2014年2月28日金曜日

28日 金曜日、大安

+ RHSA-2014:0222 Moderate: libtiff security update
http://rhn.redhat.com/errata/RHSA-2014-0222.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244

+ RHSA-2014:0223 Moderate: libtiff security update
http://rhn.redhat.com/errata/RHSA-2014-0223.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244

+ libpng Flaw in Progressive Decoder Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333

+ Microsoft Windows 8.1 XMLDOM XML Injection Vulnerability
http://cxsecurity.com/issue/WLB-2014020241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7332

+ Microsoft XMLDOM ActiveX Control Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/65601

バッファロー、ウイルスチェック機能を搭載したセキュリティーUSBメモリー
http://itpro.nikkeibp.co.jp/article/NEWS/20140228/540063/?ST=security

人気アプリ「Angry Birds」のニセモノ現る、狙いはビットコインの詐取
http://itpro.nikkeibp.co.jp/article/NEWS/20140227/540047/?ST=security

ログ相関分析でセキュリティ問題を検知/分析、日本IBMがCSIRT支援サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20140227/539984/?ST=security

グーグル、マイクロソフトが採用する「OpenID Connect」の仕様が最終承認
http://itpro.nikkeibp.co.jp/article/NEWS/20140227/539966/?ST=security

IEを狙ったゼロデイ攻撃が国内で拡大、銀行の口座情報を盗まれる恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20140227/539928/?ST=security

VU#534284 Synology DiskStation Manager VPN module hard-coded password vulnerability
http://www.kb.cert.org/vuls/id/534284

2014年2月27日木曜日

27日 木曜日、仏滅

+ About the security content of QuickTime 7.7.5
http://support.apple.com/kb/HT6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1251

+ About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001
http://support.apple.com/kb/HT6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

+ About the security content of Safari 6.1.2 and Safari 7.0.2
http://support.apple.com/kb/HT6145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1270

+ CESA-2014:0189 Moderate mariadb55-mariadb SCL Security Update
http://lwn.net/Alerts/588403/

+ CESA-2014:0211 Important CentOS 5 postgresql84 Update
http://lwn.net/Alerts/588404/

+ CESA-2014:0211 Important CentOS 6 postgresql Update
http://lwn.net/Alerts/588405/

+ Cisco Prime Infrastructure Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140226-pi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0679

+ UPDATE: Cisco UCS Director Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd

+ REMOTE: Symantec Endpoint Protection Manager Remote Command Execution
http://www.exploit-db.com/exploits/31917

+ Microsoft Server 2008 Denial Of Service
http://cxsecurity.com/issue/WLB-2014020225

+ Apache Tomcat Denial Of Service
http://cxsecurity.com/issue/WLB-2014020223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322

+ Apache Tomcat Session Fixation
http://cxsecurity.com/issue/WLB-2014020222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

+ Apache Tomcat Information Disclosure Via XXE
http://cxsecurity.com/issue/WLB-2014020221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590

+ Cybozu Garoon CVE-2014-0820 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/65815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0820

+ Cybozu Garoon Session Management Security Bypass Vulnerability
http://www.securityfocus.com/bid/65812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0817

+ Cybozu Garoon CVE-2014-0821 Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/65809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0821

Advisory: Sophos Endpoint Security and Control version 10.3.7
http://www.sophos.com/en-us/support/knowledgebase/120492.aspx

Advisory: Windows 8.1 and Windows Server 2012 R2 - support for Sophos products
http://www.sophos.com/en-us/support/knowledgebase/119957.aspx

JVNDB-2014-000024 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000024.html

JVNDB-2014-000023 サイボウズ ガルーンにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000023.html

JVNDB-2014-000021 サイボウズ ガルーンにおけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000021.html

JVNDB-2014-000022 Android 版アプリ「デニーズ」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000022.html

JVNDB-2014-000026 Norman Security Suite における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000026.html

JVNDB-2014-000025 XooNIps におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000025.html

はとバスのWebサイトが改ざん、閲覧したユーザーはウイルス感染の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539688/?ST=security

