2014年12月26日金曜日
26日 金曜日、先負
+ libpng Buffer Overflow in png_combine_row() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031444
+ Facebook Bug Bounty #17 - Migrate Privacy Vulnerability
http://cxsecurity.com/issue/WLB-2014120179
UPDATE: JVNVU#91812636 再帰的名前解決を行う DNS リゾルバの実装に名前解決を無限に繰り返す問題
http://jvn.jp/vu/JVNVU91812636/
UPDATE: JVNVU#97219505 GNU Bash に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97219505/
UPDATE: JVNVU#90348117 Portable SDK for UPnP にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90348117/
だまされる、脅される、盗まれる あなたの「お金」が危ない
[事件ファイル]入力内容が全部漏れてた「クラウド入力事件」
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900005/?ST=security
IIJ、マルウエア感染による不正送金を防止する新サービス
http://itpro.nikkeibp.co.jp/atcl/news/14/122502392/?ST=security
米国外保存のデータ開示問題でアイルランド政府がMS支持の意見書
http://itpro.nikkeibp.co.jp/atcl/news/14/122502385/?ST=security
世界のセキュリティ・ラボから
情報漏洩における組織内からの脅威を考察
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/122200025/?ST=security
ソニーの北朝鮮題材映画、YouTubeやXbox Videoでネット配信、米国のみ
http://itpro.nikkeibp.co.jp/atcl/news/14/122502383/?ST=security
2014年12月25日木曜日
25日 木曜日、友引
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
UPDATE: JVNVU#91812636 再帰的名前解決を行う DNS リゾルバの実装に名前解決を無限に繰り返す問題
http://jvn.jp/vu/JVNVU91812636/
パソコンとの違いで見る、スマートフォンのセキュリティ対策
[標的型攻撃]スマホ被害の報告は少ないが警戒を
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700003/?ST=security
だまされる、脅される、盗まれる あなたの「お金」が危ない
[事件ファイル]知人を装い“お願い”「アカウント乗っ取り事件」
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900003/?ST=security
ITproまとめ
Sony Pictures Entertainment
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/122400055/?ST=security
Appleが「ntpd」の重大な脆弱性を修正、自動更新機能を初めて使用
http://itpro.nikkeibp.co.jp/atcl/news/14/122402366/?ST=security
ソニー、北朝鮮題材映画の公開中止を撤回、一部劇場で上映へ
http://itpro.nikkeibp.co.jp/atcl/news/14/122402363/?ST=security
2014年12月24日水曜日
24日 水曜日、先勝
+ About OS X NTP Security Update
https://support.apple.com/en-us/HT6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ nginx 1.7.9 released
http://nginx.org/en/CHANGES
+ CESA-2014:2024 Important CentOS 7 ntp Security Update
http://lwn.net/Alerts/627246/
+ CESA-2014:2024 Important CentOS 6 ntp Security Update
http://lwn.net/Alerts/627248/
+ CESA-2014:2025 Important CentOS 5 ntp Security Update
http://lwn.net/Alerts/627247
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ Apache POI 3.11 released
http://www.apache.org/dyn/closer.cgi/poi/release/RELEASE-NOTES.txt
+ Advisory: Vulnerability NTP CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
http://www.sophos.com/en-us/support/knowledgebase/121788.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ FreeBSD-SA-14:31.ntp Multiple vulnerabilities in NTP suite
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:31.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ FreeBSD-EN-14:13.freebsd-update freebsd-update attempts to remove the root directory
https://www.freebsd.org/security/advisories/FreeBSD-EN-14:13.freebsd-update.asc
+ UnZip Buffer Overflows in '-t' Command Line Option Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8141
+ REMOTE: Lotus Mail Encryption Server (Protector for Mail) LFI to RCE
http://www.exploit-db.com/exploits/35588
+ libpng 1.6.15 Heap Overflow
http://cxsecurity.com/issue/WLB-2014120165
+ Microsoft SDKs vulnerable
http://cxsecurity.com/issue/WLB-2014120164
+ Lotus Mail Encryption Server (Protector for Mail) Local File Inclusion
http://cxsecurity.com/issue/WLB-2014120161
+ PHP 5.6.3 unserialize() execute arbitrary code
http://cxsecurity.com/issue/WLB-2014120160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
Help the FSF stay strong for 30 more years
https://www.fsf.org/appeal/
MicroOLAP Database Designer meets PostgreSQL 9.4
http://www.postgresql.org/about/news/1560/
Bucardo 5.3.0 released
http://www.postgresql.org/about/news/1559/
チェックしておきたい脆弱性情報<2014.12.24>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121800036/?ST=security
だまされる、脅される、盗まれる あなたの「お金」が危ない
[事件ファイル]口座から金を盗む「ネットバンキング詐欺事件」
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900002/?ST=security
パソコンとの違いで見る、スマートフォンのセキュリティ対策
[OSの脆弱性]スマホは更新不可のケースも
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700002/?ST=security
時刻同期サービス「ntpd」に重大脆弱性、細工パケット一撃でサーバー乗っ取りも
http://itpro.nikkeibp.co.jp/atcl/news/14/122202355/?ST=security
米大統領がサイバー攻撃への北関与を断定、テロ支援国家再指定を検討
http://itpro.nikkeibp.co.jp/atcl/news/14/122202344/?ST=security
JVNVU#96446762 複数のブロードバンドルータに、脆弱性が存在するバージョンの Allegro RomPager を使用している問題
http://jvn.jp/vu/JVNVU96446762/
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
JVNVU#95399358 AppsGeyser で作成される Android アプリケーションに SSL 証明書の検証不備の脆弱性が作り込まれる問題
http://jvn.jp/vu/JVNVU95399358/
LOCAL: BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/35590
LOCAL: GParted 0.14.1 - OS Command Execution
http://www.exploit-db.com/exploits/35595
DoS/PoC: jetAudio 8.1.3 Basic (mp3) - Crash POC
http://www.exploit-db.com/exploits/35592
2014年12月22日月曜日
21日 月曜日、大安
+ RHSA-2014:2025 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2014-2025.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ RHSA-2014:2024 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2014-2024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ RHSA-2014:2024 Important: ntp security update
https://access.redhat.com/errata/RHSA-2014:2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ About the security content of Xcode 6.2 beta 3
http://support.apple.com/en-us/HT204147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
+ CESA-2014:2023 Moderate CentOS 7 glibc Security Update
http://lwn.net/Alerts/627039/
+ CESA-2014:2010 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/627042/
+ CESA-2014:2021 Important CentOS 7 jasper Security Update
http://lwn.net/Alerts/627040/
+ CESA-2014:2021 Important CentOS 6 jasper Security Update
http://lwn.net/Alerts/627041/
+ CESA-2014:2008 Important CentOS 5 kernel Security Update
http://lwn.net/Alerts/626811/
+ phpMyAdmin 4.3.3 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-433-is-released/
+ UPDATE: HPSBGN03204 rev.2 - HP Business Process Management running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510023&docLocale=ja_JP
+ Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103825&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ GCC 4.8.4 released
https://gcc.gnu.org/gcc-4.8/
+ NTP 4.2.8 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ PHP 5.6.4, 5.4.36 released
http://php.net/archive/2014.php#id2014-12-18-2
http://php.net/archive/2014.php#id2014-12-18-3
+ PostgreSQL 9.4 Released!
http://www.postgresql.org/docs/9.4/static/release-9-4.html
+ Samba 4.2.0rc3 Available for Download
https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc3.txt
+ VU#852879 Network Time Protocol daemon (ntpd) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/852879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ NTP Uses Weak Default Encryption Key and Weak RNG Seed
http://www.securitytracker.com/id/1031411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
+ NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service
http://www.securitytracker.com/id/1031410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ NTP Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ Apple Xcode Git Path Validation Flaw Lets Remote Users Add Files to the '.git' Folder
http://www.securitytracker.com/id/1031404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
+ Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ SA61787 PHP "SoapClient::__getTypes()" Denial of Service Vulnerability
http://secunia.com/advisories/61787/
+ SA60920 PHP Multiple Vulnerabilities
http://secunia.com/advisories/60920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
Database .NET 14.0 released
http://www.postgresql.org/about/news/1558/
だまされる、脅される、盗まれる あなたの「お金」が危ない
今までのセキュリティの常識はもう通じない
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900001/?ST=security
パソコンとの違いで見る、スマートフォンのセキュリティ対策
[ウイルス]スマホは「不正アプリ」を警戒
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700001/?ST=security
パスロジ、マトリックス型パスワード帳アプリ「PassClip」に新版
http://itpro.nikkeibp.co.jp/atcl/news/14/121902339/?ST=security
国内の優秀な研究者を“発掘”、セキュリティ国際会議「CODE BLUE」第2回開催
http://itpro.nikkeibp.co.jp/atcl/news/14/121902337/?ST=security
エヌシーアイ、DDoS攻撃対策装置の運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/14/121902336/?ST=security
オプティムがMDMソフトにMac版を追加、遠隔ロック/消去も可能
http://itpro.nikkeibp.co.jp/atcl/news/14/121902331/?ST=security
10年後にプライバシーは存在するか、米調査レポート
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/121900053/?ST=security
チェックしておきたい脆弱性情報<2014.12.19>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121800035/?ST=security
JVNVU#90515133 複数の Dell iDRAC 製品にセッション管理に関する脆弱性
http://jvn.jp/vu/JVNVU90515133/
VU#561444 Multiple broadband routers use vulnerable versions of Allegro RomPager
http://www.kb.cert.org/vuls/id/561444
VU#1680209 AppsGeyser generates Android applications that fail to properly validate SSL certificates
http://www.kb.cert.org/vuls/id/1680209
REMOTE: Varnish Cache CLI Interface Remote Code Execution
http://www.exploit-db.com/exploits/35581
DoS/PoC: Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/35580
https://rhn.redhat.com/errata/RHSA-2014-2025.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ RHSA-2014:2024 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2014-2024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ RHSA-2014:2024 Important: ntp security update
https://access.redhat.com/errata/RHSA-2014:2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ About the security content of Xcode 6.2 beta 3
http://support.apple.com/en-us/HT204147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
+ CESA-2014:2023 Moderate CentOS 7 glibc Security Update
http://lwn.net/Alerts/627039/
+ CESA-2014:2010 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/627042/
+ CESA-2014:2021 Important CentOS 7 jasper Security Update
http://lwn.net/Alerts/627040/
+ CESA-2014:2021 Important CentOS 6 jasper Security Update
http://lwn.net/Alerts/627041/
+ CESA-2014:2008 Important CentOS 5 kernel Security Update
http://lwn.net/Alerts/626811/
+ phpMyAdmin 4.3.3 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-433-is-released/
+ UPDATE: HPSBGN03204 rev.2 - HP Business Process Management running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510023&docLocale=ja_JP
+ Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103825&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ GCC 4.8.4 released
https://gcc.gnu.org/gcc-4.8/
+ NTP 4.2.8 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ PHP 5.6.4, 5.4.36 released
http://php.net/archive/2014.php#id2014-12-18-2
http://php.net/archive/2014.php#id2014-12-18-3
+ PostgreSQL 9.4 Released!
