2013年4月30日火曜日

30日 火曜日、大安


+ RHSA-2013:0772 Important: mysql security update
http://rhn.redhat.com/errata/RHSA-2013-0772.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2392

+ RHSA-2013:0771 Moderate: curl security update
http://rhn.redhat.com/errata/RHSA-2013-0771.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944

+ RHSA-2013:0770 Important: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0770.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431

+ RHSA-2013:0744 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0744.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1827

+ CESA-2013:0772 Important CentOS 6 mysql Update
http://lwn.net/Alerts/548646/

+ CESA-2013:0744 Important CentOS 6 kernel Update
http://lwn.net/Alerts/548303/

+ CESA-2013:0771 Moderate CentOS 5 curl Update
http://lwn.net/Alerts/548453/

+ CESA-2013:0771 Moderate CentOS 6 curl Update
http://lwn.net/Alerts/548454/

+ CESA-2013:0770 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/548455/

+ CESA-2013:0770 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/548456/

+ CESA-2013:0769 Low CentOS 5 glibc Update
http://lwn.net/Alerts/548457/

+ PMASA-2013-5 Global variables overwrite in "export.php"
http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php

+ Squid Proxy 3.3.4, 3.2.10 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html

+ UPDATE: Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-nxosmulti

+ Cisco Device Manager Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1192

+ Multiple Vulnerabilities in Cisco Unified Computing System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1186

+ HPSBHF02865 SSRT101158 rev.1 - HP ElitePad 900, Secure Boot Configuration Inconsistency
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03727435-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5218

+ HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748875-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2321

+ HPSBMU02873 SSRT101182 rev.1 - HP Service Manager, Apache Tomcat Security Update
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748878-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534

+ HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE) Security Update
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03748879-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1489

+ UPDATE: HPSBMU02830 SSRT100889 rev.2 - HP Data Protector, Local Increase of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03570121-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03737200-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5219

+ HPSBPI02869 SSRT100936 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03744742-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5221

+ セキュリティ情報:IBM Notes 8.5.x の脆弱性の問題 (CVE-2011-3026, CVE-2012-6349, CVE-2012-6277)
http://www-01.ibm.com/support/docview.wss?uid=swg21632104

+ セキュリティ情報:IBM Domino および IBM Domino Designer 8.5.x の脆弱性の問題 (CVE-2013-0487, CVE-2012-2161, CVE-2012-2159, CVE-2013-0486, CVE-2012-6277, CVE-2013-0488, CVE-2013-0489)
http://www-01.ibm.com/support/docview.wss?uid=swg21632130

+ [CPUApr2013] Oracle Critical Patch Update Advisory - April 2013
http://www.oracle.com/technetwork/jp/topics/ojkb163273-1935620-ja.html

+ RHSA-2013:0769 Low: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0769.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914

+ VMSA-2013-0006 VMware security updates for vCenter Server
http://www.vmware.com/security/advisories/VMSA-2013-0006.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431

+ HS13-010 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-010/index.html
+ HS13-010 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-010/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2440

+ HS13-009 Vulnerability about SSL Encryption in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-009/index.html
+ HS13-009 Cosminexus HTTP Server, Hitachi Web ServerにおけるSSLの暗号に関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-009/index.html

+ HS13-008 Vulnerability about SSL Encryption in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-008/index.html
+ HS13-008 Cosminexus HTTP Server, Hitachi Web ServerにおけるSSLの暗号に関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-008/index.html

+ HS13-007 Cross-site Scripting Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-007/index.html
+ HS13-007 Cosminexus HTTP Server, Hitachi Web Serverにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-007/index.html

+ FreeBSD-SA-13:05.nfsserver Insufficient input validation in the NFS server
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc

+ libpng 1.6.2 released
http://www.libpng.org/pub/png/src/libpng-1.6.2-README.txt

+ Samba 3.6.14 Available for Download
http://samba.org/samba/history/samba-3.6.14.html

+ Sendmail 8.14.7 is available.
http://sendmail.com/sm/open_source/download/8.14.7/

+ zlib 1.2.8 released
http://www.zlib.net/ChangeLog.txt

+ VU#209131 McAfee ePolicy Orchestrator 4.6.4 and earlier pre-authenticated SQL injection and directory path traversal vulnerabilities
http://www.kb.cert.org/vuls/id/209131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0141

+ SA53174 Linux Kernel KVM Multiple Vulnerabilities
http://secunia.com/advisories/53174/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798

+ Linux Kernel Virtual Ethernet Driver Denial of Service Vulnerability
http://www.securityfocus.com/bid/59549

+ Linux Kernel CVE-2013-1959 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59537

+ Linux Kernel ext4 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/59512

パターンファイル番号の桁上がりにより発生する表示上の問題について
http://www.trendmicro.co.jp/support/news.asp?id=1949

プレス発表
「情報漏えいを防ぐためのモバイルデバイス等設定マニュアル」を公開
~Windows、iOS、Android等の主要製品を画面遷移にあわせて紹介~
http://www.ipa.go.jp/about/press/20130426.html

「制御システムのセキュリティ人材育成に関する調査及びモデルカリキュラム等の作成」報告書について
  ~4コースのモデルカリキュラムを策定~
http://www.ipa.go.jp/security/fy24/reports/jinzai/index.html

【注意喚起】ゴールデンウィーク前に対策を
http://www.ipa.go.jp/security/topics/alert250424.html

ソフトウェア等の脆弱性関連情報に関する届出状況
[2013年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2013q1.html

