7日 木曜日、友引

+ RHSA-2013:0602 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0602.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493

+ RHSA-2013:0605 Critical: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0605.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493

+ HPSBMU02849 SSRT101124 rev.1 - HP ServiceCenter, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03680085-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5214

+ RHSA-2013:0599 Important: xen security update
http://rhn.redhat.com/errata/RHSA-2013-0599.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6075

+ ProFTPD 1.3.4c, 1.3.5rc2 released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4c
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5rc2

+ HP ServiceCenter Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5214

+ HP Intelligent Management Center Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028246

+ Apache Subversion mod_dav_svn DoS via MKACTIVITY/PROPFIND
http://cxsecurity.com/issue/WLB-2013030051

+ Squid 3.2.5 httpMakeVaryMark() header value DoS, 2.7.Stable9 memory corruption
http://cxsecurity.com/issue/WLB-2013030047

+ Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc
http://cxsecurity.com/issue/WLB-2013030046

+ SA52377 PHP SOAP XML External Entities Information Disclosure Vulnerability
http://secunia.com/advisories/52377/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643

+ SA52457 HP Intelligent Management Center topoContent.jsf Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52457/

+ Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/58326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0248

Advisory: SafeGuard Configuration Protection - a tool to avoid potential issues after upgrading clients running Sophos Anti-Virus has now been released
http://www.sophos.com/en-us/support/knowledgebase/118461.aspx

プレス発表
制御システムセキュリティの認証スキーム確立に向けたパイロットプロジェクトに着手
～ 「制御システムの情報セキュリティに関する活動／調査」報告書の公開 ～
http://www.ipa.go.jp/about/press/20130306.html

サイバー攻撃者とセキュリティベンダーの戦い
［4］「スレットインテリジェンス」の活用
http://itpro.nikkeibp.co.jp/article/COLUMN/20130227/459255/?ST=security

お役立ち！Androidツール＆ライブラリ
AndroidAnnotations - コード量を劇的に削減、初学者にも優しい多機能ライブラリ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459808/?ST=security

厚労省がFP検定実施団体に是正勧告、Webサーバー操作ミスから理事長引責辞任
http://itpro.nikkeibp.co.jp/article/NEWS/20130306/461190/?ST=security

Google、FBIによる情報開示要請を「Transparency Report」に追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130306/461102/?ST=security

JVNTA13-064A Oracle Java に複数の脆弱性
http://jvn.jp/cert/JVNTA13-064A/