2013年3月29日金曜日
29日 金曜日、先勝
+ RHSA-2013:0689 Important: bind security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0689.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ CESA-2013:0687 Moderate CentOS 6 pixman Update
http://lwn.net/Alerts/544936/
+ Scientific Linux 6.4 released
http://ftp.scientificlinux.org/linux/scientific/documents/tuv/6/Release.Notes.64.html
http://ftp.scientificlinux.org/linux/scientific/documents/tuv/6/Technical.Notes.64.html
+ RHSA-2013:0690 Important: bind97 security update
http://rhn.redhat.com/errata/RHSA-2013-0690.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ Linux Kernel NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/58202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
+ ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
[復旧] 各種サポートサービスページのアクセス不可について
http://www.trendmicro.co.jp/support/news.asp?id=1935
Upcoming PostgreSQL Security Release: April 4, 2013
http://www.postgresql.org/about/news/1454/
DNS サーバ BIND の脆弱性対策について(CVE-2013-2266)
http://www.ipa.go.jp/security/ciadr/vul/20130328-bind.html
「クラウドコンピューティングのセキュリティに関連する国際動向」レポート
~日米欧の政府における取組みと国際標準化活動の動向~
http://www.ipa.go.jp/security/technicalwatch/20130328.html
プレス発表
「第9回IPA情報セキュリティ標語・ポスター・4コマ漫画コンクール」募集開始
http://www.ipa.go.jp/about/press/20130328_3.html
プレス発表
「企業ウェブサイトのための脆弱性対応ガイド」などの公開および「脆弱性ハンドブック」を発行
~「情報システム等の脆弱性情報の取扱いに関する研究会」の活動成果~
http://www.ipa.go.jp/about/press/20130328_2.html
標的型攻撃の現状と対策
第5回 標的メールの最新手口
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464732/?ST=security
警察庁が「サイバー攻撃特別捜査隊」設置、140人の専従捜査員を投入
http://itpro.nikkeibp.co.jp/article/NEWS/20130328/466829/?ST=security
アズジェント、中堅・中小企業を対象としたセキュリティ運用監視サービスを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130328/466762/?ST=security
トレンドマイクロ、セキュリティ新戦略「カスタムディフェンス」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130328/466683/?ST=security
JVN#51305555 Lotus Domino におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN51305555/
2013年3月28日木曜日
28日 木曜日、赤口
+ RHSA-2013:0687 Moderate: pixman security update
http://rhn.redhat.com/errata/RHSA-2013-0687.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591
+ RHSA-2013:0685 Moderate: perl security update
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ Google Chrome 26.0.1410.43 released
http://googlechromereleases.blogspot.jp/2013/03/stable-channel-update_26.html
+ nginx-1.3.15 development version released
http://nginx.org/en/download.html
+ CESA-2013:0685 Moderate CentOS 6 perl Update
http://lwn.net/Alerts/544631/
+ CESA-2013:0685 Moderate CentOS 5 perl Update
http://lwn.net/Alerts/544633/
+ CESA-2013:0683 Moderate CentOS 5 axis Update
http://lwn.net/Alerts/544472/
+ BIND 9.9.2-P2, 9.8.4-P2 released
https://kb.isc.org/article/AA-00889
https://kb.isc.org/article/AA-00888
+ DHCP 4.2.5-P1 released
https://kb.isc.org/article/AA-00891
+ A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2
https://www.isc.org/software/dhcp/advisories/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494
+ A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
https://www.isc.org/software/bind/advisories/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03701301-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03691745-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053
+ HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0158
+ Microsoft Security Advisory (2819682) Security Updates for Microsoft Windows Store Applications
http://technet.microsoft.com/en-us/security/advisory/2819682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299
+ マイクロソフト セキュリティ アドバイザリ (2819682) Microsoft Windows ストア アプリケーション用のセキュリティ更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2819682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299
+ ISC BIND 9 サービス運用妨害の脆弱性 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266) に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130017.html
+ BIND Regex Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028362
http://secunia.com/advisories/52782/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages
http://www.securitytracker.com/id/1028341
http://secunia.com/advisories/52779/
http://www.securityfocus.com/bid/58713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299
+ SA52724 Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability
http://secunia.com/advisories/52724/
+ SA52760 Linux Kernel "i915_gem_execbuffer_relocate_slow()" Integer Overflow Vulnerability
http://secunia.com/advisories/52760/
+ SA52761 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/52761/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0926
+ McAfee Virtual Technician ActiveX Control 'Save()' Insecure Method Vulnerability
http://www.securityfocus.com/bid/58750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5879
+ ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+ IBM Lotus Domino 'x.nsf' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58715
Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92464&src=securityAlerts
SWF_EXLPOIT.TM の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1932
InterScan WebManager 8.0 Build0820 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1929
「脆弱性を利用した新たなる脅威に関する調査」報告書の公開
~複数の罠が仕込まれた標的型攻撃の事例紹介~
http://www.ipa.go.jp/security/vuln/report/newthreat201303.html
IPA テクニカルウォッチ
知らぬ間にプライバシー情報の非公開設定を公開設定に変更されてしまうなどの『クリックジャッキング』に関するレポート
~クリックジャッキング攻撃の対策が行われていたのは、56サイトの内3サイト~
http://www.ipa.go.jp/about/technicalwatch/20130326.html
世界のセキュリティ・ラボから
新たな攻撃ツール「Neutrino」
http://itpro.nikkeibp.co.jp/article/COLUMN/20130326/466262/?ST=security
マイナンバー関連ITの検討が本格化
政府CIOの役割・権限も明確に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130315/463754/?ST=security
クラウド時代のデータ防衛術
[心配-3]クラウドのデータは本当に安全なのか?
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462467/?ST=security
標的型攻撃の現状と対策
第4回 標的型攻撃メールの傾向
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464731/?ST=security
PC用Webブラウザー「Chrome 26」リリース、スペルチェック強化と脆弱性修正
http://itpro.nikkeibp.co.jp/article/NEWS/20130327/466370/?ST=security
クラウド時代のデータ防衛術
[心配-2]他人事ではない“炎上”、個人情報はなぜ暴かれる
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462466/?ST=security
標的型攻撃の現状と対策
第3回 標的型攻撃を想定したシステム設計
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464730/?ST=security
CRYPTRECの電子政府推奨暗号、国産の「Camellia」や「KCipher-2」などリスト入り
http://itpro.nikkeibp.co.jp/article/NEWS/20130326/466241/?ST=security
REMOTE: ActFax 5.01 RAW Server Buffer Overflow
http://www.exploit-db.com/exploits/24890
REMOTE: HP Intelligent Management Center Arbitrary File Upload
http://www.exploit-db.com/exploits/24891
REMOTE: Rosewill RSVA11001 - Remote Command Injection
http://www.exploit-db.com/exploits/24892
2013年3月26日火曜日
26日 火曜日、仏滅
+ HPSBPV02855 SSRT100512 rev.1 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03699981-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5216
+ HPSBUX02857 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714148-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ RHSA-2013:0683 Moderate: axis security update
http://rhn.redhat.com/errata/RHSA-2013-0683.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784
+ Linux Kernel before 3.8.4 signal always clear sa_restorer on exehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
http://cxsecurity.com/issue/WLB-2013030218
+ Linux Kernel before 3.5.7 xfrm_user NULL Pointer
http://cxsecurity.com/issue/WLB-2013030219
+ SA52708 Apache mod_ruid2 chroot Security Bypass Security Issue
http://secunia.com/advisories/52708/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1889
+ mod_ruid2 'chroot()' Function Security Vulnerability
http://www.securityfocus.com/bid/58647
+ Linux Kernel KVM 'MSR_KVM_SYSTEM_TIME' Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/58605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
+ Linux Kernel KVM http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
プレス発表
"セキュアな自動車"に向けて「自動車の情報セキュリティへの取組みガイド」等を公開
~企画段階から廃棄段階まで、自動車セキュリティを検討すべき15個のポイント~
http://www.ipa.go.jp/about/press/20130325_2.html
プレス発表
組織における内部不正防止ガイドラインを公開
~内部不正対策に悩んでいる組織のためのガイドラインを公開~
http://www.ipa.go.jp/about/press/20130325.html
セキュリティ・ホットトピックス
韓国大規模サイバー攻撃に学ぶ今後の教訓
http://itpro.nikkeibp.co.jp/article/COLUMN/20130325/465912/?ST=security
クラウド時代のデータ防衛術
[心配-1]いつも同じような広告が…私の履歴を誰かが見ている?
