+ Selenium Server 2.39.0 released
http://docs.seleniumhq.org/download/
+ Selenium Internet Explorer Driver Server 2.39.0 released
http://docs.seleniumhq.org/download/
+ Selenium WebDriver 2.39.0 released
http://docs.seleniumhq.org/download/
+ VMware ESX and ESXi Virtual Machine File Descriptors Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973
ウイルスバスタービジネスセキュリティサービス 緊急メンテナンスのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2055
JewelryBoxのAndroid向けアプリアップデートのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2054
サーバメンテナンスのお知らせ(2014年1月15日)
http://app.trendmicro.co.jp/support/news.asp?id=2052
[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
JVNDB-2013-000126 HP Autonomy Ultraseek におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000126.html
ネットエージェント、Baidu IMEが入力内容を無断送信との調査結果を公表
クラウド入力機能を無効にしていても、各種の情報をサーバーへ送信
http://itpro.nikkeibp.co.jp/article/NEWS/20131227/527505/?ST=security
中国百度がIME入力情報送信問題で見解を発表、「Simejiはバグでログ誤送信」
http://itpro.nikkeibp.co.jp/article/NEWS/20131226/527369/?ST=security
「Baidu IME」「Simeji」が入力文字や識別IDをサーバーに送信、ネットエージェントが調査
http://itpro.nikkeibp.co.jp/article/NEWS/20131226/527351/?ST=security
Snowden容疑者、英TV局のメッセージビデオで「大規模監視活動に終止符を」
http://itpro.nikkeibp.co.jp/article/NEWS/20131226/527222/?ST=security
UPDATE: JVN#53768697 Android OS において任意の Java のメソッドが実行される脆弱性
http://jvn.jp/jp/JVN53768697/index.html
2013年12月27日金曜日
2013年12月26日木曜日
26日 木曜日、仏滅
JVNDB-2013-000125 サイボウズ ガルーンのケータイ機能における認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000125.html
JVNDB-2013-000124 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000124.html
サイバー攻撃対策の民間組織が発足
会員企業で情報や知見を共有する
http://itpro.nikkeibp.co.jp/article/COLUMN/20131220/526245/?ST=security
ムダだらけのセキュリティ投資を防ぐ4つのポイント
http://itpro.nikkeibp.co.jp/article/COLUMN/20131223/526602/?ST=security
サイバー攻撃を受けたら2時間以内に緊急対応、NECやNRIセキュアなどが提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131225/527066/?ST=security
富士通エフサスがXP延命サービスを強化、適用ツールを1種から6種に拡大
http://itpro.nikkeibp.co.jp/article/NEWS/20131225/527054/?ST=security
Samsungの「Galaxy S4」に重大な脆弱性、イスラエルの大学が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131225/526986/?ST=security
Snowden容疑者、米紙のインタビューに応え「任務は完了した」
http://itpro.nikkeibp.co.jp/article/NEWS/20131225/526962/?ST=security
標的型攻撃が悪質化し現金被害も急増、欠かせないユーザーの当事者意識
http://itpro.nikkeibp.co.jp/article/COLUMN/20131222/526462/?ST=security
2013年12月25日水曜日
25日 水曜日、先負
+ REMOTE: Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal
http://www.exploit-db.com/exploits/30469
+ REMOTE: Zimbra Collaboration Server - LFI
http://www.exploit-db.com/exploits/30472
+ REMOTE: Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution
http://www.exploit-db.com/exploits/30474
+ SA56224 Linux Kernel "get_wchan()" Stack Frame Unwinding Denial of Service Vulnerability
http://secunia.com/advisories/56224/
+ Linux Kernel 'unwind_frame()' Function Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/64510
ServerProtect for Linux 3.0 の Kernel Hook Module (RHEL6.x/CentOS6.x)作成に関するお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2051
JVNDB-2013-000120 IrfanView におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000120.html
JVNDB-2013-000123 VMware ESX および ESXi において任意のファイルにアクセス可能な問題
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000123.html
2013年の国内セキュリティソフト市場は2024億円の予測、IDC Japan
http://itpro.nikkeibp.co.jp/article/NEWS/20131225/526922/?ST=security
クオリティソフト、インベントリー管理ソフト新版はVDI向けにリソース使用率を可視化
http://itpro.nikkeibp.co.jp/article/NEWS/20131224/526742/?ST=security
REMOTE: Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution
http://www.exploit-db.com/exploits/30470
REMOTE: OpenSIS 'modname' - PHP Code Execution
http://www.exploit-db.com/exploits/30471
REMOTE: HP SiteScope issueSiebelCmd - Remote Code Execution
http://www.exploit-db.com/exploits/30473
LOCAL: RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - (.rmp) Version Attribute Buffer Overflow
http://www.exploit-db.com/exploits/30468
LOCAL: Huawei Technologies du Mobile Broadband 16.0 - Local Privilege Escalation
http://www.exploit-db.com/exploits/30477
2013年12月24日火曜日
24日 火曜日、友引
+ RHSA-2013:1868 Important: xorg-x11-server security update
http://rhn.redhat.com/errata/RHSA-2013-1868.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6424
+ RHSA-2013:1869 Important: pixman security update
http://rhn.redhat.com/errata/RHSA-2013-1869.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6425
+ RHSA-2013:1866 Moderate: ca-certificates security update
http://rhn.redhat.com/errata/RHSA-2013-1866.html
+ CESA-2013:1869 Important CentOS 6 pixman Update
http://lwn.net/Alerts/577856/
+ CESA-2013:1866 Moderate CentOS 6 ca-certificates Update
http://lwn.net/Alerts/577853/
+ CESA-2013:1861 Moderate CentOS 5 nss Update
http://lwn.net/Alerts/577855/
+ CESA-2013:1869 Important CentOS 5 pixman Update
http://lwn.net/Alerts/577857/
+ CESA-2013:1868 Important CentOS 6 xorg-x11-server Update
http://lwn.net/Alerts/577858/
+ CESA-2013:1868 Important CentOS 5 xorg-x11-server Update
http://lwn.net/Alerts/577859/
+ CESA-2013:1861 Moderate CentOS 6 nss Update
http://lwn.net/Alerts/577854/
+ phpMyAdmin 4.1.2 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-412-is-released/
+ Linux kernel 3.12.6, 3.10.25, 3.4.75 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.75
+ VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX
http://www.vmware.com/security/advisories/VMSA-2013-0016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973
+ HS13-026 XXE (Xml eXternal Entity) Vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-026/index.html
+ HS13-026 CosminexusにおけるXXE(Xml eXternal Entity)の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-026/index.html
+ Dovecot 2.2.10 released
http://www.dovecot.org/list/dovecot-news/2013-December/000268.html
+ VMware ESX Server Lets Local Users View and Modify Files
http://www.securitytracker.com/id/1029529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973
+ Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution
http://cxsecurity.com/issue/WLB-2013120154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
+ SA56116 libpng "png_read_transform_info()" NULL Pointer Dereference Denial of Service Vulnerability
http://secunia.com/advisories/56116/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
+ VMware ESX and ESXi Virtual Machine File Descriptors Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5973
忘れられる権利
http://itpro.nikkeibp.co.jp/article/COLUMN/20131210/523609/?ST=security
退職社員のHDDを複製して情報漏えいの痕跡を保全するサービスが登場
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526290/?ST=security
狙われる製造業――ファイア・アイが最近のサイバー攻撃動向を解説
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526288/?ST=security
日本を標的にした攻撃が増加、シマンテックが2013年のセキュリティ脅威を総括
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526222/?ST=security
旧モデルMacBookなどで盗撮が可能---米大学の研究レポート
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526242/?ST=security
Googleが透明性レポートを更新、政府による削除要請が急増
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526184/?ST=security
