+ CESA-2014:0103 Moderate CentOS 6 libvirt Update
http://lwn.net/Alerts/583123/
+ Linux kernel 3.13.1, 3.4.78 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.78
+ RHSA-2014:0108 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0108.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494
+ curl and libcurl 7.35.0 released
http://curl.haxx.se/changes.html#7_35_0
+ libcurl re-use of wrong HTTP NTLM connection
http://curl.haxx.se/docs/adv_20140129.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
+ OpenSSH J-PAKE protocol remote memory corruption
http://cxsecurity.com/issue/WLB-2014010209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692
+ Linux Kernel netfilter nf_nat leakage of uninitialized buffer in IRC NAT
http://cxsecurity.com/issue/WLB-2014010204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1690
+ REMOTE: Oracle Forms and Reports 11.1 - Remote Exploit
http://www.exploit-db.com/exploits/31253
+ OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692
Sophos SafeGuard Disk Encryption for Mac - Compatibility with OS X 10.8 (Mountain Lion)
http://www.sophos.com/en-us/support/knowledgebase/118132.aspx
米政府と米技術企業が透明性向上で一部合意---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140129/533090/?ST=security
REMOTE: Simple E-Document Arbitrary File Upload
http://www.exploit-db.com/exploits/31264
2014年1月30日木曜日
2014年1月29日水曜日
29日 水曜日、仏滅
+ RHSA-2014:0103 Moderate: libvirt security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0103.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447
+ Opera 19 released
http://www.opera.com/docs/changelogs/unified/1900/
+ CESA-2014:0097 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/582867/
+ CESA-2014:0097 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/582866/
+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
+ OpenLDAP 2.4.39 released
http://www.openldap.org/software/download/
+ Google Chrome Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650
+ SA56649 Opera Unspecified Vulnerabilities
http://secunia.com/advisories/56649/
+ Mozilla Thunderbird Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/65158
+ IBM Lotus Quickr for Domino ActiveX Control CVE-2013-6749 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/65193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6749
+ IBM Lotus Quickr for Domino ActiveX Control CVE-2013-6748 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/65191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6748
+ Linux Kernel 'nf_nat_irc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/65180
Trend Micro Portable Security 2 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2069
エプソンがFFRIのマルウエア自動解析ソフトを採用、製品付属ソフトなどの検査に活用
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532885/?ST=security
フォーティネットが標的型攻撃対策アプライアンスを日本で発売
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532822/?ST=security
NSAとGCHQはスマホアプリから個人情報を入手可能---海外メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532742/?ST=security
JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
JVNVU#95235528 Mozilla Thunderbird にメッセージ内の HTML 要素を適切にブロックしない脆弱性
http://jvn.jp/vu/JVNVU95235528/
VU#686662 Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
http://www.kb.cert.org/vuls/id/686662
http://rhn.redhat.com/errata/RHSA-2014-0103.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1447
+ Opera 19 released
http://www.opera.com/docs/changelogs/unified/1900/
+ CESA-2014:0097 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/582867/
+ CESA-2014:0097 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/582866/
+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
+ OpenLDAP 2.4.39 released
http://www.openldap.org/software/download/
+ Google Chrome Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650
+ SA56649 Opera Unspecified Vulnerabilities
http://secunia.com/advisories/56649/
+ Mozilla Thunderbird Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/65158
+ IBM Lotus Quickr for Domino ActiveX Control CVE-2013-6749 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/65193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6749
+ IBM Lotus Quickr for Domino ActiveX Control CVE-2013-6748 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/65191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6748
+ Linux Kernel 'nf_nat_irc.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/65180
Trend Micro Portable Security 2 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2069
エプソンがFFRIのマルウエア自動解析ソフトを採用、製品付属ソフトなどの検査に活用
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532885/?ST=security
フォーティネットが標的型攻撃対策アプライアンスを日本で発売
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532822/?ST=security
NSAとGCHQはスマホアプリから個人情報を入手可能---海外メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140128/532742/?ST=security
JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
JVNVU#95235528 Mozilla Thunderbird にメッセージ内の HTML 要素を適切にブロックしない脆弱性
http://jvn.jp/vu/JVNVU95235528/
VU#686662 Fail2ban postfix and cyrus-imap filters contain denial-of-service vulnerabilities
http://www.kb.cert.org/vuls/id/686662
2014年1月28日火曜日
28日 火曜日、先負
+ RHSA-2014:0097 Important: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
+ CESA-2014:X003 Moderate Xen4CentOS kernel Security Update
http://lwn.net/Alerts/582658/
+ CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update
http://lwn.net/Alerts/582659/
+ CESA-2014:X002 Moderate Xen4CentOS xen Security Update
http://lwn.net/Alerts/582660/
+ Google Chrome 32.0.1700.102 released
http://googlechromereleases.blogspot.jp/2014/01/stable-channel-update_27.html
+ OpenLDAP 2.4.38 released
http://www.openldap.org/software/download/
+ DoS/PoC: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC
http://www.exploit-db.com/exploits/31222
+ DoS/PoC: Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass
http://www.exploit-db.com/exploits/31223
+ Mozilla Bug Bounty WireTap Remote Web Vulnerabilitycv
http://cxsecurity.com/issue/WLB-2014010189
+ Google Chrome CVE-2013-6650 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650
+ Google Chrome CVE-2013-6649 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/65168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649
迷惑/詐欺メール検索エンジン TMASE 7.5 (ビルド 1017) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2059
ServerProtect for Linux 3.0 Service Pack 1 Patch 5 (build 1396) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2068
2014年下半期(7月~12月)のサポートサービス終了予定製品のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2067
JVNDB-2014-000011 三四郎シリーズにおいて任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000011.html
JVNDB-2014-000010 サイボウズ ガルーン における複数の SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000010.html
チェックしておきたい脆弱性情報<2014.01.28>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140127/532449/?ST=security
「不足するセキュリティ人材は社内で育成」、NRIセキュア調査
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532603/?ST=security
小泉元首相がTwitter再開? 「やっぱり、やることにしました」と投稿
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532584/?ST=security
半数の企業はパッチ適用状況を未確認、IPAがセキュリティ被害調査の報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532483/?ST=security
「GOM Player」によるウイルス感染、原因はアップデートサーバーへの不正アクセス
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532403/?ST=security