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462465/?ST=security
記者の眼
“滝”のようなサイバー攻撃を社長に見せられる、警告システム「DAEDALUS」
http://itpro.nikkeibp.co.jp/article/Watcher/20130315/463731/?ST=security
標的型攻撃の現状と対策
第2回 4段階で進む標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464729/?ST=security
「何度押しても消えませんよ」、Twitter上でブラウザー破壊リンクが出回る
http://itpro.nikkeibp.co.jp/article/NEWS/20130325/465701/?ST=security
富士通SSL、標的型攻撃のなりすましメールを判断/警告するソフトを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130325/465665/?ST=security
REMOTE: Mitsubishi MX ActiveX Component v3 (ActUWzd.dll (WzTitle)) - Remote Exploit
http://www.exploit-db.com/exploits/24886
REMOTE: KingView Log File Parsing Buffer Overflow
http://www.exploit-db.com/exploits/24887
REMOTE: Mutiny Remote Command Execution
http://www.exploit-db.com/exploits/24888
LOCAL: LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0-day
http://www.exploit-db.com/exploits/24884
LOCAL: LiquidXML Studio 2010 ActiveX Remote 0-day
http://www.exploit-db.com/exploits/24885
DoS/PoC: IconCool MP3 WAV Converter 3.00 Build 120518 - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24880
2013年3月25日月曜日
25日 月曜日、先負
+ HS13-005 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-005/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ HS13-005 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-005/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ GCC 4.8.0 released
http://gcc.gnu.org/gcc-4.8/
+ OpenSSH 6.2 released
http://www.openssh.com/txt/release-6.2
+ LibreOffice Update Verification Flaw Lets Remote Users Spoof the Update Server
http://www.securitytracker.com/id/1028336
http://secunia.com/advisories/51701/
JAVA_JSHRINK.A の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1928
IPA テクニカルウォッチ
『クライアントソフトウェアの脆弱性対策』に関するレポート
~クライアントソフトウェアの脆弱性対策の必要性理解と促進~
http://www.ipa.go.jp/about/technicalwatch/20130322.html
「中国のIPアドレス」は誤り、接続元は組織内――韓国サイバー攻撃
「グローバルIPアドレス」を「プライベートIPアドレス」として使用
http://itpro.nikkeibp.co.jp/article/NEWS/20130325/465521/?ST=security
最新サイバー攻撃に備える
丸投げが内部犯行を引き起こす
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453542/?ST=security
クラウド時代のデータ防衛術
クラウド時代の心配事
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462464/?ST=security
標的型攻撃の現状と対策
第1回 標的型攻撃の実状
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464728/?ST=security
セーフネット、組み込み強化でライセンス管理のAndroid版もリリース予定
http://itpro.nikkeibp.co.jp/article/NEWS/20130322/465321/?ST=security
遠隔操作ウイルス事件容疑者をハイジャック防止法違反などで起訴、東京地検
http://itpro.nikkeibp.co.jp/article/NEWS/20130322/465269/?ST=security
ロックインターナショナル、未知ファイルの実行禁止ソフト新版は未知URLへの通信も禁止
http://itpro.nikkeibp.co.jp/article/NEWS/20130322/465270/?ST=security
韓国を襲った大規模なサイバー攻撃、銀行業務の一時ストップなど深刻な被害
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464944/?ST=security
JVNVU#94801198 Core FTP にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU94801198/
JVNVU#93435452 NVIDIA 製ビデオカードのディスプレイドライバに複数の脆弱性
http://jvn.jp/cert/JVNVU93435452/
REMOTE: Apache Struts ParametersInterceptor Remote Code Execution
http://www.exploit-db.com/exploits/24874
REMOTE: Sami FTP Server LIST Command Buffer Overflow
http://www.exploit-db.com/exploits/24875
REMOTE: Cool PDF Image Stream Buffer Overflow
http://www.exploit-db.com/exploits/24876
LOCAL: Photodex ProShow Producer v5.0.3310 ScsiAccess - Local Privilege Escalation
http://www.exploit-db.com/exploits/24872
DoS/PoC: GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS
http://www.exploit-db.com/exploits/24865
DoS/PoC: TP-Link TL-WR740N Wireless Router - Denial Of Service Exploit
http://www.exploit-db.com/exploits/24866
2013年3月22日金曜日
22日 金曜日、赤口
+ RHSA-2013:0669 Moderate: qt security update
http://rhn.redhat.com/errata/RHSA-2013-0669.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254
+ RHSA-2013:0668 Moderate: boost security update
http://rhn.redhat.com/errata/RHSA-2013-0668.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677
+ HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03710522-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
http://www.vmware.com/security/advisories/VMSA-2013-0003.html
+ SYM13-003 Security Advisories Relating to Symantec Products - Symantec Enterprise Vault Local Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1609
+ Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028330
http://www.securityfocus.com/bid/58617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1609
+ Symantec NetBackup Appliance Management Console Lets Remote Authenticated Users Download Files
http://www.securitytracker.com/id/1028329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608
+ Apple iPhone Bug Lets Local Users Bypass the Lock Screen to Access the Phone Application
http://www.securitytracker.com/id/1028326
+ VU#370868 CoreFTP contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/370868
+ SA52669 MySQL yaSSL TLS CBC Ciphersuite Plaintext Recovery Weakness
http://secunia.com/advisories/52669/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1623
+ SA52735 Symantec NetBackup Appliance Management Console Directory Traversal Vulnerability
http://secunia.com/advisories/52735/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608
+ Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow
http://cxsecurity.com/issue/WLB-2013030180
+ Linux Kernel ext3 format string issues
http://cxsecurity.com/issue/WLB-2013030174
+ Linux Kernel kvm Multiple Vulns
http://cxsecurity.com/issue/WLB-2013030175
世界のセキュリティ・ラボから
Asproxスパムボットが復活、より効率的に活動
http://itpro.nikkeibp.co.jp/article/COLUMN/20130319/464322/?ST=security
スマホで安全に企業ネット接続
[仮想デスクトップ]自席のパソコン環境をクラウドへ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130308/462016/?ST=security
マルウエアまん延の原因はパッチ更新管理サーバーのハッキング、韓国政府機関が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464942/?ST=security
韓国襲ったサイバー攻撃、Linuxも攻撃してデータ消去---シマンテックの追加調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464842/?ST=security
最新版iOS 6.1.3のパスコードロック迂回策、早くもネットで出回る
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464669/?ST=security
AppleがiPhone/iPad用OSの最新版「iOS 6.1.3」提供開始、セキュリティや地図を改良
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464667/?ST=security
韓国の大規模サイバー攻撃は非正規Windowsサーバーのパッチ配布が原因
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464661/?ST=security
[続報]韓国への大規模サイバー攻撃、攻撃内容はハードディスクの破壊
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464626/?ST=security
JVNVU#99357833 askiaweb に複数の脆弱性
http://jvn.jp/cert/JVNVU99357833/index.html
JVNVU#98342319 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU98342319/index.html
2013年3月21日木曜日
21日 木曜日、大安
+ RHSA-2013:0663 Moderate: sssd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0663.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0287
+ About the security content of Apple TV 5.2.1
http://support.apple.com/kb/HT5702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