XPサポート終了を機に「高コスト低セキュリティ」状態の棚卸を
マカフィー
マーケティング本部プロダクトマーケティング部
スペシャリスト 松久育紀氏
セールスエンジニアリング本部フィールドSE部
シニアセールスシステムズエンジニア 二宮秀一郎氏
http://itpro.nikkeibp.co.jp/article/Interview/20131216/524927/?ST=security
JVNVU#90537868 Apple Motion における任意のコード実行の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU90537868/
DoS/PoC: Easy Karaokay Player 3.3.31 (.wav) Integer Division by Zero
http://www.exploit-db.com/exploits/30422
DoS/PoC: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/30413
DoS/PoC: GOM Player 2.2.56.5158 - .avi File Handling Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/30414
2013年12月20日金曜日
20日 金曜日、仏滅
+ RHSA-2013:1861 Moderate: nss security update
http://rhn.redhat.com/errata/RHSA-2013-1861.html
+ About the security content of Motion 5.1
http://support.apple.com/kb/HT6041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6114
+ Wireshark 1.10.5 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.5.html
+ HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041082-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6196
+ Apple Motion Memory Access Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6114
+ cURL Certificate Validation Flaw Lets Remote Users Spoof SSL Servers
http://www.securitytracker.com/id/1029517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422
+ Wireshark SIP/BSSGP/NTLMSSP Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1029516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
Endpoint Security MI Server R73 certificate validation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784&src=securityAlerts
ウイルスバスター モバイル バージョン3.5.0.1135リリースのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2050
Zimbra Newsletter - December 2013
http://telligent.com/company/news/b/newsletters/archive/2013/12/19/zimbra-newsletter-december-2013.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1387497640194.20&__hssc=122069652.1.1387497640194&__hsfp=908252101
世界のセキュリティ・ラボから日経コミュニケーション
2014年に向けて標的型メール攻撃の対策を
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525163/?ST=security
実録版、東京都バス無料Wi-Fiを早速使ってみた
http://itpro.nikkeibp.co.jp/article/Watcher/20131218/525743/?ST=security
人間に代わって自動ログイン、NTTコムがパスワード入力代行ソフトを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525982/?ST=security
サイファー・テック、社員だけが閲覧できる暗号化PDFサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525943/?ST=security
「経営層から技術の先端まで一気通貫」、トーマツがサイバーセキュリティ研究所を設立
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525928/?ST=security
http://rhn.redhat.com/errata/RHSA-2013-1861.html
+ About the security content of Motion 5.1
http://support.apple.com/kb/HT6041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6114
+ Wireshark 1.10.5 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.5.html
+ HPSBGN02950 rev.1 - HP Autonomy Ultraseek, Cross-Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041082-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6196
+ Apple Motion Memory Access Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6114
+ cURL Certificate Validation Flaw Lets Remote Users Spoof SSL Servers
http://www.securitytracker.com/id/1029517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422
+ Wireshark SIP/BSSGP/NTLMSSP Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1029516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
Endpoint Security MI Server R73 certificate validation
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97784&src=securityAlerts
ウイルスバスター モバイル バージョン3.5.0.1135リリースのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2050
Zimbra Newsletter - December 2013
http://telligent.com/company/news/b/newsletters/archive/2013/12/19/zimbra-newsletter-december-2013.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1387497640194.20&__hssc=122069652.1.1387497640194&__hsfp=908252101
世界のセキュリティ・ラボから日経コミュニケーション
2014年に向けて標的型メール攻撃の対策を
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525163/?ST=security
実録版、東京都バス無料Wi-Fiを早速使ってみた
http://itpro.nikkeibp.co.jp/article/Watcher/20131218/525743/?ST=security
人間に代わって自動ログイン、NTTコムがパスワード入力代行ソフトを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525982/?ST=security
サイファー・テック、社員だけが閲覧できる暗号化PDFサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525943/?ST=security
「経営層から技術の先端まで一気通貫」、トーマツがサイバーセキュリティ研究所を設立
http://itpro.nikkeibp.co.jp/article/NEWS/20131219/525928/?ST=security
2013年12月19日木曜日
19日 木曜日、先負
+ CESA-2013:1850 Important CentOS 6 openjpeg Update
http://lwn.net/Alerts/577511/
+ UPDATE: HPSBHF02953 rev.2 - HP B-series SAN Network Advisor, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04045640-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810
+ GnuPG 1.4.16 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html
+ GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel
http://cxsecurity.com/issue/WLB-2013120135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
+ SA56138 Zimbra Collaboration Server Unspecified Vulnerability
http://secunia.com/advisories/56138/
+ SA56097 Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/56097/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
+ Linux Kernel 'perf_trace_event_perm()' Function Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/64318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2930
InterScan for Microsoft Exchange 11.0 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2048
チェックしておきたい脆弱性情報<2013.12.19>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525005/?ST=security
日本の中枢狙う標的型攻撃が発覚、ゼロデイ脆弱性を使う周到な手口
http://itpro.nikkeibp.co.jp/article/COLUMN/20131126/520792/?ST=security
インストールできない!WindowsやOfficeの非正規品がオンラインショップで急増中
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525771/?ST=security
マトリクス認証「SECUREMATRIX」がHTML画面に変更、Flash/Java/ActiveXを不要に
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525651/?ST=security
米技術企業の最高幹部ら、オバマケアサイトやNSAの問題などで米大統領と会談
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525582/?ST=security
JVNVU#98366726 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU98366726/index.html
http://lwn.net/Alerts/577511/
+ UPDATE: HPSBHF02953 rev.2 - HP B-series SAN Network Advisor, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04045640-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810
+ GnuPG 1.4.16 released
http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html
+ GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel
http://cxsecurity.com/issue/WLB-2013120135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
+ SA56138 Zimbra Collaboration Server Unspecified Vulnerability
http://secunia.com/advisories/56138/
+ SA56097 Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/56097/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
+ Linux Kernel 'perf_trace_event_perm()' Function Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/64318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2930
InterScan for Microsoft Exchange 11.0 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2048
チェックしておきたい脆弱性情報<2013.12.19>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525005/?ST=security
