS 5.1.1 Software Update for iPod, iPhone, iPad
http://isc.sans.edu/diary.html?storyid=13144
Apple iOS Bugs Let Remote Users Execute Arbitrary Code and Spoof Address Bar URLs
http://www.securitytracker.com/id/1027028
Symantec Web Gateway Input Validation Hole in 'spywall/timer.php' Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027025
Mac OS X FileVault Discloses Passwords to Local Users in Certain Cases
http://www.securitytracker.com/id/1027024
Symantec Web Gateway "l" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49064/
Apple Mac OS X FileVault Plain Text Password Logging Security Issue
http://secunia.com/advisories/49039/
OpenStack Dashboard (Horizon) Session Fixation Weakness
http://secunia.com/advisories/49024/
Pidgin Two Denial of Service Weaknesses
http://secunia.com/advisories/49036/
ConnMan "dhcpv6_get_option()" Denial of Service Vulnerability
http://secunia.com/advisories/49033/
EMC Documentum IRM Server Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/48690/
IBM Tivoli Access Manager for e-business Java Double Literal Denial of Service Vulnerability
http://secunia.com/advisories/49108/
IBM OS/400 OpenSSL DER Format Data Processing Vulnerability
http://secunia.com/advisories/49107/
SUSE update for rpm and rpm-python
http://secunia.com/advisories/49110/
Genium CMS "itemID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49067/
Ubuntu update for php
http://secunia.com/advisories/49097/
Adobe Flash Player Object Confusion Vulnerability
http://secunia.com/advisories/49096/
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49616
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
ImageMagick Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52898
ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044
ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51957
Google Chrome Prior to 17.0.963.78 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52369
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53210
Asterisk 'ast_parse_digest()' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52815
Asterisk Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/53206
Asterisk SIP Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53205
Asterisk 'Milliwatt()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52523
Puppet Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52975
Linux GNU Debugger 'debug_gdb_scripts' Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50829
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
Python SimpleXMLRPCServer Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51996
Python Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51239
Adobe Flash Player CVE-2012-0779 Object Type Confusion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53395
Samba CVE-2012-2111 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/53307
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51563
MIT Kerberos krb5-appl FTP Daemon EGID Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48571
SolarWinds Storage Manager Server SQL Injection Vulnerability
http://www.securityfocus.com/bid/51639
Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091
OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
JibberBook 'Login_form.php' Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/53413
eFront Cross Site Scripting and Arbitrary File Upload Vulnerabilities
http://www.securityfocus.com/bid/53412
Ramui Forum Script 'query' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53411
connman 'dhcpv6_get_option()' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53410
connman 'hostname' Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/53408
connman CVE-2012-2320 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53406
WebKit CVE-2012-0672 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53404
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
Apple Mac OS X FileVault Plain Text Password Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53402
Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401
OpenStack Dashboard Horizon Session Fixation Vulnerability
http://www.securityfocus.com/bid/53399
Trombinoscope 'photo.php' Server SQL Injection Vulnerability
http://www.securityfocus.com/bid/53398
WordPress 3.3.2 HTML Injection Vulnerability
http://www.securityfocus.com/bid/53397
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