+ About the security content of iOS 6.1.3
http://support.apple.com/kb/HT5704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912
+ CESA-2013:0663 Moderate CentOS 6 sssd Update
http://lwn.net/Alerts/543597/
+ CESA-2013:0656 Moderate CentOS 6 krb5 Update
http://lwn.net/Alerts/543414/
+ Multiple vulnerabilities in yaSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1623_timing_side
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
+ Multiple cross-site scripting (XSS) vulnerabilities in JFreeChart
https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_xss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6307
+ CVE-2008-4316 Numeric Errors vulnerability in Glib
https://blogs.oracle.com/sunsecurity/entry/cve_2008_4316_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4316
+ CVE-2013-1492 Buffer Overflow vulnerability in yaSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1492
+ CVE-2012-0553 Buffer Overflow vulnerability in yaSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0553
+ SYM13-002 Security Advisories Relating to Symantec Products - Symantec NetBackup Management Console Directory Traversal File Download
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130320_00
+ Samba 4.0.4 Available for Download
http://samba.org/samba/history/samba-4.0.4.html
+ Apple iOS Bugs Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
+ Samba Active Directory Domain Controller File Permission Flaw Lets Remote Authenticated Users Access Files
http://www.securitytracker.com/id/1028312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863
+ McAfee Vulnerability Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028311
+ SA52661 Linux Kernel ext3 Message Logging Format String Vulnerabilities
http://secunia.com/advisories/52661/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
+ SA52685 Apple TV Two Security Bypass Vulnerabilities
http://secunia.com/advisories/52685/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
+ SA52305 Linux Kernel User Namespace Sharing Privilege Escalation Vulnerability
http://secunia.com/advisories/52305/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1858
+ SA52665 FreeBSD i915 DRM Driver Privilege Escalation Vulnerability
http://secunia.com/advisories/52665/
+ Linux Kernel kvm Multiple Vulns
http://cxsecurity.com/issue/WLB-2013030175
+ Linux Kernel ext3 format string issues
http://cxsecurity.com/issue/WLB-2013030174
+ Microsoft Windows USB RNDIS Overflow
http://cxsecurity.com/issue/WLB-2013030154
+ Linux Kernel 'cdc-wdm' USB Device Driver Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860
+ Linux Kernel KVM CVE-2013-1796 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
+ Linux Kernel Netlink Interface CVE-2013-1873 Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1873
+ Samba CVE-2013-1863 Insecure Permissions Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/58596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1863
+ Symantec NetBackup Appliance Management Console CVE-2013-1608 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/58542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608
+ Apple iPhone/iPad/iPod touch Prior to iOS 6.1.3 CVE-2013-0978 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0978
+ Apple iPhone/iPad/iPod touch Prior to iOS 6.1.3 Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/58589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0981
+ Apple iPhone/iPad/iPod touch Prior to iOS 6.1.3 CVE-2013-0979 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/58588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0979
+ Apple iPhone/iPad/iPod touch Prior to iOS 6.1.3 CVE-2013-0977 Security Bypass Vulnerability
http://www.securityfocus.com/bid/58586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0977
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45/R75.46/E80.41
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
国内Webサイトの改ざん相次ぐ、アクセスするとウイルス感染の恐れ
環境省の「CO2みえ~るツール」は氷山の一角、管理者は早急に確認を
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464622/?ST=security
チェックしておきたい脆弱性情報<2013.03.21>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130319/464321/?ST=security
スマホで安全に企業ネット接続
[リモートアクセス]社外からVPNトンネルでLANへ
携帯電話網限定のサービスも
http://itpro.nikkeibp.co.jp/article/COLUMN/20130308/462015/?ST=security
韓国で大規模サイバー攻撃か、放送局や銀行のシステムがダウン
http://itpro.nikkeibp.co.jp/article/NEWS/20130320/464581/?ST=security
「服が透けるカメラアプリ」、ダウンロードすると2万9000円の請求---シマンテックが警告
http://itpro.nikkeibp.co.jp/article/NEWS/20130319/464475/?ST=security
「パケットとログのビッグデータ分析でいつもと違う攻撃を検知」、RSA会長
http://itpro.nikkeibp.co.jp/article/NEWS/20130319/464470/?ST=security
「アノニマスとの共謀」でロイター編集者を起訴
http://itpro.nikkeibp.co.jp/article/NEWS/20130319/464283/?ST=security
「NTTデータへの信頼が崩れた」
岩本社長がカード偽造事件の再発防止誓う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130315/463743/?ST=security
JVN#59503133 複数の NEC 製モバイルルータにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN59503133/
VU#406596 Askiaweb survey application contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/406596
LOCAL: EastFTP ActiveX Control 0Day
http://www.exploit-db.com/exploits/24863
2013年3月19日火曜日
19日 火曜日、先負
+ RHSA-2013:0656 Moderate: krb5 security update
http://rhn.redhat.com/errata/RHSA-2013-0656.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415
+ CESA-2013:0646 Moderate CentOS 5 pidgin Update
http://lwn.net/Alerts/543059/
+ PHP 5.4.13, 5.3.23 released
http://php.net/archive/2013.php#id2013-03-14-1
+ Samba 3.6.13 Available for Download
http://samba.org/samba/history/samba-3.6.13.html
+ Cisco IOS/IOS XE Type 4 Password Hashing Weakness Facilitates Brute-Force Password Cracking Attempts
http://www.securitytracker.com/id/1028306
http://cxsecurity.com/issue/WLB-2013030150
+ SA52640 Linux Kernel "install_user_keyrings()" Race Condition Vulnerability
http://secunia.com/advisories/52640/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
+ SA52688 McAfee Vulnerability Manager Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52688/
+ MySQL and MariaDB Geometry Query Denial Of Service Vulnerability
http://www.securityfocus.com/bid/58511
ウイルスバスター モバイル for Android 電話お問い合わせ窓口につながらない
http://www.trendmicro.co.jp/support/news.asp?id=1926
プレス発表
「スマートテレビの脆弱性検出に関するレポート」を公開
~4機種のスマートテレビから10件の脆弱性を検出、オープンソースソフトウェアの影響の可能性~
http://www.ipa.go.jp/about/press/20130318.html
「NTTデータへの信頼が崩れた」
岩本社長がカード偽造事件の再発防止誓う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130315/463743/?ST=security
[リモートデスクトップ]自席パソコンの「画面情報」を転送
事業者が認証と中継を行う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130308/462012/?ST=security
デジタルアーツ、端末側にデータを残さないAndroid/iOS向けWebブラウザーを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20130318/464222/?ST=security
環境省のCO2見える化Webサイトが改ざん被害、発覚までの12日間にウイルス拡散か
