2012年6月5日火曜日
5日 火曜日、先勝
+ RHSA-2012:0705 Important: openoffice.org security update
http://rhn.redhat.com/errata/RHSA-2012-0705.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334
+ PDFCreator 1.4.0 released
http://www.pdfforge.org/
+ BIND 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, 9.9.1-P1 released
https://deepthought.isc.org/article/AA-00696
https://deepthought.isc.org/article/AA-00695
https://deepthought.isc.org/article/AA-00697
https://deepthought.isc.org/article/AA-00694
+ Handling of zero length rdata can cause named to terminate unexpectedly
https://www.isc.org/software/bind/advisories/cve-2012-1667
https://www.isc.org/advisories/cve-2012-1667-jp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
+ Microsoft Security Advisory (2718704): Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2718704
+ マイクロソフト セキュリティ アドバイザリ (2718704): 承認されていないデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2718704
+ Linux kernel 3.0.33, 3.2.19, 3.3.8, 3.4.1 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.33
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.19
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.8
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1
+ Security Update 2012-06-04 released
http://www.postgresql.org/about/news/1398/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2655
+ PostgreSQL 9.1.4, 9.0.8, 8.4.12, 8.3.19 released
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
+ Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
http://isc.sans.edu/diary.html?storyid=13366
+ Microsoft Windows Includes Some Invalid Certificates
http://www.securitytracker.com/id/1027114
+ SA49338: ISC BIND DNS Resource Records Handling Vulnerability
http://secunia.com/advisories/49338/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
+ ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
Check Point response to "libcrypt 'crypt()' Password Encryption Weakness"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640&src=securityAlerts
Trend Micro Deep Security 8.0 Service Pack 1 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1789
Trend Micro Email Reputation Services の管理用Webポータル移行のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1787
Advisory: Sophos Web Appliance 3.6.2 Upgrade causing proxy availability issues
http://www.sophos.com/en-us/support/knowledgebase/116713.aspx
Advisory: Cisco VPN Client is detected as a controlled application
http://www.sophos.com/en-us/support/knowledgebase/117558.aspx
日本語マニュアルパッケージ ver 3.6.5-1を公開しました。3.6.5対応です。
http://wiki.samba.gr.jp/mediawiki/index.php?title=%E3%83%A1%E3%82%A4%E3%83%B3%E3%83%9A%E3%83%BC%E3%82%B8
「CC評価を理解するための開発者向け説明会」 開催のご案内
http://www.ipa.go.jp/security/jisec/seminar/cc_semi_20120625.html
PowerPointファイルにも危険が潜む、開くだけでウイルス感染の恐れ
悪質なFlashファイルを埋め込み、Flash Playerの脆弱性を悪用
http://itpro.nikkeibp.co.jp/article/NEWS/20120605/400322/?ST=security
Microsoft、IE 10の「Do Not Track」デフォルト有効について広告業界が反発
http://itpro.nikkeibp.co.jp/article/NEWS/20120604/400121/?ST=security
JVNDB-2012-002586 Sympa の投稿保管庫管理ページにおける任意の投稿保管庫を操作される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002586.html
JVNDB-2012-002585 Ubuntu で使用される Update Manager におけるレポジトリ証明書を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002585.html
Decoding Common XOR Obfuscation in Malicious Code
http://isc.sans.edu/diary.html?storyid=13354
vSphere 5.0 Hardening Guide Officially Released
http://isc.sans.edu/diary.html?storyid=13363
Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
http://isc.sans.edu/diary.html?storyid=13366
Browsers and SSL Security - a Race to the Bottom !