http://www.postgresql.org/docs/9.4/static/release-9-4.html
+ Samba 4.2.0rc3 Available for Download
https://download.samba.org/pub/samba/rc/WHATSNEW-4.2.0rc3.txt
+ VU#852879 Network Time Protocol daemon (ntpd) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/852879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ NTP Uses Weak Default Encryption Key and Weak RNG Seed
http://www.securitytracker.com/id/1031411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
+ NTP Logic Error in the receive() Function in 'ntp_proto.c' May Let Remote Users Deny Service
http://www.securitytracker.com/id/1031410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
+ NTP Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ Apple Xcode Git Path Validation Flaw Lets Remote Users Add Files to the '.git' Folder
http://www.securitytracker.com/id/1031404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390
+ Subversion mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ Subversion mod_dav_svn REPORT Request Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ SA61787 PHP "SoapClient::__getTypes()" Denial of Service Vulnerability
http://secunia.com/advisories/61787/
+ SA60920 PHP Multiple Vulnerabilities
http://secunia.com/advisories/60920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
Database .NET 14.0 released
http://www.postgresql.org/about/news/1558/
だまされる、脅される、盗まれる あなたの「お金」が危ない
今までのセキュリティの常識はもう通じない
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900001/?ST=security
パソコンとの違いで見る、スマートフォンのセキュリティ対策
[ウイルス]スマホは「不正アプリ」を警戒
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700001/?ST=security
パスロジ、マトリックス型パスワード帳アプリ「PassClip」に新版
http://itpro.nikkeibp.co.jp/atcl/news/14/121902339/?ST=security
国内の優秀な研究者を“発掘”、セキュリティ国際会議「CODE BLUE」第2回開催
http://itpro.nikkeibp.co.jp/atcl/news/14/121902337/?ST=security
エヌシーアイ、DDoS攻撃対策装置の運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/14/121902336/?ST=security
オプティムがMDMソフトにMac版を追加、遠隔ロック/消去も可能
http://itpro.nikkeibp.co.jp/atcl/news/14/121902331/?ST=security
10年後にプライバシーは存在するか、米調査レポート
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/121900053/?ST=security
チェックしておきたい脆弱性情報<2014.12.19>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/121800035/?ST=security
JVNVU#90515133 複数の Dell iDRAC 製品にセッション管理に関する脆弱性
http://jvn.jp/vu/JVNVU90515133/
VU#561444 Multiple broadband routers use vulnerable versions of Allegro RomPager
http://www.kb.cert.org/vuls/id/561444
VU#1680209 AppsGeyser generates Android applications that fail to properly validate SSL certificates
http://www.kb.cert.org/vuls/id/1680209
REMOTE: Varnish Cache CLI Interface Remote Code Execution
http://www.exploit-db.com/exploits/35581
DoS/PoC: Ettercap 0.8.0-0.8.1 - Multiple Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/35580
2014年12月19日金曜日
19日 金曜日、先勝
+ RHSA-2014:2021 Important: jasper security update
https://rhn.redhat.com/errata/RHSA-2014-2021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
+ RHSA-2014:2021 Important: jasper security update
https://access.redhat.com/errata/RHSA-2014:2021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
+ RHSA-2014:2023 Moderate: glibc security and bug fix update
https://access.redhat.com/errata/RHSA-2014:2023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
+ RHSA-2014:2010 Important: kernel security update
https://access.redhat.com/errata/RHSA-2014:2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ TortoiseSVN 1.8.10 released
http://tortoisesvn.net/downloads.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
+ UPDATE: HPSBGN03204 rev.2 - HP Business Process Management running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510023&docLocale=ja_JP
+ PHP 5.5.20 is available
http://php.net/ChangeLog-5.php#5.5.20
+ Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
PostgreSQL 9.4 Increases Flexibility, Scalability and Performance
http://www.postgresql.org/about/news/1557/
JVNDB-2014-000152 WBS ガントチャート for JIRA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000152.html
JVNDB-2014-000151 WBS ガントチャート for JIRA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000151.html
JVNDB-2014-000124 Android 版 TSUTAYAアプリにおける任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000124.html
JVNDB-2014-000132 アライドテレシス製の複数の製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000132.html
世界のセキュリティ・ラボから
小売販売以外にも拡大するPOSマルウエア
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/121500024/?ST=security
日本MS、NTT Com、FFRIが国産の「ゼロデイ攻撃対策サービス」を提供へ
http://itpro.nikkeibp.co.jp/atcl/news/14/121802325/?ST=security
マクニカがホスト型APT攻撃対策に新版、マルウエア実行をブロック
http://itpro.nikkeibp.co.jp/atcl/news/14/121802323/?ST=security
キヤノンITS、メールフィルタリング上位版が仮想アプライアンスに
http://itpro.nikkeibp.co.jp/atcl/news/14/121802311/?ST=security
ITpro
あらゆる関係者が「人質」になる時代
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/121700101/?ST=security
ソニーピクチャーズ、問題の映画「The Interview」を公開中止
http://itpro.nikkeibp.co.jp/atcl/news/14/121802308/?ST=security
VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values
http://www.kb.cert.org/vuls/id/843044
https://rhn.redhat.com/errata/RHSA-2014-2021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
+ RHSA-2014:2021 Important: jasper security update
https://access.redhat.com/errata/RHSA-2014:2021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
+ RHSA-2014:2023 Moderate: glibc security and bug fix update
https://access.redhat.com/errata/RHSA-2014:2023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
+ RHSA-2014:2010 Important: kernel security update
https://access.redhat.com/errata/RHSA-2014:2010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ TortoiseSVN 1.8.10 released
http://tortoisesvn.net/downloads.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
+ UPDATE: HPSBGN03204 rev.2 - HP Business Process Management running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510023&docLocale=ja_JP
+ PHP 5.5.20 is available
http://php.net/ChangeLog-5.php#5.5.20
+ Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
PostgreSQL 9.4 Increases Flexibility, Scalability and Performance
http://www.postgresql.org/about/news/1557/
JVNDB-2014-000152 WBS ガントチャート for JIRA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000152.html
JVNDB-2014-000151 WBS ガントチャート for JIRA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000151.html
JVNDB-2014-000124 Android 版 TSUTAYAアプリにおける任意の Java のメソッドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000124.html
JVNDB-2014-000132 アライドテレシス製の複数の製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000132.html
世界のセキュリティ・ラボから
小売販売以外にも拡大するPOSマルウエア
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/121500024/?ST=security
日本MS、NTT Com、FFRIが国産の「ゼロデイ攻撃対策サービス」を提供へ
http://itpro.nikkeibp.co.jp/atcl/news/14/121802325/?ST=security
マクニカがホスト型APT攻撃対策に新版、マルウエア実行をブロック
http://itpro.nikkeibp.co.jp/atcl/news/14/121802323/?ST=security
キヤノンITS、メールフィルタリング上位版が仮想アプライアンスに
http://itpro.nikkeibp.co.jp/atcl/news/14/121802311/?ST=security
ITpro
あらゆる関係者が「人質」になる時代
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/121700101/?ST=security
ソニーピクチャーズ、問題の映画「The Interview」を公開中止
http://itpro.nikkeibp.co.jp/atcl/news/14/121802308/?ST=security
VU#843044 Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values
http://www.kb.cert.org/vuls/id/843044
2014年12月18日木曜日
18日 木曜日、赤口
+ RHSA-2014:2008 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2014-2008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ CESA-2014:1997 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/626629/
+ CESA-2014:1999 Moderate CentOS 6 mailx Security Update
http://lwn.net/Alerts/626630/
+ CESA-2014:1999 Moderate CentOS 7 mailx Security Update
http://lwn.net/Alerts/626631/
+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
+ FreeBSD-SA-14:30.unbound unbound remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8602
+ HP OpenVMS POP Unspecified Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7880
+ Symantec Web Gateway Lets Remote Authenticated Users Execute Arbitrary Commands
http://www.securitytracker.com/id/1031386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7285
+ Linux Kernel espfix64 Stack Segment Fault Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ SA61236 PHP "var_push_dtor()" NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/61236/
+ SA61131 Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities
http://secunia.com/advisories/61131/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ Linux Kernel 'Grinch' polkit/wheel group issue
http://cxsecurity.com/issue/WLB-2014120115
+ Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/71685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/71717
NECフィールディング、中小企業のインターネット脅威対策サービス
http://itpro.nikkeibp.co.jp/atcl/news/14/121702303/?ST=security
ラックが2014年のサイバー事件・事故を総括、「三つの重大な課題が露呈」
http://itpro.nikkeibp.co.jp/atcl/news/14/121702300/?ST=security
ソニー映画「The Interview」上映予定の劇場にハッカー集団が脅迫
http://itpro.nikkeibp.co.jp/atcl/news/14/121702287/?ST=security
https://rhn.redhat.com/errata/RHSA-2014-2008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ CESA-2014:1997 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/626629/
+ CESA-2014:1999 Moderate CentOS 6 mailx Security Update