http://itpro.nikkeibp.co.jp/article/NEWS/20130318/464055/?ST=security
JINS(ジンズ)メガネ通販ショップ、カード不正利用7件を確認
http://itpro.nikkeibp.co.jp/article/NEWS/20130318/463926/?ST=security
最新サイバー攻撃に備える
不正サイト使うなりすましに注意
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453543/?ST=security
これだけはマスター!情報戦略キーワード
顔認証技術とは
Face Recognition Technology
http://itpro.nikkeibp.co.jp/article/Keyword/20130315/463707/?ST=security
JVN#41022517 VxWorks Web Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN41022517/index.html
JVN#65923092 VxWorks の WebCLI におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN65923092/index.html
JVN#20671901 VxWorks の SSH サーバ (IPSSH) におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN20671901/index.html
JVN#52492830 VxWorks の SSH サーバ (IPSSH) におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN52492830/index.html
JVN#01611135 VxWorks の SSH サーバ (IPSSH) におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN01611135/index.html
JVN#45545972 VxWorks の SSH サーバ (IPSSH) におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN45545972/index.html
JVNVU#95668478 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU95668478/index.html
JVNVU#90360497 Apple OS X における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU90360497/index.html
JVNVU#93436975 Apple OS X Server における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU93436975/index.html
VU#278204 Verizon Fios Actiontec model MI424WR-GEN3I router vulnerable to cross-site request forgery
http://www.kb.cert.org/vuls/id/278204
VU#737740 Fiery 2.0 print controllers use a vulnerable version of OpenSSL
http://www.kb.cert.org/vuls/id/737740
2013年3月15日金曜日
15日 金曜日、大安
+ RHSA-2013:0646 Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2013-0646.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
+ About the security content of Safari 6.0.3
http://support.apple.com/kb/HT5671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
+ About the security content of OS X Mountain Lion v10.8.3 and Security Update 2013-001
http://support.apple.com/kb/HT5672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
+ CESA-2013:0640 Important CentOS 5 tomcat5 Update
http://lwn.net/Alerts/542676/
+ UPDATE: HPSBUX02073 SSRT051012 rev.3 - HP-UX envd, Local Execution of Privileged Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c00547561-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ jetty-hightide 8.1.10, 7.6.10 released
http://dist.codehaus.org/jetty/jetty-hightide-8.1.10/
http://dist.codehaus.org/jetty/jetty-hightide-7.6.10/
+ Mac OS X Multiple Bugs Let Remote Users Execute Arbitrary Code and Local Users Modify the System Configuration
http://www.securitytracker.com/id/1028294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0976
+ Apple Safari Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
+ Google Chrome 21.0.1180.57 NULL Pointer
http://cxsecurity.com/issue/WLB-2013030113
+ Apple Mac OS X Security Update 2013-001 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/58494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0976
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45/R75.46
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
Check Point response to XSS and CSRF vulnerabilities in Mobile Access Blade portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts
「被害者の多くは未対策」、ネットバンクを狙うサイバー犯罪の現状
警察庁の担当者が解説、「3カ月で被害額は3000万円超」
http://itpro.nikkeibp.co.jp/article/NEWS/20130315/463601/?ST=security
これだけはマスター!情報戦略キーワード
ウイルス作成罪とは
http://itpro.nikkeibp.co.jp/article/Keyword/20130313/463084/?ST=security
世界のセキュリティ・ラボから
検出をすり抜けるバックドア型RAT
http://itpro.nikkeibp.co.jp/article/COLUMN/20130310/462081/?ST=security
JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/index.html
2013年3月14日木曜日
14日 木曜日、仏滅
+ CESA-2013:0630 Important CentOS 6 kernel Update
http://lwn.net/Alerts/542697/
+ Multiple vulnerabilities in libxslt
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libxslt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
+ Multiple vulnerabilities in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
+ Multiple vulnerabilities in libpng
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048
+ CVE-2010-1634 Integer Overflow vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2010_1634_integer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
+ CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
+ CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256
+ CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2624_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2624
+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
+ CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410
+ PSN-2013-03-876 2013-03: Security, Access, and Acceleration Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-876&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ PSN-2013-03-875 013-03: Security Bulletin: IPv6 Connection allowed when it should have been rejected by a network object and/or SRX zone.
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-875&viewMode=view
+ PSN-2013-03-874 2013-03: Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Multiple cross site scripting issues
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view
+ PSN-2013-03-873 2013-03: Security Bulletin: Junos Pulse: Android client privilege escalation
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-873&viewMode=view
+ PSN-2013-03-872 2013-03: Security Bulletin: NetScreen Firewall: OpenSSL vulnerability in ScreenOS (CVE-2012-2110)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-872&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ LOCAL: Ubuntu 12.10 64-Bit sock_diag_handlers Local Root Exploit
http://www.exploit-db.com/exploits/24746
+ DoS/PoC: Linux Kernel 'SCTP_GET_ASSOC_STATS()' - Stack-Based Buffer Overflow
http://www.exploit-db.com/exploits/24747
+ Linux Kernel chroot CLONE_NEWUSER|CLONE_FS root exploit
http://cxsecurity.com/issue/WLB-2013030105
+ Linux Kernel SCTP_GET_ASSOC_STATS() Stack-Based Buffer Overflow PoC
http://cxsecurity.com/issue/WLB-2013030100
+ Linux Kernel 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58478
サーバメンテナンスのお知らせ(2013年3月20日)
http://www.trendmicro.co.jp/support/news.asp?id=1925
Adobe Flash Player の脆弱性対策について
(APSB13-09)(CVE-2013-0646等)
http://www.ipa.go.jp/security/ciadr/vul/20130313-adobeflashplayer.html
WindowsやIEに危険な脆弱性、マイクロソフトはパッチを公開
新UIのIE10をFlashに標準対応させるパッチも提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130313/463161/?ST=security
アドビのFlash Playerに致命的なセキュリティ問題、全てのOSに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20130313/463001/?ST=security
JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/
REMOTE: Honeywell HSC Remote Deployer ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/24745
