22日 金曜日、赤口

+ RHSA-2013:0669 Moderate: qt security update
http://rhn.redhat.com/errata/RHSA-2013-0669.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0254

+ RHSA-2013:0668 Moderate: boost security update
http://rhn.redhat.com/errata/RHSA-2013-0668.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2677

+ HPSBUX02856 SSRT101104 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Unauthorized Disclosure
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03710522-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues.
http://www.vmware.com/security/advisories/VMSA-2013-0003.html

+ SYM13-003 Security Advisories Relating to Symantec Products - Symantec Enterprise Vault Local Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130321_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1609

+ Symantec Enterprise Vault for File System Archiving Unquoted Search Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028330
http://www.securityfocus.com/bid/58617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1609

+ Symantec NetBackup Appliance Management Console Lets Remote Authenticated Users Download Files
http://www.securitytracker.com/id/1028329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608

+ Apple iPhone Bug Lets Local Users Bypass the Lock Screen to Access the Phone Application
http://www.securitytracker.com/id/1028326

+ VU#370868 CoreFTP contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/370868

+ SA52669 MySQL yaSSL TLS CBC Ciphersuite Plaintext Recovery Weakness
http://secunia.com/advisories/52669/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1623

+ SA52735 Symantec NetBackup Appliance Management Console Directory Traversal Vulnerability
http://secunia.com/advisories/52735/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1608

+ Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow
http://cxsecurity.com/issue/WLB-2013030180

+ Linux Kernel ext3 format string issues
http://cxsecurity.com/issue/WLB-2013030174

+ Linux Kernel kvm Multiple Vulns
http://cxsecurity.com/issue/WLB-2013030175

世界のセキュリティ・ラボから
Asproxスパムボットが復活、より効率的に活動
http://itpro.nikkeibp.co.jp/article/COLUMN/20130319/464322/?ST=security

スマホで安全に企業ネット接続
［仮想デスクトップ］自席のパソコン環境をクラウドへ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130308/462016/?ST=security

マルウエアまん延の原因はパッチ更新管理サーバーのハッキング、韓国政府機関が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464942/?ST=security

韓国襲ったサイバー攻撃、Linuxも攻撃してデータ消去---シマンテックの追加調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464842/?ST=security

最新版iOS 6.1.3のパスコードロック迂回策、早くもネットで出回る
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464669/?ST=security

AppleがiPhone/iPad用OSの最新版「iOS 6.1.3」提供開始、セキュリティや地図を改良
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464667/?ST=security

韓国の大規模サイバー攻撃は非正規Windowsサーバーのパッチ配布が原因
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464661/?ST=security

［続報］韓国への大規模サイバー攻撃、攻撃内容はハードディスクの破壊
http://itpro.nikkeibp.co.jp/article/NEWS/20130321/464626/?ST=security

JVNVU#99357833 askiaweb に複数の脆弱性
http://jvn.jp/cert/JVNVU99357833/index.html

JVNVU#98342319 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU98342319/index.html