日本の中枢狙う標的型攻撃が発覚、ゼロデイ脆弱性を使う周到な手口
http://itpro.nikkeibp.co.jp/article/COLUMN/20131126/520792/?ST=security
インストールできない!WindowsやOfficeの非正規品がオンラインショップで急増中
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525771/?ST=security
マトリクス認証「SECUREMATRIX」がHTML画面に変更、Flash/Java/ActiveXを不要に
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525651/?ST=security
米技術企業の最高幹部ら、オバマケアサイトやNSAの問題などで米大統領と会談
http://itpro.nikkeibp.co.jp/article/NEWS/20131218/525582/?ST=security
JVNVU#98366726 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU98366726/index.html
2013年12月18日水曜日
18日 水曜日、友引
+ RHSA-2013:1850 Important: openjpeg security update
http://rhn.redhat.com/errata/RHSA-2013-1850.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6054
+ Wireshark 1.10.4 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
+ HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04045640-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810
+ UPDATE: HPSBPI02938 rev.2 - Certain HP LaserJet Printers, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041432-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Multiple Buffer Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerability_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
+ CVE-2012-4564 Design Error vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
+ Multiple Cryptographic Issues vulnerabilities in Ruby
https://blogs.oracle.com/sunsecurity/entry/multiple_cryptographic_issues_vulnerabilities_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
+ CVE-2013-4475 Access Control vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340
+ curl and libcurl 7.34.0 released
http://curl.haxx.se/changes.html#7_34_0
+ Red Hat JBoss Portal Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4424
+ Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
+ REMOTE: Adobe Reader ToolButton Use After Free
http://www.exploit-db.com/exploits/30394
+ LOCAL: Microsoft Windows ndproxy.sys Local Privilege Escalation
http://www.exploit-db.com/exploits/30392
+ DoS/PoC: PHP openssl_x509_parse() Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/30395
+ DoS/PoC: MS13-101 Windows Kernel win32k.sys - Integer Overflow
http://www.exploit-db.com/exploits/30397
+ Microsoft Windows ndproxy.sys Privilege Escalation Exploit
http://cxsecurity.com/issue/WLB-2013120125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
+ Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
http://cxsecurity.com/issue/WLB-2013120040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
+ Windows Kernel win32k.sys Integer Overflow (MS13-101)
http://cxsecurity.com/issue/WLB-2013120087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5058
+ SA56144 Apple OS X Multiple Vulnerabilities
http://secunia.com/advisories/56144/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.x Critical Patch (Build 1023) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2049
Trend Micro Network VirusWall Enforcer 2500 バージョン 2.0 Critical Patch (Build 1106) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2047
DBConvert / DBSync for PostgreSQL and Oracle released
http://www.postgresql.org/about/news/1496/
JVNDB-2013-000111 Android OS において任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000111.html
Windows XPカーネルの脆弱性、すでに攻撃を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525162/?ST=security
日本語入力ソフトのオンライン機能に注意、企業の重要情報が外部に送信される恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525422/?ST=security
キヤノンIT、メール/Webを介した情報漏えい対策ソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525386/?ST=security
EMCジャパン、エンドポイントのマルウエア感染を調べるソフトを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525302/?ST=security
NSAの通話記録収集を地裁が「違憲」と判断---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525202/?ST=security
REMOTE: Ability Mail Server 2013 (3.1.1) - Stored XSS
http://www.exploit-db.com/exploits/30373
LOCAL: Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
http://www.exploit-db.com/exploits/30393
LOCAL: FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities
http://www.exploit-db.com/exploits/30375
LOCAL: QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/30374
http://rhn.redhat.com/errata/RHSA-2013-1850.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6054
+ Wireshark 1.10.4 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114
+ HPSBHF02953 rev.1 - HP B-series SAN Network Advisor, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04045640-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6810
+ UPDATE: HPSBPI02938 rev.2 - Certain HP LaserJet Printers, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041432-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Multiple Buffer Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerability_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
+ CVE-2012-4564 Design Error vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564
+ Multiple Cryptographic Issues vulnerabilities in Ruby
https://blogs.oracle.com/sunsecurity/entry/multiple_cryptographic_issues_vulnerabilities_in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
+ CVE-2013-4475 Access Control vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6340
+ curl and libcurl 7.34.0 released
http://curl.haxx.se/changes.html#7_34_0
+ Red Hat JBoss Portal Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4424
+ Apple Safari Multiple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
+ REMOTE: Adobe Reader ToolButton Use After Free
http://www.exploit-db.com/exploits/30394
+ LOCAL: Microsoft Windows ndproxy.sys Local Privilege Escalation
http://www.exploit-db.com/exploits/30392
+ DoS/PoC: PHP openssl_x509_parse() Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/30395
+ DoS/PoC: MS13-101 Windows Kernel win32k.sys - Integer Overflow
http://www.exploit-db.com/exploits/30397
+ Microsoft Windows ndproxy.sys Privilege Escalation Exploit
http://cxsecurity.com/issue/WLB-2013120125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
+ Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
http://cxsecurity.com/issue/WLB-2013120040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
+ Windows Kernel win32k.sys Integer Overflow (MS13-101)
http://cxsecurity.com/issue/WLB-2013120087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5058
+ SA56144 Apple OS X Multiple Vulnerabilities
http://secunia.com/advisories/56144/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
Trend Micro Network VirusWall Enforcer 1500i/3500i/3600i バージョン 3.x Critical Patch (Build 1023) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2049
Trend Micro Network VirusWall Enforcer 2500 バージョン 2.0 Critical Patch (Build 1106) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2047
DBConvert / DBSync for PostgreSQL and Oracle released
http://www.postgresql.org/about/news/1496/
JVNDB-2013-000111 Android OS において任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000111.html
Windows XPカーネルの脆弱性、すでに攻撃を確認