NTTドコモの米子会社から、クレジットカード情報を含む403人分の個人情報が流出
http://itpro.nikkeibp.co.jp/article/NEWS/20130427/474141/?ST=security

サイファー・テックが暗号化PDF閲覧管理サービスを強化、iOS版のビューアを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130426/473953/?ST=security

IDとパスワードの棚卸し、この連休を逃すな!
http://itpro.nikkeibp.co.jp/article/COLUMN/20130419/472321/?ST=security

世界のセキュリティ・ラボから
Androidマルウエア、発展と古いタブー
http://itpro.nikkeibp.co.jp/article/COLUMN/20130425/473503/?ST=security

最新サイバー攻撃に備える
現実的なパスワード管理を考える
http://itpro.nikkeibp.co.jp/article/COLUMN/20130425/473581/?ST=security

JVNVU#95943552 NetScaler Access Gateway Enterprise Edition に脆弱性
http://jvn.jp/cert/JVNVU95943552/

JVN#55074201 Yahoo!ブラウザーにおけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN55074201/

JVN#01313594 Android 版 jigbrowser+ におけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN01313594/

VU#948155 Henry Schein Dentrix G5 uses hard-coded database credentials shared across multiple installations
http://www.kb.cert.org/vuls/id/948155

VU#521612 Citrix NetScaler and Access Gateway Enterprise Edition unauthorized access to network resources vulnerability
http://www.kb.cert.org/vuls/id/521612

0 件のコメント:
ラベル:

2013年4月19日金曜日

19日 金曜日、赤口


+ CESA-2013:0752 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/547761/

+ CESA-2013:0751 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/547764/

+ CESA-2013:0753 Moderate CentOS 6 icedtea-web Update
http://lwn.net/Alerts/547765/

+ Dovecot 2.2.1 released
http://www.dovecot.org/list/dovecot-news/2013-April/000252.html

+ Sudo 1.8.7b2 released
http://www.sudo.ws/sudo/devel.html#1.8.7b2

+ google-authenticator Information disclosure
http://cxsecurity.com/issue/WLB-2013040136

+ Java ActiveX Control Memory Corruption
http://cxsecurity.com/issue/WLB-2013040133

+ Google Authenticator CVE-2012-6140 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/59294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6140

脆弱性対策情報データベースJVN iPediaの登録状況
[2013年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2013q1.html

サイバー攻撃対策の情報共有組織「J-CSIP」、初年度の活動レポートを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20130418/471883/?ST=security

フォーティネットがUTM装置の新機種、低消費電力と高性能の両立狙う
http://itpro.nikkeibp.co.jp/article/NEWS/20130418/471882/?ST=security

Microsoft、アカウントのセキュリティオプションに2段階認証を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130418/471822/?ST=security

MDM活用に死角あり、スマホの安全対策を再考する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130416/471442/?ST=security

JVNTA13-107A Oracle Java の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-107A/

JVNTA13-100A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-100A/

DNS の再帰的な問い合わせを使った DDoS 攻撃に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130022.html

REMOTE: SAP ConfigServlet OS Command Execution
http://www.exploit-db.com/exploits/24963

DoS/PoC: Java Web Start Launcher ActiveX Control - Memory Corruption
http://www.exploit-db.com/exploits/24966

0 件のコメント:
ラベル:

2013年4月18日木曜日

18日 木曜日、大安


+ RHSA-2013:0753 Moderate: icedtea-web security update
http://rhn.redhat.com/errata/RHSA-2013-0753.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1927

+ RHSA-2013:0752 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0752.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2436

+ RHSA-2013:0751 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2013-0751.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2436

+ CESA-2013:0747 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/547522/

+ CESA-2013:0748 Moderate CentOS 6 krb5 Update
http://lwn.net/Alerts/547523/

+ UPDATE: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

+ Cisco Network Admission Control Manager SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-nac
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1177

+ Cisco TelePresence Infrastructure Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1176

+ MySQL 5.6.11, 5.5.31, 5.1.69 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-11.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-31.html
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-69.html

+ UltraMonkey(L4) for RHEL4,RHEL5,RHEL6 (x86, x86_64) 3.15 released
http://sourceforge.jp/projects/ultramonkey-l7/releases/58508/note

+ MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
http://www.securitytracker.com/id/1028449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2395

Oracle Java の脆弱性対策について(CVE-2013-2383等)
http://www.ipa.go.jp/security/ciadr/vul/20130417-jre.html

プレス発表
標的型攻撃の防御に向けた産業界との情報共有の枠組み、J-CSIP(ジェイシップ)の活動レポートを公開
~活動の成果として参加企業から246件の情報提供を受け、うち160件を情報共有~
http://www.ipa.go.jp/about/press/20130417.html

世界のセキュリティ・ラボから
不正リンクを掲載したSkypeメッセージが急増
http://itpro.nikkeibp.co.jp/article/COLUMN/20130414/470781/?ST=security

JR東日本の会員ポータルサイトへ不正ログイン
http://itpro.nikkeibp.co.jp/article/NEWS/20130417/471613/?ST=security

2013年4月 Oracle Java SE のクリティカルパッチアップデート (定例) に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130021.html

0 件のコメント:
ラベル:

2013年4月17日水曜日

17日 水曜日、仏滅


+ Oracle Critical Patch Update Advisory - April 2013
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

+ Oracle Java SE Critical Patch Update Advisory - April 2013
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

+ RHSA-2013:0748 Moderate: krb5 security update
http://rhn.redhat.com/errata/RHSA-2013-0748.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416

+ RHSA-2013:0747 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0747.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1826