VU#863369 Mozilla Thunderbird does not adequately restrict HTML elements in email message content
http://www.kb.cert.org/vuls/id/863369
http://rhn.redhat.com/errata/RHSA-2014-0097.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
+ CESA-2014:X003 Moderate Xen4CentOS kernel Security Update
http://lwn.net/Alerts/582658/
+ CESA-2014:X001 Moderate Xen4CentOS libvirt Security Update
http://lwn.net/Alerts/582659/
+ CESA-2014:X002 Moderate Xen4CentOS xen Security Update
http://lwn.net/Alerts/582660/
+ Google Chrome 32.0.1700.102 released
http://googlechromereleases.blogspot.jp/2014/01/stable-channel-update_27.html
+ OpenLDAP 2.4.38 released
http://www.openldap.org/software/download/
+ DoS/PoC: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC
http://www.exploit-db.com/exploits/31222
+ DoS/PoC: Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass
http://www.exploit-db.com/exploits/31223
+ Mozilla Bug Bounty WireTap Remote Web Vulnerabilitycv
http://cxsecurity.com/issue/WLB-2014010189
+ Google Chrome CVE-2013-6650 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6650
+ Google Chrome CVE-2013-6649 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/65168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6649
迷惑/詐欺メール検索エンジン TMASE 7.5 (ビルド 1017) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2059
ServerProtect for Linux 3.0 Service Pack 1 Patch 5 (build 1396) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2068
2014年下半期(7月~12月)のサポートサービス終了予定製品のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2067
JVNDB-2014-000011 三四郎シリーズにおいて任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000011.html
JVNDB-2014-000010 サイボウズ ガルーン における複数の SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000010.html
チェックしておきたい脆弱性情報<2014.01.28>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140127/532449/?ST=security
「不足するセキュリティ人材は社内で育成」、NRIセキュア調査
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532603/?ST=security
小泉元首相がTwitter再開? 「やっぱり、やることにしました」と投稿
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532584/?ST=security
半数の企業はパッチ適用状況を未確認、IPAがセキュリティ被害調査の報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532483/?ST=security
「GOM Player」によるウイルス感染、原因はアップデートサーバーへの不正アクセス
http://itpro.nikkeibp.co.jp/article/NEWS/20140127/532403/?ST=security
VU#863369 Mozilla Thunderbird does not adequately restrict HTML elements in email message content
http://www.kb.cert.org/vuls/id/863369
2014年1月27日月曜日
27日 月曜日、友引
+ phpMyAdmin 4.1.6 is released
http://sourceforge.net/p/phpmyadmin/news/2014/01/phpmyadmin-416-is-released/
+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
+ Linux kernel 3.12.9, 3.10.28 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.9
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.28
+ HS14-004 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-004/index.html
+ HS14-004 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-004/index.html
+ SA56630 Apple Pages Microsoft Word Document Double Free Vulnerability
http://secunia.com/advisories/56630/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1252
+ SA56615 Apple Pages for iOS Microsoft Word Document Double Free Vulnerability
http://secunia.com/advisories/56615/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1252
JVNDB-2014-000009 OpenPNE において任意の PHP コードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000009.html
JVNDB-2014-000008 SimZip (Simple Zip Viewer) におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000008.html
セキュリティ・ホットトピックス
悪用される時刻同期(NTP)サーバー、新手のDDoS攻撃で“加害者”になるおそれも
http://itpro.nikkeibp.co.jp/article/COLUMN/20140122/531463/?ST=security
チェック・ポイントのセキュリティ機器、Baidu IMEの通信制御が容易に
http://itpro.nikkeibp.co.jp/article/NEWS/20140124/532102/?ST=security
ITproまとめ
認証連携
http://itpro.nikkeibp.co.jp/article/COLUMN/20140122/531443/?ST=security
角川のWebサイト改ざん事件で明らかになった“ハッカーの狙いは日本人”
http://itpro.nikkeibp.co.jp/article/COLUMN/20140123/531704/?ST=security
詐欺の「スマート化」と「クリープウエア」の進化、今年の個人向け攻撃を予測する
http://itpro.nikkeibp.co.jp/article/COLUMN/20140120/531049/?ST=security
JVN#51770585 EC-CUBE における情報漏えいの脆弱性
http://jvn.jp/jp/JVN51770585/
JVN#17849447 EC-CUBE における情報改ざんの脆弱性
http://jvn.jp/jp/JVN17849447/
JVN#06377589 EC-CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN06377589/
JVN#55630933 EC-CUBE における情報漏えいの脆弱性
http://jvn.jp/jp/JVN55630933/
JVN#06870202 EC-CUBE における情報漏えいの脆弱性
http://jvn.jp/jp/JVN06870202/
REMOTE: Daum Game 1.1.0.5 ActiveX (IconCreate Method) - Stack Buffer Overflow
http://www.exploit-db.com/exploits/31179
REMOTE: HP Data Protector Backup Client Service Directory Traversal
http://www.exploit-db.com/exploits/31181
LOCAL: Ammyy Admin 3.2 - Authentication Bypass
http://www.exploit-db.com/exploits/31182
DoS/PoC: NCH Software Express Burn Plus 4.68 (.EBP) Project File Buffer Overflow
http://www.exploit-db.com/exploits/31168
DoS/PoC: MW6 Technologies Aztec ActiveX (Data param) - Buffer Overflow
http://www.exploit-db.com/exploits/31176
DoS/PoC: MW6 Technologies DataMatrix ActiveX (Data param) - Buffer Overflow
http://www.exploit-db.com/exploits/31177
DoS/PoC: MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow
http://www.exploit-db.com/exploits/31178
2014年1月24日金曜日
24日 金曜日、大安
+ Security update available for Adobe Digital Editions
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0494
+ Sysstat 10.2.1 released (stable version)
http://sebastien.godard.pagesperso-orange.fr/
+ Apple iTunes Tutorials Non-Secure Connection Lets Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1242
InterScan Messaging Security Suite 7.1 Linux Service Pack 1 build 15890 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2066
国境を超える性的虐待と戦う、青少年保護に欠かせない国際的な協調策
http://itpro.nikkeibp.co.jp/article/COLUMN/20140116/530222/?ST=security
世界のセキュリティ・ラボから日経コミュニケーション
エネルギーセクターを狙ったサイバー攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531203/?ST=security
もんじゅウイルス混入の原因か? ラックが韓国製動画再生ソフトのアップデートでウイルス確認
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531902/?ST=security
「パケット再構築不要のDPIならコアを増やせば性能が上がる」、デルが自社UTMをアピール
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531802/?ST=security
スマホアプリの「プライバシーポリシー」、適切な場所への掲載は日本が49カ国中45位
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531763/?ST=security
Google Chromeにパソコンを盗聴器に変える脆弱性、---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531742/?ST=security
米国ヤングアダルトの約6割がSnowden容疑者を支持---米調査
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531724/?ST=security
VU#405942 CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/405942
VU#105686 Thecus NAS Server N8800 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/105686
VU#869702 Avanset Visual CertExam Manager 3.3 SQL injection vulnerability
http://www.kb.cert.org/vuls/id/869702
VU#168751 Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain a directory traversal vulnerability
http://www.kb.cert.org/vuls/id/168751
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0494
+ Sysstat 10.2.1 released (stable version)
http://sebastien.godard.pagesperso-orange.fr/
+ Apple iTunes Tutorials Non-Secure Connection Lets Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1242
InterScan Messaging Security Suite 7.1 Linux Service Pack 1 build 15890 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2066
国境を超える性的虐待と戦う、青少年保護に欠かせない国際的な協調策