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525162/?ST=security
日本語入力ソフトのオンライン機能に注意、企業の重要情報が外部に送信される恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525422/?ST=security
キヤノンIT、メール/Webを介した情報漏えい対策ソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525386/?ST=security
EMCジャパン、エンドポイントのマルウエア感染を調べるソフトを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525302/?ST=security
NSAの通話記録収集を地裁が「違憲」と判断---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131217/525202/?ST=security
REMOTE: Ability Mail Server 2013 (3.1.1) - Stored XSS
http://www.exploit-db.com/exploits/30373
LOCAL: Nvidia (nvsvc) Display Driver Service Local Privilege Escalation
http://www.exploit-db.com/exploits/30393
LOCAL: FileMaster SY-IT v3.1 iOS - Multiple Web Vulnerabilities
http://www.exploit-db.com/exploits/30375
LOCAL: QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/30374
2013年12月17日火曜日
17日 火曜日、先勝
+ Android-x86 4.4.1 released
http://www.android-x86.org/
+ RHSA-2013:1829 Important: nss, nspr, and nss-util security update
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
+ RHSA-2013:1801 Important: kernel security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1801.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
+ RHSA-2013:1823 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1823.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
+ RHSA-2013:1813 Critical: php53 and php security update
http://rhn.redhat.com/errata/RHSA-2013-1813.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
+ RHSA-2013:1812 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
+ RHSA-2013:1805 Important: samba4 security update
http://rhn.redhat.com/errata/RHSA-2013-1805.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
+ RHSA-2013:1803 Moderate: libjpeg-turbo security update
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
+ RHSA-2013:1806 Important: samba and samba3x security update
http://rhn.redhat.com/errata/RHSA-2013-1806.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
+ About the security content of OS X Mavericks v10.9.1
http://support.apple.com/kb/HT6084
+ About the security content of Safari 6.1.1 and Safari 7.0.1
http://support.apple.com/kb/HT6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
+ Mozilla Firefox 26.0 released
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/
+ Mozilla Thunderbird 24.2 released
+ MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
+ MFSA 2013-116 JPEG information leak
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
+ MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
+ MFSA 2013-114 Use-after-free in synthetic mouse movement
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
+ MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html
+ MFSA 2013-112 Linux clipboard information disclosure though selection paste
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html
+ MFSA 2013-111 Segmentation violation when replacing ordered list elements
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
+ MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html
+ MFSA 2013-109 Use-after-free during Table Editing
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html
+ MFSA 2013-108 Use-after-free in event listeners
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
+ MFSA 2013-107 Sandbox restrictions not applied to nested object elements
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html
+ MFSA 2013-106 Character encoding cross-origin XSS attack
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html
+ MFSA 2013-105 Application Installation doorhanger persists on navigation
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html
+ MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html
+ CESA-2013:1812 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/576882/
+ CESA-2013:1801 Important CentOS 6 kernel Update
http://lwn.net/Alerts/576883/
+ CESA-2013:1829 Important CentOS 6 nss-util Update
http://lwn.net/Alerts/576884/
+ CESA-2013:1829 Important CentOS 6 nss Update
http://lwn.net/Alerts/576885/
+ CESA-2013:1823 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/576887/
+ CESA-2013:1829 Important CentOS 6 nspr Update
http://lwn.net/Alerts/576886/
+ CESA-2013:1813 Critical CentOS 6 php Update
http://lwn.net/Alerts/576587/
+ CESA-2013:1813 Critical CentOS 5 php53 Update
http://lwn.net/Alerts/576589/
+ CESA-2013:1812 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/576590/
+ CESA-2013:1814 Critical CentOS 5 php Update
http://lwn.net/Alerts/576588/
+ CESA-2013:1823 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/576745/
+ CESA-2013:1804 Moderate CentOS 5 libjpeg Update
http://lwn.net/Alerts/576387/
+ CESA-2013:1805 Important CentOS 6 samba4 Update
http://lwn.net/Alerts/576391/
+ CESA-2013:1803 Moderate CentOS 6 libjpeg-turbo Update
http://lwn.net/Alerts/576388/
+ CESA-2013:1806 Important CentOS 6 samba Update
http://lwn.net/Alerts/576389/
+ CESA-2013:1806 Important CentOS 5 samba3x Update
http://lwn.net/Alerts/576390/
+ CESA-2013:X017 Xen4CentOS xen Security Update
http://lwn.net/Alerts/576586/
+ CESA-2013:1790 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/575985/
+ CESA-2013:1791 Important CentOS 5 nss Update
http://lwn.net/Alerts/575986/
+ CESA-2013:1791 Important CentOS 5 nspr Update
http://lwn.net/Alerts/575987/
+ phpMyAdmin 4.1.0 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-410-is-released/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Linux kernel 3.12.5, 3.10.24, 3.4.74 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.74
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652
+ マイクロソフト セキュリティ アドバイザリ (2915720) Windows Authenticode 署名検証の変更
http://technet.microsoft.com/ja-jp/security/advisory/2915720
+ マイクロソフト セキュリティ アドバイザリ (2905247) ASP.NET のサイト構成が安全ではないため、特権が昇格される
http://technet.microsoft.com/ja-jp/security/advisory/2905247
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2896666
+ マイクロソフト セキュリティ アドバイザリ (2871690) 非準拠の UEFI モジュールを失効させる更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2871690
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ Apache Struts 2.3.16 released
http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html
+ nkf Network Kanji Filter 2.1.3 released
http://sourceforge.jp/projects/nkf/
+ PHP 5.5.7, 5.4.23, 5.3.28 released
http://www.php.net/archive/2013.php#id2013-12-12-1
http://www.php.net/archive/2013.php#id2013-12-12-3
http://www.php.net/archive/2013.php#id2013-12-12-2
+ Samba 4.1.3, 4.0.13 and 3.6.22 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.3.html
+ PHP 5.5.6/5.4.22 openssl_x509_parse() Memory Corruption
http://cxsecurity.com/issue/WLB-2013120114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
ウイルスバスター コーポレートエディションの各プラグインのサポート終了日について
http://app.trendmicro.co.jp/support/news.asp?id=2045
[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020
Deep Discovery Inspector 3.2 Patch 1 (Build 1018) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2044
Database .NET 10 released!