ヤフーの偽サイト広告、新たに名古屋銀行とWebMoneyで表示
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539645/?ST=security

SaaS型WAFで二要素認証を開始、CAPTCHAとSMSを4月から順次提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539387/?ST=security

2月に発見されたゼロデイ攻撃は大統領の日を狙ったもの、ファイア・アイが説明
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539182/?ST=security

DoS/PoC: GoAhead Web Server 3.1.x - Denial of Service
http://www.exploit-db.com/exploits/31915

2014年2月26日水曜日

26日 水曜日、先負

+ RHSA-2014:0211 Important: postgresql84 and postgresql security update
http://rhn.redhat.com/errata/RHSA-2014-0211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066

+ Selenium Server 2.40.0 released
http://code.google.com/p/selenium/wiki/Grid2

+ Selenium IE Driver Server 2.40.0 released
http://selenium.googlecode.com/git/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 2.40.0 released
http://selenium.googlecode.com/git/java/CHANGELOG

+ CESA-2014:X007 Moderate Xen4CentOS xen Security Update
http://lwn.net/Alerts/588238/

+ CESA-2014:0206 Moderate CentOS 5 openldap Update
http://lwn.net/Alerts/588237/

+ HPSBMU02966 rev.1 - HP Operations Orchestration, Unauthorized Access to Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04125866-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071

+ HPSBMU02971 rev.1 - HP Application Information Optimizer, Remote Execution of Code, Information Disclosure
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04140965-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6204

+ HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software Security - Apache Tomcat and Oracle Updates
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04047415-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232

+ HPSBST02937 rev.1 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03995204-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4841

+ CVE-2013-0900 Race Conditions vulnerability in ICU
https://blogs.oracle.com/sunsecurity/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900

+ CVE-2013-5745 Input Validation vulnerability in Vino
https://blogs.oracle.com/sunsecurity/entry/cve_2013_5745_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5745

+ CVE-2008-0386 Improper Input Validation vulnerability in Xdg-utils
https://blogs.oracle.com/sunsecurity/entry/cve_2008_0386_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386

+ CVE-2014-0591 Buffer Errors vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ CVE-2013-6462 Buffer Errors vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2013_6462_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462

+ CVE-2013-2561 Link Following vulnerability in OpenFabrics ibutils
https://blogs.oracle.com/sunsecurity/entry/cve_2013_2561_link_following
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2561

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark9
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7114

+ CVE-2014-0397 Buffer Errors vulnerability in libXtsol
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0397

+ CVE-2013-4408 Buffer Errors vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4408_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ CVE-2012-6150 Input Validation vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6150_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150

+ CVE-2006-4810 Buffer overflow vulnerability in Texinfo
https://blogs.oracle.com/sunsecurity/entry/cve_2006_4810_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810

+ VU#684412 libpng denial-of-service vulnerability
http://www.kb.cert.org/vuls/id/684412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0333

+ SA57114 McAfee ePolicy Orchestrator XML External Entities Vulnerability
http://secunia.com/advisories/57114/

+ Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
http://www.securityfocus.com/bid/65773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286

+ Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
http://www.securityfocus.com/bid/65769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0033

+ Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/65768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590

Trend Micro Email Reputation Services の障害について
http://app.trendmicro.co.jp/support/news.asp?id=2083

ウイルスバスタービジネスセキュリティサービス 緊急メンテナンスのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2082

2月に発見されたゼロデイ攻撃は大統領の日を狙ったもの、ファイア・アイが説明
http://itpro.nikkeibp.co.jp/article/NEWS/20140226/539182/?ST=security

標的型メールの訓練キットを強化、ショートカット攻撃を再現可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20140225/539054/?ST=security

今さら聞けない! ソーシャルメディアの落とし穴
http://itpro.nikkeibp.co.jp/article/COLUMN/20131121/519670/?ST=security

日本を守る「七人の侍」
http://itpro.nikkeibp.co.jp/article/COLUMN/20131115/518333/?ST=security