http://lwn.net/Alerts/626630/
+ CESA-2014:1999 Moderate CentOS 7 mailx Security Update
http://lwn.net/Alerts/626631/
+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2
+ FreeBSD-SA-14:30.unbound unbound remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:30.unbound.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8602
+ HP OpenVMS POP Unspecified Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7880
+ Symantec Web Gateway Lets Remote Authenticated Users Execute Arbitrary Commands
http://www.securitytracker.com/id/1031386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7285
+ Linux Kernel espfix64 Stack Segment Fault Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ SA61236 PHP "var_push_dtor()" NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/61236/
+ SA61131 Apache Subversion mod_dav_svn Two Denial of Service Vulnerabilities
http://secunia.com/advisories/61131/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ Linux Kernel 'Grinch' polkit/wheel group issue
http://cxsecurity.com/issue/WLB-2014120115
+ Linux Kernel CVE-2014-9322 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/71685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/71717
NECフィールディング、中小企業のインターネット脅威対策サービス
http://itpro.nikkeibp.co.jp/atcl/news/14/121702303/?ST=security
ラックが2014年のサイバー事件・事故を総括、「三つの重大な課題が露呈」
http://itpro.nikkeibp.co.jp/atcl/news/14/121702300/?ST=security
ソニー映画「The Interview」上映予定の劇場にハッカー集団が脅迫
http://itpro.nikkeibp.co.jp/atcl/news/14/121702287/?ST=security
2014年12月17日水曜日
17日 水曜日、大安
+ RHSA-2014:1999 Moderate: mailx security update
https://rhn.redhat.com/errata/RHSA-2014-1999.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
+ RHSA-2014:1997 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1997.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ RHSA-2014:1999 Moderate: mailx security updat
https://access.redhat.com/errata/RHSA-2014:1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
+ PDFCreator 2.0.1 released
http://www.pdfforge.org/blog/pdfcreator-201
+ HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04512907&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04518605&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04530690&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
+ HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04530570&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7880
+ Linux kernel 3.18.1, 3.17.7, 3.14.27, 3.10.63 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.63
+ Multiple vulnerabilities fixed in Firefox 24.7.0 ESR
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox1
+ CVE-2014-3707 Information Disclosure vulnerability in Libcurl
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3707_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707
+ Multiple vulnerabilities in Puppet
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250
+ Multiple Buffer Errors vulnerabilities in Kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342
+ CVE-2014-2285 Input Validation vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2285_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
+ CVE-2012-2141 Denial Of Service(DoS) vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2141_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
+ CVE-2014-3565 Resource Management Errors vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3565_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
+ Multiple vulnerabilities in Jinja2
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_jinja2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402
+ MIT Kerberos Null Pointer Dereference Bugs Let Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1031376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354
+ Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
+ Linux Kernel 3.2 multiple x86_64 vulnerabilities
http://cxsecurity.com/issue/WLB-2014120100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
+ Symantec Web Gateway CVE-2014-7285 Command Injection Vulnerability
http://www.securityfocus.com/bid/71620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7285
UPDATE: JVNVU#92305751 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92305751/
JVNVU#92844499 CA Release Automation (旧 CA LISA Release Automation) に複数の脆弱性
http://jvn.jp/vu/JVNVU92844499/
JVNVU#99439003 EMC Documentum シリーズの製品に複数の脆弱性
http://jvn.jp/vu/JVNVU99439003/
極めて高度なマルウエア「Regin」、過去の手口を活用
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/121500023/?ST=security
「SSL証明書無償配布」がもたらすWebの変革、企業ネットの管理にも影響
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121500129/?ST=security
「俺は君の20年後を見ている」、“謎”の脅迫ウイルスが日本人を狙う
http://itpro.nikkeibp.co.jp/atcl/news/14/121602280/?ST=security
エンカレッジ、中小企業向けに月額5000円の特権ID管理
http://itpro.nikkeibp.co.jp/atcl/news/14/121602277/?ST=security
アカマイ、DDoS対策のスクラビングセンターを日本に開設
http://itpro.nikkeibp.co.jp/atcl/news/14/121602271/?ST=security
REMOTE: ActualAnalyzer 'ant' Cookie Command Execution
http://www.exploit-db.com/exploits/35549
https://rhn.redhat.com/errata/RHSA-2014-1999.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
+ RHSA-2014:1997 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1997.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
+ RHSA-2014:1999 Moderate: mailx security updat
https://access.redhat.com/errata/RHSA-2014:1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7844
+ PDFCreator 2.0.1 released
http://www.pdfforge.org/blog/pdfcreator-201
+ HPSBMU03217 rev.1 - HP Vertica Analytics Platform running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04512907&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ HPSBMU03221 rev.1 - HP Connect-IT running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04518605&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBOV03226 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Multiple Remote Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04530690&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
+ HPSBOV03225 rev.1 - HP OpenVMS running POP, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04530570&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7880
+ Linux kernel 3.18.1, 3.17.7, 3.14.27, 3.10.63 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.63
+ Multiple vulnerabilities fixed in Firefox 24.7.0 ESR
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_firefox1
+ CVE-2014-3707 Information Disclosure vulnerability in Libcurl
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3707_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707
+ Multiple vulnerabilities in Puppet
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250
+ Multiple Buffer Errors vulnerabilities in Kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342
+ CVE-2014-2285 Input Validation vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2285_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
+ CVE-2012-2141 Denial Of Service(DoS) vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2141_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2141
+ CVE-2014-3565 Resource Management Errors vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3565_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
+ Multiple vulnerabilities in Jinja2
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_jinja2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402
+ MIT Kerberos Null Pointer Dereference Bugs Let Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1031376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354
+ Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
+ Linux Kernel 3.2 multiple x86_64 vulnerabilities
http://cxsecurity.com/issue/WLB-2014120100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
+ Symantec Web Gateway CVE-2014-7285 Command Injection Vulnerability
http://www.securityfocus.com/bid/71620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7285
UPDATE: JVNVU#92305751 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92305751/
JVNVU#92844499 CA Release Automation (旧 CA LISA Release Automation) に複数の脆弱性
http://jvn.jp/vu/JVNVU92844499/
JVNVU#99439003 EMC Documentum シリーズの製品に複数の脆弱性
http://jvn.jp/vu/JVNVU99439003/
極めて高度なマルウエア「Regin」、過去の手口を活用
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/121500023/?ST=security
「SSL証明書無償配布」がもたらすWebの変革、企業ネットの管理にも影響
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121500129/?ST=security
「俺は君の20年後を見ている」、“謎”の脅迫ウイルスが日本人を狙う
http://itpro.nikkeibp.co.jp/atcl/news/14/121602280/?ST=security
エンカレッジ、中小企業向けに月額5000円の特権ID管理
http://itpro.nikkeibp.co.jp/atcl/news/14/121602277/?ST=security
アカマイ、DDoS対策のスクラビングセンターを日本に開設
http://itpro.nikkeibp.co.jp/atcl/news/14/121602271/?ST=security
REMOTE: ActualAnalyzer 'ant' Cookie Command Execution
http://www.exploit-db.com/exploits/35549
2014年12月16日火曜日
16日 火曜日、仏滅
+ TortoiseSVN 1.8.9 released
http://tortoisesvn.net/tsvn_1.8_releasenotes.html
+ mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability with certain invalid REPORT requests.
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ mod_dav_svn is vulnerable to a remotely triggerable segfault DoS vulnerability for requests with no existant virtual transaction names.