http://www.postgresql.org/about/news/1495/
JVNDB-2013-000119 Juniper ScreenOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html
JVNDB-2013-000118 サイボウズ デヂエにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000118.html
チェックしておきたい脆弱性情報<2013.12.18>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525002/?ST=security
NRIセキュアが標的型攻撃に備える「CSIRT」支援を体系化、1年で大手5社の獲得目指す
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524762/?ST=security
アミティエ、クラウドと連携するホスト型IPSサービス「攻撃遮断くん」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524747/?ST=security
パッチ未適用のPCは4分しかもたない。攻撃の激しさ再認識を
NRIセキュアテクノロジーズ テクニカルコンサルティング部
主任セキュリティコンサルタント 上田健吾氏
同セキュリティコンサルタント 大塚淳平氏
http://itpro.nikkeibp.co.jp/article/Interview/20131205/522823/?ST=security
VU#586958 SketchUp Viewer buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/586958
http://www.android-x86.org/
+ RHSA-2013:1829 Important: nss, nspr, and nss-util security update
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
+ RHSA-2013:1801 Important: kernel security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1801.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368
+ RHSA-2013:1823 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1823.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
+ RHSA-2013:1813 Critical: php53 and php security update
http://rhn.redhat.com/errata/RHSA-2013-1813.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
+ RHSA-2013:1812 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671
+ RHSA-2013:1805 Important: samba4 security update
http://rhn.redhat.com/errata/RHSA-2013-1805.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
+ RHSA-2013:1803 Moderate: libjpeg-turbo security update
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630
+ RHSA-2013:1806 Important: samba and samba3x security update
http://rhn.redhat.com/errata/RHSA-2013-1806.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
+ About the security content of OS X Mavericks v10.9.1
http://support.apple.com/kb/HT6084
+ About the security content of Safari 6.1.1 and Safari 7.0.1
http://support.apple.com/kb/HT6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
+ Mozilla Firefox 26.0 released
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/
+ Mozilla Thunderbird 24.2 released
+ MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html
+ MFSA 2013-116 JPEG information leak
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html
+ MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html
+ MFSA 2013-114 Use-after-free in synthetic mouse movement
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html
+ MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html
+ MFSA 2013-112 Linux clipboard information disclosure though selection paste
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html
+ MFSA 2013-111 Segmentation violation when replacing ordered list elements
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html
+ MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html
+ MFSA 2013-109 Use-after-free during Table Editing
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html
+ MFSA 2013-108 Use-after-free in event listeners
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html
+ MFSA 2013-107 Sandbox restrictions not applied to nested object elements
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html
+ MFSA 2013-106 Character encoding cross-origin XSS attack
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html
+ MFSA 2013-105 Application Installation doorhanger persists on navigation
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html
+ MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html
+ CESA-2013:1812 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/576882/
+ CESA-2013:1801 Important CentOS 6 kernel Update
http://lwn.net/Alerts/576883/
+ CESA-2013:1829 Important CentOS 6 nss-util Update
http://lwn.net/Alerts/576884/
+ CESA-2013:1829 Important CentOS 6 nss Update
http://lwn.net/Alerts/576885/
+ CESA-2013:1823 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/576887/
+ CESA-2013:1829 Important CentOS 6 nspr Update
http://lwn.net/Alerts/576886/
+ CESA-2013:1813 Critical CentOS 6 php Update
http://lwn.net/Alerts/576587/
+ CESA-2013:1813 Critical CentOS 5 php53 Update
http://lwn.net/Alerts/576589/
+ CESA-2013:1812 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/576590/
+ CESA-2013:1814 Critical CentOS 5 php Update
http://lwn.net/Alerts/576588/
+ CESA-2013:1823 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/576745/
+ CESA-2013:1804 Moderate CentOS 5 libjpeg Update
http://lwn.net/Alerts/576387/
+ CESA-2013:1805 Important CentOS 6 samba4 Update
http://lwn.net/Alerts/576391/
+ CESA-2013:1803 Moderate CentOS 6 libjpeg-turbo Update
http://lwn.net/Alerts/576388/
+ CESA-2013:1806 Important CentOS 6 samba Update
http://lwn.net/Alerts/576389/
+ CESA-2013:1806 Important CentOS 5 samba3x Update
http://lwn.net/Alerts/576390/
+ CESA-2013:X017 Xen4CentOS xen Security Update
http://lwn.net/Alerts/576586/
+ CESA-2013:1790 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/575985/
+ CESA-2013:1791 Important CentOS 5 nss Update
http://lwn.net/Alerts/575986/
+ CESA-2013:1791 Important CentOS 5 nspr Update
http://lwn.net/Alerts/575987/
+ phpMyAdmin 4.1.0 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-410-is-released/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa
+ Linux kernel 3.12.5, 3.10.24, 3.4.74 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.74
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652
+ マイクロソフト セキュリティ アドバイザリ (2915720) Windows Authenticode 署名検証の変更
http://technet.microsoft.com/ja-jp/security/advisory/2915720
+ マイクロソフト セキュリティ アドバイザリ (2905247) ASP.NET のサイト構成が安全ではないため、特権が昇格される
http://technet.microsoft.com/ja-jp/security/advisory/2905247
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2896666
+ マイクロソフト セキュリティ アドバイザリ (2871690) 非準拠の UEFI モジュールを失効させる更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2871690
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ Apache Struts 2.3.16 released
http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html
+ nkf Network Kanji Filter 2.1.3 released
http://sourceforge.jp/projects/nkf/
+ PHP 5.5.7, 5.4.23, 5.3.28 released
http://www.php.net/archive/2013.php#id2013-12-12-1
http://www.php.net/archive/2013.php#id2013-12-12-3
http://www.php.net/archive/2013.php#id2013-12-12-2
+ Samba 4.1.3, 4.0.13 and 3.6.22 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.3.html
+ PHP 5.5.6/5.4.22 openssl_x509_parse() Memory Corruption
http://cxsecurity.com/issue/WLB-2013120114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
ウイルスバスター コーポレートエディションの各プラグインのサポート終了日について
http://app.trendmicro.co.jp/support/news.asp?id=2045
[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020
Deep Discovery Inspector 3.2 Patch 1 (Build 1018) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2044
Database .NET 10 released!