+ About the security content of Java for OS X 2013-003 and Mac OS X v10.6 Update 15
http://support.apple.com/kb/HT5734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2440

+ About the security content of Safari 6.0.4
http://support.apple.com/kb/HT5701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912

+ nginx-1.3.16 development version released
http://nginx.org/en/download.html

+ CESA-2013:0742 Low CentOS 6 389-ds-base Update
http://lwn.net/Alerts/547394/

+ PDFCreator 1.7.0 released
http://www.pdfforge.org/blog/pdfcreator-170-released

+ HPSBUX02867 SSRT101103 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03735640-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493

+ Java SE 7 Update 21 Released
http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html

+ Java SE 6 Update 45 Released
http://www.oracle.com/technetwork/java/javase/6u45-relnotes-1932876.html

+ Oracle Solaris Lets Remote Users Access and Modify Data and Local Users Gain Elevated Privileges and Deny Service
http://www.securitytracker.com/id/1028436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1530

+ Oracle Database Bugs Let Remote Users Execute Arbitrary Code, Modify Data, and Deny Service
http://www.securitytracker.com/id/1028435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1554

+ Oracle Java Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2440

+ Linux kernel cifs NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040113

+ Linux kernel tracing NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040112

+ Linux Kernel Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/59052

コンピュータウイルス・不正アクセス届出状況および相談受付状況
[2013年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/txt/2013/q1outline.html

Google検索の「サジェスト機能」を巡る訴訟でGoogle敗訴
東京地裁が名誉棄損を認め、「無関係の犯罪行為」表示の差し止め命じる
http://itpro.nikkeibp.co.jp/article/NEWS/20130417/471481/?ST=security

「サポートが終了したXPは狙われる」、マイクロソフトのセキュリティ担当
ウイルス対策をしていないパソコンの感染率は5.5倍
http://itpro.nikkeibp.co.jp/article/NEWS/20130417/471461/?ST=security

記者の眼
標的型攻撃の「攻撃者」を特定するサービス、日本上陸
http://itpro.nikkeibp.co.jp/article/Watcher/20130415/470941/?ST=security

セイコーソリューションズ、WAF用途の負荷分散装置を出荷
http://itpro.nikkeibp.co.jp/article/NEWS/20130416/471331/?ST=security

チェック・ポイント、企業の支社・支店向けを狙ったセキュリティアプライアンス発売
http://itpro.nikkeibp.co.jp/article/NEWS/20130416/471341/?ST=security

パロアルトネットワークス、マルウエア解析サービスを国内データセンターから提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130416/471250/?ST=security

ジュニパー、データセンター狙うサイバー攻撃者を特定できるクラウドサービス
http://itpro.nikkeibp.co.jp/article/NEWS/20130416/471226/?ST=security

Facebook、若者向けオンライン安全性向上プログラムで全米州司法長官協会と協力
http://itpro.nikkeibp.co.jp/article/NEWS/20130416/471125/?ST=security

JVNVU#94324985 Plesk Panel に権限昇格の脆弱性
http://jvn.jp/cert/JVNVU94324985/

JVNVU#98254993 pd-admin にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU98254993/

JVNVU#94295396 AV1355DN にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU94295396/

0 件のコメント:
ラベル:

2013年4月16日火曜日

16日 火曜日、先負


+ RHSA-2013:0742 Low: 389-ds-base security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0742.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1897

+ phpMyAdmin 4.0.0-rc2 released
http://sourceforge.net/p/phpmyadmin/news/2013/04/phpmyadmin-400-rc2-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

+ HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03734195-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885

+ courier-imap 4.13 released
http://www.courier-mta.org/imap/

+ SA53030 Cybozu Multiple Products Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/53030/

+ SA53051 curl / libcURL "tailmatch()" Cookie Information Disclosure Vulnerability
http://secunia.com/advisories/53051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944

+ Linux kernel cifs NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040113

+ Linux kernel tracing NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040112

+ Linux Kernel CIFS NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/59064

+ Linux Kernel Tracing Mutiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/59055

+ Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/59050

+ Linux Kernel Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/59052

プレス発表
制御機器認証プログラム「EDSA」国内認証制度の確立および規格書対訳版の公開について
~認証制度の確立・普及に向けたパイロットプロジェクトの推進~
http://www.ipa.go.jp/about/press/20130415.html

JVN#06251813 複数のサイボウズ製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN06251813/

VU#311644 pd-admin contains cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/311644

VU#375180 Arecont Vision model AV1355DN camera vulnerable to denial of service
http://www.kb.cert.org/vuls/id/375180

DoS/PoC: MinaliC Webserver 2.0.0 - Buffer Overflow
http://www.exploit-db.com/exploits/24958

0 件のコメント:
ラベル:

2013年4月15日月曜日

15日 月曜日、友引











+ CESA-2013:0737 Moderate CentOS 6 subversion Update
http://lwn.net/Alerts/547152/

+ CESA-2013:0737 Moderate CentOS 5 subversion Update
http://lwn.net/Alerts/547151/

+ UPDATE: Cisco IOS Software IP Service Level Agreement Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla

+ Apache Struts 2.3.14 released
http://struts.apache.org/development/2.x/docs/version-notes-2314.html

+ curl and libcurl 7.30.0 released
http://curl.haxx.se/changes.html#7_30_0

+ GCC 4.6.4 released
http://gcc.gnu.org/gcc-4.6/

+ Dovecot 2.2.0 released
http://www.dovecot.org/list/dovecot-news/2013-April/000251.html

+ Linux kernel 3.9 more net info leak fixes
http://cxsecurity.com/issue/WLB-2013040108

