14日 木曜日、仏滅

+ CESA-2013:0630 Important CentOS 6 kernel Update
http://lwn.net/Alerts/542697/

+ Multiple vulnerabilities in libxslt
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libxslt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893

+ Multiple vulnerabilities in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887

+ Multiple vulnerabilities in libpng
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3048

+ CVE-2010-1634 Integer Overflow vulnerability in Python
https://blogs.oracle.com/sunsecurity/entry/cve_2010_1634_integer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634

+ CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439

+ CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256

+ CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2624_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2624

+ Multiple vulnerabilities in Thunderbird
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449

+ CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410

+ PSN-2013-03-876 2013-03: Security, Access, and Acceleration Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-876&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110

+ PSN-2013-03-875 013-03: Security Bulletin: IPv6 Connection allowed when it should have been rejected by a network object and/or SRX zone.
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-875&viewMode=view

+ PSN-2013-03-874 2013-03: Security Bulletin: Junos Pulse Secure Access Service (SSL VPN): Multiple cross site scripting issues
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

+ PSN-2013-03-873 2013-03: Security Bulletin: Junos Pulse: Android client privilege escalation
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-873&viewMode=view

+ PSN-2013-03-872 2013-03: Security Bulletin: NetScreen Firewall: OpenSSL vulnerability in ScreenOS (CVE-2012-2110)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-872&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ LOCAL: Ubuntu 12.10 64-Bit sock_diag_handlers Local Root Exploit
http://www.exploit-db.com/exploits/24746

+ DoS/PoC: Linux Kernel 'SCTP_GET_ASSOC_STATS()' - Stack-Based Buffer Overflow
http://www.exploit-db.com/exploits/24747

+ Linux Kernel chroot CLONE_NEWUSER|CLONE_FS root exploit
http://cxsecurity.com/issue/WLB-2013030105

+ Linux Kernel SCTP_GET_ASSOC_STATS() Stack-Based Buffer Overflow PoC
http://cxsecurity.com/issue/WLB-2013030100

+ Linux Kernel 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/58478

サーバメンテナンスのお知らせ（2013年3月20日）
http://www.trendmicro.co.jp/support/news.asp?id=1925

Adobe Flash Player の脆弱性対策について
(APSB13-09)(CVE-2013-0646等)
http://www.ipa.go.jp/security/ciadr/vul/20130313-adobeflashplayer.html

WindowsやIEに危険な脆弱性、マイクロソフトはパッチを公開
新UIのIE10をFlashに標準対応させるパッチも提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130313/463161/?ST=security

アドビのFlash Playerに致命的なセキュリティ問題、全てのOSに影響
http://itpro.nikkeibp.co.jp/article/NEWS/20130313/463001/?ST=security

JVNTA13-071A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-071A/

REMOTE: Honeywell HSC Remote Deployer ActiveX Remote Code Execution
http://www.exploit-db.com/exploits/24745

DoS/PoC: TagScanner v5.1 - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24741

DoS/PoC: Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/24743