http://www.postgresql.org/about/news/1495/
JVNDB-2013-000119 Juniper ScreenOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html
JVNDB-2013-000118 サイボウズ デヂエにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000118.html
チェックしておきたい脆弱性情報<2013.12.18>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525002/?ST=security
NRIセキュアが標的型攻撃に備える「CSIRT」支援を体系化、1年で大手5社の獲得目指す
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524762/?ST=security
アミティエ、クラウドと連携するホスト型IPSサービス「攻撃遮断くん」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524747/?ST=security
パッチ未適用のPCは4分しかもたない。攻撃の激しさ再認識を
NRIセキュアテクノロジーズ テクニカルコンサルティング部
主任セキュリティコンサルタント 上田健吾氏
同セキュリティコンサルタント 大塚淳平氏
http://itpro.nikkeibp.co.jp/article/Interview/20131205/522823/?ST=security
VU#586958 SketchUp Viewer buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/586958
2013年12月6日金曜日
6日 金曜日、友引
+ マイクロソフト セキュリティ情報の事前通知 - 2013 年 12 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-dec
+ HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04031212-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5854
+ HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04031205-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852
+ PostgreSQL Maintenance Releases: 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19
http://www.postgresql.org/about/news/1492/
http://www.postgresql.org/docs/9.3/static/release-9-3-2.html
http://www.postgresql.org/docs/9.2/static/release-9-2-6.html
http://www.postgresql.org/docs/9.1/static/release-9-1-11.html
http://www.postgresql.org/docs/9.0/static/release-9-0-15.html
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
+ SonicWALL GMS/Analyzer/UMA Input Validation Flaw in 'Alert Settings' Request Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029433
+ SA55942 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/55942/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
+ Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
http://cxsecurity.com/issue/WLB-2013120040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
Microsoft、政府の盗聴行為への対抗策としてサービス暗号化を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131206/523045/?ST=security
世界のセキュリティ・ラボから
非暗号化HTTPはもうすぐ消える?
http://itpro.nikkeibp.co.jp/article/COLUMN/20131205/522844/?ST=security
サイバー攻撃の進化とセキュリティ対策意識に大きな乖離
ファイア・アイ 最高技術責任者 三輪信雄氏
http://itpro.nikkeibp.co.jp/article/Interview/20131128/521326/?ST=security
ジャパネットたかた、テレビ映像にIDを埋め込み「詳しくはWebで」をスマホカメラで簡単に
http://itpro.nikkeibp.co.jp/article/NEWS/20131205/522824/?ST=security
Facebookのログイン情報など200万件が流出、米セキュリティ会社が確認
http://itpro.nikkeibp.co.jp/article/NEWS/20131205/522762/?ST=security
JVNVU#92648323 NagiosQL にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU92648323/index.html
VU#268662 NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/268662
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-dec
+ HPSBUX02944 rev.1 - HP-UX Running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04031212-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5854
+ HPSBUX02943 rev.1 - HP-UX Running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04031205-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852
+ PostgreSQL Maintenance Releases: 9.3.2, 9.2.6, 9.1.11, 9.0.15, and 8.4.19
http://www.postgresql.org/about/news/1492/
http://www.postgresql.org/docs/9.3/static/release-9-3-2.html
http://www.postgresql.org/docs/9.2/static/release-9-2-6.html
http://www.postgresql.org/docs/9.1/static/release-9-1-11.html
http://www.postgresql.org/docs/9.0/static/release-9-0-15.html
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
+ SonicWALL GMS/Analyzer/UMA Input Validation Flaw in 'Alert Settings' Request Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029433
+ SA55942 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/55942/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
+ Microsoft Windows NDPROXY Local SYSTEM Privilege Escalation
http://cxsecurity.com/issue/WLB-2013120040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
Microsoft、政府の盗聴行為への対抗策としてサービス暗号化を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20131206/523045/?ST=security
世界のセキュリティ・ラボから
非暗号化HTTPはもうすぐ消える?
http://itpro.nikkeibp.co.jp/article/COLUMN/20131205/522844/?ST=security
サイバー攻撃の進化とセキュリティ対策意識に大きな乖離
ファイア・アイ 最高技術責任者 三輪信雄氏
http://itpro.nikkeibp.co.jp/article/Interview/20131128/521326/?ST=security
ジャパネットたかた、テレビ映像にIDを埋め込み「詳しくはWebで」をスマホカメラで簡単に
http://itpro.nikkeibp.co.jp/article/NEWS/20131205/522824/?ST=security
Facebookのログイン情報など200万件が流出、米セキュリティ会社が確認
http://itpro.nikkeibp.co.jp/article/NEWS/20131205/522762/?ST=security
JVNVU#92648323 NagiosQL にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU92648323/index.html
VU#268662 NagiosQL 3.2 Service Pack 2 contains a reflected cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/268662
2013年12月5日木曜日
5日 木曜日、先勝
+ Google Chrome 31.0.1650.63 released
http://googlechromereleases.blogspot.jp/2013/12/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
+ CESA-2013:1778 Moderate CentOS 6 gimp Update
http://lwn.net/Alerts/575603/
+ CESA-2013:1778 Moderate CentOS 5 gimp Update
http://lwn.net/Alerts/575604/
+ CESA-2013:1779 Moderate CentOS 6 mod_nss Update
http://lwn.net/Alerts/575605/
+ CESA-2013:1779 Moderate CentOS 5 mod_nss Update
http://lwn.net/Alerts/575606/
+ phpMyAdmin 4.0.10 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-4010-is-released/
+ Linux kernel 3.12.3, 3.10.22, 3.4.72 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.22
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.72
+ VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
http://www.vmware.com/security/advisories/VMSA-2013-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ VMware Workstation/Fusion Bug in 'lgtosync.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ VMware ESX/ESXi Bug in 'lgtosync.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ Windows Kernel Bug in IsHandleEntrySecure() Lets Local Users Deny Service
http://www.securitytracker.com/id/1029426
+ LOCAL: Windows NDPROXY Local SYSTEM Privilege Escalation
http://www.exploit-db.com/exploits/30014
+ DoS/PoC: MySQL 5.0.x IF Query Handling Remote Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/30020
+ SA55922 Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/55922/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
+ SA55684 VMware Multiple Products LGTOSYNC Guest Privilege Escalation Vulnerability