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ HPSBOV03197 rev.1 - HP OpenVMS running Java, Multiple Remote Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04529337&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
+ DoS/PoC: phpMyAdmin 4.0.x, 4.1.x, 4.2.x - DoS
http://www.exploit-db.com/exploits/35539
+ glibc 2.21 DNS endless loop in getaddr_r
http://cxsecurity.com/issue/WLB-2014120094
+ phpMyAdmin 4.0.x, 4.1.x, 4.2.x Denial of Service
http://cxsecurity.com/issue/WLB-2014120093
+ SA61425 Linux Kernel Virtual File System Deadlock Denial of Service Vulnerabilities
http://secunia.com/advisories/61425/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559
+ SA61121 Hitachi JP1/Cm2/Network Node Manager Multiple Vulnerabilities
http://secunia.com/advisories/61121/
+ GNU glibc 'getanswer_r()' Function Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/71670
キヤノンPPS、印刷事業者に内部統制ソフト「ESS REC」を発売
http://itpro.nikkeibp.co.jp/atcl/news/14/121502247/?ST=security
NAS上で操作ログを記録する製品、インテリジェントワークスが販売
http://itpro.nikkeibp.co.jp/atcl/news/14/121502245/?ST=security
JVNVU#98107585 Honeywell OPOS Suite にスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98107585/index.html
VU#343060 CA LISA Release Automation contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/343060
VU#315340 EMC Documentum products contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/315340
REMOTE: Tuleap PHP Unserialize Code Execution
http://www.exploit-db.com/exploits/35545
LOCAl: Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.m3u)
http://www.exploit-db.com/exploits/35530
LOCAl: Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit Dos (.lst)
http://www.exploit-db.com/exploits/35531
LOCAl: jaangle 0.98i.977 - Denial of Service Vulnerability
http://www.exploit-db.com/exploits/35532
LOCAl: HTCSyncManager 3.1.33.0 - Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/35534
LOCAl: Avira 14.0.7.342 - (avguard.exe) Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/35537
LOCAl: CodeMeter 4.50.906.503 - Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/35542
2014年12月15日月曜日
15日 月曜日、先負
+ RHSA-2014:1985 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2014-1985.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ RHSA-2014:1984 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2014-1984.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ RHSA-2014:1984 Important: bind security updat
https://access.redhat.com/errata/RHSA-2014:1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ About the security content of Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2
http://support.apple.com/en-us/HT6597
+ CESA-2014:1984 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/625981/
+ CESA-2014:1984 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/625982/
+ CESA-2014:1985 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/625983/
+ CESA-2014:1984 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/625980/
+ CESA-2014:1983 Important CentOS 7 xorg-x11-server Security Update
http://lwn.net/Alerts/625984/
+ CESA-2014:1982 Important CentOS 5 xorg-x11-server Security Update
http://lwn.net/Alerts/625986/
+ CESA-2014:1983 Important CentOS 6 xorg-x11-server Security Update
http://lwn.net/Alerts/625985/
+ phpMyAdmin 4.3.2 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-432-is-released/
+ Linux kernel 3.2.65 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.65
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.65
+ HS14-025 Multiple Vulnerabilities in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-025/index.html
+ HS14-024 Buffer Overflow Vulnerability in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-024/index.html
+ HS14-025 JP1/Cm2/Network Node Manager iにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-025/index.html
+ HS14-024 JP1/Cm2/Network Node Manager iにおけるバッファオーバーフローの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-024/index.html
+ MantisBT 1.2.17 URL redirection issue
http://cxsecurity.com/issue/WLB-2014120085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316
+ Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
http://cxsecurity.com/issue/WLB-2014120084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4323
+ Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/71657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
+ Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/71656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
+ Linux Kernel 'kernel/kvm.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
JVNDB-2014-000150 LinPHA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000150.html
チェックしておきたい脆弱性情報<2014.12.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300034/?ST=security
リスト型攻撃――金銭目当てだけではない、その真の目的とは
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121100138/?ST=security
共同通信社から個人情報1万7000件漏洩の可能性、政財界幹部向け会員誌送付先など
http://itpro.nikkeibp.co.jp/atcl/news/14/121202232/?ST=security
ITproまとめ
Apple ID
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/121000047/?ST=security
ITpro NOW
脆弱性に名前を付けるメリット
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/121100099/?ST=security
VU#659684 Honeywell OPOS suite Stack Buffer Overflow vulnerability
http://www.kb.cert.org/vuls/id/659684
https://rhn.redhat.com/errata/RHSA-2014-1985.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ RHSA-2014:1984 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2014-1984.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ RHSA-2014:1984 Important: bind security updat
https://access.redhat.com/errata/RHSA-2014:1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ About the security content of Safari 8.0.2, Safari 7.1.2, and Safari 6.2.2
http://support.apple.com/en-us/HT6597
+ CESA-2014:1984 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/625981/
+ CESA-2014:1984 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/625982/
+ CESA-2014:1985 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/625983/
+ CESA-2014:1984 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/625980/
+ CESA-2014:1983 Important CentOS 7 xorg-x11-server Security Update
http://lwn.net/Alerts/625984/
+ CESA-2014:1982 Important CentOS 5 xorg-x11-server Security Update
http://lwn.net/Alerts/625986/
+ CESA-2014:1983 Important CentOS 6 xorg-x11-server Security Update
http://lwn.net/Alerts/625985/
+ phpMyAdmin 4.3.2 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-432-is-released/
+ Linux kernel 3.2.65 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.65
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.65
+ HS14-025 Multiple Vulnerabilities in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-025/index.html
+ HS14-024 Buffer Overflow Vulnerability in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-024/index.html
+ HS14-025 JP1/Cm2/Network Node Manager iにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-025/index.html
+ HS14-024 JP1/Cm2/Network Node Manager iにおけるバッファオーバーフローの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-024/index.html
+ MantisBT 1.2.17 URL redirection issue
http://cxsecurity.com/issue/WLB-2014120085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316
+ Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges
http://cxsecurity.com/issue/WLB-2014120084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4323
+ Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/71657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
+ Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/71656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
+ Linux Kernel 'kernel/kvm.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
JVNDB-2014-000150 LinPHA におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000150.html
チェックしておきたい脆弱性情報<2014.12.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300034/?ST=security
リスト型攻撃――金銭目当てだけではない、その真の目的とは
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121100138/?ST=security
共同通信社から個人情報1万7000件漏洩の可能性、政財界幹部向け会員誌送付先など
http://itpro.nikkeibp.co.jp/atcl/news/14/121202232/?ST=security
ITproまとめ
Apple ID
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/121000047/?ST=security
ITpro NOW
脆弱性に名前を付けるメリット
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/121100099/?ST=security
VU#659684 Honeywell OPOS suite Stack Buffer Overflow vulnerability
http://www.kb.cert.org/vuls/id/659684
2014年12月12日金曜日
12日 金曜日、赤口
+ RHSA-2014:1982 Important: xorg-x11-server security update
https://rhn.redhat.com/errata/RHSA-2014-1982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
+ RHSA-2014:1983 Important: xorg-x11-server security update
https://rhn.redhat.com/errata/RHSA-2014-1983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
+ RHSA-2014:1983 Important: xorg-x11-server security update
https://access.redhat.com/errata/RHSA-2014:1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
+ Check Point response to TLS 1.x padding vulnerability (CVE-2014-8730)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103683&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
+ Linux kernel 3.12.35 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.35
+ FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1031344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
+ FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code
http://www.securitytracker.com/id/1031343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
+ Google Doc Embedder 2.5.14 SQL Injection
http://cxsecurity.com/issue/WLB-2014120064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9173
JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
LOCAL: Mobilis 3G mobiconnect 3G++ ZDServer 1.0.1.2 - (ZTE CORPORATION) Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/35512
https://rhn.redhat.com/errata/RHSA-2014-1982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
+ RHSA-2014:1983 Important: xorg-x11-server security update
https://rhn.redhat.com/errata/RHSA-2014-1983.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
+ RHSA-2014:1983 Important: xorg-x11-server security update
https://access.redhat.com/errata/RHSA-2014:1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
+ Check Point response to TLS 1.x padding vulnerability (CVE-2014-8730)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103683&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730
+ Linux kernel 3.12.35 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.35
+ FreeBSD file(1) and libmagic(3) File Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1031344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
+ FreeBSD Buffer Overflow in libc stdio Lets Local Users Deny Service or Execute Arbitrary Code
http://www.securitytracker.com/id/1031343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
+ Google Doc Embedder 2.5.14 SQL Injection
http://cxsecurity.com/issue/WLB-2014120064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9173
JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
LOCAL: Mobilis 3G mobiconnect 3G++ ZDServer 1.0.1.2 - (ZTE CORPORATION) Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/35512
2014年12月11日木曜日
11日 木曜日、大安
+ About the security content of iOS 8.1.2.
http://support.apple.com/en-us/HT6598
+ CESA-2014:1971 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/625470/
+ CESA-2014:1976 Important CentOS 7 rpm Security Update
http://lwn.net/Alerts/625473/
+ CESA-2014:1974 Important CentOS 6 rpm Security Update
http://lwn.net/Alerts/625471/
+ CESA-2014:1974 Important CentOS 5 rpm Security Update
http://lwn.net/Alerts/625472/
+ squid 3.4.10 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
+ BIND 9.10.1-P1, 9.9.6-P1 released
https://kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html
https://kb.isc.org/article/AA-01224/81/BIND-9.9.6-P1-Release-Notes.html
+ CVE-2014-8680: Defects in GeoIP features can cause BIND to crash
https://kb.isc.org/article/AA-01217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
https://kb.isc.org/article/AA-01216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04302476&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2608
+ UPDATE: HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04487558&docLocale=ja_JP
+ VMSA-2014-0014 AirWatch by VMware product update addresses information disclosure vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8372
+ VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2014-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8373