+ Linux Kernel 'tg3.c' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/58908

定期サーバメンテナンスのお知らせ(2013年4月19日)
http://www.trendmicro.co.jp/support/news.asp?id=1945

富士通、薄さ6ミリでノートPCに内蔵できる手のひら静脈認証センサーを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130412/470549/?ST=security

JVN#02895867 Sleipnir Mobile for Android において任意のエクステンション API が呼び出される脆弱性
http://jvn.jp/jp/JVN02895867/

0 件のコメント:
ラベル: ,

2013年4月12日金曜日

12日 金曜日、大安


+ RHSA-2013:0737 Moderate: subversion security update
http://rhn.redhat.com/errata/RHSA-2013-0737.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849

+ Mozilla Firefox 20.0.1 released
http://www.mozilla.org/en-US/firefox/new/

+ UPDATE: Cisco IOS Software Network Address Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-nat

+ UPDATE: Cisco IOS Software Smart Install Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall

+ UPDATE: Cisco IOS Software Zone-Based Policy Firewall Session Initiation Protocol Inspection Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-cce

+ UPDATE: Cisco IOS Software Internet Key Exchange Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ike

+ UPDATE: Cisco IOS Software Protocol Translation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt

+ UPDATE: Cisco IOS Software Resource Reservation Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-rsvp

+ UPDATE: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

+ PSN-2013-04-910 2013-04: Junos Routing, Switching, and Security: Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-910&viewMode=view

+ PSN-2013-04-911 2013-04 Security Bulletin: Junos: Specially crafted SIP packet can cause the flowd process to crash
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-911&viewMode=view

+ PSN-2013-04-912 2013-04 Security Bulletin: Junos: SIP ALG on SRX Series may allow sessions not permitted by policy which can lead to a DoS
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-912&viewMode=view

+ PSN-2013-04-913 2013-04 Security Bulletin: Junos: Kernel crash while processing certain types of ARP packets
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-913&viewMode=view

+ PSN-2013-04-914 2013-04 Security Bulletin: Junos: J-Web Sajax remote code execution
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-914&viewMode=view

+ PSN-2013-04-915 2013-04 Security Bulletin: Junos: MBUF exhaustion with IPv6 egress filter on the loopback interface
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-915&viewMode=view

+ PSN-2013-04-916 2013-04 Security Bulletin: Junos: Ethernet traffic with invalid Ether-Type can trigger protocol packet drops on Ichip-based FPCs/DPCs
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-916&viewMode=view

+ PSN-2013-04-917 2013-04 Security Bulletin: Junos: Kernel crash when receiving crafted GRE packet on multicast tunnel interface
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-917&viewMode=view

+ PSN-2013-04-918 2013-04 Security Bulletin: Junos: DNSSEC validation Denial of Service (CVE-2012-3817)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-918&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817

+ Oracle Critical Patch Update Pre-Release Announcement - April 2013
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

+ GCC 4.7.3 released
http://gcc.gnu.org/gcc-4.7/

+ PHP 5.4.14 and PHP 5.3.24 released!
http://php.net/ChangeLog-5.php

+ Sudo 1.8.6p8 released
http://www.sudo.ws/sudo/stable.html#1.8.6p8

phpMyAdmin at GSoC 2013
http://sourceforge.net/p/phpmyadmin/news/2013/04/phpmyadmin-at-gsoc-2013/

記者の眼
改めて感じる個人情報/プライバシー保護意識の大きな落差
http://itpro.nikkeibp.co.jp/article/Watcher/20130410/470035/?ST=security

コムスクエア、エージェントレス監視ソフトのPing限定版を無償提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130411/470261/?ST=security

IRSは令状無しで電子メールを閲覧している---米人権団体が抗議
http://itpro.nikkeibp.co.jp/article/NEWS/20130411/470203/?ST=security

再開直後に再び不正ログイン被害、NTT東日本フレッツ光会員サイト
http://itpro.nikkeibp.co.jp/article/NEWS/20130411/470141/?ST=security

JVNVU#94324985 Plesk Panel に権限昇格の脆弱性
http://jvn.jp/cert/JVNVU94324985/index.html

JVNTA13-100A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-100A/index.html

JVN#65034198 Sleipnir for Windows におけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN65034198/index.html

0 件のコメント:
ラベル:

2013年4月11日木曜日

11日 木曜日、仏滅


+ CESA-2013:0727 Important CentOS 5 kvm Update
http://lwn.net/Alerts/546793/

+ UPDATE: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

+ Multiple Vulnerabilities in Cisco Unified MeetingPlace Solution
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-mp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1169

+ Cisco Prime Network Control Systems Database Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1170

+ Multiple Vulnerabilities in Cisco Firewall Services Module Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-fwsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1149

+ Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa

+ Multiple vulnerabilities in Python
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150

+ CVE-2012-3817 Denial of Service (DoS) vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3817_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817

+ CVE-2011-0419 Denial of Service (DoS) vulnerability in Solaris C Library
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0419_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

+ FreeBSD-8.4 RC1 released
http://lists.freebsd.org/pipermail/freebsd-stable/2013-April/073070.html

+ MacOSX 10.8.3 ftpd Resource Exhaustion *youtube
http://cxsecurity.com/issue/WLB-2013040082

+ phpMyAdmin 3.5.7 Reflected XSS
http://cxsecurity.com/issue/WLB-2013040071

+ Internet Explorer CSS Denial of Service Vulnerability
http://cxsecurity.com/issue/WLB-2013040081

+ JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/59015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3532

ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1943

Adobe Flash Player の脆弱性対策について
(APSB13-11)(CVE-2013-1378等)
http://www.ipa.go.jp/security/ciadr/vul/20130410-adobeflashplayer.html

チェックしておきたい脆弱性情報<2013.04.11>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130408/469102/?ST=security

WindowsやIEなどに危険な脆弱性、標的型攻撃への悪用も確認
日本マイクロソフトはパッチを公開、SP未適用のWindows 7向けは今回が最後
http://itpro.nikkeibp.co.jp/article/NEWS/20130411/470101/?ST=security

世界のセキュリティ・ラボから
Androidマルウエアを用いた標的型攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20130410/469882/?ST=security

バッファロー、ラックマウント型NASにウイルス対策を付けた新モデル
http://itpro.nikkeibp.co.jp/article/NEWS/20130410/469961/?ST=security

eBook Japanの不正ログイン被害、「他社サービスのIDとパスワードが使われた可能性」
http://itpro.nikkeibp.co.jp/article/NEWS/20130410/469917/?ST=security

Adobe Flash Player の脆弱性 (APSB13-11) に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130020.html

2013年4月 Microsoft セキュリティ情報 (緊急 2件含) に関する注意喚起
http://www.jpcert.or.jp/at/2013/at130019.html

VU#310500 Plesk Panel 11.0.9 privilege escalation vulnerabilities
http://www.kb.cert.org/vuls/id/310500

REMOTE: BigAnt Server 2.97 - DDNF Username Buffer Overflow
http://www.exploit-db.com/exploits/24943

REMOTE: Linksys WRT54GL apply.cgi Command Execution
http://www.exploit-db.com/exploits/24945

REMOTE: Adobe ColdFusion APSB13-03 Remote Exploit
http://www.exploit-db.com/exploits/24946

0 件のコメント:
ラベル:

2013年4月10日水曜日

10日 水曜日、先負












+ マイクロソフト 2013 年 4 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-apr

+ MS13-028 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2817183)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1304

+ MS13-029 - 緊急 リモート デスクトップ クライアントの脆弱性により、リモートでコードが実行される (2828223)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1296

+ MS13-030 - 重要 SharePoint の脆弱性により、情報漏えいが起こる (2827663)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1290

+ MS13-031 - 重要 Windows カーネルの脆弱性により、特権が昇格される
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1294

+ MS13-032 - 重要 Active Directory の脆弱性により、サービス拒否が起こる (2830914)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1282

+ MS13-033 - 重要 Windows クライアント/サーバー ランタイム サブシステム (CSRSS) の脆弱性により、特権が昇格される (2820917)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1295

+ MS13-034 - 重要 Microsoft Antimalware Client の脆弱性により、特権が昇格される (2823482)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0078

+ MS13-035 - 重要 HTML のサニタイズ コンポーネントの脆弱性により、特権が昇格される (2821818)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1289

+ MS13-036 - 重要 カーネルモード ドライバーの脆弱性により、特権が昇格される (2829996)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1293

+ APSB13-10 Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1388

+ APSB13-11 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-11.html

+ APSB13-12 Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb13-12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1386

+ CESA-2013:0714 Moderate CentOS 6 stunnel Update
http://lwn.net/Alerts/546618/

+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ Samba 4.0.5 Available for Download
http://samba.org/samba/history/samba-4.0.5.html

+ phpMyAdmin 3.5.7 Reflected XSS
http://cxsecurity.com/issue/WLB-2013040071

+ SA52871 Zimbra Collaboration Server "dictionary" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52871/

+ ISC DHCP 'libdns' CVE-2013-2494 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494

+ phpMyAdmin 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/58962

ウイルスバスター コーポレートエディション 10.5 Patch 5 (ビルド 2328) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1939

InterScan Messaging Security Virtual Appliance 8.0 Patch 2 (build 1480) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1934

JINS通販ショップが情報流出事件の中間報告、1万2036人にQUOカードを送付
http://itpro.nikkeibp.co.jp/article/NEWS/20130409/469721/?ST=security

「他サービスから流出したIDとパスワード試行の可能性」、gooIDへの不正アクセス終報
http://itpro.nikkeibp.co.jp/article/NEWS/20130409/469682/?ST=security

チェックしておきたい脆弱性情報<2013.04.09>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130408/469101/?ST=security

JVNVU#94585860 AirDroid にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU94585860/

DoS/PoC: Sysax Multi Server 6.10 - SSH Denial of Service
http://www.exploit-db.com/exploits/24940

0 件のコメント:
ラベル: ,

2013年4月9日火曜日

9日 火曜日、赤口


+ RHSA-2013:0714 Moderate: stunnel security update
http://rhn.redhat.com/errata/RHSA-2013-0714.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762

+ phpMyAdmin 3.5.8 released
http://sourceforge.net/p/phpmyadmin/news/2013/04/phpmyadmin-358-is-released/

+ SA52868 Linux Kernel Denial of Service and Privilege Escalation Vulnerabilities
http://secunia.com/advisories/52868/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4461

+ SA52966 Apache Subversion mod_dav_svn Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/52966/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884

パスワードマネージャー プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1944

PostgreSQL participating in Google Summer of Code 2013
http://www.postgresql.org/about/news/1458/

トレンドマイクロ、パスワード管理ツールを店頭販売
POSA技術使いレジでライセンスキー発行、1年版の予想実売価格は1780円前後
http://itpro.nikkeibp.co.jp/article/NEWS/20130409/469402/?ST=security