2014年2月25日火曜日

25日 火曜日、友引

+ CTX140303 SSL Certificate Validation Vulnerability in the Citrix ShareFile Mobile Application for Android and the Citrix ShareFile Mobile for Tablets Application for Android
http://support.citrix.com/article/CTX140303

+ RHSA-2014:0206 Moderate: openldap security update
http://rhn.redhat.com/errata/RHSA-2014-0206.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449

+ OpenSSL 1.0.2 released
http://www.openssl.org/news/changelog.html

+ REMOTE: Symantec Endpoint Protection Manager Remote Command Execution Exploit
http://www.exploit-db.com/exploits/31853

+ iOS/MacOSX/AppleTV man-in-the-middle attack
http://cxsecurity.com/issue/WLB-2014020197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

+ Symantec Endpoint Protection Manager Remote Command Execution
http://cxsecurity.com/issue/WLB-2014020199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5015

+ PostgreSQL CVE-2014-0061 Security Bypass Vulnerability
http://www.securityfocus.com/bid/65724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061

+ PostgreSQL CVE-2014-0062 Security Bypass Vulnerability
http://www.securityfocus.com/bid/65727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062

Check Point response to Apple CVE-2014-1266
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98693&src=securityAlerts

緊急サーバメンテナンスのお知らせ(2014/2/24)
http://app.trendmicro.co.jp/support/news.asp?id=2080

Trend Micro Control Manager 5.5 Service Pack 1 Patch 4 build 1903 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2070

PostgreSQL participating in Google Summer of Code 2014
http://www.postgresql.org/about/news/1509/

はてなで不正ログインの可能性、パスワード変更を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20140224/538764/

UPDATE: JVN#14876762 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN14876762/index.html

2014年2月24日月曜日

24日 月曜日、先勝

+ About the security content of Apple TV 6.0.2
http://support.apple.com/kb/HT6148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

+ About the security content of iOS 7.0.6
http://support.apple.com/kb/HT6147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

+ About the security content of iOS 6.1.6
http://support.apple.com/kb/HT6146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

+ phpMyAdmin 4.1.8 released
http://sourceforge.net/p/phpmyadmin/news/2014/02/phpmyadmin-418-is-released/

+ Linux kernel 3.13.5, 3.12.13, 3.10.32, 3.4.82 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.13
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.82

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ Samba 4.1.5 Available for Download
http://samba.org/samba/history/samba-4.1.5.html

+ Google Chrome Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6661

+ Linux Kernel CIFS Pointer Handling Flaw Lets Local Uses Deny Service
http://www.securitytracker.com/id/1029809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

+ SA56963 Linux Kernel Linkage Stack Instructions Handling Denial of Service Vulnerability
http://secunia.com/advisories/56963/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2039

+ Apple OS X 10.9.1 man-in-the-middle attack
http://cxsecurity.com/issue/WLB-2014020197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266

ユーザ管理サーバ メンテナンスのお知らせ (2014/3/8)
http://app.trendmicro.co.jp/support/news.asp?id=2074

ウイルスバスターモバイル:緊急サーバメンテナンス実施のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2079

JVNDB-2014-000012 Blackboard Vista/CE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000012.html

JVNDB-2014-000020 AutoCAD における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000020.html

JVNDB-2014-000019 AutoCAD において任意の VBScript が実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000019.html

REMOTE: Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit
http://www.exploit-db.com/exploits/31814

REMOTE: SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability
http://www.exploit-db.com/exploits/31831

2014年2月21日金曜日

21日 金曜日、仏滅

+ APSB14-07 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502

+ CESA-2014:0173 Moderate mysql55-mysql SCL Security Update
http://lwn.net/Alerts/587334/

+ Cisco UCS Director Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0709

+ Multiple Vulnerabilities in Cisco IPS Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ips
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0720

+ Cisco Firewall Services Module Cut-Through Proxy Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-fwsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0710

+ Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0721

+ HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Information and Authentication Issues
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04117626-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6202