+ FreeBSD-SA-14:29.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ FreeBSD-SA-14:28.file Multiple vulnerabilities in file(1) and libmagic(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
+ FreeBSD-SA-14:27.stdio Buffer overflow in stdio
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
+ VU#264212 Recursive DNS resolver implementations may follow referrals infinitely
http://www.kb.cert.org/vuls/id/264212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8602
+ ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
JVNDB-2014-000149 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000149.html
次世代サンドボックスをうたう米Lastlineが日本法人設立
http://itpro.nikkeibp.co.jp/atcl/news/14/121002198/?ST=security
パスワードを自動変更する「Password Changer」、Dashlaneがベータ公開
http://itpro.nikkeibp.co.jp/atcl/news/14/121002196/?ST=security
米国における盗難事件の1割はスマホ関連、2013年には100万台以上が盗まれる
http://itpro.nikkeibp.co.jp/atcl/news/14/121002193/?ST=security
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
JVN#54775800 FAST/TOOLS における XML 外部実体参照処理の脆弱性
http://jvn.jp/jp/JVN54775800/
JVN#13160869 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN13160869/
http://support.apple.com/en-us/HT6598
+ CESA-2014:1971 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/625470/
+ CESA-2014:1976 Important CentOS 7 rpm Security Update
http://lwn.net/Alerts/625473/
+ CESA-2014:1974 Important CentOS 6 rpm Security Update
http://lwn.net/Alerts/625471/
+ CESA-2014:1974 Important CentOS 5 rpm Security Update
http://lwn.net/Alerts/625472/
+ squid 3.4.10 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
+ BIND 9.10.1-P1, 9.9.6-P1 released
https://kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html
https://kb.isc.org/article/AA-01224/81/BIND-9.9.6-P1-Release-Notes.html
+ CVE-2014-8680: Defects in GeoIP features can cause BIND to crash
https://kb.isc.org/article/AA-01217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
https://kb.isc.org/article/AA-01216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04302476&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2608
+ UPDATE: HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04487558&docLocale=ja_JP
+ VMSA-2014-0014 AirWatch by VMware product update addresses information disclosure vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8372
+ VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2014-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8373
+ FreeBSD-SA-14:29.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ FreeBSD-SA-14:28.file Multiple vulnerabilities in file(1) and libmagic(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
+ FreeBSD-SA-14:27.stdio Buffer overflow in stdio
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
+ VU#264212 Recursive DNS resolver implementations may follow referrals infinitely
http://www.kb.cert.org/vuls/id/264212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8602
+ ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
JVNDB-2014-000149 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000149.html
次世代サンドボックスをうたう米Lastlineが日本法人設立
http://itpro.nikkeibp.co.jp/atcl/news/14/121002198/?ST=security
パスワードを自動変更する「Password Changer」、Dashlaneがベータ公開
http://itpro.nikkeibp.co.jp/atcl/news/14/121002196/?ST=security
米国における盗難事件の1割はスマホ関連、2013年には100万台以上が盗まれる
http://itpro.nikkeibp.co.jp/atcl/news/14/121002193/?ST=security
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
JVN#54775800 FAST/TOOLS における XML 外部実体参照処理の脆弱性
http://jvn.jp/jp/JVN54775800/
JVN#13160869 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN13160869/
2014年12月10日水曜日
10日 水曜日、仏滅
+ 2014 年 12 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms14-dec
+ MS14-075 - 重要 Microsoft Exchange Server の脆弱性により、特権が昇格される (3009712)
https://technet.microsoft.com/ja-jp/library/security/MS14-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336
+ MS14-080 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3008923)
https://technet.microsoft.com/library/security/ms14-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
+ MS14-081 - 緊急 Microsoft Word および Microsoft Office Web Apps の脆弱性により、リモートでコードが実行される (3017301)
https://technet.microsoft.com/library/security/ms14-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
+ MS14-082 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3017349)
https://technet.microsoft.com/library/security/ms14-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6364
+ MS14-083 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (3017347)
https://technet.microsoft.com/library/security/ms14-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6361
+ MS14-084 - 緊急 VBScript スクリプト エンジンの脆弱性により、リモートでコードが実行される (3016711)
https://technet.microsoft.com/library/security/ms14-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
+ MS14-085 - 重要 Microsoft Graphics コンポーネントの脆弱性により、情報漏えいが起こる (3013126)
https://technet.microsoft.com/library/security/ms14-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2014:1974 Important: rpm security update
https://rhn.redhat.com/errata/RHSA-2014-1974.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
+ RHSA-2014:1971 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
+ RHSA-2014:1976 Important: rpm security updat
https://access.redhat.com/errata/RHSA-2014:1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
+ Google Chrome 39.0.2171.95 released
http://googlechromereleases.blogspot.jp/2014/12/stable-channel-update.html
+ APSB14-29 Security Update: Hotfixes available for ColdFusion
http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9166
+ HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04302476&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2608
+ UPDATE: HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04487558&docLocale=ja_JP
+ JVNVU#94007830 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU94007830/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ ISC BIND GeoIP Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1031312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ Apache Struts Predictable Tokens Let Remote Users Bypass Cross-Site Request Forgery Protection
http://www.securitytracker.com/id/1031309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809
+ BIND 9.10.1 A Defect in Delegation Handling Vulnerability
http://cxsecurity.com/issue/WLB-2014120050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ BIND 9.10.1 Defects in GeoIP Crash
http://cxsecurity.com/issue/WLB-2014120051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ Apache Struts 2.3.20 Security Fixes
http://cxsecurity.com/issue/WLB-2014120048
+ SA61156 Google Chrome Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/61156/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9164
+ SA61004 ISC BIND Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/61004/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ SA60935 ISC BIND Delegation Handling Denial of Service Vulnerability
http://secunia.com/advisories/60935/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ SA60356 ISC BIND Delegation Handling Denial of Service Vulnerability
http://secunia.com/advisories/60356/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/71494
JVNDB-2014-000146 i-HTTPD におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000146.html
JVNDB-2014-000145 i-HTTPD 付属「おまけ BBS」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000145.html
JVNDB-2014-000144 i-HTTPD におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000144.html
JVNDB-2014-000143 i-HTTPD 付属「ファイルアップロード BBS」において任意のコマンドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000143.html
「ソーシャル新人類」の不夜城?10代は何を考えているのか
ネット上を暴走する告白願望、理解・共感を求める気持ちが危険招く
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/120400020/?ST=security
チェックしておきたい脆弱性情報<2014.12.10>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300033/?ST=security
DNSの仕様自体に起因する重大な脆弱性が見つかる、JPRSが対策呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/14/120902178/?ST=security
ソニーのプレステネットワークにシステム障害、「Lizard Squad」の攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/14/120902171/?ST=security
世界のセキュリティ・ラボから
人質ファイルを1つ解放するランサムウエア「CoinVault」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/120400022/?ST=security
JVNVU#92305751 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92305751/
https://technet.microsoft.com/ja-jp/library/security/ms14-dec
+ MS14-075 - 重要 Microsoft Exchange Server の脆弱性により、特権が昇格される (3009712)
https://technet.microsoft.com/ja-jp/library/security/MS14-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6336
+ MS14-080 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3008923)
https://technet.microsoft.com/library/security/ms14-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
+ MS14-081 - 緊急 Microsoft Word および Microsoft Office Web Apps の脆弱性により、リモートでコードが実行される (3017301)
https://technet.microsoft.com/library/security/ms14-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6357
+ MS14-082 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3017349)
https://technet.microsoft.com/library/security/ms14-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6364
+ MS14-083 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (3017347)
https://technet.microsoft.com/library/security/ms14-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6361
+ MS14-084 - 緊急 VBScript スクリプト エンジンの脆弱性により、リモートでコードが実行される (3016711)
https://technet.microsoft.com/library/security/ms14-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6363
+ MS14-085 - 重要 Microsoft Graphics コンポーネントの脆弱性により、情報漏えいが起こる (3013126)
https://technet.microsoft.com/library/security/ms14-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6355
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2014:1974 Important: rpm security update
https://rhn.redhat.com/errata/RHSA-2014-1974.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
+ RHSA-2014:1971 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
+ RHSA-2014:1976 Important: rpm security updat
https://access.redhat.com/errata/RHSA-2014:1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8118
+ Google Chrome 39.0.2171.95 released
http://googlechromereleases.blogspot.jp/2014/12/stable-channel-update.html
+ APSB14-29 Security Update: Hotfixes available for ColdFusion
http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9166
+ HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04302476&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2608
+ UPDATE: HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04487558&docLocale=ja_JP
+ JVNVU#94007830 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU94007830/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ ISC BIND GeoIP Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1031312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ ISC BIND Resolver Resource Consumption Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ Apache Struts Predictable Tokens Let Remote Users Bypass Cross-Site Request Forgery Protection
http://www.securitytracker.com/id/1031309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809
+ BIND 9.10.1 A Defect in Delegation Handling Vulnerability
http://cxsecurity.com/issue/WLB-2014120050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ BIND 9.10.1 Defects in GeoIP Crash
http://cxsecurity.com/issue/WLB-2014120051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ Apache Struts 2.3.20 Security Fixes
http://cxsecurity.com/issue/WLB-2014120048
+ SA61156 Google Chrome Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/61156/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9164
+ SA61004 ISC BIND Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/61004/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680
+ SA60935 ISC BIND Delegation Handling Denial of Service Vulnerability
http://secunia.com/advisories/60935/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ SA60356 ISC BIND Delegation Handling Denial of Service Vulnerability
http://secunia.com/advisories/60356/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
+ Linux Kernel ASLR Security Bypass Weakness
http://www.securityfocus.com/bid/71494
JVNDB-2014-000146 i-HTTPD におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000146.html
JVNDB-2014-000145 i-HTTPD 付属「おまけ BBS」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000145.html
JVNDB-2014-000144 i-HTTPD におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000144.html
JVNDB-2014-000143 i-HTTPD 付属「ファイルアップロード BBS」において任意のコマンドが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000143.html
「ソーシャル新人類」の不夜城?10代は何を考えているのか
ネット上を暴走する告白願望、理解・共感を求める気持ちが危険招く
