:: IT Security Neophyte Investigator's MEMO ::: 17日火曜日、先勝

2013年12月17日火曜日

17日火曜日、先勝

+ Android-x86 4.4.1 released
http://www.android-x86.org/

+ RHSA-2013:1829 Important: nss, nspr, and nss-util security update
http://rhn.redhat.com/errata/RHSA-2013-1829.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607

+ RHSA-2013:1801 Important: kernel security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2013-1801.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6368

+ RHSA-2013:1823 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1823.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671

+ RHSA-2013:1813 Critical: php53 and php security update
http://rhn.redhat.com/errata/RHSA-2013-1813.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420

+ RHSA-2013:1812 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1812.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6671

+ RHSA-2013:1805 Important: samba4 security update
http://rhn.redhat.com/errata/RHSA-2013-1805.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ RHSA-2013:1803 Moderate: libjpeg-turbo security update
http://rhn.redhat.com/errata/RHSA-2013-1803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630

+ RHSA-2013:1806 Important: samba and samba3x security update
http://rhn.redhat.com/errata/RHSA-2013-1806.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475

+ About the security content of OS X Mavericks v10.9.1
http://support.apple.com/kb/HT6084

+ About the security content of Safari 6.1.1 and Safari 7.0.1
http://support.apple.com/kb/HT6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228

+ Mozilla Firefox 26.0 released
http://www.mozilla.org/en-US/firefox/26.0/releasenotes/

+ Mozilla Thunderbird 24.2 released

+ MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
http://www.mozilla.org/security/announce/2013/mfsa2013-117.html

+ MFSA 2013-116 JPEG information leak
http://www.mozilla.org/security/announce/2013/mfsa2013-116.html

+ MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
http://www.mozilla.org/security/announce/2013/mfsa2013-115.html

+ MFSA 2013-114 Use-after-free in synthetic mouse movement
http://www.mozilla.org/security/announce/2013/mfsa2013-114.html

+ MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
http://www.mozilla.org/security/announce/2013/mfsa2013-113.html

+ MFSA 2013-112 Linux clipboard information disclosure though selection paste
http://www.mozilla.org/security/announce/2013/mfsa2013-112.html

+ MFSA 2013-111 Segmentation violation when replacing ordered list elements
http://www.mozilla.org/security/announce/2013/mfsa2013-111.html

+ MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
http://www.mozilla.org/security/announce/2013/mfsa2013-110.html

+ MFSA 2013-109 Use-after-free during Table Editing
http://www.mozilla.org/security/announce/2013/mfsa2013-109.html

+ MFSA 2013-108 Use-after-free in event listeners
http://www.mozilla.org/security/announce/2013/mfsa2013-108.html

+ MFSA 2013-107 Sandbox restrictions not applied to nested object elements
http://www.mozilla.org/security/announce/2013/mfsa2013-107.html

+ MFSA 2013-106 Character encoding cross-origin XSS attack
http://www.mozilla.org/security/announce/2013/mfsa2013-106.html

+ MFSA 2013-105 Application Installation doorhanger persists on navigation
http://www.mozilla.org/security/announce/2013/mfsa2013-105.html

+ MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)
http://www.mozilla.org/security/announce/2013/mfsa2013-104.html

+ CESA-2013:1812 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/576882/

+ CESA-2013:1801 Important CentOS 6 kernel Update
http://lwn.net/Alerts/576883/

+ CESA-2013:1829 Important CentOS 6 nss-util Update
http://lwn.net/Alerts/576884/

+ CESA-2013:1829 Important CentOS 6 nss Update
http://lwn.net/Alerts/576885/

+ CESA-2013:1823 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/576887/

+ CESA-2013:1829 Important CentOS 6 nspr Update
http://lwn.net/Alerts/576886/

+ CESA-2013:1813 Critical CentOS 6 php Update
http://lwn.net/Alerts/576587/

+ CESA-2013:1813 Critical CentOS 5 php53 Update
http://lwn.net/Alerts/576589/

+ CESA-2013:1812 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/576590/

+ CESA-2013:1814 Critical CentOS 5 php Update
http://lwn.net/Alerts/576588/

+ CESA-2013:1823 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/576745/

+ CESA-2013:1804 Moderate CentOS 5 libjpeg Update
http://lwn.net/Alerts/576387/

+ CESA-2013:1805 Important CentOS 6 samba4 Update
http://lwn.net/Alerts/576391/

+ CESA-2013:1803 Moderate CentOS 6 libjpeg-turbo Update
http://lwn.net/Alerts/576388/