+ Linux kernel 3.13.4, 3.12.12, 3.10.31, 3.4.81 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.12
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.81

+ マイクロソフト セキュリティ アドバイザリ (2934088) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2934088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ PostgreSQL: Vulnerability during "make check"
http://wiki.postgresql.org/wiki/20140220securityrelease
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067

+ PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20 released!
http://www.postgresql.org/about/news/1506/
http://www.postgresql.org/docs/9.3/static/release-9-3-3.html
http://www.postgresql.org/docs/9.2/static/release-9-2-7.html
http://www.postgresql.org/docs/9.1/static/release-9-1-12.html
http://www.postgresql.org/docs/9.0/static/release-9-0-16.html
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066

+ Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502

+ SA56854 Linux Kernel CIPSO Option Handling Denial of Service Vulnerability
http://secunia.com/advisories/56854/

+ SA56967 Linux Kernel CIFS Uncached Writes Handling Vulnerability
http://secunia.com/advisories/56967/

+ Linux Kernel '/fs/cifs/file.c' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

+ Linux Kernel CVE-2014-2039 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/65700

+ Linux Kernel NFS File System 'node.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/65688

JVNVU#96727848 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU96727848/

JVN#14876762 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN14876762/

REMOTE: VideoCharge Studio 2.12.3.685 GetHttpResponse() - MITM Remote Code Execution Exploit
http://www.exploit-db.com/exploits/31788

DoS/PoC: Catia V5-6R2013 "CATV5_Backbone_Bus" - Stack Buffer Overflow
http://www.exploit-db.com/exploits/31791

2014年2月20日木曜日

20日 木曜日、先負

+ CESA-2014:0186 Moderate CentOS 5 mysql55-mysql Update
http://lwn.net/Alerts/587111/

+ CESA-2014:0185 Moderate CentOS 6 openswan Update
http://lwn.net/Alerts/587112/

+ CESA-2014:0185 Moderate CentOS 5 openswan Update
http://lwn.net/Alerts/587113/

+ CVE-2012-6150 Input Validation vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6150_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150

+ CVE-2013-4408 Buffer Errors vulnerability in Samba
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4408_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ CVE-2006-4810 Buffer overflow vulnerability in Texinfo
https://blogs.oracle.com/sunsecurity/entry/cve_2006_4810_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810

+ Multiple vulnerabilities in Kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_kerberos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418

+ Tomcat 7.0.52 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ PostgreSQL JDBC Driver 9.3-1101 released
http://jdbc.postgresql.org/download.html#jdbcselection

+ Cisco Firewall Services Module Flaw in Cut-Through Proxy Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0710

+ Symantec Endpoint Protection 12.1 Multiple critical vulnerabilities
http://cxsecurity.com/issue/WLB-2014020156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5014

体臭で生体認証、スペイン研究チームのレポート
http://itpro.nikkeibp.co.jp/article/COLUMN/20140218/537542/?ST=security

ショートカットに気をつけろ!進化する標的型攻撃の脅威
http://itpro.nikkeibp.co.jp/article/Watcher/20140217/537069/?ST=security

モバイルへの通知を確認するだけで済む二要素認証、ワンタイムパスワードの入力を不要に
http://itpro.nikkeibp.co.jp/article/NEWS/20140219/537762/?ST=security

Snowden文書が暴露、「WikiLeaks」も米政府の監視対象に---米ニュースサイトが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20140219/537562/?ST=security

「MITB攻撃」のマルウエアをリモートで回収して解析、FFRIが新サービス
http://itpro.nikkeibp.co.jp/article/NEWS/20140218/537510/?ST=security

JVNVU#97009803 Belkin WeMo Home Automation 製品に複数の脆弱性
http://jvn.jp/vu/JVNVU97009803/index.html

REMOTE: WRT120N 1.0.0.7 Stack Overflow
http://www.exploit-db.com/exploits/31758

REMOTE: MediaWiki Thumb.php Remote Command Execution
http://www.exploit-db.com/exploits/31767