国内で相次ぐWebサイトの改ざん、管理ソフトの脆弱性が原因か
管理者は「Parallels Plesk Panel」の確認を
http://itpro.nikkeibp.co.jp/article/NEWS/20130409/469401/?ST=security

サイバー攻撃を察知する「SIEM」に新機軸
NTTコムは月額制、RSAは攻撃を完全再現
http://itpro.nikkeibp.co.jp/article/COLUMN/20130328/466649/?ST=security

最新サイバー攻撃に備える
gooIDやYahooが標的 会員サービス狙う不正アクセスの狙いは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130405/469047/?ST=security

JVNVU#95651153 NVIDIA 製ビデオカードのディスプレイドライバにバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU95651153/

JVNVU#98376265 PHP Address Book に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU98376265/

VU#557252 AirDroid web interface XSS vulnerability
http://www.kb.cert.org/vuls/id/557252

REMOTE: Netgear DGN1000B setup.cgi Remote Command Execution
http://www.exploit-db.com/exploits/24931

REMOTE: MongoDB nativeHelper.apply Remote Code Execution
http://www.exploit-db.com/exploits/24935

REMOTE: Linksys E1500/E2500 apply.cgi Remote Command Injection
http://www.exploit-db.com/exploits/24936

REMOTE: HP System Management Anonymous Access Code Execution
http://www.exploit-db.com/exploits/24937

REMOTE: Novell ZENworks Configuration Management Remote Execution
http://www.exploit-db.com/exploits/24938

LOCAL: Google AD Sync Tool - Exposure of Sensitive Information Vulnerability
http://www.exploit-db.com/exploits/24923

LOCAL: HP System Management Homepage Local Privilege Escalation
http://www.exploit-db.com/exploits/24929

LOCAL: PonyOS 0.4.99-mlp - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/24933

LOCAL: HexChat 2.9.4 Local Exploit Submission
http://www.exploit-db.com/exploits/24919

DoS/PoC: Groovy Media Player 3.2.0 (.mp3) - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/24930

0 件のコメント:
ラベル:

2013年4月8日月曜日

8日 月曜日、大安


+ Apache Struts 1 End-Of-Life (EOL)
http://struts.apache.org/struts1eol-press.html

+ Cisco Tivoli Business Service Manager Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1174

+ McAfee Email Gateway Third Party Plugin Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028391
http://secunia.com/advisories/52838/

+ Samba Bug Lets Remote Authenticated Users Modify Files
http://www.securitytracker.com/id/1028389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454
http://www.securityfocus.com/bid/58901

+ SA52817 GNU C Library "getaddrinfo()" Denial of Service Vulnerability
http://secunia.com/advisories/52817/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914

+ Linux Kernel fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE missing error check
http://cxsecurity.com/issue/WLB-2013040048

+ Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58323

+ Linux Kernel 'fs/compat_ioctl.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/58906

+ Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884

+ Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847

+ Subversion 'mod_dav_svn' CVE-2013-1845 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845

+ Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/58895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846

最新サイバー攻撃に備える
狙われるクラウドアカウント
http://itpro.nikkeibp.co.jp/article/COLUMN/20130318/464030/?ST=security

CCCのサイトに不正ログイン、Tポイント不正利用で発覚
http://itpro.nikkeibp.co.jp/article/NEWS/20130406/469081/?ST=security

NTT東日本のフレッツ光会員サイトに不正アクセス、ログインを停止
http://itpro.nikkeibp.co.jp/article/NEWS/20130405/468884/?ST=security

VU#771620 NVIDIA UNIX GPU driver ARGB cursor buffer overflow in "NoScanout" mode
http://www.kb.cert.org/vuls/id/771620

VU#183692 PHP Address Book sqli vulnerability
http://www.kb.cert.org/vuls/id/183692

LOCAL: HexChat 2.9.4 Local Exploit Submission
http://www.exploit-db.com/exploits/24919

DoS/PoC: Easy DVD Player (libav) libavcodec_plugin.dll DOS
http://www.exploit-db.com/exploits/24917

DoS/PoC: Personal File Share 1.0 DoS
http://www.exploit-db.com/exploits/24918

0 件のコメント:
ラベル:

2013年4月5日金曜日

5日 金曜日、友引


+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 4 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-apr

+ Opera 12.15 released
http://www.opera.com/docs/changelogs/unified/1215/

+ CESA-2013:0696 Critical CentOS 5 xulrunner Update
http://lwn.net/Alerts/545710/

+ CESA-2013:0696 Critical CentOS 6 xulrunner Update
http://lwn.net/Alerts/545712/

+ CESA-2013:0696 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/545720/

+ CESA-2013:0696 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/545721/

+ CESA-2013:0697 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/545722/

+ CESA-2013:0697 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/545723/

+ UPDATE: HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03216705-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts

+ Dovecot 2.1.16 released
http://www.dovecot.org/list/dovecot-news/2013-April/000245.html

+ PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 released
http://www.postgresql.org/about/news/1456/
http://www.postgresql.org/docs/9.2/static/release-9-2-4.html
http://www.postgresql.org/docs/9.1/static/release-9-1-9.html
http://www.postgresql.org/docs/9.0/static/release-9-0-13.html
http://www.postgresql.org/docs/8.4/static/release-8-4-17.html

+ A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directory
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899

+ Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

+ An unprivileged user can run commands that could interfere with in-progress backups.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

+ EnterpriseDB's installers for Linux and Mac OS X created a directory and file in /tmp with predictable names.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1902

+ EnterpriseDB's installers for Linux and Mac OS X passed the database superuser password to a script in an insecure fashion.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1903

