16日 火曜日、先負

+ RHSA-2013:0742 Low: 389-ds-base security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0742.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1897

+ phpMyAdmin 4.0.0-rc2 released
http://sourceforge.net/p/phpmyadmin/news/2013/04/phpmyadmin-400-rc2-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

+ HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03734195-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5885

+ courier-imap 4.13 released
http://www.courier-mta.org/imap/

+ SA53030 Cybozu Multiple Products Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/53030/

+ SA53051 curl / libcURL "tailmatch()" Cookie Information Disclosure Vulnerability
http://secunia.com/advisories/53051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944

+ Linux kernel cifs NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040113

+ Linux kernel tracing NULL pointer dereference
http://cxsecurity.com/issue/WLB-2013040112

+ Linux Kernel CIFS NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/59064

+ Linux Kernel Tracing Mutiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/59055

+ Linux Kernel Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/59050

+ Linux Kernel Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/59052

プレス発表
制御機器認証プログラム「EDSA」国内認証制度の確立および規格書対訳版の公開について
～認証制度の確立・普及に向けたパイロットプロジェクトの推進～
http://www.ipa.go.jp/about/press/20130415.html

JVN#06251813 複数のサイボウズ製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN06251813/

VU#311644 pd-admin contains cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/311644

VU#375180 Arecont Vision model AV1355DN camera vulnerable to denial of service
http://www.kb.cert.org/vuls/id/375180

DoS/PoC: MinaliC Webserver 2.0.0 - Buffer Overflow
http://www.exploit-db.com/exploits/24958