:: IT Security Neophyte Investigator's MEMO ::: 13日木曜日、友引

2014年2月13日木曜日

13日木曜日、友引

+ MantisBT 1.2.16 Released
http://www.mantisbt.org/blog/?p=275

+ RHSA-2014:0164 Moderate: mysql security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0164.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437

+ RHSA-2014:0159 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0159.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265

+ RHSA-2014:0151 Low: wget security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0151.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2252

+ RHSA-2014:0139 Moderate: pidgin security update
http://rhn.redhat.com/errata/RHSA-2014-0139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020

+ RHSA-2014:0133 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2014-0133.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487

+ RHSA-2014:0132 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2014-0132.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1487

+ RHSA-2014:0127 Moderate: librsvg2 security update
http://rhn.redhat.com/errata/RHSA-2014-0127.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1881

+ RHSA-2014:0126 Moderate: openldap security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0126.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449

+ About the security content of Boot Camp 5.1
http://support.apple.com/kb/HT6126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1253

+ Google Chrome 32.0.1700.107 released
http://googlechromereleases.blogspot.jp/2014/02/stable-channel-update.html

+ MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects
http://www.mozilla.org/security/announce/2014/mfsa2014-13.html

+ MFSA 2014-12 NSS ticket handling issues
http://www.mozilla.org/security/announce/2014/mfsa2014-12.html

+ MFSA 2014-11 Crash when using web workers with asm.js
http://www.mozilla.org/security/announce/2014/mfsa2014-11.html

+ MFSA 2014-10 Firefox default start page UI content invokable by script
http://www.mozilla.org/security/announce/2014/mfsa2014-10.html

+ MFSA 2014-09 Cross-origin information leak through web workers
http://www.mozilla.org/security/announce/2014/mfsa2014-09.html

+ MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing
http://www.mozilla.org/security/announce/2014/mfsa2014-08.html

+ MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy
http://www.mozilla.org/security/announce/2014/mfsa2014-07.html

+ MFSA 2014-06 Profile path leaks to Android system log
http://www.mozilla.org/security/announce/2014/mfsa2014-06.html

+ MFSA 2014-05 Information disclosure with *FromPoint on iframes
http://www.mozilla.org/security/announce/2014/mfsa2014-05.html

+ MFSA 2014-04 Incorrect use of discarded images by RasterImage
http://www.mozilla.org/security/announce/2014/mfsa2014-04.html

+ MFSA 2014-03 UI selection timeout missing on download prompts
http://www.mozilla.org/security/announce/2014/mfsa2014-03.html

+ MFSA 2014-02 Clone protected content with XBL scopes
http://www.mozilla.org/security/announce/2014/mfsa2014-02.html

+ MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
http://www.mozilla.org/security/announce/2014/mfsa2014-01.html

+ Security update available for Adobe Shockwave Player
http://helpx.adobe.com/security/products/shockwave/apsb14-06.html

+ Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html

+ CESA-2014:X004 Moderate Xen4CentOS xen Security Update
http://lwn.net/Alerts/585698/

+ CESA-2014:X005 Moderate Xen4CentOS kernel Security Update
http://lwn.net/Alerts/585699/

+ CESA-2014:0159 Important CentOS 6 kernel Update
http://lwn.net/Alerts/585700/

+ CESA-2014:0151 Low CentOS 6 wget Update
http://lwn.net/Alerts/585382/

+ CESA-2014:0132 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/584235/

+ CESA-2014:0132 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/584236/

+ CESA-2014:0133 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/584238/

+ CESA-2014:0133 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/584239/

+ CESA-2014:0139 Moderate CentOS 6 pidgin Update
http://lwn.net/Alerts/584517/

+ CESA-2014:0139 Moderate CentOS 5 pidgin Update
http://lwn.net/Alerts/584518/

+ CESA-2014:0127 Moderate CentOS 6 librsvg2 Update
http://lwn.net/Alerts/584130/

+ CESA-2014:0126 Moderate CentOS 6 openldap Update
http://lwn.net/Alerts/584131/

+ CESA-2014:0127 Moderate CentOS 6 librsvg2 Update
http://lwn.net/Alerts/584237/

+ CESA-2014:0108 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/583977/

+ MFSA 2014-14 Script execution in HTML mail replies
http://www.mozilla.org/security/announce/2014/mfsa2014-14.html

+ phpMyAdmin 4.1.7 is released
http://sourceforge.net/p/phpmyadmin/news/2014/02/phpmyadmin-417-is-released/