+ PostgreSQL Bugs Let Remote Users Deny Service and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028387
http://secunia.com/advisories/52837/

+ PostgreSQL CVE-2013-1903 Password Disclosure Vulnerability
http://www.securityfocus.com/bid/58882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1903

+ PostgreSQL 'contrib/pgcrypto' Functions Information Disclosure Weakness
http://www.securityfocus.com/bid/58879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

+ PostgreSQL CVE-2013-1901 Security Bypass Vulnerability
http://www.securityfocus.com/bid/58878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

+ PostgreSQL CVE-2013-1902 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/58877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1902

+ PostgreSQL CVE-2013-1899 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899

+ Microsoft April 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/58881

+ Opera Web Browser Information Disclosure and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/58864

InterScan Web Security Virtual Appliance 5.0 Critical Patch build 1468 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1938

マルウエアをネット上のサンドボックスで動かしてから捕まえる
米マカフィー ネットワークセキュリティ担当 シニアバイスプレジデント兼ゼネラルマネージャー パット・カルフーン氏
http://itpro.nikkeibp.co.jp/article/Interview/20130404/468703/?ST=security

Yahoo! JAPAN、不正プログラムで127万件分のID情報抽出、情報流出はなし
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468761/?ST=security

「gooID」に対する不正ログイン要求が継続中、約7万アカウントを追加でロック
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468662/?ST=security

国内企業のセキュリティ投資は2年連続で増加傾向、IDC調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468501/?ST=security

急増する自動音声の迷惑電話、撃退法コンテストの受賞者が決定
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468502/?ST=security

JVN#04288738 Active! mail における情報漏えいの脆弱性
http://jvn.jp/jp/JVN04288738/

JVNVU#96958297 C2 WebResource にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU96958297/

0 件のコメント:
ラベル:

2013年4月4日木曜日

4日 木曜日、先勝


+ SA52854 Samba CIFS Attribute Handling Security Issue
http://secunia.com/advisories/52854/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454

+ glibc getaddrinfo() stack overflow
http://cxsecurity.com/issue/WLB-2013040018
http://www.securityfocus.com/bid/58839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914

+ PHP 'ext/soap/php_xml.c' Multiple Arbitrary File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/58766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643

Check Point response to 'Bypassing application control SSH detection'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86442&src=securityAlerts

サーバメンテナンスのお知らせ(2013年4月10日)
http://www.trendmicro.co.jp/support/news.asp?id=1941

ServerProtect for NetApp 5.8 Critical Patch build 1103 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1942

世界のセキュリティ・ラボから
韓国企業を襲ったサイバー攻撃、セキュリティ企業はこう分析
http://itpro.nikkeibp.co.jp/article/COLUMN/20130401/467731/?ST=security

韓国激震、サイバー攻撃が同時多発
パッチ管理システムを突かれる
http://itpro.nikkeibp.co.jp/article/COLUMN/20130328/466648/?ST=security

アクセス権限管理を強化した企業間データ交換サービス、米イントラリンクスが提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130403/468461/?ST=security

NTTレゾナントの「gooID」に不正なログイン要求、約3万アカウントをロックし対処
http://itpro.nikkeibp.co.jp/article/NEWS/20130403/468462/?ST=security

SCSK、FalconStor CDP採用の災害復旧バックアップシステムをパッケージ化
http://itpro.nikkeibp.co.jp/article/NEWS/20130403/468390/?ST=security

iPhoneの次期モデルは4~6月に生産開始、発売は夏とWSJが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130403/468226/?ST=security

Googleがプライバシー問題で欧州6カ国の当局と対立
http://itpro.nikkeibp.co.jp/article/NEWS/20130403/468221/?ST=security

JVNVU#92283490 TigerText Free に情報管理不備の脆弱性
http://jvn.jp/cert/JVNVU92283490/index.html

VU#418923 C2 WebResource web interface XSS vulnerability
http://www.kb.cert.org/vuls/id/418923

0 件のコメント:
ラベル:

2013年4月3日水曜日

3日 水曜日、赤口


+ RHSA-2013:0696 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0696.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800

+ RHSA-2013:0697 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0697.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800

+ Mozilla Firefox 20.0 released
http://www.mozilla.org/en-US/firefox/20.0/releasenotes/

+ Mozilla Thunderbird 17.0.5 released
http://www.mozilla.org/en-US/thunderbird/17.0.5/releasenotes/

+ MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
http://www.mozilla.org/security/announce/2013/mfsa2013-40.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791

+ MFSA 2013-39 Memory corruption while rendering grayscale PNG images
http://www.mozilla.org/security/announce/2013/mfsa2013-39.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792

+ MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
http://www.mozilla.org/security/announce/2013/mfsa2013-38.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793

+ MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
http://www.mozilla.org/security/announce/2013/mfsa2013-37.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794

+ MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795

+ MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
http://www.mozilla.org/security/announce/2013/mfsa2013-35.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796

+ MFSA 2013-34 Privilege escalation through Mozilla Updater
http://www.mozilla.org/security/announce/2013/mfsa2013-34.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797

+ MFSA 2013-33 World read and write access to app_tmp directory on Android
http://www.mozilla.org/security/announce/2013/mfsa2013-33.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798

+ MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
http://www.mozilla.org/security/announce/2013/mfsa2013-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799

+ MFSA 2013-31 Out-of-bounds write in Cairo library
http://www.mozilla.org/security/announce/2013/mfsa2013-31.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800

+ MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)
http://www.mozilla.org/security/announce/2013/mfsa2013-30.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0790