http://itpro.nikkeibp.co.jp/article/COLUMN/20140116/530222/?ST=security
世界のセキュリティ・ラボから日経コミュニケーション
エネルギーセクターを狙ったサイバー攻撃
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531203/?ST=security
もんじゅウイルス混入の原因か? ラックが韓国製動画再生ソフトのアップデートでウイルス確認
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531902/?ST=security
「パケット再構築不要のDPIならコアを増やせば性能が上がる」、デルが自社UTMをアピール
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531802/?ST=security
スマホアプリの「プライバシーポリシー」、適切な場所への掲載は日本が49カ国中45位
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531763/?ST=security
Google Chromeにパソコンを盗聴器に変える脆弱性、---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531742/?ST=security
米国ヤングアダルトの約6割がSnowden容疑者を支持---米調査
http://itpro.nikkeibp.co.jp/article/NEWS/20140123/531724/?ST=security
VU#405942 CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/405942
VU#105686 Thecus NAS Server N8800 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/105686
VU#869702 Avanset Visual CertExam Manager 3.3 SQL injection vulnerability
http://www.kb.cert.org/vuls/id/869702
VU#168751 Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain a directory traversal vulnerability
http://www.kb.cert.org/vuls/id/168751
2014年1月23日木曜日
23日 木曜日、仏滅
+ About the security content of iTunes 11.1.4
http://support.apple.com/kb/HT6001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
+ Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0660
+ Cisco TelePresence System Software Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0661
+ Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0662
Check Point response to Session Authentication Agent vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98263&src=securityAlerts
JVNDB-2014-000006 EC-CUBE における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000006.html
JVNDB-2014-000005 EC-CUBE における情報改ざんの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000005.html
JVNDB-2014-000007 Sleipnir Mobile for Android における位置情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000007.html
ソフトウェア等の脆弱性関連情報に関する届出状況[2013年第4四半期(10月~12月)]
http://www.ipa.go.jp/security/vuln/report/vuln2013q4.html
チェックしておきたい脆弱性情報<2014.01.23>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531206/?ST=security
ドイツで約1600万人分のアカウント情報流出---海外メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140122/531482/?ST=security
http://support.apple.com/kb/HT6001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
+ Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0660
+ Cisco TelePresence System Software Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-cts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0661
+ Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0662
Check Point response to Session Authentication Agent vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98263&src=securityAlerts
JVNDB-2014-000006 EC-CUBE における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000006.html
JVNDB-2014-000005 EC-CUBE における情報改ざんの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000005.html
JVNDB-2014-000007 Sleipnir Mobile for Android における位置情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000007.html
ソフトウェア等の脆弱性関連情報に関する届出状況[2013年第4四半期(10月~12月)]
http://www.ipa.go.jp/security/vuln/report/vuln2013q4.html
チェックしておきたい脆弱性情報<2014.01.23>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531206/?ST=security
ドイツで約1600万人分のアカウント情報流出---海外メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140122/531482/?ST=security
2014年1月22日水曜日
22日 水曜日、先負
+ CESA-2014:0044 Moderate CentOS 6 augeas Update
http://lwn.net/Alerts/581503/
+ CESA-2014:0043 Moderate CentOS 6 bind Update
http://lwn.net/Alerts/581504/
+ Linux kernel 3.13 released
https://www.kernel.org/pub/
+ Red Hat Enterprise Virtualization Manager Insecure SPICE Connection Lets Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6434
+ Perl module MARC::File::XML XXE
http://cxsecurity.com/issue/WLB-2014010138
DB Doc for PostgreSQL released
http://www.postgresql.org/about/news/1500/
世界のセキュリティ・ラボから日経コミュニケーション
広がるモバイル決済、広がるモバイル脅威
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531202/?ST=security
年明けから三菱東京UFJのフィッシングメールが出回る、偽サイトはいまだ存在
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531263/?ST=security
小泉元首相の“なりすまし”アカウントは削除、細川元首相は“本人”
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531282/?ST=security
2013年の脆弱なパスワードランキング、ワースト1は「123456」
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531122/?ST=security
Nest Labs、プライバシーに関するコメントで懸念払拭へ---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531102/?ST=security
JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
JVNVU#97549992 MW6 Technologies の ActiveX コントロールに複数の脆弱性
http://jvn.jp/vu/JVNVU97549992/
http://lwn.net/Alerts/581503/
+ CESA-2014:0043 Moderate CentOS 6 bind Update
http://lwn.net/Alerts/581504/
+ Linux kernel 3.13 released
https://www.kernel.org/pub/
+ Red Hat Enterprise Virtualization Manager Insecure SPICE Connection Lets Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6434
+ Perl module MARC::File::XML XXE
http://cxsecurity.com/issue/WLB-2014010138
DB Doc for PostgreSQL released
http://www.postgresql.org/about/news/1500/
世界のセキュリティ・ラボから日経コミュニケーション
広がるモバイル決済、広がるモバイル脅威
http://itpro.nikkeibp.co.jp/article/COLUMN/20140121/531202/?ST=security
年明けから三菱東京UFJのフィッシングメールが出回る、偽サイトはいまだ存在
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531263/?ST=security
小泉元首相の“なりすまし”アカウントは削除、細川元首相は“本人”
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531282/?ST=security
2013年の脆弱なパスワードランキング、ワースト1は「123456」
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531122/?ST=security
Nest Labs、プライバシーに関するコメントで懸念払拭へ---米メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140121/531102/?ST=security
JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
JVNVU#97549992 MW6 Technologies の ActiveX コントロールに複数の脆弱性
http://jvn.jp/vu/JVNVU97549992/
2014年1月21日火曜日
21日 火曜日、友引
+ RHSA-2014:0043 Moderate: bind security update
http://rhn.redhat.com/errata/RHSA-2014-0043.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
+ RHSA-2014:0044 Moderate: augeas security update
http://rhn.redhat.com/errata/RHSA-2014-0044.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
+ 「NTPに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp348126.html
+ FreeBSD 10.0-RELEASE released
http://www.freebsd.org/releases/10.0R/announce.html
+ Linux Kernel 3.11.6 ioctl call local sensitive information
http://cxsecurity.com/issue/WLB-2014010123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
+ Linux Kernel 3.11.6 CAP_NET_ADMIN local sensitive information
http://cxsecurity.com/issue/WLB-2014010124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
ウイルスバスター コーポレートエディション 10.6 Service Pack 2 Critical patch (ビルド 3489) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2061
富士通がセキュリティ製品やサービスを新たに体系化、専門組織の立ち上げも
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530957/?ST=security
テレビや冷蔵庫などスマート家電から大量不正メール送信、米社が確認
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530845/?ST=security
米政府、NSAの情報収集活動の改革案を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530822/?ST=security
UPDATE: JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
UPDATE: JVNVU#95569358 Dell の複数製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95569358/
