2013年12月17日火曜日

17日 火曜日、先勝

+ Android-x86 4.4.1 released
http://www.android-x86.org/

+ RHSA-2013:1829 Important: nss, nspr, and nss-util security update
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607

+ RHSA-2013:1801 Important: kernel security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1801.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368

+ RHSA-2013:1823 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1823.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671

+ RHSA-2013:1813 Critical: php53 and php security update
http://rhn.redhat.com/errata/RHSA-2013-1813.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420

+ RHSA-2013:1812 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671

+ RHSA-2013:1805 Important: samba4 security update
http://rhn.redhat.com/errata/RHSA-2013-1805.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ RHSA-2013:1803 Moderate: libjpeg-turbo security update
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630

+ RHSA-2013:1806 Important: samba and samba3x security update
http://rhn.redhat.com/errata/RHSA-2013-1806.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475

+ About the security content of OS X Mavericks v10.9.1
http://support.apple.com/kb/HT6084

+ About the security content of Safari 6.1.1 and Safari 7.0.1
http://support.apple.com/kb/HT6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228

+ Mozilla Firefox 26.0 released
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/

+ Mozilla Thunderbird 24.2 released


+ MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html

+ MFSA 2013-116 JPEG information leak
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html

+ MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html

+ MFSA 2013-114 Use-after-free in synthetic mouse movement
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html

+ MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html

+ MFSA 2013-112 Linux clipboard information disclosure though selection paste
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html

+ MFSA 2013-111 Segmentation violation when replacing ordered list elements
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html

+ MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html

+ MFSA 2013-109 Use-after-free during Table Editing
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html

+ MFSA 2013-108 Use-after-free in event listeners
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html

+ MFSA 2013-107 Sandbox restrictions not applied to nested object elements
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html

+ MFSA 2013-106 Character encoding cross-origin XSS attack
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html

+ MFSA 2013-105 Application Installation doorhanger persists on navigation
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html

+ MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html

+ CESA-2013:1812 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/576882/

+ CESA-2013:1801 Important CentOS 6 kernel Update
http://lwn.net/Alerts/576883/

+ CESA-2013:1829 Important CentOS 6 nss-util Update
http://lwn.net/Alerts/576884/

+ CESA-2013:1829 Important CentOS 6 nss Update
http://lwn.net/Alerts/576885/

+ CESA-2013:1823 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/576887/

+ CESA-2013:1829 Important CentOS 6 nspr Update
http://lwn.net/Alerts/576886/

+ CESA-2013:1813 Critical CentOS 6 php Update
http://lwn.net/Alerts/576587/

+ CESA-2013:1813 Critical CentOS 5 php53 Update
http://lwn.net/Alerts/576589/

+ CESA-2013:1812 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/576590/

+ CESA-2013:1814 Critical CentOS 5 php Update
http://lwn.net/Alerts/576588/

+ CESA-2013:1823 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/576745/

+ CESA-2013:1804 Moderate CentOS 5 libjpeg Update
http://lwn.net/Alerts/576387/

+ CESA-2013:1805 Important CentOS 6 samba4 Update
http://lwn.net/Alerts/576391/

+ CESA-2013:1803 Moderate CentOS 6 libjpeg-turbo Update
http://lwn.net/Alerts/576388/

+ CESA-2013:1806 Important CentOS 6 samba Update
http://lwn.net/Alerts/576389/

+ CESA-2013:1806 Important CentOS 5 samba3x Update
http://lwn.net/Alerts/576390/

+ CESA-2013:X017 Xen4CentOS xen Security Update
http://lwn.net/Alerts/576586/

+ CESA-2013:1790 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/575985/

+ CESA-2013:1791 Important CentOS 5 nss Update
http://lwn.net/Alerts/575986/

+ CESA-2013:1791 Important CentOS 5 nspr Update
http://lwn.net/Alerts/575987/

+ phpMyAdmin 4.1.0 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-410-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

+ Linux kernel 3.12.5, 3.10.24, 3.4.74 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.74

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652

+ マイクロソフト セキュリティ アドバイザリ (2915720) Windows Authenticode 署名検証の変更
http://technet.microsoft.com/ja-jp/security/advisory/2915720

+ マイクロソフト セキュリティ アドバイザリ (2905247) ASP.NET のサイト構成が安全ではないため、特権が昇格される
http://technet.microsoft.com/ja-jp/security/advisory/2905247

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2896666

+ マイクロソフト セキュリティ アドバイザリ (2871690) 非準拠の UEFI モジュールを失効させる更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2871690

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Apache Struts 2.3.16 released
http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html

+ nkf Network Kanji Filter 2.1.3 released
http://sourceforge.jp/projects/nkf/

+ PHP 5.5.7, 5.4.23, 5.3.28 released
http://www.php.net/archive/2013.php#id2013-12-12-1
http://www.php.net/archive/2013.php#id2013-12-12-3
http://www.php.net/archive/2013.php#id2013-12-12-2

+ Samba 4.1.3, 4.0.13 and 3.6.22 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.3.html

+ PHP 5.5.6/5.4.22 openssl_x509_parse() Memory Corruption
http://cxsecurity.com/issue/WLB-2013120114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420

[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006

ウイルスバスター コーポレートエディションの各プラグインのサポート終了日について
http://app.trendmicro.co.jp/support/news.asp?id=2045

[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020

Deep Discovery Inspector 3.2 Patch 1 (Build 1018) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2044

Database .NET 10 released!
http://www.postgresql.org/about/news/1495/

JVNDB-2013-000119 Juniper ScreenOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html

JVNDB-2013-000118 サイボウズ デヂエにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000118.html

チェックしておきたい脆弱性情報<2013.12.18>
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525002/?ST=security

NRIセキュアが標的型攻撃に備える「CSIRT」支援を体系化、1年で大手5社の獲得目指す
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524762/?ST=security

アミティエ、クラウドと連携するホスト型IPSサービス「攻撃遮断くん」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524747/?ST=security

パッチ未適用のPCは4分しかもたない。攻撃の激しさ再認識を
NRIセキュアテクノロジーズ テクニカルコンサルティング部
主任セキュリティコンサルタント 上田健吾氏
同セキュリティコンサルタント 大塚淳平氏
http://itpro.nikkeibp.co.jp/article/Interview/20131205/522823/?ST=security

VU#586958 SketchUp Viewer buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/586958

0 件のコメント:

コメントを投稿