http://secunia.com/advisories/55684/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
Deep Discovery Inspector 3.5 Critical Patch (Build 1013) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2042
Trend Micro Network VirusWall Enforcer 1200 バージョン 2.0 Critical Patch (Build 1046) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2043
日本を守る「七人の侍」
「卵」育てる試み、日本でも始まる
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518341/?ST=security
JVNVU#98848993 AT&T Connect Participant Application for Windows にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU98848993/index.html
http://googlechromereleases.blogspot.jp/2013/12/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
+ CESA-2013:1778 Moderate CentOS 6 gimp Update
http://lwn.net/Alerts/575603/
+ CESA-2013:1778 Moderate CentOS 5 gimp Update
http://lwn.net/Alerts/575604/
+ CESA-2013:1779 Moderate CentOS 6 mod_nss Update
http://lwn.net/Alerts/575605/
+ CESA-2013:1779 Moderate CentOS 5 mod_nss Update
http://lwn.net/Alerts/575606/
+ phpMyAdmin 4.0.10 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-4010-is-released/
+ Linux kernel 3.12.3, 3.10.22, 3.4.72 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.22
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.72
+ VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation
http://www.vmware.com/security/advisories/VMSA-2013-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ VMware Workstation/Fusion Bug in 'lgtosync.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ VMware ESX/ESXi Bug in 'lgtosync.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
+ Windows Kernel Bug in IsHandleEntrySecure() Lets Local Users Deny Service
http://www.securitytracker.com/id/1029426
+ LOCAL: Windows NDPROXY Local SYSTEM Privilege Escalation
http://www.exploit-db.com/exploits/30014
+ DoS/PoC: MySQL 5.0.x IF Query Handling Remote Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/30020
+ SA55922 Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/55922/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
+ SA55684 VMware Multiple Products LGTOSYNC Guest Privilege Escalation Vulnerability
http://secunia.com/advisories/55684/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3519
Deep Discovery Inspector 3.5 Critical Patch (Build 1013) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2042
Trend Micro Network VirusWall Enforcer 1200 バージョン 2.0 Critical Patch (Build 1046) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2043
日本を守る「七人の侍」
「卵」育てる試み、日本でも始まる
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518341/?ST=security
JVNVU#98848993 AT&T Connect Participant Application for Windows にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU98848993/index.html
2013年12月4日水曜日
4日 水曜日、赤口
+ RHSA-2013:1779 Moderate: mod_nss security update
http://rhn.redhat.com/errata/RHSA-2013-1779.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566
+ RHSA-2013:1778 Moderate: gimp security update
http://rhn.redhat.com/errata/RHSA-2013-1778.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978
+ squid 3.3.11 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
+ MySQL 5.1.73 released
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html
+ SA55633 Microsoft Windows "IsHandleEntrySecure()" Denial of Service Vulnerability
http://secunia.com/advisories/55633/
+ OpenSSL BN (multiprecision integer arithmetics) Multiple issues
http://cxsecurity.com/issue/WLB-2013120025
+ REMOTE: Cisco Prime Data Center Network Manager Arbitrary File Upload
http://www.exploit-db.com/exploits/30008
+ REMOTE: Microsoft Tagged Image File Format (TIFF) Integer Overflow
http://www.exploit-db.com/exploits/30011
JVNDB-2013-000117 サイボウズ ガルーンにおけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000117.html
JVNDB-2013-000116 サイボウズ ガルーンにおけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000116.html
JVNDB-2013-000115 サイボウズ ガルーンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000115.html
JVNDB-2013-000114 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000114.html
JVNDB-2013-000113 サイボウズ ガルーンにおける複数のクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000113.html
日本を守る「七人の侍」
サイバー攻撃の兆候をつかむ、ネットワークの監視官(インスペクター)
インターネットイニシアティブ(IIJ) サービスオペレーション本部 サービスオペレーション部 セキュリティマネジメント課 原 慎也 氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518340/?ST=security
「詐欺Androidアプリを自動生成できる統合環境が無料入手可能に」、トレンドマイクロ
http://itpro.nikkeibp.co.jp/article/NEWS/20131203/522442/?ST=security
複合機からの情報漏洩が相次ぐ
サーバーと同様の対策が必要
http://itpro.nikkeibp.co.jp/article/COLUMN/20131122/519972/?ST=security
VU#346278 AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/346278
REMOTE: ABB MicroSCADA wserver.exe Remote Code Execution
http://www.exploit-db.com/exploits/30009
REMOTE: Kimai v0.9.2 'db_restore.php' SQL Injection
http://www.exploit-db.com/exploits/30010
LOCAL: Notepad++ Plugin Notepad# 1.5 - Local Exploit
http://www.exploit-db.com/exploits/30007
http://rhn.redhat.com/errata/RHSA-2013-1779.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566
+ RHSA-2013:1778 Moderate: gimp security update
http://rhn.redhat.com/errata/RHSA-2013-1778.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1978
+ squid 3.3.11 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html
+ MySQL 5.1.73 released
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-73.html
+ SA55633 Microsoft Windows "IsHandleEntrySecure()" Denial of Service Vulnerability
http://secunia.com/advisories/55633/
+ OpenSSL BN (multiprecision integer arithmetics) Multiple issues
http://cxsecurity.com/issue/WLB-2013120025
+ REMOTE: Cisco Prime Data Center Network Manager Arbitrary File Upload
http://www.exploit-db.com/exploits/30008
+ REMOTE: Microsoft Tagged Image File Format (TIFF) Integer Overflow
http://www.exploit-db.com/exploits/30011
JVNDB-2013-000117 サイボウズ ガルーンにおけるセッション固定の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000117.html
JVNDB-2013-000116 サイボウズ ガルーンにおけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000116.html
JVNDB-2013-000115 サイボウズ ガルーンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000115.html
JVNDB-2013-000114 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000114.html
JVNDB-2013-000113 サイボウズ ガルーンにおける複数のクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000113.html
日本を守る「七人の侍」
サイバー攻撃の兆候をつかむ、ネットワークの監視官(インスペクター)
