2013年6月26日水曜日

26日 水曜日、仏滅

+ RHSA-2013:0982 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697

+ RHSA-2013:0981 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0981.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697

+ RHSA-2013:0983 Moderate: curl security update
http://rhn.redhat.com/errata/RHSA-2013-0983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

+ Mozilla Firefox 22 released
http://www.mozilla.jp/firefox/

+ Mozilla Thunderbird 17.0.7 released
http://www.mozilla.jp/thunderbird/

+ MFSA 2013-62 Inaccessible updater can lead to local privilege escalation
http://www.mozilla.org/security/announce/2013/mfsa2013-62.html

+ MFSA 2013-61 Homograph domain spoofing in .com, .net and .name
http://www.mozilla.org/security/announce/2013/mfsa2013-61.html

+ MFSA 2013-60 getUserMedia permission dialog incorrectly displays location
http://www.mozilla.org/security/announce/2013/mfsa2013-60.html

+ MFSA 2013-59 XrayWrappers can be bypassed to run user defined methods in a privileged context
http://www.mozilla.org/security/announce/2013/mfsa2013-59.html

+ MFSA 2013-58 X-Frame-Options ignored when using server push with multi-part responses
http://www.mozilla.org/security/announce/2013/mfsa2013-58.html

+ MFSA 2013-57 Sandbox restrictions not applied to nested frame elements
http://www.mozilla.org/security/announce/2013/mfsa2013-57.html

+ MFSA 2013-56 PreserveWrapper has inconsistent behavior
http://www.mozilla.org/security/announce/2013/mfsa2013-56.html

+ MFSA 2013-55 SVG filters can lead to information disclosure
http://www.mozilla.org/security/announce/2013/mfsa2013-55.html

+ MFSA 2013-54 Data in the body of XHR HEAD requests leads to CSRF attacks
http://www.mozilla.org/security/announce/2013/mfsa2013-54.html

+ MFSA 2013-53 Execution of unmapped memory through onreadystatechange event
http://www.mozilla.org/security/announce/2013/mfsa2013-53.html

+ MFSA 2013-52 Arbitrary code execution within Profiler
http://www.mozilla.org/security/announce/2013/mfsa2013-52.html

+ MFSA 2013-51 Privileged content access and execution via XBL
http://www.mozilla.org/security/announce/2013/mfsa2013-51.html

+ MFSA 2013-50 Memory corruption found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-50.html

+ MFSA 2013-49 Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
http://www.mozilla.org/security/announce/2013/mfsa2013-49.html

+ HPSBUX02886 rev.1 - HP-UX Running HP Secure Shell, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03804371-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107

+ Dovecot 2.2.4 released
http://www.dovecot.org/list/dovecot-news/2013-June/000258.html

+ libcurl Heap Overflow in curl_easy_unescape() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174

Microsoft Windows XPのOSサポート終了に対する移行支援について
http://www.trendmicro.co.jp/support/news.asp?id=1980

PureMessage for Unix Vulnerability
http://www.sophos.com/en-us/support/knowledgebase/119510.aspx

Advisory: Sophos Anti-Virus for UNIX - Process memory limit recommendations on AIX systems
http://www.sophos.com/en-us/support/knowledgebase/118805.aspx

「匿名化ツールや暗号化メールを使うと傍受対象に」米国(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487662/?ST=security

危険な「初期パスワード」、ネット機器やサーバーを乗っ取られる恐れ
US-CERTが警告、「できるだけ早く変更を」
http://itpro.nikkeibp.co.jp/article/NEWS/20130626/487661/?ST=security

機密情報を狙う「獅子身中の虫」 内部不正対策は万全か
第3回:「退職」時に高まるリスク、機密情報の漏洩を防ぐ仕組みとは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130619/486169/?ST=security

「英情報機関、NSAと協力して光ケーブル網の通信傍受」(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20130625/487363/?ST=security

UPDATE: JVNTA13-168A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-168A/index.html

0 件のコメント:

コメントを投稿