VU#219470 MW6 Technologies ActiveX controls contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/219470
REMOTE: MuPDF 1.3 - Stack-based Buffer Overflow in xps_parse_color()
http://www.exploit-db.com/exploits/31090
http://rhn.redhat.com/errata/RHSA-2014-0043.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
+ RHSA-2014:0044 Moderate: augeas security update
http://rhn.redhat.com/errata/RHSA-2014-0044.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6412
+ 「NTPに関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp348126.html
+ FreeBSD 10.0-RELEASE released
http://www.freebsd.org/releases/10.0R/announce.html
+ Linux Kernel 3.11.6 ioctl call local sensitive information
http://cxsecurity.com/issue/WLB-2014010123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
+ Linux Kernel 3.11.6 CAP_NET_ADMIN local sensitive information
http://cxsecurity.com/issue/WLB-2014010124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
ウイルスバスター コーポレートエディション 10.6 Service Pack 2 Critical patch (ビルド 3489) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2061
富士通がセキュリティ製品やサービスを新たに体系化、専門組織の立ち上げも
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530957/?ST=security
テレビや冷蔵庫などスマート家電から大量不正メール送信、米社が確認
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530845/?ST=security
米政府、NSAの情報収集活動の改革案を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140120/530822/?ST=security
UPDATE: JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/
UPDATE: JVNVU#95569358 Dell の複数製品にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95569358/
VU#219470 MW6 Technologies ActiveX controls contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/219470
REMOTE: MuPDF 1.3 - Stack-based Buffer Overflow in xps_parse_color()
http://www.exploit-db.com/exploits/31090
2014年1月20日月曜日
20日 月曜日、先勝
+ phpMyAdmin 4.1.5 is released
http://sourceforge.net/p/phpmyadmin/news/2014/01/phpmyadmin-415-is-released/
+ HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04085336-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
http://www.vmware.com/security/advisories/VMSA-2014-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1211
+ HS14-003 Issue with Random Number Generation Algorithm in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-003/index.html
+ HS14-002 Issue with Random Number Generation Algorithm in Cosminexus Developer's Kit for Java(TM)
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-002/index.html
+ HS14-001 A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-001/index.html
+ HS14-003 Cosminexus HTTP Server, Hitachi Web Serverにおける乱数生成アルゴリズムの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-003/index.html
+ HS14-002 Cosminexus Developer's Kit for Java(TM)における乱数生成アルゴリズムの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-002/index.html
+ HS14-001 Hitachi Device Manager Softwareに同梱されているHost Data CollectorにてCPUを不当に占有する問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-001/index.html
+ Postfix 2.11 Patchlevel 0 released
http://www.postfix.org/announcements/postfix-2.11.0.html
+ VU#122582 Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks
http://www.kb.cert.org/vuls/id/122582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3594
パスワードマネージャー PC版プログラムアップデートのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2060
定期サーバメンテナンスのお知らせ(2014/1/24)
http://app.trendmicro.co.jp/support/news.asp?id=2064
InterScan Web Security Suite 5.6 Linux Service Pack 1 (build 1062) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2057
KADOKAWAのWebサイト改ざんが判明、閲覧者はデータを詐取される可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20140117/530515/?ST=security
http://sourceforge.net/p/phpmyadmin/news/2014/01/phpmyadmin-415-is-released/
+ HPSBUX02961 SSRT101420 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04085336-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
http://www.vmware.com/security/advisories/VMSA-2014-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1211
+ HS14-003 Issue with Random Number Generation Algorithm in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-003/index.html
+ HS14-002 Issue with Random Number Generation Algorithm in Cosminexus Developer's Kit for Java(TM)
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-002/index.html
+ HS14-001 A Problem of CPU Consumption in Host Data Collector bundled with Hitachi Device Manager Software
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-001/index.html
+ HS14-003 Cosminexus HTTP Server, Hitachi Web Serverにおける乱数生成アルゴリズムの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-003/index.html
+ HS14-002 Cosminexus Developer's Kit for Java(TM)における乱数生成アルゴリズムの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-002/index.html
+ HS14-001 Hitachi Device Manager Softwareに同梱されているHost Data CollectorにてCPUを不当に占有する問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-001/index.html
+ Postfix 2.11 Patchlevel 0 released
http://www.postfix.org/announcements/postfix-2.11.0.html
+ VU#122582 Dell PowerConnect 3348, 3524p, and 5324 switches are vulnerable to denial-of-service attacks
http://www.kb.cert.org/vuls/id/122582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3594
パスワードマネージャー PC版プログラムアップデートのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2060
定期サーバメンテナンスのお知らせ(2014/1/24)
http://app.trendmicro.co.jp/support/news.asp?id=2064
InterScan Web Security Suite 5.6 Linux Service Pack 1 (build 1062) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2057
KADOKAWAのWebサイト改ざんが判明、閲覧者はデータを詐取される可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20140117/530515/?ST=security
2014年1月17日金曜日
17日 金曜日、仏滅
+ Linux kernel 3.12.8 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
+ Google Chrome 32.0.1700.76 released
http://googlechromereleases.blogspot.jp/2014/01/stable-channel-update.html
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652
+ Postfix 2.10.3, 2.9.9, 2.8.17, 2.7.16 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.9.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.17.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.16.HISTORY
+ Google Chrome Prior to 32.0.1700.76 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/64805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6646
[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020
マイクロソフト、Windows XP向けセキュリティ製品を2015月7月までサポート
http://itpro.nikkeibp.co.jp/article/NEWS/20140116/530327/?ST=security
UPDATE: JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/cert/JVNVU96176042/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.8
+ Google Chrome 32.0.1700.76 released
http://googlechromereleases.blogspot.jp/2014/01/stable-channel-update.html
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2916652) 不適切に発行されたデジタル証明書により、なりすましが行われる
http://technet.microsoft.com/ja-jp/security/advisory/2916652
+ Postfix 2.10.3, 2.9.9, 2.8.17, 2.7.16 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.9.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.17.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.16.HISTORY
+ Google Chrome Prior to 32.0.1700.76 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/64805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6646
[更新]ダメージクリーンナップエンジン 7.1 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2020
マイクロソフト、Windows XP向けセキュリティ製品を2015月7月までサポート