LOCAL: Audiotran PLS File Stack Buffer Overflow
http://www.exploit-db.com/exploits/31766

DoS/PoC: Catia V5-6R2013 "CATV5_AllApplications" - Stack Buffer Overflow
http://www.exploit-db.com/exploits/31762

DoS/PoC: SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service
http://www.exploit-db.com/exploits/31763

2014年2月19日水曜日

19日 水曜日、友引

+ RHSA-2014:0185 Moderate: openswan security update
http://rhn.redhat.com/errata/RHSA-2014-0185.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466

+ ISC BIND 9.9.5-W1, 9.8.7-W1 released
https://kb.isc.org/article/AA-01134/81/BIND-9.9.5-W1-Release-Notes.html
https://kb.isc.org/article/AA-01135/81/BIND-9.8.7-W1-Release-Notes.html

+ ISC DHCP 4.3.0, 4.2.6, 4.1-ESV-R9 released
https://deepthought.isc.org/article/AA-01117/82/DHCP-4.3.0-Release-Notes.html
https://deepthought.isc.org/article/AA-01116/82/DHCP-4.2.6-Release-Notes.html
https://deepthought.isc.org/article/AA-01115/82/DHCP-4.1-ESV-R9-Release-Notes.html

+ RHSA-2014:0186 Moderate: mysql55-mysql security update
http://rhn.redhat.com/errata/RHSA-2014-0186.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437

+ RHSA-2014:0185 Moderate: openswan security update
http://rhn.redhat.com/errata/RHSA-2014-0185.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466

+ Samba 4.0.15 Available for Download
http://samba.org/samba/history/samba-4.0.15.html

+ Sendmail 8.14.8 released
http://sendmail.com/sm/open_source/download/8.14.8/

+ RSAが偽スマホアプリを監視して削除する代行サービス開始、国内企業に被害事例も
http://itpro.nikkeibp.co.jp/article/NEWS/20140218/537422/?ST=security

+ JVNVU#91275940 Microsoft XML DOM ActiveX コントロールに情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU91275940/index.html

+ REMOTE: Oracle Forms and Reports Remote Code Execution
http://www.exploit-db.com/exploits/31737

+ SA56997 Cisco Email Security Appliance Web Framework Cross-Site Scripting Vulnerability
http://secunia.com/advisories/56997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3396

+ PHP 5.5.8 imagecrop() Heap Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2014020148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2020

+ Oracle Forms / Reports Remote Code Execution
http://cxsecurity.com/issue/WLB-2014020146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3153

+ Linux Kernel '/fs/cifs/file.c' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

Advisory: Sophos Endpoint Security and Control version 10.3.7
http://www.sophos.com/en-us/support/knowledgebase/120492.aspx

VU#656302 Belkin Wemo Home Automation devices contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/656302

2014年2月18日火曜日

18日 火曜日、先勝

+ glibc 2.19 released
https://sourceware.org/ml/libc-alpha/2014-02/msg00224.html

+ JVNVU#96727848 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU96727848/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ Linux Kernel cifs ncorrect bogus user pointers during uncached writes
http://cxsecurity.com/issue/WLB-2014020138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

+ SA56974 Microsoft Internet Explorer CMarkup Use-After-Free Vulnerability
http://secunia.com/advisories/56974/

ウイルスバスター for Mac プログラムアップデートのお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2077

大規模障害から1年余り、あの企業が「その後」を語った
http://itpro.nikkeibp.co.jp/article/Watcher/20140214/536882/?ST=security

「セキュリティ人材を育成する場に」、日本発の国際会議「CODE BLUE」が開催
http://itpro.nikkeibp.co.jp/article/NEWS/20140217/537206/?ST=security

2014年2月17日月曜日

17日 月曜日、赤口

+ Android-x86 4.4-RC1 (KitKat-x86) released
http://www.android-x86.org/releases/releasenote-4-4-rc1