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/120400020/?ST=security
チェックしておきたい脆弱性情報<2014.12.10>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300033/?ST=security
DNSの仕様自体に起因する重大な脆弱性が見つかる、JPRSが対策呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/14/120902178/?ST=security
ソニーのプレステネットワークにシステム障害、「Lizard Squad」の攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/14/120902171/?ST=security
世界のセキュリティ・ラボから
人質ファイルを1つ解放するランサムウエア「CoinVault」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/120400022/?ST=security
JVNVU#92305751 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92305751/
2014年12月9日火曜日
9日 火曜日、先負
+ MantisBT 1.2.18 Released
http://www.mantisbt.org/blog/?p=301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9117
+ CESA-2014:1959 Moderate CentOS 5 kernel Security Update
http://lwn.net/Alerts/624790/
+ phpMyAdmin 4.3.0 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-430-is-released/
+ phpMyAdmin 4.3.1 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-431-is-released/
+ UPDATE: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
+ HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04518999&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510081&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04516572&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04517477&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558
+ Linux kernel 3.17.6, 3.14.26, 3.12.34, 3.10.62 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.62
+ Apache Struts 2.3.20 released
http://struts.apache.org/announce.html#a20141207
+ Samba 4.0.23 Available for Download
http://samba.org/samba/history/samba-4.0.23.html
+ Glibc Out-of-bounds Memory Read Bugs in Converting IBM Encoded Data Let Remote or Local Users Deny Service
http://www.securitytracker.com/id/1031308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
+ SA60610 Microsoft Internet Explorer "display:run-in" Use-After-Free Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/60610/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
+ Google App Engine Java security sandbox bypasses
http://cxsecurity.com/issue/WLB-2014120040
+ Windows Kerberos - Elevation of Privilege (MS14-068)
http://cxsecurity.com/issue/WLB-2014120038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324
世界のセキュリティ・ラボから
人質ファイルを1つ解放するランサムウエア「CoinVault」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/120400022/?ST=security
ソニー米子会社へのサイバー攻撃、北朝鮮は関与否定するも「正義の行為」
http://itpro.nikkeibp.co.jp/atcl/news/14/120802151/?ST=security
チェックしておきたい脆弱性情報<2014.12.8>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300032/?ST=security
RSA幹部がサイバー犯罪のサービス化を指摘、DDoS攻撃は1時間8ドル
http://itpro.nikkeibp.co.jp/atcl/news/14/120502147/?ST=security
CEC、複合機の利用ログを収集管理する小型アプライアンス
http://itpro.nikkeibp.co.jp/atcl/news/14/120502144/?ST=security
DIT、特権IDアクセス管理ソフトでSSH鍵の管理を容易に
http://itpro.nikkeibp.co.jp/atcl/news/14/120502143/?ST=security
NSAの盗聴活動、世界中のキャリアの情報を収集か
http://itpro.nikkeibp.co.jp/atcl/news/14/120502137/?ST=security
JVNVU#98916051 Zenoss Core に複数の脆弱性
http://jvn.jp/vu/JVNVU98916051/
JVN#49154900 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN49154900/
VU#449452 Zenoss Core contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/449452
http://www.mantisbt.org/blog/?p=301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9117
+ CESA-2014:1959 Moderate CentOS 5 kernel Security Update
http://lwn.net/Alerts/624790/
+ phpMyAdmin 4.3.0 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-430-is-released/
+ phpMyAdmin 4.3.1 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-431-is-released/
+ UPDATE: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
+ HPSBGN03222 rev.1 - HP Enterprise Maps running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04518999&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03205 rev.1 - HP Insight Remote Support Clients running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510081&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03208 rev.1 - HP Cloud Service Automation running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04516572&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03218 SSRT101770 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04517477&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558
+ Linux kernel 3.17.6, 3.14.26, 3.12.34, 3.10.62 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.62
+ Apache Struts 2.3.20 released
http://struts.apache.org/announce.html#a20141207
+ Samba 4.0.23 Available for Download
http://samba.org/samba/history/samba-4.0.23.html
+ Glibc Out-of-bounds Memory Read Bugs in Converting IBM Encoded Data Let Remote or Local Users Deny Service
http://www.securitytracker.com/id/1031308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
+ SA60610 Microsoft Internet Explorer "display:run-in" Use-After-Free Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/60610/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
+ Google App Engine Java security sandbox bypasses
http://cxsecurity.com/issue/WLB-2014120040
+ Windows Kerberos - Elevation of Privilege (MS14-068)
http://cxsecurity.com/issue/WLB-2014120038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324
世界のセキュリティ・ラボから
人質ファイルを1つ解放するランサムウエア「CoinVault」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/120400022/?ST=security
ソニー米子会社へのサイバー攻撃、北朝鮮は関与否定するも「正義の行為」
http://itpro.nikkeibp.co.jp/atcl/news/14/120802151/?ST=security
チェックしておきたい脆弱性情報<2014.12.8>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/120300032/?ST=security
RSA幹部がサイバー犯罪のサービス化を指摘、DDoS攻撃は1時間8ドル
http://itpro.nikkeibp.co.jp/atcl/news/14/120502147/?ST=security
CEC、複合機の利用ログを収集管理する小型アプライアンス
http://itpro.nikkeibp.co.jp/atcl/news/14/120502144/?ST=security
DIT、特権IDアクセス管理ソフトでSSH鍵の管理を容易に
http://itpro.nikkeibp.co.jp/atcl/news/14/120502143/?ST=security
NSAの盗聴活動、世界中のキャリアの情報を収集か
http://itpro.nikkeibp.co.jp/atcl/news/14/120502137/?ST=security
JVNVU#98916051 Zenoss Core に複数の脆弱性
http://jvn.jp/vu/JVNVU98916051/
JVN#49154900 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN49154900/
VU#449452 Zenoss Core contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/449452
2014年12月5日金曜日
5日 金曜日、大安
+ 2014 年 12 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/ja-jp/library/security/ms14-dec
+ RHSA-2014:1959 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1959.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
+ RHSA-2014:1956 Moderate: wpa_supplicant security update
https://access.redhat.com/errata/RHSA-2014:1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
+ APSB14-28 Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-28.html
+ About the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
http://support.apple.com/en-us/HT6596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ CESA-2014:1919 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/624566/
+ CESA-2014:1948 Important CentOS 6 nss Security Update
http://lwn.net/Alerts/624568/
+ CESA-2014:1948 Important CentOS 7 nss Security Update
http://lwn.net/Alerts/624569/
+ CESA-2014:1956 Moderate CentOS 7 wpa_supplicant Security Update
http://lwn.net/Alerts/624572/
+ CESA-2014:1919 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/624564/
+ CESA-2014:1919 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/624565/
+ CESA-2014:1948 Important CentOS 5 nss Security Update
http://lwn.net/Alerts/624567/
+ CESA-2014:1924 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/624570/
+ CESA-2014:1924 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/624571/
+ Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ SA60454 phpMyAdmin "url" Cross-Site Scripting and Denial of Service Two Vulnerabilities
http://secunia.com/advisories/60454/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ SA60918 Microsoft Windows "xxxMenuWindowProc()" Denial of Service Vulnerability
http://secunia.com/advisories/60918/
+ SA60458 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/60458/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ tnftp in MacOS X 10.10 & FreeBSD10 Remote Comand Execution Exploit
http://cxsecurity.com/issue/WLB-2014120030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517
+ tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/71468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140
+ Microsoft Internet Explorer CVE-2014-8967 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
JVNDB-2014-000148 Android 版 拡散性ミリオンアーサーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000148.html
JVNDB-2014-000147 KENT-WEB 製 Clip Board におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000147.html
UPDATE: JVNVU#99291862 複数の NAT-PMP デバイスが WAN 側から操作可能な問題
http://jvn.jp/vu/JVNVU99291862/
攻撃者の「無力化」を図る、産官学連携のサイバー犯罪対策組織が始動
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120100116/?ST=security
Facebook、マルウエア対策強化でESETと提携
http://itpro.nikkeibp.co.jp/atcl/news/14/120402119/?ST=security
Google、自動入力を防止する“CAPTCHA”の新認証手段を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/120402114/?ST=security
https://technet.microsoft.com/ja-jp/library/security/ms14-dec
https://rhn.redhat.com/errata/RHSA-2014-1959.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
+ RHSA-2014:1956 Moderate: wpa_supplicant security update
https://access.redhat.com/errata/RHSA-2014:1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
+ APSB14-28 Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-28.html
+ About the security content of Safari 8.0.1, Safari 7.1.1, and Safari 6.2.1
http://support.apple.com/en-us/HT6596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ CESA-2014:1919 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/624566/
+ CESA-2014:1948 Important CentOS 6 nss Security Update
http://lwn.net/Alerts/624568/
+ CESA-2014:1948 Important CentOS 7 nss Security Update
http://lwn.net/Alerts/624569/
+ CESA-2014:1956 Moderate CentOS 7 wpa_supplicant Security Update
http://lwn.net/Alerts/624572/
+ CESA-2014:1919 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/624564/
+ CESA-2014:1919 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/624565/
+ CESA-2014:1948 Important CentOS 5 nss Security Update
http://lwn.net/Alerts/624567/
+ CESA-2014:1924 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/624570/
+ CESA-2014:1924 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/624571/
+ Apple Safari Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ SA60454 phpMyAdmin "url" Cross-Site Scripting and Denial of Service Two Vulnerabilities
http://secunia.com/advisories/60454/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ SA60918 Microsoft Windows "xxxMenuWindowProc()" Denial of Service Vulnerability
http://secunia.com/advisories/60918/
+ SA60458 Apple Safari Multiple Vulnerabilities
http://secunia.com/advisories/60458/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
+ tnftp in MacOS X 10.10 & FreeBSD10 Remote Comand Execution Exploit
http://cxsecurity.com/issue/WLB-2014120030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517
+ tcpdump CVE-2014-9140 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/71468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9140
+ Microsoft Internet Explorer CVE-2014-8967 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
JVNDB-2014-000148 Android 版 拡散性ミリオンアーサーにおける情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000148.html
JVNDB-2014-000147 KENT-WEB 製 Clip Board におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000147.html
UPDATE: JVNVU#99291862 複数の NAT-PMP デバイスが WAN 側から操作可能な問題
http://jvn.jp/vu/JVNVU99291862/
攻撃者の「無力化」を図る、産官学連携のサイバー犯罪対策組織が始動
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120100116/?ST=security
Facebook、マルウエア対策強化でESETと提携
http://itpro.nikkeibp.co.jp/atcl/news/14/120402119/?ST=security
Google、自動入力を防止する“CAPTCHA”の新認証手段を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/120402114/?ST=security
2014年12月4日木曜日
4日 木曜日、仏滅
+ RHSA-2014:1956 Moderate: wpa_supplicant security updat
https://access.redhat.com/errata/RHSA-2014:1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
+ Opera 26 released
http://www.opera.com/docs/changelogs/unified/2600/
+ phpMyAdmin 4.0.10.7, 4.1.14.8, 4.2.13.1 and 4.3.0-rc2 have been released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-40107-41148-42131-and-430-rc2-have-been-released/
+ PMASA-2014-18 XSS vulnerability in redirection mechanism
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ PMASA-2014-17 DoS vulnerability with long passwords
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
+ Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX200288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666
+ Linux Kernel XFS Hash Collision Lets Local Users Deny Service
http://www.securitytracker.com/id/1031281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7283
+ Linux Kernel ftrace Subsystem Memory Access Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1031280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
+ Linux Kernel Perf Subsystem Memory Access Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1031279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
+ SA60037 Linux Kernel Capabilities Manipulation Security Issue
http://secunia.com/advisories/60037/
+ SA60925 Opera Multiple Vulnerabilities
http://secunia.com/advisories/60925/
+ SA62240 Hitachi Multiple Products USB Storage Device Write Access Security Bypass Vulnerability
http://secunia.com/advisories/62240/
+ Google Document Embedder 2.5.16 mysql_real_escpae_string bypass SQL Injection
http://cxsecurity.com/issue/WLB-2014120022
+ phpMyAdmin CVE-2014-9219 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/71435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ phpMyAdmin Long Password Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/71434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
JVNDB-2014-000142 DBD::PgPP における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html
UPDATE: VNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
マカフィー、詐欺・迷惑電話を防ぐAndroidスマホアプリを発表
http://itpro.nikkeibp.co.jp/atcl/news/14/120302112/?ST=security
https://access.redhat.com/errata/RHSA-2014:1956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
+ Opera 26 released
http://www.opera.com/docs/changelogs/unified/2600/
+ phpMyAdmin 4.0.10.7, 4.1.14.8, 4.2.13.1 and 4.3.0-rc2 have been released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-40107-41148-42131-and-430-rc2-have-been-released/
+ PMASA-2014-18 XSS vulnerability in redirection mechanism
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ PMASA-2014-17 DoS vulnerability with long passwords
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
+ Citrix XenServer Multiple Security Updates
http://support.citrix.com/article/CTX200288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1666
+ Linux Kernel XFS Hash Collision Lets Local Users Deny Service
http://www.securitytracker.com/id/1031281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7283
+ Linux Kernel ftrace Subsystem Memory Access Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1031280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
+ Linux Kernel Perf Subsystem Memory Access Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1031279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
+ SA60037 Linux Kernel Capabilities Manipulation Security Issue
http://secunia.com/advisories/60037/
+ SA60925 Opera Multiple Vulnerabilities
http://secunia.com/advisories/60925/
+ SA62240 Hitachi Multiple Products USB Storage Device Write Access Security Bypass Vulnerability
http://secunia.com/advisories/62240/
+ Google Document Embedder 2.5.16 mysql_real_escpae_string bypass SQL Injection
http://cxsecurity.com/issue/WLB-2014120022
+ phpMyAdmin CVE-2014-9219 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/71435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9219
+ phpMyAdmin Long Password Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/71434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9218
JVNDB-2014-000142 DBD::PgPP における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000142.html
UPDATE: VNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
マカフィー、詐欺・迷惑電話を防ぐAndroidスマホアプリを発表
http://itpro.nikkeibp.co.jp/atcl/news/14/120302112/?ST=security
2014年12月3日水曜日
3日 水曜日、先負
+ RHSA-2014:1919 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-1919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1948.html
+ RHSA-2014:1924 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-1924.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1919 Critical: firefox security updat
https://access.redhat.com/errata/RHSA-2014:1919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2014:1948
+ nginx 1.7.8 released
http://nginx.org/en/download.html
+ VMware Player 7.0 released
https://www.vmware.com/support/player/doc/player-70-release-notes.html
+ Linux kernel 3.4.105 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.105
+ OpenVPN Control Channel Packet Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1031277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ LOCAL: Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://www.exploit-db.com/exploits/35440
+ OpenSSH ~/.k5users (RedHat 7) log in as another user
http://cxsecurity.com/issue/WLB-2014120018
+ Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://cxsecurity.com/issue/WLB-2014120014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4404
+ SA62628 OpenVPN / OpenVPN Access Server Control Channel Packet Assertion Denial of Service Vulnerability
http://secunia.com/advisories/62628/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ SA60587 Oracle MySQL OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60587/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
+ SA62491 GNU gettext "get_string()" Integer Overflow Vulnerability
http://secunia.com/advisories/62491/
+ OpenVPN CVE-2014-8104 Denial of Service Vulnerability
http://www.securityfocus.com/bid/71402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ Kingsoft Office CVE-2014-2271 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2271
+ Multiple FUJITSU Products CVE-2014-7253 Unspecified OS Command Injection Vulnerability
http://www.securityfocus.com/bid/71414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7253
+ ARROWS Me F-11D CVE-2014-7254 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7254
+ WhatsApp Denial of Service Vulnerability
http://www.securityfocus.com/bid/71410
UPDATE: JVNDB-2014-000140 LG Electronics 製モバイルアクセスルータにアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000140.html
UPDATE: JVNDB-2014-000139 ARROWS Me F-11D における任意の領域にアクセス可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000139.html
UPDATE: JVNDB-2014-000138 富士通製の複数の Android 端末における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000138.html
JVNDB-2014-000137 Texas Instruments OMAP モバイル・プロセッサの Syslink ドライバにおける複数のデータ検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000137.html
「ソーシャル新人類」の不夜城?10代は何を考えているのか
「エアリプ」で安全圏から言いたい放題、人間関係を壊し処分の対象にも
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/112800019/?ST=security
「ドメイン名ハイジャック」攻撃に残るリスク、企業はどう対処する?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120200120/?ST=security
ベネッセが希望退職300人募集、間接部門人員を半減へ
http://itpro.nikkeibp.co.jp/atcl/news/14/120202096/?ST=security
「セクシー動画の送信は、ネット上で公開するのと同じ」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/14/120202084/?ST=security
Intelがパスワード管理のPasswordBoxを買収、セキュリティ事業を強化
http://itpro.nikkeibp.co.jp/atcl/news/14/120202083/?ST=security
REMOTE: Tincd Post-Authentication Remote TCP Stack Buffer Overflow
http://www.exploit-db.com/exploits/35441
https://rhn.redhat.com/errata/RHSA-2014-1919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1948.html
+ RHSA-2014:1924 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-1924.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1919 Critical: firefox security updat
https://access.redhat.com/errata/RHSA-2014:1919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2014:1948
+ nginx 1.7.8 released
http://nginx.org/en/download.html
+ VMware Player 7.0 released
https://www.vmware.com/support/player/doc/player-70-release-notes.html
+ Linux kernel 3.4.105 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.105
+ OpenVPN Control Channel Packet Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1031277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ LOCAL: Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://www.exploit-db.com/exploits/35440
+ OpenSSH ~/.k5users (RedHat 7) log in as another user
http://cxsecurity.com/issue/WLB-2014120018
+ Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://cxsecurity.com/issue/WLB-2014120014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4404
+ SA62628 OpenVPN / OpenVPN Access Server Control Channel Packet Assertion Denial of Service Vulnerability
http://secunia.com/advisories/62628/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ SA60587 Oracle MySQL OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60587/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
+ SA62491 GNU gettext "get_string()" Integer Overflow Vulnerability
http://secunia.com/advisories/62491/
+ OpenVPN CVE-2014-8104 Denial of Service Vulnerability
http://www.securityfocus.com/bid/71402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104
+ Kingsoft Office CVE-2014-2271 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2271
+ Multiple FUJITSU Products CVE-2014-7253 Unspecified OS Command Injection Vulnerability
http://www.securityfocus.com/bid/71414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7253
+ ARROWS Me F-11D CVE-2014-7254 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7254
+ WhatsApp Denial of Service Vulnerability
http://www.securityfocus.com/bid/71410
UPDATE: JVNDB-2014-000140 LG Electronics 製モバイルアクセスルータにアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000140.html
UPDATE: JVNDB-2014-000139 ARROWS Me F-11D における任意の領域にアクセス可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000139.html
UPDATE: JVNDB-2014-000138 富士通製の複数の Android 端末における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000138.html
JVNDB-2014-000137 Texas Instruments OMAP モバイル・プロセッサの Syslink ドライバにおける複数のデータ検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000137.html
「ソーシャル新人類」の不夜城?10代は何を考えているのか
「エアリプ」で安全圏から言いたい放題、人間関係を壊し処分の対象にも
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/112800019/?ST=security
「ドメイン名ハイジャック」攻撃に残るリスク、企業はどう対処する?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120200120/?ST=security
ベネッセが希望退職300人募集、間接部門人員を半減へ
http://itpro.nikkeibp.co.jp/atcl/news/14/120202096/?ST=security
「セクシー動画の送信は、ネット上で公開するのと同じ」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/14/120202084/?ST=security
Intelがパスワード管理のPasswordBoxを買収、セキュリティ事業を強化
http://itpro.nikkeibp.co.jp/atcl/news/14/120202083/?ST=security
REMOTE: Tincd Post-Authentication Remote TCP Stack Buffer Overflow
http://www.exploit-db.com/exploits/35441
2014年12月2日火曜日
2日 火曜日、友引
+ Mozilla Firefox 34.0.5 released
https://www.mozilla.org/en-US/firefox/34.0.5/releasenotes/
+ Mozilla Thunderbird 31.3 released
https://www.mozilla.org/ja/security/known-vulnerabilities/thunderbird/
+ MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
https://www.mozilla.org/ja/security/advisories/mfsa2014-90/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
+ MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
https://www.mozilla.org/ja/security/advisories/mfsa2014-89/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ MFSA-2014-88 Buffer overflow while parsing media content
https://www.mozilla.org/ja/security/advisories/mfsa2014-88/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
+ MFSA-2014-87 Use-after-free during HTML5 parsing
https://www.mozilla.org/ja/security/advisories/mfsa2014-87/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
+ MFSA-2014-86 CSP leaks redirect data via violation reports
https://www.mozilla.org/ja/security/advisories/mfsa2014-86/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591
+ MFSA-2014-85 XMLHttpRequest crashes with some input streams
https://www.mozilla.org/ja/security/advisories/mfsa2014-85/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
+ MFSA-2014-84 XBL bindings accessible via improper CSS declarations
https://www.mozilla.org/ja/security/advisories/mfsa2014-84/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589
+ MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
https://www.mozilla.org/ja/security/advisories/mfsa2014-83/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588
+ CESA-2014:1912 Moderate CentOS 7 ruby Security Update
http://lwn.net/Alerts/623853/
+ CESA-2014:1911 Moderate CentOS 6 ruby Security Update
http://lwn.net/Alerts/623852/
+ MySQL 5.6.22 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-22.html
+ Samba 4.1.14 Available for Download
http://samba.org/samba/history/samba-4.1.14.html
JVNDB-2014-000136 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000136.html
JVNDB-2014-000135 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html
米CapyがアバターCAPTCHA提供開始、複雑なパズルでリスト型攻撃を抑止