http://itpro.nikkeibp.co.jp/article/NEWS/20140116/530327/?ST=security
UPDATE: JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/cert/JVNVU96176042/
2014年1月16日木曜日
16日 木曜日、先負
+ RHSA-2014:0026 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2014-0026.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
+ APSB14-02 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0492
+ CESA-2014:0026 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/580547/
+ CESA-2014:0027 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/580548/
+ Multiple Vulnerabilities in Cisco Secure Access Control System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
+ HPSBUX02960 SSRT101419 rev.1 - HP-UX Running NTP, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04084148-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
+ Linux kernel 3.10.27, 3.4.77 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.77
+ CVE-2009-0179 Denial of Service(DoS) vulnerability in Libmikmod
https://blogs.oracle.com/sunsecurity/entry/cve_2009_0179_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0179
+ Multiple Buffer Errors vulnerability in LibProxy
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerability_in1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4505
+ CVE-2013-4232 Resource Management Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4232_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232
+ CVE-2013-4231 Buffer overflow vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4231_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231
+ CVE-2013-4123 Input Validation vulnerability in Squid
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4123_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4123
+ Multiple vulnerabilities in Kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_kerberos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
+ Multiple vulnerabilities in Ruby
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ruby1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
+ CVE-2012-0870 Buffer overflow vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0870_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
+ CVE-2013-4475 Access control vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4475_access_control
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475
+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139
+ Multiple vulnerabilities in libxslt
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libxslt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
+ CVE-2011-3970 Denial of Service (DoS) vulnerability in libxslt
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3970_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970
+ Oracle Critical Patch Update Advisory - January 2014
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+ UPDATE: Microsoft Security Advisory (2916652) Improperly Issued Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2916652
+ UPDATE: Microsoft Security Advisory (2914486) Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege
http://technet.microsoft.com/en-us/security/advisory/2914486
+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
http://technet.microsoft.com/en-us/security/advisory/2755801
+ 2014 年 1 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms14-jan
+ MS14-001 - 重要 Microsoft Word および Office Web Apps の脆弱性により、リモートでコードが実行される (2916605)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-001
+ MS14-002 - 重要 Windows カーネルの脆弱性により、特権が昇格される (2914368)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5065
+ MS14-003 - 重要 Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (2913602)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0262
+ MS14-004 - 重要 Microsoft Dynamics AX の脆弱性により、サービス拒否が起こる (2880826)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0261
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2914486) Microsoft Windows カーネルの脆弱性により、特権が昇格される
http://technet.microsoft.com/ja-jp/security/advisory/2914486
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ RHSA-2014:0027 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2014-0027.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0428
+ Java SE 7u51 released
http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html
+ FreeBSD-SA-14:04.bind BIND remote denial of service vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:04.bind.asc
+ FreeBSD-SA-14:03.openssl OpenSSL multiple vulnerabilities
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:03.openssl.asc
+ FreeBSD-SA-14:02.ntpd ntpd distributed reflection Denial of Service vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc
+ FreeBSD-SA-14:01.bsnmpd bsnmpd remote denial of service vulnerability
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:01.bsnmpd.asc
+ Sudo 1.8.9p4 released
http://www.sudo.ws/sudo/stable.html#1.8.9p4
+ Linux Kernel AMD restore_fpu_checking() Bug Lets Local Users Deny Service or Potentially Obtain Root Privileges
http://www.securitytracker.com/id/1029592
+ ISC BIND 9.8/9.9 Remote DoS
http://cxsecurity.com/issue/WLB-2014010090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
+ SA56282 Linux Kernel "ieee80211_radiotap_iterator_init()" Denial of Service Vulnerability
http://secunia.com/advisories/56282/
+ Linux Kernel 'hamradio/yam.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/64954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
+ Linux Kernel 'wanxl.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/64953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
+ Linux Kernel 'farsync.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/64952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
+ Linux Kernel 'ieee80211_radiotap_iterator_init()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/64800
Anti-Spoofing might be enforced incorrectly in specific scenarios on R75.47 Security Gateway
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98087&src=securityAlerts
[更新]ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2006
Calendar of release dates for forthcoming versions of Sophos Anti-Virus
http://www.sophos.com/en-us/support/knowledgebase/120189.aspx
オールインワンのバックアップアプライアンスだからこそ重宝がられている
シマンテック セールスエンジニアリング本部 GBソリューションSE部
プリンシパルセールスエンジニア 伊吹山 正郁氏
http://itpro.nikkeibp.co.jp/article/Interview/20140115/529762/?ST=security
パロアルトがマルウエア検知サンドボックスを強化、実行形式だけでなくオフィス文書も検査
http://itpro.nikkeibp.co.jp/article/NEWS/20140115/529885/?ST=security
縁マーケティング研究所、擬似マルウエア作成ツールや標的型メール訓練の実施手順をキット化
http://itpro.nikkeibp.co.jp/article/NEWS/20140114/529686/?ST=security
Baidu IME(バイドゥ IME)
http://itpro.nikkeibp.co.jp/article/COLUMN/20140114/529645/?ST=security
JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/cert/JVNVU96176042/index.html
REMOTE: SoapUI 4.6.3 - Remote Code Execution
http://www.exploit-db.com/exploits/30908
REMOTE: SerComm Device Remote Code Execution
http://www.exploit-db.com/exploits/30915
2014年1月14日火曜日
14日 火曜日、先勝
+ RHSA-2014:0018 Important: libXfont security update
http://rhn.redhat.com/errata/RHSA-2014-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
+ Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
+ CESA-2014:0018 Important CentOS 5 libXfont Update
http://lwn.net/Alerts/579914/
+ CESA-2014:0018 Important CentOS 6 libXfont Update