+ MantisTouch 1.3.1 released
http://www.mantisbt.org/blog/?p=282

+ CESA-2014:0175 Important CentOS 6 piranha Update
http://lwn.net/Alerts/586270/

+ CESA-2014:0174 Important CentOS 5 piranha Update
http://lwn.net/Alerts/586272/

+ CESA-2014:0163 Important CentOS 5 kvm Update
http://lwn.net/Alerts/586268/

+ CESA-2014:0164 Moderate CentOS 6 mysql Update
http://lwn.net/Alerts/586269/

+ PMASA-2014-1 Self-XSS due to unescaped HTML output in import
http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1879

+ Linux kernel 3.2.55 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.55

+ VU#732479 Internet Explorer CMarkup use-after-free vulnerability
http://www.kb.cert.org/vuls/id/732479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ PHP Heap Overflow in imagecrop() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226

+ Microsoft Internet Explorer Use-After-Free Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ REMOTE: HP Data Protector EXEC_BAR Remote Command Execution
http://www.exploit-db.com/exploits/31689

+ ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/31688

+ SA56829 PHP "imagecrop()" Buffer Overflow Vulnerabilities
http://secunia.com/advisories/56829/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226

+ Linux kernel 3.2.23 net/ipv4 kernel resource consumption
http://cxsecurity.com/issue/WLB-2014020130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6638

+ Linux kernel 3.x QuIC bypass intended access restrictions
http://cxsecurity.com/issue/WLB-2014020129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4737

+ Microsoft Internet Explorer 10 remote code execution exploit
http://cxsecurity.com/issue/WLB-2014020123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ Firefox 27/Chrome 28 document.cookie DoS vulnerability
http://cxsecurity.com/issue/WLB-2013040027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6167

+ Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/65551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

InterScan for Lotus Dominoにおけるパターンアップデートの問題について
http://app.trendmicro.co.jp/support/news.asp?id=2076

定期サーバメンテナンスのお知らせ(2014/2/21)
http://app.trendmicro.co.jp/support/news.asp?id=2073

資金調達サイトのKickstarterに不正アクセス、一部ユーザー情報が流出
http://itpro.nikkeibp.co.jp/article/NEWS/20140217/537003/?ST=security

止まらないTwitterスパム!今度は「この画像分かる?」で1万5000人が被害
三上洋の「ネットで起きるサイバー事件の手口と対策」
http://itpro.nikkeibp.co.jp/article/COLUMN/20140213/536387/?ST=security

REMOTE: Linksys E-series Unauthenticated Remote Code Execution Exploit
http://www.exploit-db.com/exploits/31683

REMOTE: Dexter (CasinoLoader) SQL Injection
http://www.exploit-db.com/exploits/31695

2014年2月14日金曜日

14日 金曜日、先負









+ Linux kernel 3.13.3, 3.12.11, 3.10.30, 3.4.80 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.11
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.30
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.80

+ SYM14-004 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager Vulnerabilities
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140213_00

+ Dovecot 2.2.12 released
http://www.dovecot.org/list/dovecot-news/2014-February/000270.html

+ DoS/PoC: Apache Commons FileUpload and Apache Tomcat Denial-of-Service
http://www.exploit-db.com/exploits/31615

+ Microsoft Windows 7 ASLR with a little help by MS-Help
http://cxsecurity.com/issue/WLB-2014020096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0295

+ PHP 'ext/gd/gd.c' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/65533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226

Check Point response to "Check Point Connection Table Leakage"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98553&src=securityAlerts

バレンタインにセクシー画像を送る日本人は6%、中国やブラジルは半数が送信
http://itpro.nikkeibp.co.jp/article/NEWS/20140213/536622/?ST=security

「セキュリティベンダーでは守れない」、日本MSらがXPのサポート終了を警告
http://itpro.nikkeibp.co.jp/article/NEWS/20140213/536586/?ST=security

企業内にオーダーメイドのCSIRTを構築/運用する支援サービス、NRIセキュアが提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140213/536496/?ST=security

LOCAL: Easy CD-DA Recorder PLS Buffer Overflow
http://www.exploit-db.com/exploits/31643