DoS/PoC: TagScanner v5.1 - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24741
DoS/PoC: Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/24743
2013年3月13日水曜日
13日 水曜日、先負
+ Microsoft Security Bulletin Summary for March 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
+ MS13-021 - Critical Cumulative Security Update for Internet Explorer (2809289)
http://technet.microsoft.com/en-us/security/bulletin/ms13-021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1288
+ MS13-022 - Critical Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
http://technet.microsoft.com/en-us/security/bulletin/ms13-022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0074
+ MS13-023 - Critical Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
http://technet.microsoft.com/en-us/security/bulletin/ms13-023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0079
+ MS13-024 - Critical Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
http://technet.microsoft.com/en-us/security/bulletin/ms13-024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0085
+ MS13-025 - Important Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
http://technet.microsoft.com/en-us/security/bulletin/ms13-025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0086
+ MS13-026 - Important Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
http://technet.microsoft.com/en-us/security/bulletin/ms13-026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE- 2013-0095
+ MS13-027 - Important Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
http://technet.microsoft.com/en-us/security/bulletin/ms13-027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1287
+ RHSA-2013:0630 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0630.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
+ APSB13-09 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1375
+ CentOS 6.4 released
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.4
+ CESA-2013:0623 Important CentOS 6 tomcat6 Update
http://lwn.net/Alerts/542536/
+ CESA-2013:0628 Moderate CentOS 6 389-ds-base Update
http://lwn.net/Alerts/542537/
+ CESA-2013:0627 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/542538/
+ CESA-2013:0627 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/542539/
+ CESA-2013:0621 Important CentOS 5 kernel Update
http://lwn.net/Alerts/542540/
+ Squid 3.3.3, 3.2.9 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html
+ HPSBUX02073 SSRT051012 rev.3 - HP-UX envd, Local Execution of Privileged Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c00547561-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ RHSA-2013:0640 Important: tomcat5 security update
http://rhn.redhat.com/errata/RHSA-2013-0640.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
+ Zimbra Collaboration Suite Open Source Edition 8.0.3, 7.2.3 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.3.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.3.pdf
+ Perl 5.16.3 released
http://www.perl.org/get.html
+ Squid Bug in strHdrAcptLangGetItem() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1839
+ Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1375
+ Linux kernel sa_restorer information leak
http://cxsecurity.com/issue/WLB-2013030094
プレス発表
「2013年版 10大脅威 身近に忍び寄る脅威」を公開
~増大するサイバー攻撃の脅威。自組織への影響を認識し、対策を講じることが重要~
http://www.ipa.go.jp/about/press/20130312_2.html
プレス発表
「2012年度 デジタル複合機のセキュリティに関する調査」報告書の公開
~IT化が進むデジタル複合機のセキュリティ上の脅威・脆弱(ぜいじゃく)性に対策を~
http://www.ipa.go.jp/about/press/20130312.html
チェックしておきたい脆弱性情報<2013.03.13>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130310/462083/?ST=security
珍しくない「個人情報漏洩」「アカウント乗っ取り」被害、「遠隔操作」はまれ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462393/?ST=security
Windows 8/RT上のInternet ExplorerでFlash利用制限を解除
http://itpro.nikkeibp.co.jp/article/NEWS/20130312/462569/?ST=security
チェックしておきたい脆弱性情報<2013.03.12>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130310/462082/?ST=security
JVNVU#98055254 HP LaserJet Pro シリーズにアクセス制限不備の脆弱性
http://jvn.jp/cert/JVNVU98055254/
2013年3月12日火曜日
12日 火曜日、友引
+ RHSA-2013:0623 Important: tomcat6 security update
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
+ RHSA-2013:0628 Moderate: 389-ds-base security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0628.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0312
+ RHSA-2013:0627 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0627.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
+ RHSA-2013:0621 Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2013-0621.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
+ Apache Ant 1.9.0 Released
http://ant.apache.org/
+ IBM WebSphere DataPower SOA Appliance TLS/DTLS CBC Mode Oracle Padding Lets Remote Users Recover Plaintext
http://www.securitytracker.com/id/1028267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ SA52560 IBM WebSphere DataPower SOA Appliances CBC Ciphersuite Plaintext Recovery Weakness
http://secunia.com/advisories/52560/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ SA52543 IBM Sterling Connect:Enterprise OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/52543/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
+ SA52564 Oracle Solaris X.Org xrdb Hostname Command Injection Security Issue
http://secunia.com/advisories/52564/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
+ Squid 'strHdrAcptLangGetItem()' Function Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58316
+ Linux Kernel 'SCTP_GET_ASSOC_STATS()' Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/58389
+ Linux Kernel CVE-2013-1825 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1825
+ Linux Kernel 'i915 DRM' Driver Integer Overflow Vulnerability
http://www.securityfocus.com/bid/58427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
+ Linux Kernel CVE-2013-0914 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0914
+ CESA-2013:0503 Moderate CentOS 6 389-ds-base Update
http://lwn.net/Alerts/542364/
+ CESA-2013:0526 Low CentOS 6 automake Update
http://lwn.net/Alerts/542366/
+ CESA-2013:0523 Low CentOS 6 ccid Update
http://lwn.net/Alerts/542369/
+ CESA-2013:0504 Low CentOS 6 dhcp Update
http://lwn.net/Alerts/542370/
+ CESA-2013:0277 Moderate CentOS 6 dnsmasq Update
http://lwn.net/Alerts/542371/
+ CESA-2013:0520 Low CentOS 6 dovecot Update
http://lwn.net/Alerts/542372/
+ CESA-2013:0516 Low CentOS 6 evolution Update
http://lwn.net/Alerts/542373/
+ CESA-2013:0515 Moderate CentOS 6 evolution-mapi Update
http://lwn.net/Alerts/542374/
+ CESA-2013:0522 Moderate CentOS 6 gdb Update
http://lwn.net/Alerts/542375/
+ CESA-2013:0500 Low CentOS 6 hplip Update
http://lwn.net/Alerts/542376/
+ CESA-2013:0512 Low CentOS 6 httpd Update
http://lwn.net/Alerts/542377/
