:: IT Security Neophyte Investigator's MEMO ::: 27日月曜日、先負

2013年5月27日月曜日

27日月曜日、先負

+ About the security content of QuickTime 7.7.4

http://support.apple.com/kb/HT5770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022

+ CESA-2013:0847 Moderate CentOS 5 kernel Update

http://lwn.net/Alerts/551400/

+ CESA-2013:0830 Important CentOS 6 kernel Update

http://lwn.net/Alerts/551049/

+ CESA-2013:0831 Moderate CentOS 6 libvirt Update

http://lwn.net/Alerts/551051/

+ phpMyAdmin 4.0.2 released

http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-402-is-released/

+ Squid 3.3.5 released

http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html

+ Wireshark 1.8.7 Released

http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html

+ Update: Multiple Vulnerabilities in Cisco ASA Software

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa

+ Update: HPSBMU02742 SSRT100740 rev.2 - HP System Management Homepage (SMH) for Linux, Windows and ESX 4.1, Remote Unauthorized Disclosure of Information

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03164351-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Update: HPSBPV02855 SSRT100512 rev.2 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03699981-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03772083-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2012-0814 Credentials Management vulnerability in SSH

https://blogs.oracle.com/sunsecurity/entry/cve_2012_0814_credentials_management

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814

+ Lucky Thirteen vulnerability in Solaris OpenSSL

https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_solaris

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Multiple Permissions, Privileges, and Access Control vulnerabilities in Sudo

https://blogs.oracle.com/sunsecurity/entry/multiple_permissions_privileges_and_access

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776

+ CVE-2012-5134 Buffer Overflow vulnerability in libxml2

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5134_buffer_overflow

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

+ CVE-2013-0338 Denial of Service (DoS) vulnerability in libxml2

https://blogs.oracle.com/sunsecurity/entry/cve_2013_0338_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338

+ CVE-2012-5526 Configuration vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ CVE-2010-5107 Denial of Service vulnerability in SSH

https://blogs.oracle.com/sunsecurity/entry/cve_2010_5107_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107

+ Multiple Cross Site Scripting vulnerabilities in Apache HTTP server

https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_vulnerabilities

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558

+ CVE-2012-4429 Information Leak / Disclosure in vino

https://blogs.oracle.com/sunsecurity/entry/cve_2012_4429_information_leak

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4429

+ CVE-2012-4564 Design Error vulnerability in GIMP

https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564

+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667

+ CVE-2012-6329 Code Injection vulnerability in Perl 5.8

https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection1

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ CVE-2012-6329 Code Injection vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ Multiple vulnerabilities fixed in Wireshark 1.8.4

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_wireshark

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6053

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6054

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6055

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6056

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6057

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6058

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6059

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6060

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6061

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6062

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.16

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of2

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.12

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of1

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.8

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ Multiple vulnerabilities in Samba Web Administration Tool (SWAT)

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba_web

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214

+ HS13-012 Vulnerability in JP1/Integrated Management - TELstaff Alarm View

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-012/index.html

+ HS13-011 Cross-site Scripting Vulnerability in JP1/Automatic Operation

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-011/index.html

+ HS13-012 JP1/Integrated Management - TELstaff Alarm Viewにおける脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-012/index.html

+ HS13-011 JP1/Automatic Operationにおけるクロスサイトスクリプティングの脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-011/index.html

+ RHSA-2013:0847 Moderate: kernel security and bug fix update

http://rhn.redhat.com/errata/RHSA-2013-0847.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153