インターネットイニシアティブ(IIJ) サービスオペレーション本部 サービスオペレーション部 セキュリティマネジメント課 原 慎也 氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518340/?ST=security
「詐欺Androidアプリを自動生成できる統合環境が無料入手可能に」、トレンドマイクロ
http://itpro.nikkeibp.co.jp/article/NEWS/20131203/522442/?ST=security
複合機からの情報漏洩が相次ぐ
サーバーと同様の対策が必要
http://itpro.nikkeibp.co.jp/article/COLUMN/20131122/519972/?ST=security
VU#346278 AT&T Connect Participant Application for Windows v9.5.35 contains a stack-based buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/346278
REMOTE: ABB MicroSCADA wserver.exe Remote Code Execution
http://www.exploit-db.com/exploits/30009
REMOTE: Kimai v0.9.2 'db_restore.php' SQL Injection
http://www.exploit-db.com/exploits/30010
LOCAL: Notepad++ Plugin Notepad# 1.5 - Local Exploit
http://www.exploit-db.com/exploits/30007
2013年12月3日火曜日
3日 火曜日、大安
+ MySQL 5.6.15, 5.5.35 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-15.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
Zimbra Newsletter - November 2013
http://telligent.com/company/news/b/newsletters/archive/2013/12/02/zimbra-newsletter-november-2013.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1385078863228.1386028386719.17&__hssc=122069652.1.1386028386719&__hsfp=3431610341
Register Now for Upcoming Webinar ? Collaboration + Always On Discussion
http://telligent.com/company/news/b/teamblog/archive/2013/12/02/register-now-for-upcoming-webinar-collaboration-always-on-discussion.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1385078863228.1386028386719.17&__hssc=122069652.1.1386028386719&__hsfp=3431610341
日経コンピュータReport
複合機からの情報漏洩が相次ぐ
サーバーと同様の対策が必要
http://itpro.nikkeibp.co.jp/article/COLUMN/20131122/519972/?ST=security
日本を守る「七人の侍」
消費者のプライバシーを守れ、スマートフォンの守護者(ガーディアン)
KDDI研究所 ネットワークセキュリティグループ 研究主査 磯原 隆将 氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518339/?ST=security
シアンス・アール、ポータブル型の情報漏えい痕跡調査ツールを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20131202/521970/?ST=security
「Nexus」の一部モデルで大量SMS攻撃に対する脆弱性、米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131202/521843/?ST=security
VU#346982 EMC Document Sciences xPression contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/346982
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-15.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
Zimbra Newsletter - November 2013
http://telligent.com/company/news/b/newsletters/archive/2013/12/02/zimbra-newsletter-november-2013.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1385078863228.1386028386719.17&__hssc=122069652.1.1386028386719&__hsfp=3431610341
Register Now for Upcoming Webinar ? Collaboration + Always On Discussion
http://telligent.com/company/news/b/teamblog/archive/2013/12/02/register-now-for-upcoming-webinar-collaboration-always-on-discussion.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1385078863228.1386028386719.17&__hssc=122069652.1.1386028386719&__hsfp=3431610341
日経コンピュータReport
複合機からの情報漏洩が相次ぐ
サーバーと同様の対策が必要
http://itpro.nikkeibp.co.jp/article/COLUMN/20131122/519972/?ST=security
日本を守る「七人の侍」
消費者のプライバシーを守れ、スマートフォンの守護者(ガーディアン)
KDDI研究所 ネットワークセキュリティグループ 研究主査 磯原 隆将 氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518339/?ST=security
シアンス・アール、ポータブル型の情報漏えい痕跡調査ツールを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20131202/521970/?ST=security
「Nexus」の一部モデルで大量SMS攻撃に対する脆弱性、米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131202/521843/?ST=security
VU#346982 EMC Document Sciences xPression contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/346982
2013年12月2日月曜日
2日 月曜日、先負
+ CentOS 6.5 released
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.5
+ PDFCreator 1.7.2 released
http://www.pdfforge.org/blog/pdfcreator-172-released
+ HPSBGN02942 rev.2 - HP Service Manager and ServiceCenter, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04026812-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4844
+ Linux kernel 3.12.2, 3.11.10, 3.10.21, 3.4.71 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.11.10
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.21
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.71
+ Google Nexus SMS Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029414
+ Linux Kernel Buffer Read Error in ieee80211_radiotap_iterator_init() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029413
+ Linux Kernel Networking recvmsg Memory Leak Lets Local Users Obtain Portions of Kernel Memory
http://www.securitytracker.com/id/1029412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6405
+ Microsoft Enhanced Mitigation Experience Toolkit Lets Users Bypass ASLR Protections
http://www.securitytracker.com/id/1029411
+ Google Android 'com.android.settings' Lets Local Applications Remote Device Locks
http://www.securitytracker.com/id/1029410
+ PHP parse_iso_intervals Buffer Read Error May Let Remote Users Deny Service
http://www.securitytracker.com/id/1029409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712
+ Kingsoft Office Writer 2012 8.1.0.3385 Buffer Overflow
http://cxsecurity.com/issue/WLB-2013120002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3934
+ SA55606 Linux Kernel Radiotap Header Processing Denial of Service Vulnerability
http://secunia.com/advisories/55606/
+ Linux Kernel 'ieee80211_radiotap_iterator_init()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/64013
JVNDB-2013-000112 改造版 TOWN におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000112.html
日本を守る「七人の侍」
ユーザーの不正からシステムを守る、オンラインゲームの門番(ゲートキーパー)
ネットエージェント サービス事業部 研究開発グループ 秋月 康志 氏
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518338/?ST=security
AppleのiOSを巡るプライバシー訴訟、地裁が訴えを棄却
http://itpro.nikkeibp.co.jp/article/NEWS/20131129/521542/?ST=security
Googleのプライバシーポリシー、オランダのデータ保護当局が「違法」と判断
http://itpro.nikkeibp.co.jp/article/NEWS/20131129/521522/?ST=security
世界のセキュリティ・ラボから
2014年の8大セキュリティ脅威予測
http://itpro.nikkeibp.co.jp/article/COLUMN/20131125/520507/?ST=security
Microsoftがサービスの暗号化強化を検討中---海外メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20131129/521463/?ST=security
チェックしておきたい脆弱性情報<2013.11.29>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131125/520505/?ST=security
DoS/PoC: TP-Link TL-WR740N / TL-WR740ND - 150M Wireless Lite N Router HTTP DoS
http://www.exploit-db.com/exploits/29919
DoS/PoC: Uptime Agent 5.0.1 - Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/29920
DoS/PoC: ZIP Password Recovery Professional 5.1 (.zip) - Crash POC
http://www.exploit-db.com/exploits/29934
登録:
投稿 (Atom)