http://lwn.net/Alerts/579915/
+ BIND 9.9.4-P2, 9.8.6-P2 released
http://ftp.isc.org/isc/bind9/9.9.4-P2/RELEASE-NOTES-BIND-9.9.4-P2.txt
http://ftp.isc.org/isc/bind9/9.8.6-P2/RELEASE-NOTES-BIND-9.8.6-P2.txt
+ CVE-2014-0591: FAQ and Supplemental Information
https://kb.isc.org/article/AA-01085
+ CVE-2014-0591: A Crafted Query Against an NSEC3-signed Zone Can Crash BIND
https://kb.isc.org/article/AA-01078
+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
+ SYM14-001 セキュリティ アドバイザリー - Symantec Endpoint Protection における特権取得、ポリシーのバイパス、ローカルでの特権昇格の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Zimbra Collaboration Suite Open Source Edition 8.0.6, 7.2.6 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf
+ Tomcat 7.0.50 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ PHP 5.5.8, 5.4.24 released
http://www.php.net/ChangeLog-5.php#5.5.8
http://www.php.net/ChangeLog-5.php#5.4.24
+ Samba 4.1.4 Available for Download
http://samba.org/samba/history/samba-4.1.4.html
+ Sudo 1.8.9p3 released
http://www.sudo.ws/sudo/stable.html#1.8.9p3
+ ISC BIND NSEC3-signed Zone Query Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
+ Juniper Junos XNM Command Processor Lets Remote Users Consume Excessive Memory on the Target System
http://www.securitytracker.com/id/1029586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0613
+ Juniper Junos CLI Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615
+ Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618
+ Juniper Junos Branch SRX Series IP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617
+ Juniper Junos BGP Update Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616
+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073
+ OpenSSL 1.0.1e NULL Pointer dereference DoS
http://cxsecurity.com/issue/WLB-2014010068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ SA56406 Linux Kernel "restore_fpu_checking()" Denial of Service Vulnerability
http://secunia.com/advisories/56406/
+ SA56394 McAfee Vulnerability Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/56394/
+ Juniper Junos CVE-2014-0618 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618
+ Juniper Junos CVE-2014-0616 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616
+ Juniper Junos 'SRX Series Services' Gateway Denial of Service Vulnerability
http://www.securityfocus.com/bid/64764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617
+ Juniper Junos CVE-2014-0615 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/64762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615
JVNDB-2014-000004 NeoFiler におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000004.html
JVNDB-2014-000003 セキュリティーファイルマネージャーにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000003.html
JVNDB-2014-000002 tetra filer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000002.html
JVNDB-2014-000001 aokitaka 製 解凍ツールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000001.html
Webサイトの改ざんが1年で6000件超
事後対応の体制作りが急務
http://itpro.nikkeibp.co.jp/article/COLUMN/20140110/529283/?ST=security
MOTEX、エージェント型Webアクセス監視にURLフィルタオプションを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529363/?ST=security
Snapchat、「Find Friends」機能の問題に対処したアップデートをリリース
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529182/?ST=security
世界のセキュリティ・ラボから日経コミュニケーション
メタデータに埋め込まれたマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20140106/528062/?ST=security
JVNVU#98780668 libpng に NULL ポインタ参照の脆弱性
http://jvn.jp/cert/JVNVU98780668/
JVNVU#94506298 VASCO IDENTIKEY Authentication Server に認証不備の脆弱性
http://jvn.jp/cert/JVNVU94506298/
VU#191750 ASUS Wireless Router products contain a static DNS entry
http://www.kb.cert.org/vuls/id/191750
LOCAL: CCProxy 7.3 - Integer Overflow Exploit
http://www.exploit-db.com/exploits/30783
http://rhn.redhat.com/errata/RHSA-2014-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
+ Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
+ CESA-2014:0018 Important CentOS 5 libXfont Update
http://lwn.net/Alerts/579914/
+ CESA-2014:0018 Important CentOS 6 libXfont Update
http://lwn.net/Alerts/579915/
+ BIND 9.9.4-P2, 9.8.6-P2 released
http://ftp.isc.org/isc/bind9/9.9.4-P2/RELEASE-NOTES-BIND-9.9.4-P2.txt
http://ftp.isc.org/isc/bind9/9.8.6-P2/RELEASE-NOTES-BIND-9.8.6-P2.txt
+ CVE-2014-0591: FAQ and Supplemental Information
https://kb.isc.org/article/AA-01085
+ CVE-2014-0591: A Crafted Query Against an NSEC3-signed Zone Can Crash BIND
https://kb.isc.org/article/AA-01078
+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
+ SYM14-001 セキュリティ アドバイザリー - Symantec Endpoint Protection における特権取得、ポリシーのバイパス、ローカルでの特権昇格の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Zimbra Collaboration Suite Open Source Edition 8.0.6, 7.2.6 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf
+ Tomcat 7.0.50 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ PHP 5.5.8, 5.4.24 released
http://www.php.net/ChangeLog-5.php#5.5.8
http://www.php.net/ChangeLog-5.php#5.4.24
+ Samba 4.1.4 Available for Download
http://samba.org/samba/history/samba-4.1.4.html
+ Sudo 1.8.9p3 released
http://www.sudo.ws/sudo/stable.html#1.8.9p3
+ ISC BIND NSEC3-signed Zone Query Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
+ Juniper Junos XNM Command Processor Lets Remote Users Consume Excessive Memory on the Target System
http://www.securitytracker.com/id/1029586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0613
+ Juniper Junos CLI Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615
+ Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618
+ Juniper Junos Branch SRX Series IP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617
+ Juniper Junos BGP Update Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616
+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073
+ OpenSSL 1.0.1e NULL Pointer dereference DoS
http://cxsecurity.com/issue/WLB-2014010068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ SA56406 Linux Kernel "restore_fpu_checking()" Denial of Service Vulnerability
http://secunia.com/advisories/56406/
+ SA56394 McAfee Vulnerability Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/56394/
+ Juniper Junos CVE-2014-0618 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618
+ Juniper Junos CVE-2014-0616 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616
+ Juniper Junos 'SRX Series Services' Gateway Denial of Service Vulnerability
http://www.securityfocus.com/bid/64764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617
+ Juniper Junos CVE-2014-0615 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/64762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615
JVNDB-2014-000004 NeoFiler におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000004.html
JVNDB-2014-000003 セキュリティーファイルマネージャーにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000003.html
JVNDB-2014-000002 tetra filer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000002.html
JVNDB-2014-000001 aokitaka 製 解凍ツールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000001.html
Webサイトの改ざんが1年で6000件超
事後対応の体制作りが急務
http://itpro.nikkeibp.co.jp/article/COLUMN/20140110/529283/?ST=security
MOTEX、エージェント型Webアクセス監視にURLフィルタオプションを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529363/?ST=security
