5日 金曜日、友引

+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 4 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-apr

+ Opera 12.15 released
http://www.opera.com/docs/changelogs/unified/1215/

+ CESA-2013:0696 Critical CentOS 5 xulrunner Update
http://lwn.net/Alerts/545710/

+ CESA-2013:0696 Critical CentOS 6 xulrunner Update
http://lwn.net/Alerts/545712/

+ CESA-2013:0696 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/545720/

+ CESA-2013:0696 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/545721/

+ CESA-2013:0697 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/545722/

+ CESA-2013:0697 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/545723/

+ UPDATE: HPSBMU02785 SSRT100526 rev.2 - HP LoadRunner Running on Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03216705-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts

+ Dovecot 2.1.16 released
http://www.dovecot.org/list/dovecot-news/2013-April/000245.html

+ PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 released
http://www.postgresql.org/about/news/1456/
http://www.postgresql.org/docs/9.2/static/release-9-2-4.html
http://www.postgresql.org/docs/9.1/static/release-9-1-9.html
http://www.postgresql.org/docs/9.0/static/release-9-0-13.html
http://www.postgresql.org/docs/8.4/static/release-8-4-17.html

+ A connection request containing a database name that begins with "-" may be crafted to damage or destroy files within a server's data directory
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899

+ Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

+ An unprivileged user can run commands that could interfere with in-progress backups.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

+ EnterpriseDB's installers for Linux and Mac OS X created a directory and file in /tmp with predictable names.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1902

+ EnterpriseDB's installers for Linux and Mac OS X passed the database superuser password to a script in an insecure fashion.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1903

+ PostgreSQL Bugs Let Remote Users Deny Service and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028387
http://secunia.com/advisories/52837/

+ PostgreSQL CVE-2013-1903 Password Disclosure Vulnerability
http://www.securityfocus.com/bid/58882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1903

+ PostgreSQL 'contrib/pgcrypto' Functions Information Disclosure Weakness
http://www.securityfocus.com/bid/58879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900

+ PostgreSQL CVE-2013-1901 Security Bypass Vulnerability
http://www.securityfocus.com/bid/58878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901

+ PostgreSQL CVE-2013-1902 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/58877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1902

+ PostgreSQL CVE-2013-1899 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899

+ Microsoft April 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/58881

+ Opera Web Browser Information Disclosure and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/58864

InterScan Web Security Virtual Appliance 5.0 Critical Patch build 1468 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1938

マルウエアをネット上のサンドボックスで動かしてから捕まえる
米マカフィー　ネットワークセキュリティ担当　シニアバイスプレジデント兼ゼネラルマネージャー　パット・カルフーン氏
http://itpro.nikkeibp.co.jp/article/Interview/20130404/468703/?ST=security

Yahoo! JAPAN、不正プログラムで127万件分のID情報抽出、情報流出はなし
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468761/?ST=security

「gooID」に対する不正ログイン要求が継続中、約7万アカウントを追加でロック
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468662/?ST=security

国内企業のセキュリティ投資は2年連続で増加傾向、IDC調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468501/?ST=security

急増する自動音声の迷惑電話、撃退法コンテストの受賞者が決定
http://itpro.nikkeibp.co.jp/article/NEWS/20130404/468502/?ST=security

JVN#04288738 Active! mail における情報漏えいの脆弱性
http://jvn.jp/jp/JVN04288738/

JVNVU#96958297 C2 WebResource にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU96958297/