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120100118/?ST=security
トレンドマイクロが家庭向けセキュリティサービス、家族の端末を台数制限なしで保護
http://itpro.nikkeibp.co.jp/atcl/news/14/120102071/?ST=security
ソニーピクチャーズへのサイバー攻撃、北朝鮮が関与か
http://itpro.nikkeibp.co.jp/atcl/news/14/120102067/?ST=security
https://www.mozilla.org/en-US/firefox/34.0.5/releasenotes/
+ Mozilla Thunderbird 31.3 released
https://www.mozilla.org/ja/security/known-vulnerabilities/thunderbird/
+ MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory
https://www.mozilla.org/ja/security/advisories/mfsa2014-90/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
+ MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer
https://www.mozilla.org/ja/security/advisories/mfsa2014-89/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594
+ MFSA-2014-88 Buffer overflow while parsing media content
https://www.mozilla.org/ja/security/advisories/mfsa2014-88/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
+ MFSA-2014-87 Use-after-free during HTML5 parsing
https://www.mozilla.org/ja/security/advisories/mfsa2014-87/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
+ MFSA-2014-86 CSP leaks redirect data via violation reports
https://www.mozilla.org/ja/security/advisories/mfsa2014-86/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1591
+ MFSA-2014-85 XMLHttpRequest crashes with some input streams
https://www.mozilla.org/ja/security/advisories/mfsa2014-85/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
+ MFSA-2014-84 XBL bindings accessible via improper CSS declarations
https://www.mozilla.org/ja/security/advisories/mfsa2014-84/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1589
+ MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)
https://www.mozilla.org/ja/security/advisories/mfsa2014-83/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1588
+ CESA-2014:1912 Moderate CentOS 7 ruby Security Update
http://lwn.net/Alerts/623853/
+ CESA-2014:1911 Moderate CentOS 6 ruby Security Update
http://lwn.net/Alerts/623852/
+ MySQL 5.6.22 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-22.html
+ Samba 4.1.14 Available for Download
http://samba.org/samba/history/samba-4.1.14.html
JVNDB-2014-000136 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000136.html
JVNDB-2014-000135 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000135.html
米CapyがアバターCAPTCHA提供開始、複雑なパズルでリスト型攻撃を抑止
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120100118/?ST=security
トレンドマイクロが家庭向けセキュリティサービス、家族の端末を台数制限なしで保護
http://itpro.nikkeibp.co.jp/atcl/news/14/120102071/?ST=security
ソニーピクチャーズへのサイバー攻撃、北朝鮮が関与か
http://itpro.nikkeibp.co.jp/atcl/news/14/120102067/?ST=security
2014年12月1日月曜日
1日 月曜日、先勝
+ phpMyAdmin 4.2.13 is released
http://sourceforge.net/p/phpmyadmin/news/2014/11/phpmyadmin-4213-is-released/
+ HPSBGN03209 rev.1 - HP Application Lifecycle Management running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04509419&docLocale=ja_JP
+ MySQL 5.5.41 released
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html
+ SA62353 JustSystems Multiple Products Unspecified Code Execution Vulnerability
http://secunia.com/advisories/62353/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7247
+ MantisBT filter API PHP Object Injection
http://cxsecurity.com/issue/WLB-2014110208
+ glibc command execution in wordexp() with WRDE_NOCMD specified
http://cxsecurity.com/issue/WLB-2014110152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817
JVNDB-2014-000141 FAST/TOOLS における XML 外部実体参照処理の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000141.html
世界のセキュリティ・ラボから
ホテルに宿泊するエグゼクティブを狙う脅威「Darkhotel」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/112700021/?ST=security
チェックしておきたい脆弱性情報<2014.12.1>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600030/?ST=security
日立ソリューションズが秘文のコンセプトを一新、「出さない」「見せない」「放さない」
http://itpro.nikkeibp.co.jp/atcl/news/14/112802061/?ST=security
LOCAL: CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation
http://www.exploit-db.com/exploits/35395
2014年11月28日金曜日
28日 金曜日、仏滅
+ HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04511778&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7879
+ ActivePerl 5.20.1.2000 released
http://www.activestate.com/activeperl/downloads
+ SA60229 Yamaha WLX302 Router OpenSSL "tls_decrypt_ticket()" Denial of Service Vulnerability
http://secunia.com/advisories/60229/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
+ SA62542 ClamAV "cli_scanpe()" Buffer Overflow Vulnerability
http://secunia.com/advisories/62542/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050
+ SA60239 Linux Kernel #SS Trap Handling Denial of Service Vulnerability
http://secunia.com/advisories/60239/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
+ SA60043 Kaspersky Security Center OpenSSL Security Issue and Two Vulnerabilities
http://secunia.com/advisories/60043/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
+ MantisBT Captcha System Security Weakness
http://www.securityfocus.com/bid/71321
+ Linux Kernel 'lesspipe' Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/71248
【社長に説明できるセキュリティ】
セキュリティ対策に見えないセキュリティ対策とは
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/111100004/?ST=security
チェックしておきたい脆弱性情報<2014.11.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600029/?ST=security
トレンドマイクロ、標的型攻撃の原因を過去に遡って探る新機能
http://itpro.nikkeibp.co.jp/atcl/news/14/112702048/?ST=security
EU、米国版Google検索にも「忘れられる権利」の適用を迫る指針策定
http://itpro.nikkeibp.co.jp/atcl/news/14/112702043/?ST=security
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04511778&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7879
+ ActivePerl 5.20.1.2000 released
http://www.activestate.com/activeperl/downloads
+ SA60229 Yamaha WLX302 Router OpenSSL "tls_decrypt_ticket()" Denial of Service Vulnerability
http://secunia.com/advisories/60229/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
+ SA62542 ClamAV "cli_scanpe()" Buffer Overflow Vulnerability
http://secunia.com/advisories/62542/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050
+ SA60239 Linux Kernel #SS Trap Handling Denial of Service Vulnerability
http://secunia.com/advisories/60239/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090
+ SA60043 Kaspersky Security Center OpenSSL Security Issue and Two Vulnerabilities
http://secunia.com/advisories/60043/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
+ MantisBT Captcha System Security Weakness
http://www.securityfocus.com/bid/71321
+ Linux Kernel 'lesspipe' Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/71248
【社長に説明できるセキュリティ】
セキュリティ対策に見えないセキュリティ対策とは
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/111100004/?ST=security
チェックしておきたい脆弱性情報<2014.11.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600029/?ST=security
トレンドマイクロ、標的型攻撃の原因を過去に遡って探る新機能
http://itpro.nikkeibp.co.jp/atcl/news/14/112702048/?ST=security
EU、米国版Google検索にも「忘れられる権利」の適用を迫る指針策定
http://itpro.nikkeibp.co.jp/atcl/news/14/112702043/?ST=security
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
2014年11月27日木曜日
27日 木曜日、先負
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2014:1911 Moderate: ruby security update
https://rhn.redhat.com/errata/RHSA-2014-1911.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
+ RHSA-2014:1912 Moderate: ruby security update
https://access.redhat.com/errata/RHSA-2014:1912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
+ HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ SA62180 MantisBT Multiple Vulnerabilities
http://secunia.com/advisories/62180/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9089
+ SA60087 Microsoft Windows Flash Player Vulnerability
http://secunia.com/advisories/60087/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ SA60219 Google Chrome Flash Player Vulnerability
http://secunia.com/advisories/60219/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ SA60217 Adobe Flash Player Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/60217/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ PHP 5.x / Bash Shellshock Proof Of Concept
http://cxsecurity.com/issue/WLB-2014110176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+ PHP 5.6.1 open_basedir exist file check bypass
http://cxsecurity.com/issue/WLB-2014110192
+ Android Settings Pendingintent Leak
http://cxsecurity.com/issue/WLB-2014110189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8609
+ Android SMS Resend
http://cxsecurity.com/issue/WLB-2014110188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8610
+ Android WAPPushManager SQL Injection
http://cxsecurity.com/issue/WLB-2014110187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8507
+ MantisBT 'view_all_set.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/71298
+ Linux Kernel 'espfix64' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71250
+ phpMyAdmin CVE-2014-8959 Local File Include Vulnerability
http://www.securityfocus.com/bid/71247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959
+ phpMyAdmin CVE-2014-8958 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/71243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958
「脅迫ウイルス」が企業の大きな脅威に、業務データを失う恐れ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111800105/?ST=security
ESET製セキュリティ対策ソフトの新版発売、ボットネット対策機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/14/112602033/?ST=security
ソニーピクチャーズにサイバー攻撃か、米メディアが報道
http://itpro.nikkeibp.co.jp/atcl/news/14/112602024/?ST=security
REMOTE: Pandora FMS SQLi Remote Code Execution
http://www.exploit-db.com/exploits/35380
LOCAL: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
http://www.exploit-db.com/exploits/35377
DoS/PoC: Elipse E3 HTTP Denial of Service
http://www.exploit-db.com/exploits/35379
DoS/PoC: Android WAPPushManager - SQL Injection
http://www.exploit-db.com/exploits/35382
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2014:1911 Moderate: ruby security update
https://rhn.redhat.com/errata/RHSA-2014-1911.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
+ RHSA-2014:1912 Moderate: ruby security update
https://access.redhat.com/errata/RHSA-2014:1912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
+ HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ SA62180 MantisBT Multiple Vulnerabilities
http://secunia.com/advisories/62180/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9089
+ SA60087 Microsoft Windows Flash Player Vulnerability
http://secunia.com/advisories/60087/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ SA60219 Google Chrome Flash Player Vulnerability
http://secunia.com/advisories/60219/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ SA60217 Adobe Flash Player Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/60217/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439
+ PHP 5.x / Bash Shellshock Proof Of Concept
http://cxsecurity.com/issue/WLB-2014110176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+ PHP 5.6.1 open_basedir exist file check bypass
http://cxsecurity.com/issue/WLB-2014110192
+ Android Settings Pendingintent Leak
http://cxsecurity.com/issue/WLB-2014110189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8609
+ Android SMS Resend
http://cxsecurity.com/issue/WLB-2014110188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8610
+ Android WAPPushManager SQL Injection
http://cxsecurity.com/issue/WLB-2014110187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8507
+ MantisBT 'view_all_set.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/71298
+ Linux Kernel 'espfix64' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71250
+ phpMyAdmin CVE-2014-8959 Local File Include Vulnerability
http://www.securityfocus.com/bid/71247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959
+ phpMyAdmin CVE-2014-8958 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/71243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958
「脅迫ウイルス」が企業の大きな脅威に、業務データを失う恐れ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111800105/?ST=security
ESET製セキュリティ対策ソフトの新版発売、ボットネット対策機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/14/112602033/?ST=security
ソニーピクチャーズにサイバー攻撃か、米メディアが報道
http://itpro.nikkeibp.co.jp/atcl/news/14/112602024/?ST=security
REMOTE: Pandora FMS SQLi Remote Code Execution
http://www.exploit-db.com/exploits/35380
LOCAL: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
http://www.exploit-db.com/exploits/35377
DoS/PoC: Elipse E3 HTTP Denial of Service
http://www.exploit-db.com/exploits/35379
DoS/PoC: Android WAPPushManager - SQL Injection
http://www.exploit-db.com/exploits/35382
登録:
投稿 (Atom)