+ CESA-2013:0509 Low CentOS 6 ibacm Update
http://lwn.net/Alerts/542378/
+ CESA-2013:0509 Low CentOS 6 ibsim Update
http://lwn.net/Alerts/542379/
+ CESA-2013:0509 Low CentOS 6 ibutils Update
http://lwn.net/Alerts/542380/
+ CESA-2013:0509 Low CentOS 6 infiniband-diags Update
http://lwn.net/Alerts/542381/
+ CESA-2013:0528 Low CentOS 6 ipa Update
http://lwn.net/Alerts/542382/
+ CESA-2013:0496 Important CentOS 6 kernel Update
http://lwn.net/Alerts/542383/
+ CESA-2013:0509 Low CentOS 6 libibmad Update
http://lwn.net/Alerts/542384/
+ CESA-2013:0509 Low CentOS 6 libibumad Update
http://lwn.net/Alerts/542385/
+ CESA-2013:0509 Low CentOS 6 libibverbs Update
http://lwn.net/Alerts/542386/
+ CESA-2013:0509 Low CentOS 6 libmlx4 Update
http://lwn.net/Alerts/542387/
+ CESA-2013:0509 Low CentOS 6 librdmacm Update
http://lwn.net/Alerts/542388/
+ CESA-2013:0276 Moderate CentOS 6 libvirt Update
http://lwn.net/Alerts/542389/
+ CESA-2013:0515 Moderate CentOS 6 openchange Update
http://lwn.net/Alerts/542390/
+ CESA-2013:0509 Low CentOS 6 opensm Update
http://lwn.net/Alerts/542391/
+ CESA-2013:0519 Moderate CentOS 6 openssh Update
http://lwn.net/Alerts/542392/
+ CESA-2013:0521 Moderate CentOS 6 pam Update
http://lwn.net/Alerts/542393/
+ CESA-2013:0525 Moderate CentOS 6 pcsc-lite Update
http://lwn.net/Alerts/542394/
+ CESA-2013:0514 Moderate CentOS 6 php Update
http://lwn.net/Alerts/542395/
+ CESA-2013:0511 Moderate CentOS 6 pki-core Update
http://lwn.net/Alerts/542396/
+ CESA-2013:0509 Low CentOS 6 rdma Update
http://lwn.net/Alerts/542397/
+ CESA-2013:0506 Moderate CentOS 6 samba4 Update
http://lwn.net/Alerts/542398/
+ CESA-2013:0505 Moderate CentOS 6 squid Update
http://lwn.net/Alerts/542399/
+ CESA-2013:0508 Low CentOS 6 sssd Update
http://lwn.net/Alerts/542400/
+ CESA-2013:0517 Low CentOS 6 util-linux-ng Update
http://lwn.net/Alerts/542401/
+ CESA-2013:0499 Low CentOS 6 xinetd Update
http://lwn.net/Alerts/542403/
+ CESA-2013:0502 Low CentOS 6 xorg-x11-apps Update
http://lwn.net/Alerts/542404/
+ CESA-2013:0502 Low CentOS 6 xorg-x11-server-utils Update
http://lwn.net/Alerts/542406/
+ CESA-2013:0502 Low CentOS 6 xorg-x11-utils Update
http://lwn.net/Alerts/542408/
+ CESA-2013:0550 Moderate CentOS 6 bind Update
http://lwn.net/Alerts/542409/
+ CESA-2013:0580 Moderate CentOS 6 cups Update
http://lwn.net/Alerts/542411/
+ CESA-2013:0568 Important CentOS 6 dbus-glib Update
http://lwn.net/Alerts/542412/
+ CESA-2013:0589 Moderate CentOS 6 git Update
http://lwn.net/Alerts/542413/
+ CESA-2013:0588 Moderate CentOS 6 gnutls Update
http://lwn.net/Alerts/542414/
+ CESA-2013:0605 Critical CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/542415/
+ CESA-2013:0602 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/542416/
+ CESA-2013:0567 Important CentOS 6 kernel Update
http://lwn.net/Alerts/542417/
+ CESA-2013:0581 Moderate CentOS 6 libxml2 Update
http://lwn.net/Alerts/542418/
+ CESA-2013:0590 Important CentOS 6 nss-pam-ldapd Update
http://lwn.net/Alerts/542419/
+ CESA-2013:0587 Moderate CentOS 6 openssl Update
http://lwn.net/Alerts/542420/
+ CESA-2013:0609 Important CentOS 6 qemu-kvm Update
http://lwn.net/Alerts/542421/
+ CESA-2013:0612 Moderate CentOS 6 ruby Update
http://lwn.net/Alerts/542422/
+ CESA-2013:0614 Critical CentOS 6 xulrunner Update
http://lwn.net/Alerts/542423/
+ CESA-2013:0611 Moderate CentOS 5 ruby Update
http://lwn.net/Alerts/542350/
+ CESA-2013:0608 Important CentOS 5 kvm Update
http://lwn.net/Alerts/542351/
+ CESA-2013:0614 Critical CentOS 5 xulrunner Update
http://lwn.net/Alerts/542354/
InterScan Web Security Virtual Appliance 5.6 Patch 1 (build 1124) リパック版公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1922
携帯機器に感染するウイルス、96%はAndroidを狙う
エフセキュアが報告、「有料SMSを悪用して金銭を奪う」
http://itpro.nikkeibp.co.jp/article/NEWS/20130311/462103/?ST=security
チェックしておきたい脆弱性情報<2013.03.11>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130307/461501/?ST=security
最新サイバー攻撃に備える
遠隔操作ウイルスが企業を狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453544/?ST=security
JVNVU#92716319 GroundWork Monitor Enterprise に複数の脆弱性
http://jvn.jp/cert/JVNVU92716319/
VU#782451 HP LaserJet Professional printer telnet debug shell vulnerability
http://www.kb.cert.org/vuls/id/782451
2013年3月11日月曜日
11日 月曜日、赤口
+ RHSA-2013:0614 Critical: xulrunner security update
http://rhn.redhat.com/errata/RHSA-2013-0614.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787
+ CESA-2013:0608 Important CentOS 5 kvm Update
http://lwn.net/Alerts/542066/
+ CESA-2013:0611 Moderate CentOS 5 ruby Update
http://lwn.net/Alerts/542065/
+ VMware Player 5.0.2 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/5_0|
+ Google Chrome 25.0.1364.160 released
http://googlechromereleases.blogspot.jp/2013/03/stable-channel-update_7.html
+ CVE-2011-0465 Improper Input Validation vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0465_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
+ Sysstat 10.1.4 released (development version)
http://sebastien.godard.pagesperso-orange.fr/
+ Google Chrome WebKit Type Confusion Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912
+ McAfee Vulnerability Manager 7.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013030073
+ Linux Kernel sctp SCTP_GET_ASSOC_STATS stack overflow
http://cxsecurity.com/issue/WLB-2013030065
+ Linux kernel KEYS race with concurrent install_user_keyrings()
http://cxsecurity.com/issue/WLB-2013030064
定期サーバメンテナンスのお知らせ(2013年3月15日)
http://www.trendmicro.co.jp/support/news.asp?id=1923
InterScan for Lotus Domino 5.0 Windows版 Patch 2 (build 3169) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1924
携帯機器に感染するウイルス、96%はAndroidを狙う
エフセキュアが報告、「有料SMSを悪用して金銭を奪う」
http://itpro.nikkeibp.co.jp/article/NEWS/20130311/462103/?ST=security
チェックしておきたい脆弱性情報<2013.03.11>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130307/461501/?ST=security
最新サイバー攻撃に備える
遠隔操作ウイルスが企業を狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453544/?ST=security
社内外のデータから不正の予兆を発見、トーマツが新サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20130308/462008/?ST=security
FTC、テキストメッセージのスパム業者ら29人を提訴
http://itpro.nikkeibp.co.jp/article/NEWS/20130308/461842/?ST=security
VU#345260 GroundWork Monitor Enterprise contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/345260
2013年3月8日金曜日
8日 金曜日、先負
+ RHSA-2013:0609 Important: qemu-kvm security update
http://rhn.redhat.com/errata/RHSA-2013-0609.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
+ RHSA-2013:0612 Moderate: ruby security update
http://rhn.redhat.com/errata/RHSA-2013-0612.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
+ MFSA 2013-29 Use-after-free in HTML Editor
http://www.mozilla.org/security/announce/2013/mfsa2013-29.html
+ Mozilla Firefox 19.0.2 released
http://www.mozilla.org/en-US/firefox/all/