Snapchat、「Find Friends」機能の問題に対処したアップデートをリリース
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529182/?ST=security
世界のセキュリティ・ラボから日経コミュニケーション
メタデータに埋め込まれたマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20140106/528062/?ST=security
JVNVU#98780668 libpng に NULL ポインタ参照の脆弱性
http://jvn.jp/cert/JVNVU98780668/
JVNVU#94506298 VASCO IDENTIKEY Authentication Server に認証不備の脆弱性
http://jvn.jp/cert/JVNVU94506298/
VU#191750 ASUS Wireless Router products contain a static DNS entry
http://www.kb.cert.org/vuls/id/191750
LOCAL: CCProxy 7.3 - Integer Overflow Exploit
http://www.exploit-db.com/exploits/30783
2014年1月10日金曜日
10日 金曜日、先負
+ CESA-2014:0015 Important CentOS 6 openssl Update
http://lwn.net/Alerts/579780/
+ CESA-2014:0016 Moderate CentOS 5 gnupg Update
http://lwn.net/Alerts/579779/
+ Linux kernel 3.12.7, 3.10.26 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26
+ APSB14-01: Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security.html
+ Oracle Critical Patch Update Pre-Release Announcement - January 2014
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+ Microsoft Security Bulletin Advance Notification for January 2014
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
+ SYM14-001 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
http://cxsecurity.com/issue/WLB-2014010055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
+ Symantec Endpoint Protection CVE-2013-5011 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Symantec Endpoint Protection CVE-2013-5009 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
+ Linux Kernel 'drivers/isdn/mISDN/socket.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/64743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
仏データ保護当局、Googleに15万ユーロの制裁金を命令
http://itpro.nikkeibp.co.jp/article/NEWS/20140109/528903/?ST=security
JVNVU#95681821 QNAP QTS にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU95681821/index.html
VU#612076 VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
http://www.kb.cert.org/vuls/id/612076
http://lwn.net/Alerts/579780/
+ CESA-2014:0016 Moderate CentOS 5 gnupg Update
http://lwn.net/Alerts/579779/
+ Linux kernel 3.12.7, 3.10.26 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.26
+ APSB14-01: Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security.html
+ Oracle Critical Patch Update Pre-Release Announcement - January 2014
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
+ Microsoft Security Bulletin Advance Notification for January 2014
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
+ SYM14-001 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Privilege Assumption, Policy Bypass, Local Elevation of Privilege
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Linux Kernel 3.12.3 inet uninitialized memory to user in recv syscalls
http://cxsecurity.com/issue/WLB-2014010055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
+ Symantec Endpoint Protection CVE-2013-5011 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011
+ Symantec Endpoint Protection CVE-2013-5009 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/64128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
+ Linux Kernel 'drivers/isdn/mISDN/socket.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/64743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266
仏データ保護当局、Googleに15万ユーロの制裁金を命令
http://itpro.nikkeibp.co.jp/article/NEWS/20140109/528903/?ST=security
JVNVU#95681821 QNAP QTS にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU95681821/index.html
VU#612076 VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
http://www.kb.cert.org/vuls/id/612076
2014年1月9日木曜日
9日 木曜日、友引
+ RHSA-2014:0015 Important: openssl security update
http://rhn.redhat.com/errata/RHSA-2014-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ Linux kernel 3.4.76 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.76
+ RHSA-2014:0016 Moderate: gnupg security update
http://rhn.redhat.com/errata/RHSA-2014-0016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
チェックしておきたい脆弱性情報<2014.1.9>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140107/528193/?ST=security
トランスコスモス、緊急対応コールセンターを最短1日で開設できるサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140108/528642/?ST=security
JVNVU#95919136 Synology DiskStation Manager にアクセス制御不備の脆弱性
http://jvn.jp/cert/JVNVU95919136/
VU#487078 QNAP QTS path traversal vulnerability
http://www.kb.cert.org/vuls/id/487078
http://rhn.redhat.com/errata/RHSA-2014-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ Linux kernel 3.4.76 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.76
+ RHSA-2014:0016 Moderate: gnupg security update
http://rhn.redhat.com/errata/RHSA-2014-0016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
チェックしておきたい脆弱性情報<2014.1.9>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140107/528193/?ST=security
トランスコスモス、緊急対応コールセンターを最短1日で開設できるサービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140108/528642/?ST=security
JVNVU#95919136 Synology DiskStation Manager にアクセス制御不備の脆弱性
http://jvn.jp/cert/JVNVU95919136/
VU#487078 QNAP QTS path traversal vulnerability
http://www.kb.cert.org/vuls/id/487078
2014年1月8日水曜日
8日 水曜日、先勝
+ New Look. New CentOS.
http://www.centos.org/
+ UPDATE: HPSBUX02926 SSRT101281 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922396-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Samba 4.0.14 Available for Download
http://samba.org/samba/history/samba-4.0.14.html
+ Sudo 1.8.9p1 released
http://www.sudo.ws/sudo/stable.html#1.8.9p1
+ OpenSSL TLS Handshake Null Pointer Exception Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ VU#615910 Synology DiskStation Manager arbitrary file modification
http://www.kb.cert.org/vuls/id/615910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6955
チェックしておきたい脆弱性情報<2014.1.8>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140107/528187/?ST=security
[続報]もんじゅPCは韓国と33回不正通信、動画再生フリーソフト更新が契機か
http://itpro.nikkeibp.co.jp/article/NEWS/20140107/528287/?ST=security
2013年のフィッシング攻撃、ホスティング国ワースト1は?
http://itpro.nikkeibp.co.jp/article/COLUMN/20140106/528044/?ST=security
JVNVU#92956361 RealPlayer に複数の脆弱性
http://jvn.jp/cert/JVNVU92956361/index.html
REMOTE: vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
http://www.exploit-db.com/exploits/30787
LOCAL: IcoFX Stack Buffer Overflow
http://www.exploit-db.com/exploits/30788
LOCAL: IBM Forms Viewer Unicode Buffer Overflow
http://www.exploit-db.com/exploits/30789
http://www.centos.org/
+ UPDATE: HPSBUX02926 SSRT101281 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922396-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Samba 4.0.14 Available for Download
http://samba.org/samba/history/samba-4.0.14.html
+ Sudo 1.8.9p1 released
http://www.sudo.ws/sudo/stable.html#1.8.9p1
+ OpenSSL TLS Handshake Null Pointer Exception Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ VU#615910 Synology DiskStation Manager arbitrary file modification
http://www.kb.cert.org/vuls/id/615910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6955
チェックしておきたい脆弱性情報<2014.1.8>
http://itpro.nikkeibp.co.jp/article/COLUMN/20140107/528187/?ST=security
[続報]もんじゅPCは韓国と33回不正通信、動画再生フリーソフト更新が契機か
http://itpro.nikkeibp.co.jp/article/NEWS/20140107/528287/?ST=security
2013年のフィッシング攻撃、ホスティング国ワースト1は?