2014年2月13日木曜日

13日 木曜日、友引

+ MantisBT 1.2.16 Released
http://www.mantisbt.org/blog/?p=275

+ RHSA-2014:0164 Moderate: mysql security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0164.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437

+ RHSA-2014:0159 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265

+ RHSA-2014:0151 Low: wget security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0151.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2252

+ RHSA-2014:0139 Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2014-0139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020

+ RHSA-2014:0133 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487

+ RHSA-2014:0132 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2014-0132.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487

+ RHSA-2014:0127 Moderate: librsvg2 security update
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881

+ RHSA-2014:0126 Moderate: openldap security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0126.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449

+ About the security content of Boot Camp 5.1
http://support.apple.com/kb/HT6126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1253

+ Google Chrome 32.0.1700.107 released
http://googlechromereleases.blogspot.jp/2014/02/stable-channel-update.html

+ MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
http://www.mozilla.org/security/announce/2014/mfsa2014-13.html

+ MFSA 2014-12 NSS ticket handling issues
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

+ MFSA 2014-11 Crash when using web workers with asm.js
http://www.mozilla.org/security/announce/2014/mfsa2014-11.html

+ MFSA 2014-10 Firefox default start page UI content invokable by script
http://www.mozilla.org/security/announce/2014/mfsa2014-10.html

+ MFSA 2014-09 Cross-origin information leak through web workers
http://www.mozilla.org/security/announce/2014/mfsa2014-09.html

+ MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
http://www.mozilla.org/security/announce/2014/mfsa2014-08.html

+ MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
http://www.mozilla.org/security/announce/2014/mfsa2014-07.html

+ MFSA 2014-06 Profile path leaks to Android system log
http://www.mozilla.org/security/announce/2014/mfsa2014-06.html

+ MFSA 2014-05 Information disclosure with *FromPoint on iframes
http://www.mozilla.org/security/announce/2014/mfsa2014-05.html

+ MFSA 2014-04 Incorrect use of discarded images by RasterImage
http://www.mozilla.org/security/announce/2014/mfsa2014-04.html

+ MFSA 2014-03 UI selection timeout missing on download prompts
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html

+ MFSA 2014-02 Clone protected content with XBL scopes
http://www.mozilla.org/security/announce/2014/mfsa2014-02.html

+ MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html

+ Security update available for Adobe Shockwave Player
http://helpx.adobe.com/security/products/shockwave/apsb14-06.html

+ Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

+ CESA-2014:X004 Moderate Xen4CentOS xen Security Update
http://lwn.net/Alerts/585698/

+ CESA-2014:X005 Moderate Xen4CentOS kernel Security Update
http://lwn.net/Alerts/585699/

+ CESA-2014:0159 Important CentOS 6 kernel Update
http://lwn.net/Alerts/585700/

+ CESA-2014:0151 Low CentOS 6 wget Update
http://lwn.net/Alerts/585382/

+ CESA-2014:0132 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/584235/

+ CESA-2014:0132 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/584236/

+ CESA-2014:0133 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/584238/

+ CESA-2014:0133 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/584239/

+ CESA-2014:0139 Moderate CentOS 6 pidgin Update
http://lwn.net/Alerts/584517/

+ CESA-2014:0139 Moderate CentOS 5 pidgin Update
http://lwn.net/Alerts/584518/

+ CESA-2014:0127 Moderate CentOS 6 librsvg2 Update
http://lwn.net/Alerts/584130/

+ CESA-2014:0126 Moderate CentOS 6 openldap Update
http://lwn.net/Alerts/584131/

+ CESA-2014:0127 Moderate CentOS 6 librsvg2 Update
http://lwn.net/Alerts/584237/

+ CESA-2014:0108 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/583977/

+ MFSA 2014-14 Script execution in HTML mail replies
http://www.mozilla.org/security/announce/2014/mfsa2014-14.html

+ phpMyAdmin 4.1.7 is released
http://sourceforge.net/p/phpmyadmin/news/2014/02/phpmyadmin-417-is-released/