+ squid-3.4.3 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ UPDATE: HPSBHF02885 rev.4 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03787836-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02859 SSRT101144 rev.4 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX01219 SSRT4874 rev.3 - HP-UX Ignite-UX, Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01035681-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX00187 SSRT071400 rev.3 - HP-UX running JRE Bytecode Verifier, Remote Increased Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01035761-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02418 SSRT090002 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01706219-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02354 SSRT080113 rev.2 - HP-UX Running Netscape / Red Hat Directory Server, Remote Cross Site Scripting (XSS) or Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01532861-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02435 SSRT090059 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Bypass Security Restrictions
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01762423-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02450 SSRT090141 rev.3 - HP-UX ttrace(2), Local Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01832652-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02415 SSRT090023 rev.2 - HP-UX Running PAM Kerberos, Local Privilege Escalation, Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c01690019-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBUX02075 SSRT051074 rev.6 - HP-UX Running xterm Local Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c00555516-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.13.2, 3.12.10, 3.10.29, 3.4.79, 2.6.34.15 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.10
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.79
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.34/ChangeLog-2.6.34.15

+ Microsoft Security Advisory (2915720) Changes in Windows Authenticode Signature Verification
http://technet.microsoft.com/en-us/security/advisory/2915720
http://technet.microsoft.com/ja-jp/security/advisory/2915720

+ Microsoft Security Advisory (2862973) Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
http://technet.microsoft.com/en-us/security/advisory/2862973
http://technet.microsoft.com/ja-jp/security/advisory/2862973

+ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
http://technet.microsoft.com/en-us/security/advisory/2755801
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ 2014 年 2 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms14-feb

+ MS14-011 - 緊急 VBScript スクリプトエンジンの脆弱性により、リモートでコードが実行される (2928390)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-011

+ MS14-009 - 重要 .NET Framework の脆弱性により、特権が昇格される (2916607)
http://technet.microsoft.com/en-US/security/dn481339

+ MS14-008 - 緊急 Microsoft Forefront Protection for Exchange の脆弱性により、リモートでコードが実行される (2927022)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-008

+ MS14-007 - 緊急 Direct2D の脆弱性により、リモートでコードが実行される (2912390)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-007

+ MS14-006 - 重要 IPv6 の脆弱性により、サービス拒否が起こる (2904659)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-006

+ MS14-005 - 重要 Microsoft XML コアサービスの脆弱性により、情報漏えいが起こる (2916036)
https://technet.microsoft.com/ja-jp/security/bulletin/ms14-005

+ SYM14-003 セキュリティアドバイザリー - Symantec Web Gateway の管理コンソールに複数のセキュリティ問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140210_00

+ SYM14-002 セキュリティアドバイザリー - Symantec Encryption Management Server の Web Email Protection におけるユーザーの電子メール表示の問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00

+ HS14-005 Vulnerability about JAXP in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-005/index.html

+ HS14-005 CosminexusにおけるJAXPの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-005/index.html

+ Apache POI 3.10-FINAL available
http://www.apache.org/dist/poi/release/RELEASE-NOTES.txt

+ Apache Tomcat 6.0.39 released
http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.39

+ Dovecot 2.2.11 released
http://www.dovecot.org/list/dovecot-news/2014-February/000269.html

+ libpng 1.6.9 released
http://www.libpng.org/pub/png/src/libpng-1.6.9-README.txt

+ OpenSSH 6.5 released
http://www.openssh.com/

+ MySQL 5.5.36, 5.6.16 released
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-16.html

+ PHP 5.5.9 5.4.25 Released!
http://www.php.net/archive/2014.php#id2014-02-05-4
http://www.php.net/archive/2014.php#id2014-02-06-1

+ sudo 1.8.9p5 released
http://www.sudo.ws/sudo/stable.html#1.8.9p5

DLP Gateway enters Bypass mode when the hard disk is full
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98475&src=securityAlerts

Security enhancements for 600 / 1100 Appliance and Security Gateway 80
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98332&src=securityAlerts

pgBadger 5: Analyze your logs daily with the incremental mode
http://www.postgresql.org/about/news/1505/

DBD::Pg 3.0.0 released
http://www.postgresql.org/about/news/1503/

Barman 1.3.0 released
http://www.postgresql.org/about/news/1502/

PGConf NYC 2014 Schedule Announced & Registration Open
http://www.postgresql.org/about/news/1501/

VU#727318 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS)
http://www.kb.cert.org/vuls/id/727318

:: IT Security Neophyte Investigator's MEMO ::

2014年2月13日木曜日

13日木曜日、友引

0 件のコメント:

コメントを投稿

2014年2月13日木曜日

13日 木曜日、友引

0 件のコメント:

コメントを投稿

13日木曜日、友引