http://isc.sans.edu/diary.html?storyid=13372
BIND NULL rdata Field Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1027115
Microsoft Windows Includes Some Invalid Certificates
http://www.securitytracker.com/id/1027114
Bloxx Web Filtering Multiple Vulnerabilities
http://secunia.com/advisories/49334/
ISC BIND DNS Resource Records Handling Vulnerability
http://secunia.com/advisories/49338/
Piwik Multiple Vulnerabilities
http://secunia.com/advisories/49330/
Debian update for libgdata
http://secunia.com/advisories/49362/
Debian update for imp4
http://secunia.com/advisories/49377/
Vanilla Forums Tagging Plugin Discussion/Tags Script Insertion Vulnerability
http://secunia.com/advisories/49380/
SUSE update for kernel
http://secunia.com/advisories/49374/
Vanilla Forums Poll Plugin Poll Title and Answer Title Script Insertion Vulnerabilities
http://secunia.com/advisories/49379/
Membris Multiple Vulnerabilities
http://secunia.com/advisories/49360/
Gentoo update for bind
http://secunia.com/advisories/49353/
SUSE update for strongswan
http://secunia.com/advisories/49336/
WHMCompleteSolution Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/49331/
SUSE update for ImageMagick
http://secunia.com/advisories/49317/
Symfony Session Fixation Vulnerability
http://secunia.com/advisories/49312/
Debian update for nut
http://secunia.com/advisories/49364/
Gentoo update for qt-gui
http://secunia.com/advisories/49383/
PHP 5.3.10 spl_autoload_call() Denial Of Service
http://cxsecurity.com/issue/WLB-2012060026
PHP 5.3.10 spl_autoload_register() Denial Of Service
http://cxsecurity.com/issue/WLB-2012060025
PHP 5.3.10 spl_autoload() Denial Of Service
http://cxsecurity.com/issue/WLB-2012060024
PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012060023
SEOKatalog <= 1.31 (index.php) SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012060022
Vanilla Forums 2.0.18.4 Tagging Enhanced 1.0.1 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060021
Vanilla Forums 2.0.18.4 Poll 0.9 Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060020
Vanilla Forums 2.0.18.4 Tagging Stored Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060019
LOCAL: Sysax <= 5.60 Create SSL Certificate Buffer Overflow
http://www.exploit-db.com/exploits/18981
Request Tracker Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53660
Moodle Multiple Information Disclosure and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53629
Moodle SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53627
Moodle CVE-2012-2367 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53626
Moodle Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53632
Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53347
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0477 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53229
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
Pidgin XMPP Protocol File Transfer Request Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/53706
Pidgin MSN Denial of Service Vulnerability
http://www.securityfocus.com/bid/53400
Drupal Core Path Disclosure Vulnerability
http://www.securityfocus.com/bid/53454
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53676
Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687
Microsoft Windows CVE-2012-1848 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53327
Microsoft GDI+ CVE-2012-0167 EMF Image Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53351
Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53358
Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53326
Microsoft Silverlight Double-Free CVE-2012-0176 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53360
Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53335
Microsoft Windows CVE-2012-0180 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53324
Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50462
Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53363
Ubuntu Update Manager CVE-2012-0949 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53605
Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
strongSwan GMP Plugin Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/53752
Google Chrome prior to 10.0.648.127 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46785
OpenType Sanitizer Off By One Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53222
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0474 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53228
Mozilla Firefox/SeaMonkey/Thunderbird Site Identity Spoofing Vulnerability
http://www.securityfocus.com/bid/53224
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0475 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53230
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-0478 Denial of Service Vulnerability
http://www.securityfocus.com/bid/53227
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0467 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53223
Mozilla Firefox/Thunderbird/SeaMonkey IDBKeyRange Use-After-Free Vulnerability
http://www.securityfocus.com/bid/53220
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0473 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53231
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53221
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-0470 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53225
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53219
Mozilla Firefox/Thunderbird/SeaMonkey 'cairo-dwrite' CVE-2012-0472 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53218
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
IrfanView Formats PlugIn 'NCSEcw.dll' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53744
IrfanView Formats PlugIn TTF File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53756
libgdata SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/52504
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/50523
Network UPS Tools (NUT) 'addchar()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53743
Multiple Horde Products Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/51586
GIMP CVE-2012-2763 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53741
Globus Toolkit GridFTP 'getpwnam_r()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/53778
f2blog 'uploadimg.php' Remote File Upload Vulnerability
http://www.securityfocus.com/bid/53777
Quagga bgpd 'bgp_capability_orf()' BGP OPEN Message Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53775
Piwik Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53773
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
WHMCompleteSolution Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/53770
Hexamail Server Mail Body HTML Injection Vulnerability
http://www.securityfocus.com/bid/53769
Mnews 'view.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53768
Vanilla Forums and Vanilla Forum Tagging Plug-In HTML Injection Vulnerability
http://www.securityfocus.com/bid/53765
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