+ squid-3.4.3 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ UPDATE: HPSBHF02885 rev.4 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02859 SSRT101144 rev.4 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX01219 SSRT4874 rev.3 - HP-UX Ignite-UX, Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01035681-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX00187 SSRT071400 rev.3 - HP-UX running JRE Bytecode Verifier, Remote Increased Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01035761-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02418 SSRT090002 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01706219-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02354 SSRT080113 rev.2 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01532861-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02435 SSRT090059 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01762423-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02450 SSRT090141 rev.3 - HP-UX ttrace(2), Local Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01832652-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02415 SSRT090023 rev.2 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01690019-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02075 SSRT051074 rev.6 - HP-UX Running xterm Local Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c00555516-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.13.2, 3.12.10, 3.10.29, 3.4.79, 2.6.34.15 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.10
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.79
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog-2.6.34.15

+ Microsoft Security Advisory (2915720) Changes in Windows Authenticode Signature Verification
http://technet.microsoft.com/en-us/security/advisory/2915720
http://technet.microsoft.com/ja-jp/security/advisory/2915720

+ Microsoft Security Advisory (2862973) Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/security/advisory/2862973
http://technet.microsoft.com/ja-jp/security/advisory/2862973

+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
http://technet.microsoft.com/en-us/security/advisory/2755801
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ 2014 年 2 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms14-feb

+ MS14-011 - 緊急 VBScript スクリプト エンジンの脆弱性により、リモートでコードが実行される (2928390)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-011

+ MS14-009 - 重要 .NET Framework の脆弱性により、特権が昇格される (2916607)
http://technet.microsoft.com/en-US/security/dn481339

+ MS14-008 - 緊急 Microsoft Forefront Protection for Exchange の脆弱性により、リモートでコードが実行される (2927022)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-008

+ MS14-007 - 緊急 Direct2D の脆弱性により、リモートでコードが実行される (2912390)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-007

+ MS14-006 - 重要 IPv6 の脆弱性により、サービス拒否が起こる (2904659)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-006

+ MS14-005 - 重要 Microsoft XML コア サービスの脆弱性により、情報漏えいが起こる (2916036)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-005

+ SYM14-003 セキュリティ アドバイザリー - Symantec Web Gateway の管理コンソールに複数のセキュリティ問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00

+ SYM14-002 セキュリティ アドバイザリー - Symantec Encryption Management Server の Web Email Protection におけるユーザーの電子メール表示の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00

+ HS14-005 Vulnerability about JAXP in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-005/index.html

+ HS14-005 CosminexusにおけるJAXPの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-005/index.html

+ Apache POI 3.10-FINAL available
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

+ Apache Tomcat 6.0.39 released
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39

+ Dovecot 2.2.11 released
http://www.dovecot.org/list/dovecot-news/2014-February/000269.html

+ libpng 1.6.9 released
http://www.libpng.org/pub/png/src/libpng-1.6.9-README.txt

+ OpenSSH 6.5 released
http://www.openssh.com/

+ MySQL 5.5.36, 5.6.16 released
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-16.html

+ PHP 5.5.9 5.4.25 Released!
http://www.php.net/archive/2014.php#id2014-02-05-4
http://www.php.net/archive/2014.php#id2014-02-06-1

+ sudo 1.8.9p5 released
http://www.sudo.ws/sudo/stable.html#1.8.9p5

DLP Gateway enters Bypass mode when the hard disk is full
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98475&src=securityAlerts

Security enhancements for 600 / 1100 Appliance and Security Gateway 80
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98332&src=securityAlerts

pgBadger 5: Analyze your logs daily with the incremental mode
http://www.postgresql.org/about/news/1505/

DBD::Pg 3.0.0 released
http://www.postgresql.org/about/news/1503/

Barman 1.3.0 released
http://www.postgresql.org/about/news/1502/

PGConf NYC 2014 Schedule Announced & Registration Open
http://www.postgresql.org/about/news/1501/

VU#727318 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS)
http://www.kb.cert.org/vuls/id/727318