+ Mozilla Thunderbird 17.0.4 released
http://www.mozilla.org/en-US/thunderbird/
+ CESA-2013:0594 Low CentOS 5 kernel Update
http://lwn.net/Alerts/541838/
+ CESA-2013:0599 Important CentOS 5 xen Update
http://lwn.net/Alerts/541839/
+ CESA-2013:0604 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/541840/
+ CESA-2013:0603 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/541841/
+ Wireshark 1.8.6 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
+ HPSBGN02854 SSRT100881 rev.1 - HP Intelligent Management Center (iMC)
iMC TACACS+ Authentication Manager (TAM)
and iMC User Access Manager (UAM)
Cross Site Scripting (XSS)
Remote Code Execution
Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03689276-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5213
+ RHSA-2013:0611 Moderate: ruby security update
http://rhn.redhat.com/errata/RHSA-2013-0611.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1821
+ Wireshark Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1028254
http://secunia.com/advisories/52471/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2488
+ Linux kernel KEYS race with concurrent install_user_keyrings()
http://cxsecurity.com/issue/WLB-2013030064
+ SA52441 Linux Kernel "install_user_keyrings()" Race Condition Vulnerability
http://secunia.com/advisories/52441/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
+ Linux Kernel CVE-2013-1827 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/58383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827
+ Linux Kernel CVE-2013-1826 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1826
+ Microsoft March 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/58380
プレス発表
複数のCisco製スイッチの脆弱性対策について
http://www.ipa.go.jp/about/press/20130307.html
スマホからのWebサイト利用をそのまま記録・再生するシステム、東陽テクニカが販売開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130307/461670/?ST=security
Cloud Days 2013
[CD 2013]大阪・梅田で2大トレンドの専門展が開幕、「ビッグデータEXPO」は大阪初開催
http://itpro.nikkeibp.co.jp/article/COLUMN/20130306/461341/?ST=security
世界のセキュリティ・ラボから
BYODよりCYOD、安全性と利便性を両立
http://itpro.nikkeibp.co.jp/article/COLUMN/20130303/460323/?ST=security
「学認シンポジウム」開催、日本のユーザー数は70万
http://itpro.nikkeibp.co.jp/article/NEWS/20130307/461443/?ST=security
JVN#05132866 複数の Cisco 製品におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN05132866/
JVN#16817324 複数のジャストシステム製品において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN16817324/
JVNTA13-064A Oracle Java に複数の脆弱性
http://jvn.jp/cert/JVNTA13-064A/
2013年3月7日木曜日
7日 木曜日、友引
+ RHSA-2013:0602 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0602.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ RHSA-2013:0605 Critical: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0605.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03680085-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5214
+ RHSA-2013:0599 Important: xen security update
http://rhn.redhat.com/errata/RHSA-2013-0599.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075
+ ProFTPD 1.3.4c, 1.3.5rc2 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4c
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5rc2
+ HP ServiceCenter Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5214
+ HP Intelligent Management Center Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028246
+ Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND
http://cxsecurity.com/issue/WLB-2013030051
+ Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption
http://cxsecurity.com/issue/WLB-2013030047
+ Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
http://cxsecurity.com/issue/WLB-2013030046
+ SA52377 PHP SOAP XML External Entities Information Disclosure Vulnerability
http://secunia.com/advisories/52377/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
+ SA52457 HP Intelligent Management Center topoContent.jsf Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52457/
+ Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/58326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0248
Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx
プレス発表
制御システムセキュリティの認証スキーム確立に向けたパイロットプロジェクトに着手
~ 「制御システムの情報セキュリティに関する活動/調査」報告書の公開 ~
http://www.ipa.go.jp/about/press/20130306.html
サイバー攻撃者とセキュリティベンダーの戦い
[4]「スレットインテリジェンス」の活用
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459255/?ST=security
お役立ち!Androidツール&ライブラリ
AndroidAnnotations - コード量を劇的に削減、初学者にも優しい多機能ライブラリ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459808/?ST=security
厚労省がFP検定実施団体に是正勧告、Webサーバー操作ミスから理事長引責辞任
http://itpro.nikkeibp.co.jp/article/NEWS/20130306/461190/?ST=security
Google、FBIによる情報開示要請を「Transparency Report」に追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130306/461102/?ST=security
JVNTA13-064A Oracle Java に複数の脆弱性
http://jvn.jp/cert/JVNTA13-064A/
2013年3月6日水曜日
6日 水曜日、先勝
+ About the security content of Java for OS X 2013-002 and Mac OS X v10.6 Update 14
http://support.apple.com/kb/HT5677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ nginx-1.3.14 development version released
http://nginx.org/en/download.html
+ CESA-2013:0588 Moderate CentOS 5 gnutls Update
http://lwn.net/Alerts/541318/
+ CESA-2013:0587 Moderate CentOS 5 openssl Update
http://lwn.net/Alerts/541319/
+ RHSA-2013:0594 Low: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0594.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3400
+ libnetfilter_conntrack 1.0.3 released
http://www.hu.netfilter.org/projects/libnetfilter_conntrack/downloads.html#libnetfilter_conntrack-1.0.3
+ Kaspersky Internet Security IPv6 Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028244
+ Linux kernel xfs _xfs_buf_find NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013030037
+ PHP Arbitrary File Disclosure and Arbitrary File Write Vulnerabilities
http://www.securityfocus.com/bid/58224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
+ Samsung Galaxy S3 Full Lock Screen Security Bypass Vulnerability
http://www.securityfocus.com/bid/58312
+ Perl CVE-2013-1667 Input Rehashing Denial of Service Vulnerability
http://www.securityfocus.com/bid/58311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
+ Linux Kernel '_xfs_buf_find()' Function NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/58301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1819
Deep Discovery 3.1 Patch 1 (build 1024) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1907
Oracle Java の脆弱性対策について(CVE-2013-1493)
http://www.ipa.go.jp/security/ciadr/vul/20130305-jre.html
サイバー攻撃者とセキュリティベンダーの戦い
[3]手法の類似性からサイバー攻撃者を追跡
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459254/?ST=security
お役立ち!Androidツール&ライブラリ
Android Query - 避けては通れないView周りのコードがすっきり書ける
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459806/?ST=security
Googleが一部大手サイトをブロック、「コンピュータに損害が生じる可能性」?