+ CESA-2013:1806 Important CentOS 6 samba Update
http://lwn.net/Alerts/576389/

+ CESA-2013:1806 Important CentOS 5 samba3x Update
http://lwn.net/Alerts/576390/

+ CESA-2013:X017 Xen4CentOS xen Security Update
http://lwn.net/Alerts/576586/

+ CESA-2013:1790 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/575985/

+ CESA-2013:1791 Important CentOS 5 nss Update
http://lwn.net/Alerts/575986/

+ CESA-2013:1791 Important CentOS 5 nspr Update
http://lwn.net/Alerts/575987/

+ phpMyAdmin 4.1.0 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-410-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa

+ Linux kernel 3.12.5, 3.10.24, 3.4.74 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.74

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark7
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652

+ マイクロソフトセキュリティアドバイザリ (2915720) Windows Authenticode 署名検証の変更
http://technet.microsoft.com/ja-jp/security/advisory/2915720

+ マイクロソフトセキュリティアドバイザリ (2905247) ASP.NET のサイト構成が安全ではないため、特権が昇格される
http://technet.microsoft.com/ja-jp/security/advisory/2905247

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2896666) Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2896666

+ マイクロソフトセキュリティアドバイザリ (2871690) 非準拠の UEFI モジュールを失効させる更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2871690

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Apache Struts 2.3.16 released
http://struts.apache.org/release/2.3.x/docs/version-notes-2316.html

+ nkf Network Kanji Filter 2.1.3 released
http://sourceforge.jp/projects/nkf/

+ PHP 5.5.7, 5.4.23, 5.3.28 released
http://www.php.net/archive/2013.php#id2013-12-12-1
http://www.php.net/archive/2013.php#id2013-12-12-3
http://www.php.net/archive/2013.php#id2013-12-12-2

+ Samba 4.1.3, 4.0.13 and 3.6.22 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.3.html

+ PHP 5.5.6/5.4.22 openssl_x509_parse() Memory Corruption
http://cxsecurity.com/issue/WLB-2013120114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420

[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006

ウイルスバスターコーポレートエディションの各プラグインのサポート終了日について
http://app.trendmicro.co.jp/support/news.asp?id=2045

[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020

Deep Discovery Inspector 3.2 Patch 1 (Build 1018) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2044

Database .NET 10 released!
http://www.postgresql.org/about/news/1495/

JVNDB-2013-000119 Juniper ScreenOS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html

JVNDB-2013-000118 サイボウズデヂエにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000118.html

チェックしておきたい脆弱性情報＜2013.12.18＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20131216/525002/?ST=security

NRIセキュアが標的型攻撃に備える「CSIRT」支援を体系化、1年で大手5社の獲得目指す
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524762/?ST=security

アミティエ、クラウドと連携するホスト型IPSサービス「攻撃遮断くん」を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131213/524747/?ST=security

パッチ未適用のPCは4分しかもたない。攻撃の激しさ再認識を
NRIセキュアテクノロジーズ　テクニカルコンサルティング部
主任セキュリティコンサルタント　上田健吾氏
同セキュリティコンサルタント　大塚淳平氏
http://itpro.nikkeibp.co.jp/article/Interview/20131205/522823/?ST=security

VU#586958 SketchUp Viewer buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/586958

:: IT Security Neophyte Investigator's MEMO ::

2013年12月17日火曜日

17日火曜日、先勝

0 件のコメント:

コメントを投稿

2013年12月17日火曜日

17日 火曜日、先勝

0 件のコメント:

コメントを投稿

17日火曜日、先勝