+ nginx-1.2.8 stable version released
http://nginx.org/en/download.html

+ UPDATE: HPSBNS02843 SSRT101001 rev.2 - HP NonStop Servers running OSS Remote Operations, Unauthorized Disclosure of Information, Unauthorized Modification, Unauthorized Access to Files
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03654586-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2013-0255 Array Index error vulnerability in PostgreSQL
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0255_array_index
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0255

+ FreeBSD-SA-13:04.bind BIND remote denial of service
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:04.bind.asc

+ FreeBSD-SA-13:03.openssl OpenSSL multiple vulnerabilities
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:03.openssl.asc

+ s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used()
http://ftp.samba.org/pub/samba/patches/security/samba-3.6-CVE-2013-0454.patch
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0454

+ Sudo 1.8.6p7 released
http://www.sudo.ws/sudo/devel.html#1.8.7b1

+ VU#704916 The TigerText Free Consumer Private Texting App (iOS) sends unencrypted user information in support requests
http://www.kb.cert.org/vuls/id/704916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0128

+ SA52867 Skype Unspecified Vulnerabilities
http://secunia.com/advisories/52867/

PostgreSQL Conference Europe 2013 - date and location
http://www.postgresql.org/about/news/1455/

チェックしておきたい脆弱性情報<2013.04.03>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130401/467643/?ST=security

スマホ最大のセキュリティリスクはウイルスではない
http://itpro.nikkeibp.co.jp/article/Watcher/20130401/467542/?ST=security

IIJ、運用管理込みのファイアウォールレンタルにパロアルト製品を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130402/468108/?ST=security

マカフィー、10月以降実行型サンドボックス「ValidEdge」をIPS製品などに搭載
http://itpro.nikkeibp.co.jp/article/NEWS/20130402/467981/?ST=security

0 件のコメント:
ラベル:

2013年4月2日火曜日

2日 火曜日、大安














+ Wireshark 1.8.6 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html

+ UPDATE: HPSBST02848 SSRT101112 rev.2 - HP XP P9000 Command View Advanced Edition Suite Products, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03691745-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ OpenLDAP 2.4.35 released
http://www.openldap.org/software/release/changes.html

+ IBM InfoSphere Information Server Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0502

+ SA52882 IBM InfoSphere Replication Server Jetty Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/52882/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4461

今月の呼びかけ
http://www.ipa.go.jp/security/txt/2013/04outline.html

今週のSecurity Check
「SNSアカウントの乗っ取りにご用心」
http://itpro.nikkeibp.co.jp/article/COLUMN/20130401/467635/?ST=security

DeepSAFEでMBRやBIOSの変更も検知可能に、将来的にはスマートデバイスにも
McAfee International, Senior Product Manager, Raj Dhesi氏
http://itpro.nikkeibp.co.jp/article/Interview/20130329/467322/?ST=security

監視カメラ映像というビッグデータ、人混みから顔認証で「あなたの顔」を見つけ出す
http://itpro.nikkeibp.co.jp/article/Watcher/20130319/464501/?ST=security

NTTグループがインターネット利用状況のモニター調査を中止
http://itpro.nikkeibp.co.jp/article/NEWS/20130401/467748/?ST=security

0 件のコメント:
ラベル: ,

2013年4月1日月曜日

1日 月曜日、仏滅

+ CESA-2013:0689 Important CentOS 6 bind Update
http://lwn.net/Alerts/545176/

+ CESA-2013:0690 Important CentOS 5 bind97 Update
http://lwn.net/Alerts/545177/

+ libpng 1.6.1 released
http://www.libpng.org/pub/png/src/libpng-1.6.1-README.txt

+ Sysstat 10.1.5 released (development version)
http://sebastien.godard.pagesperso-orange.fr/

+ SA52799 IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities
http://secunia.com/advisories/52799/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725

+ SA52836 McAfee Firewall Enterprise BIND Regular Expression Handling Denial of Service Vulnerability
http://secunia.com/advisories/52836/

+ Multiple DNS Server (Microsoft, BIND9) Amplification Attacks
http://cxsecurity.com/issue/WLB-2013030279

ソースネクスト、PC用3台とスマホ用をパッケージした更新料なしのセキュリティソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20130401/467463/?ST=security

最新サイバー攻撃に備える
悪質化するスマホマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20130318/464031/?ST=security

NTT東西、4月開始予定のネット利用状況モニター調査で内容変更の可能性を告知
http://itpro.nikkeibp.co.jp/article/NEWS/20130330/467361/?ST=security

2012年のサイバー犯罪検挙件数が前年比28%増、過去最高に
http://itpro.nikkeibp.co.jp/article/NEWS/20130329/466941/?ST=security

健康に関する個人情報がハッキングされる可能性(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130329/466882/?ST=security

JVN#01167429 Android 版 OpenWnn におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN01167429/

REMOTE: KNet Web Server 1.04b - Buffer Overflow SEH
http://www.exploit-db.com/exploits/24897

REMOTE: STUNSHELL Web Shell Remote PHP Code Execution
http://www.exploit-db.com/exploits/24902

REMOTE: STUNSHELL Web Shell Remote Code Execution
http://www.exploit-db.com/exploits/24903

REMOTE: Draytek Vigor 3900 1.06 - Privilege Escalation
http://www.exploit-db.com/exploits/24899

DoS/PoC: Konftel 300IP SIP-based Conference Phone <= 2.1.2 - Remote Bypass Reboot
http://www.exploit-db.com/exploits/24896

0 件のコメント:
ラベル:
登録: 投稿 (Atom)