:: IT Security Neophyte Investigator's MEMO ::: 28日木曜日、赤口

2013年3月28日木曜日

28日木曜日、赤口

+ RHSA-2013:0687 Moderate: pixman security update
http://rhn.redhat.com/errata/RHSA-2013-0687.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1591

+ RHSA-2013:0685 Moderate: perl security update
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ Google Chrome 26.0.1410.43 released
http://googlechromereleases.blogspot.jp/2013/03/stable-channel-update_26.html

+ nginx-1.3.15 development version released
http://nginx.org/en/download.html

+ CESA-2013:0685 Moderate CentOS 6 perl Update
http://lwn.net/Alerts/544631/

+ CESA-2013:0685 Moderate CentOS 5 perl Update
http://lwn.net/Alerts/544633/

+ CESA-2013:0683 Moderate CentOS 5 axis Update
http://lwn.net/Alerts/544472/

+ BIND 9.9.2-P2, 9.8.4-P2 released
https://kb.isc.org/article/AA-00889
https://kb.isc.org/article/AA-00888

+ DHCP 4.2.5-P1 released
https://kb.isc.org/article/AA-00891

+ A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2
https://www.isc.org/software/dhcp/advisories/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494

+ A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
https://www.isc.org/software/bind/advisories/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

+ HPSBOV02852 SSRT101108 rev.1 - HP SSL for OpenVMS, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03701301-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ HPSBST02848 SSRT101112 rev.1 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03691745-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

+ HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0158

+ Microsoft Security Advisory (2819682) Security Updates for Microsoft Windows Store Applications
http://technet.microsoft.com/en-us/security/advisory/2819682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299

+ マイクロソフトセキュリティアドバイザリ (2819682) Microsoft Windows ストアアプリケーション用のセキュリティ更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2819682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299

+ ISC BIND 9 サービス運用妨害の脆弱性 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266) に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130017.html

+ BIND Regex Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028362
http://secunia.com/advisories/52782/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

+ Windows Modern Mail Lets Remote Users Spoof URLs in Email Messages
http://www.securitytracker.com/id/1028341
http://secunia.com/advisories/52779/
http://www.securityfocus.com/bid/58713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1299

+ SA52724 Juniper NetScreen ScreenOS OpenSSL DER Format Data Processing Vulnerability
http://secunia.com/advisories/52724/

+ SA52760 Linux Kernel "i915_gem_execbuffer_relocate_slow()" Integer Overflow Vulnerability
http://secunia.com/advisories/52760/

+ SA52761 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/52761/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0926

+ McAfee Virtual Technician ActiveX Control 'Save()' Insecure Method Vulnerability
http://www.securityfocus.com/bid/58750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5879

+ ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

+ IBM Lotus Domino 'x.nsf' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58715

Anti-Virus / Anti-Bot policy enforcement issue on VSX gateways
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92464&src=securityAlerts

SWF_EXLPOIT.TM の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1932

InterScan WebManager 8.0 Build0820 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1929

「脆弱性を利用した新たなる脅威に関する調査」報告書の公開
～複数の罠が仕込まれた標的型攻撃の事例紹介～
http://www.ipa.go.jp/security/vuln/report/newthreat201303.html

IPA テクニカルウォッチ
知らぬ間にプライバシー情報の非公開設定を公開設定に変更されてしまうなどの『クリックジャッキング』に関するレポート
～クリックジャッキング攻撃の対策が行われていたのは、56サイトの内3サイト～
http://www.ipa.go.jp/about/technicalwatch/20130326.html

世界のセキュリティ・ラボから
新たな攻撃ツール「Neutrino」
http://itpro.nikkeibp.co.jp/article/COLUMN/20130326/466262/?ST=security

マイナンバー関連ITの検討が本格化
政府CIOの役割・権限も明確に
http://itpro.nikkeibp.co.jp/article/COLUMN/20130315/463754/?ST=security

クラウド時代のデータ防衛術
［心配-3］クラウドのデータは本当に安全なのか？
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462467/?ST=security

標的型攻撃の現状と対策
第4回標的型攻撃メールの傾向
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464731/?ST=security

PC用Webブラウザー「Chrome 26」リリース、スペルチェック強化と脆弱性修正
http://itpro.nikkeibp.co.jp/article/NEWS/20130327/466370/?ST=security

クラウド時代のデータ防衛術
［心配-2］他人事ではない“炎上”、個人情報はなぜ暴かれる
http://itpro.nikkeibp.co.jp/article/COLUMN/20130311/462466/?ST=security

標的型攻撃の現状と対策
第3回標的型攻撃を想定したシステム設計
http://itpro.nikkeibp.co.jp/article/COLUMN/20130321/464730/?ST=security

CRYPTRECの電子政府推奨暗号、国産の「Camellia」や「KCipher-2」などリスト入り
http://itpro.nikkeibp.co.jp/article/NEWS/20130326/466241/?ST=security

REMOTE: ActFax 5.01 RAW Server Buffer Overflow
http://www.exploit-db.com/exploits/24890

REMOTE: HP Intelligent Management Center Arbitrary File Upload
http://www.exploit-db.com/exploits/24891

REMOTE: Rosewill RSVA11001 - Remote Command Injection
http://www.exploit-db.com/exploits/24892

:: IT Security Neophyte Investigator's MEMO ::

2013年3月28日木曜日

28日木曜日、赤口

0 件のコメント:

コメントを投稿

2013年3月28日木曜日

28日 木曜日、赤口

0 件のコメント:

コメントを投稿

28日木曜日、赤口