http://itpro.nikkeibp.co.jp/article/NEWS/20130305/460955/?ST=security
ウイルス対策ソフトの更新通知を偽装、日本人を狙ったウイルスメール
http://itpro.nikkeibp.co.jp/article/NEWS/20130305/460882/?ST=security
またもやJavaに危険な脆弱性、悪用したゼロデイ攻撃が出現
前回のアップデートからわずか2週間、すぐに最新版のインストールを
http://itpro.nikkeibp.co.jp/article/NEWS/20130305/460875/?ST=security
ミクシィのフォトブック作成サービスで2件の誤配送トラブル、ラベルを取り違え
http://itpro.nikkeibp.co.jp/article/NEWS/20130305/460828/?ST=security
JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/
IPv6 Focus Month: Device Defaults
https://isc.sans.edu/diary.html?storyid=15340
VU#688246 Java contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/688246
LOCAL: Setuid Tunnelblick Privilege Escalation
http://www.exploit-db.com/exploits/24578
LOCAL: Viscosity setuid-set ViscosityHelper Privilege Escalation
http://www.exploit-db.com/exploits/24579
Dos/PoC: Kaspersky Internet Security 2013 - Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/24580
2013年3月5日火曜日
5日 火曜日、赤口
+ RHSA-2013:0590 Important: nss-pam-ldapd security update
http://rhn.redhat.com/errata/RHSA-2013-0590.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0288
+ RHSA-2013:0588 Moderate: gnutls security update
http://rhn.redhat.com/errata/RHSA-2013-0588.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
+ RHSA-2013:0587 Moderate: openssl security update
http://rhn.redhat.com/errata/RHSA-2013-0587.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+ RHSA-2013:0589 Moderate: git security update
http://rhn.redhat.com/errata/RHSA-2013-0589.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308
+ J2SE JDK/JRE 1.7.0_17, 1.6.0_43, 1.5.0_41 released
http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html
http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html
+ Oracle Security Alert for CVE-2013-1493
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
+ iptables 1.4.18 released
http://www.hu.netfilter.org/projects/iptables/downloads.html#iptables-1.4.18
+ Oracle Java Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
+ SA52053 Kaspersky Internet Security Kaspersky Anti-Virus NDIS 6 Filter Denial of Service Vulnerability
http://secunia.com/advisories/52053/
+ Kaspersky Internet Security 2013 Remote system freeze
http://cxsecurity.com/issue/WLB-2013030023
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45/R75.46
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
Check Point response to XSS and CSRF vulnerabilities in Mobile Access Blade portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts
ユーザ管理サーバメンテナンスのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1921
ulogd 2.0.2 released
http://www.hu.netfilter.org/projects/ulogd/downloads.html
nfacct 1.0.1 released
http://www.hu.netfilter.org/projects/nfacct/downloads.html
conntrack-tools 1.4.1 released
http://www.hu.netfilter.org/projects/conntrack-tools/downloads.html
libnetfilter_acct 1.0.2 released
http://www.hu.netfilter.org/projects/libnetfilter_acct/downloads.html
日経コンピュータReport
「サイバー攻撃は中国軍から」
米セキュリティ企業が拠点や手口を特定
http://itpro.nikkeibp.co.jp/article/COLUMN/20130301/460204/?ST=security
サイバー攻撃者とセキュリティベンダーの戦い
[2]日本に向かうサイバー攻撃の照準
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459253/?ST=security
お役立ち!Androidツール&ライブラリ
Robolectric - Androidのクラスを端末やエミュレータなしで単体テスト
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459804/?ST=security
ソフトバンクが見守り用途の新端末、家族や大切な物の居場所を検索
http://itpro.nikkeibp.co.jp/article/NEWS/20130304/460702/?ST=security
ピコテクノロジーズ、エージェント型のクライアントPCセキュリティをアプライアンス化
http://itpro.nikkeibp.co.jp/article/NEWS/20130304/460665/?ST=security
IPv6 Focus Month: Addresses
https://isc.sans.edu/diary.html?storyid=15322
Uptick in MSSQL Activity
https://isc.sans.edu/diary.html?storyid=15319
2013年3月4日月曜日
4日 月曜日、大安
+ CESA-2013:0581 Moderate CentOS 5 libxml2 Update
http://lwn.net/Alerts/540704/
+ CESA-2013:0580 Moderate CentOS 5 cups Update
http://lwn.net/Alerts/540703/
+ CESA-2013:0568 Important CentOS 5 dbus-glib Update
http://lwn.net/Alerts/540702/
+ SA52451 Oracle Java Unspecified Code Execution Vulnerability
http://secunia.com/advisories/52451/
CVE-2013-1493
+ SA52343 Linux Kernel "chase_port()" USB Unplugging Denial of Service Vulnerability
http://secunia.com/advisories/52343/
CVE-2013-1774
Check Point response to XSS and CSRF vulnerabilities in Mobile Access Blade portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk91000&src=securityAlerts
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45/R75.46
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
2013年3月の呼びかけ
「 公式マーケット上の不正なアプリに注意! 」
~ 不正なアプリをインストールしないために ~
http://www.ipa.go.jp/security/txt/2013/03outline.html
「メールをやり取りして信用させる」――巧妙化する標的型攻撃
「1年で1000件以上の攻撃メール」、警察庁が2012年のサイバー攻撃を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20130304/460342/?ST=security
最新サイバー攻撃に備える
中国からの攻撃の傾向に変化
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453545/?ST=security
サイバー攻撃者とセキュリティベンダーの戦い
[1]よりしつこく巧妙になる標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459251/?ST=security
お役立ち!Androidツール&ライブラリ
AIDE(the Android Java IDE) - Android上でAndroidアプリを開発
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459803/?ST=security
エバーノートが不正アクセスを受け、全ユーザーのパスワードをリセット
http://itpro.nikkeibp.co.jp/article/NEWS/20130303/460281/?ST=security
JVN#55924624 Kingsoft Writer におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN55924624/
REMOTE: Sami FTP Server 2.0.1 LIST Command Buffer Overflow
http://www.exploit-db.com/exploits/24557
DoS/PoC: Hanso Player 2.1.0 (.m3u) - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24556
2013年3月1日金曜日
1日 金曜日、友引
+ RHSA-2013:0581 Moderate: libxml2 security update
http://rhn.redhat.com/errata/RHSA-2013-0581.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
+ RHSA-2013:0580 Moderate: cups security update
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
+ UPDATE: Cisco Unified Presence Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-cups
+ Linux kernel 3.8.1, 3.4.34, 3.0.67 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.1
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.34
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.67
Anti-Virus / Anti-Bot / Application Control / URL Filtering update might fail on R75.40/R75.40VS/R75.45
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk90700&src=securityAlerts
パスワードマネージャー PC版プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1919
[RSA2013]米国家安全保障局が出展するエニグマ実機に注目が集まる
http://itpro.nikkeibp.co.jp/article/NEWS/20130301/460002/?ST=security
「個人情報を盗む広告が増える」、Android不正アプリの現状
http://itpro.nikkeibp.co.jp/article/NEWS/20130301/459982/?ST=security
“誤認逮捕”を防ぐWebセキュリティ強化術
[5]暗号化の“皮”を重ねて匿名性を確保する「Tor」
http://itpro.nikkeibp.co.jp/article/COLUMN/20130218/456767/?ST=security
[CD 2013]「世界トップレベルのビッグデータ分析技術が強み」、NECの保坂執行役員が強調
http://itpro.nikkeibp.co.jp/article/NEWS/20130228/459715/?ST=security
NECがサイバーディフェンス研究所を買収、買収額は十数億円
http://itpro.nikkeibp.co.jp/article/NEWS/20130228/459585/?ST=security
RSA Conference 2013開幕、シマンテックがビッグデータ時代のIT防御策を提言
http://itpro.nikkeibp.co.jp/article/NEWS/20130228/459582/?ST=security
JVNTA13-051A Oracle Java に複数の脆弱性
http://jvn.jp/cert/JVNTA13-051A/index.html
JVN#36339873 dopvSTAR* におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN36339873/index.html
JVN#64756004 dopvCOMET* におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN64756004/index.html
Parsing Windows Eventlogs in Powershell
https://isc.sans.edu/diary.html?storyid=15298
PHP-Fusion Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52403/
Linux Kernel "pciback_enable_msi()" Log Message Flooding Denial of Service Vulnerability
http://secunia.com/advisories/52188/
登録:
投稿 (Atom)