2014年1月14日火曜日

14日 火曜日、先勝

+ RHSA-2014:0018 Important: libXfont security update
http://rhn.redhat.com/errata/RHSA-2014-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462

+ Prenotification Security Advisory for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

+ CESA-2014:0018 Important CentOS 5 libXfont Update
http://lwn.net/Alerts/579914/

+ CESA-2014:0018 Important CentOS 6 libXfont Update
http://lwn.net/Alerts/579915/

+ BIND 9.9.4-P2, 9.8.6-P2 released
http://ftp.isc.org/isc/bind9/9.9.4-P2/RELEASE-NOTES-BIND-9.9.4-P2.txt
http://ftp.isc.org/isc/bind9/9.8.6-P2/RELEASE-NOTES-BIND-9.8.6-P2.txt

+ CVE-2014-0591: FAQ and Supplemental Information
https://kb.isc.org/article/AA-01085

+ CVE-2014-0591: A Crafted Query Against an NSEC3-signed Zone Can Crash BIND
https://kb.isc.org/article/AA-01078

+ UPDATE: Undocumented Test Interface in Cisco Small Business Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

+ SYM14-001 セキュリティ アドバイザリー - Symantec Endpoint Protection における特権取得、ポリシーのバイパス、ローカルでの特権昇格の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140109_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5011

+ Zimbra Collaboration Suite Open Source Edition 8.0.6, 7.2.6 GA Release
http://files.zimbra.com/website/docs/8.0/Zimbra_OS_Release_Notes_8.0.6.pdf
http://files.zimbra.com/website/docs/7.2/Zimbra_OS_Release_Notes_7.2.6.pdf

+ Tomcat 7.0.50 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ PHP 5.5.8, 5.4.24 released
http://www.php.net/ChangeLog-5.php#5.5.8
http://www.php.net/ChangeLog-5.php#5.4.24

+ Samba 4.1.4 Available for Download
http://samba.org/samba/history/samba-4.1.4.html

+ Sudo 1.8.9p3 released
http://www.sudo.ws/sudo/stable.html#1.8.9p3

+ ISC BIND NSEC3-signed Zone Query Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ Juniper Junos XNM Command Processor Lets Remote Users Consume Excessive Memory on the Target System
http://www.securitytracker.com/id/1029586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0613

+ Juniper Junos CLI Commands Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615

+ Juniper Junos Branch SRX Series HTTP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618

+ Juniper Junos Branch SRX Series IP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617

+ Juniper Junos BGP Update Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616

+ Linux Kernel missing CPU-state sanitation DOS / privilege escalation
http://cxsecurity.com/issue/WLB-2014010073

+ OpenSSL 1.0.1e NULL Pointer dereference DoS
http://cxsecurity.com/issue/WLB-2014010068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353

+ SA56406 Linux Kernel "restore_fpu_checking()" Denial of Service Vulnerability
http://secunia.com/advisories/56406/

+ SA56394 McAfee Vulnerability Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/56394/

+ Juniper Junos CVE-2014-0618 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0618

+ Juniper Junos CVE-2014-0616 Denial of Service Vulnerability
http://www.securityfocus.com/bid/64766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0616

+ Juniper Junos 'SRX Series Services' Gateway Denial of Service Vulnerability
http://www.securityfocus.com/bid/64764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0617

+ Juniper Junos CVE-2014-0615 Multiple Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/64762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0615

JVNDB-2014-000004 NeoFiler におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000004.html

JVNDB-2014-000003 セキュリティーファイルマネージャーにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000003.html

JVNDB-2014-000002 tetra filer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000002.html

JVNDB-2014-000001 aokitaka 製 解凍ツールにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000001.html

Webサイトの改ざんが1年で6000件超
事後対応の体制作りが急務
http://itpro.nikkeibp.co.jp/article/COLUMN/20140110/529283/?ST=security

MOTEX、エージェント型Webアクセス監視にURLフィルタオプションを追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529363/?ST=security

Snapchat、「Find Friends」機能の問題に対処したアップデートをリリース
http://itpro.nikkeibp.co.jp/article/NEWS/20140110/529182/?ST=security

世界のセキュリティ・ラボから日経コミュニケーション
メタデータに埋め込まれたマルウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20140106/528062/?ST=security

JVNVU#98780668 libpng に NULL ポインタ参照の脆弱性
http://jvn.jp/cert/JVNVU98780668/

JVNVU#94506298 VASCO IDENTIKEY Authentication Server に認証不備の脆弱性
http://jvn.jp/cert/JVNVU94506298/

VU#191750 ASUS Wireless Router products contain a static DNS entry
http://www.kb.cert.org/vuls/id/191750

LOCAL: CCProxy 7.3 - Integer Overflow Exploit
http://www.exploit-db.com/exploits/30783

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)