+ Apache Ant 1.9.1 Released

http://ftp.meisei-u.ac.jp/mirror/apache/dist//ant/README.html

+ Apache Struts 2.3.14.2 released

http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html

+ Dovecot 2.2.2 released

http://www.dovecot.org/list/dovecot-news/2013-May/000255.html

+ Perl 5.18.0 released

http://www.perl.org/get.html

+ Samba 4.0.6 Available for Download

http://samba.org/samba/history/samba-4.0.6.html

+ REMOTE: SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE

http://www.exploit-db.com/exploits/25713

+ LOCAL: Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution

http://www.exploit-db.com/exploits/25718

+ LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass

http://www.exploit-db.com/exploits/25725

+ DoS/PoC: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE

http://www.exploit-db.com/exploits/25712

+ DoS/PoC: SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow

http://www.exploit-db.com/exploits/25714

+ DoS/PoC: Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities

http://www.exploit-db.com/exploits/25719

+ Dovecot 'APPEND' Parameter Denial of Service Vulnerability

http://www.securityfocus.com/bid/60052

InterScan Web Security Suite 3.1 Linux 版 Patch 7 (Build 1320) 公開のお知らせ

http://www.trendmicro.co.jp/support/news.asp?id=1954

【復旧】ウイルスバスターのお客さまサポート電話窓口に繋がりにくい問題

http://www.trendmicro.co.jp/support/news.asp?id=1962

InterScan Web Security Suite 5.6 Linux版公開のお知らせ

http://www.trendmicro.co.jp/support/news.asp?id=1955

パターンファイル番号の桁上がりにより発生するパターンアップデートが出来ない問題について

http://www.trendmicro.co.jp/support/news.asp?id=1959

定期サーバメンテナンスのお知らせ（2013年5月24日）

http://www.trendmicro.co.jp/support/news.asp?id=1960

MicroOLAP Database Designer for PostgreSQL v1.9.0 released

http://www.postgresql.org/about/news/1465/

「EC-CUBE」におけるアクセス制限不備の脆弱性対策について(JVN#45306814)

http://www.ipa.go.jp/security/ciadr/vul/20130523-jvn.html

ミツバチを使って地雷探査：クロアチアと米国（WIRED.jp）

http://itpro.nikkeibp.co.jp/article/NEWS/20130527/479704/?ST=security

三越の通販サイトで8289件の顧客情報漏洩、520万件の不正ログイン試行

http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479541/?ST=security

農水省へのサイバー攻撃で124点の行政文書の流出の可能性

http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479521/?ST=security

Yahoo! JAPAN ID約148万6000件で暗号化パスワードなど漏洩の可能性

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479201/?ST=security

トレンドマイクロ、Windows XP対応製品のサポートを2014年4月以降も継続

個人向けウイルスバスターは2015年12月、企業向けは2017年1月まで

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479161/?ST=security

日本セーフネット、暗号鍵管理機器「Luna SA」を仮想サーバー型に刷新

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478984/?ST=security

Twitterが2段階認証を導入、アカウント保護を強化

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478943/?ST=security

世界のセキュリティ・ラボから

Facebookプロフィールを乗っ取るブラウザー拡張機能

http://itpro.nikkeibp.co.jp/article/COLUMN/20130522/478707/?ST=security

JVN#39699406 EC-CUBE における不適切な入力確認に起因する情報漏えいの脆弱性

http://jvn.jp/jp/JVN39699406/

JVN#45306814 EC-CUBE におけるアクセス制限不備の脆弱性

http://jvn.jp/jp/JVN45306814/

JVN#00985872 EC-CUBE におけるセッション固定の脆弱性

http://jvn.jp/jp/JVN00985872/

JVN#52552792 EC-CUBE におけるクロスサイトスクリプティングの脆弱性

http://jvn.jp/jp/JVN52552792/

JVNVU#92679127 Apple QuickTime における複数の脆弱性に対するアップデート

http://jvn.jp/cert/JVNVU92679127/index.html

:: IT Security Neophyte Investigator's MEMO ::

2013年5月27日月曜日

27日月曜日、先負

0 件のコメント:

コメントを投稿

2013年5月27日月曜日

27日 月曜日、先負

0 件のコメント:

コメントを投稿

27日月曜日、先負