http://itpro.nikkeibp.co.jp/article/COLUMN/20140106/528044/?ST=security
JVNVU#92956361 RealPlayer に複数の脆弱性
http://jvn.jp/cert/JVNVU92956361/index.html
REMOTE: vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload
http://www.exploit-db.com/exploits/30787
LOCAL: IcoFX Stack Buffer Overflow
http://www.exploit-db.com/exploits/30788
LOCAL: IBM Forms Viewer Unicode Buffer Overflow
http://www.exploit-db.com/exploits/30789
2014年1月7日火曜日
7日 火曜日、赤口
+ OpenSSL 1.0.0l released
http://www.openssl.org/news/changelog.html
+ Sudo 1.8.9 released
http://www.sudo.ws/sudo/stable.html#1.8.9
+ CVE-2013-4353: 6th January 2014
http://www.openssl.org/news/vulnerabilities.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ SA55882 Linux Kernel "recvmsg()" and "recvfrom()" Information Disclosure Weaknesses
http://secunia.com/advisories/55882/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463
+ SA56286 OpenSSL Two Denial of Service Vulnerabilities
http://secunia.com/advisories/56286/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx
高速増殖炉もんじゅの事務用パソコンがウイルス感染、情報漏洩か
http://itpro.nikkeibp.co.jp/article/NEWS/20140106/528106/?ST=security
JVNVU#553166 BlogEngine.NET に情報漏えいの脆弱性
http://jvn.jp/cert/JVNVU553166/index.html
http://www.openssl.org/news/changelog.html
+ Sudo 1.8.9 released
http://www.sudo.ws/sudo/stable.html#1.8.9
+ CVE-2013-4353: 6th January 2014
http://www.openssl.org/news/vulnerabilities.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
+ SA55882 Linux Kernel "recvmsg()" and "recvfrom()" Information Disclosure Weaknesses
http://secunia.com/advisories/55882/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463
+ SA56286 OpenSSL Two Denial of Service Vulnerabilities
http://secunia.com/advisories/56286/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx
高速増殖炉もんじゅの事務用パソコンがウイルス感染、情報漏洩か
http://itpro.nikkeibp.co.jp/article/NEWS/20140106/528106/?ST=security
JVNVU#553166 BlogEngine.NET に情報漏えいの脆弱性
http://jvn.jp/cert/JVNVU553166/index.html
2014年1月6日月曜日
6日 月曜日、大安
+ MantisTouch v1.3.0 released
http://www.mantisbt.org/blog/?p=269
+ CESA-2013:X018 Important Xen4CentOS kernel Security Update
http://lwn.net/Alerts/578217/
+ phpMyAdmin 4.1.3 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-413-is-released/
+ squid 3.4.2 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
+ HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03822422-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Linux kernel 3.2.54 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
+ CVE-2007-6750 Resource Management Errors vulnerability in Apache
https://blogs.oracle.com/sunsecurity/entry/cve_2007_6750_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ Apache Ant 1.9.3 Released
http://ant.apache.org/bindownload.cgi
+ libpng 1.6.8 released
http://www.libpng.org/pub/png/src/libpng-1.6.8-README.txt
+ OpenSSL DTLS Retransmission Error May Let Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ OpenSSL Incorrect Version Number Used in ssl_get_algorithm2() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
+ VU#553166 BlogEngine.net information disclosure vulnerability
http://www.kb.cert.org/vuls/id/553166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6953
+ VU#698278 RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/698278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6877
+ OpenSSL 1.0.1e Incorrect Version Number ssl_get_algorithm2() Remote DoS
http://cxsecurity.com/issue/WLB-2014010022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
+ OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
http://cxsecurity.com/issue/WLB-2014010021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ Linux Kernel memory leak in recvmsg handlermsg_name & msg_namelen
http://cxsecurity.com/issue/WLB-2013120194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463
+ Linux Kernel char: Int overflow in lp_do_ioctl()
http://cxsecurity.com/issue/WLB-2013120193
Sudden reboots of Security Gateways when using Anti-Bot
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97972&src=securityAlerts
InterScan Messaging Security シリーズ製品におけるメール送受信に関する現象
http://app.trendmicro.co.jp/support/news.asp?id=2058
ウイルスバスタービジネスセキュリティサービス で発生していた現象について
http://app.trendmicro.co.jp/support/news.asp?id=2056
Androidの「MDM外し」を防ぐ機能、オプティムが自社MDMサービスで提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526373/?ST=security
セコム、USBメモリー起動とクラウドで安全にオンラインバンキングを利用
http://itpro.nikkeibp.co.jp/article/NEWS/20131227/527682/?ST=security
中国百度が日本語入力アプリ「Simeji」を更新、クラウド送信設定の不具合を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20131227/527643/?ST=security
[セキュリティ]新手の攻撃が相次いだ1年、思わぬぜい弱性を悪用される怖さ
http://itpro.nikkeibp.co.jp/article/COLUMN/20131217/525319/?ST=security
http://www.mantisbt.org/blog/?p=269
+ CESA-2013:X018 Important Xen4CentOS kernel Security Update
http://lwn.net/Alerts/578217/
+ phpMyAdmin 4.1.3 is released
http://sourceforge.net/p/phpmyadmin/news/2013/12/phpmyadmin-413-is-released/
+ squid 3.4.2 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
+ HPSBMU02895 SSRT101253 rev.1 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03822422-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Linux kernel 3.2.54 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
+ CVE-2007-6750 Resource Management Errors vulnerability in Apache
https://blogs.oracle.com/sunsecurity/entry/cve_2007_6750_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6750
+ CVE-2013-4124 Denial of service vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4124_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
+ Apache Ant 1.9.3 Released
http://ant.apache.org/bindownload.cgi
+ libpng 1.6.8 released
http://www.libpng.org/pub/png/src/libpng-1.6.8-README.txt
+ OpenSSL DTLS Retransmission Error May Let Remote Users Conduct Man-in-the-Middle Attacks
http://www.securitytracker.com/id/1029549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ OpenSSL Incorrect Version Number Used in ssl_get_algorithm2() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
+ VU#553166 BlogEngine.net information disclosure vulnerability
http://www.kb.cert.org/vuls/id/553166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6953
+ VU#698278 RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/698278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6877
+ OpenSSL 1.0.1e Incorrect Version Number ssl_get_algorithm2() Remote DoS
http://cxsecurity.com/issue/WLB-2014010022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
+ OpenSSL 0.9.8y/1.x/1.0.1e man-in-the-middle attack 0day
http://cxsecurity.com/issue/WLB-2014010021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
+ Linux Kernel memory leak in recvmsg handlermsg_name & msg_namelen
http://cxsecurity.com/issue/WLB-2013120194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6463
+ Linux Kernel char: Int overflow in lp_do_ioctl()
http://cxsecurity.com/issue/WLB-2013120193
Sudden reboots of Security Gateways when using Anti-Bot
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk97972&src=securityAlerts
InterScan Messaging Security シリーズ製品におけるメール送受信に関する現象
http://app.trendmicro.co.jp/support/news.asp?id=2058
ウイルスバスタービジネスセキュリティサービス で発生していた現象について
http://app.trendmicro.co.jp/support/news.asp?id=2056
Androidの「MDM外し」を防ぐ機能、オプティムが自社MDMサービスで提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20131220/526373/?ST=security
セコム、USBメモリー起動とクラウドで安全にオンラインバンキングを利用
http://itpro.nikkeibp.co.jp/article/NEWS/20131227/527682/?ST=security
中国百度が日本語入力アプリ「Simeji」を更新、クラウド送信設定の不具合を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20131227/527643/?ST=security
[セキュリティ]新手の攻撃が相次いだ1年、思わぬぜい弱性を悪用される怖さ
http://itpro.nikkeibp.co.jp/article/COLUMN/20131217/525319/?ST=security
登録:
投稿 (Atom)