19日 水曜日、友引

+ RHSA-2014:0185 Moderate: openswan security update
http://rhn.redhat.com/errata/RHSA-2014-0185.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466

+ ISC BIND 9.9.5-W1, 9.8.7-W1 released
https://kb.isc.org/article/AA-01134/81/BIND-9.9.5-W1-Release-Notes.html
https://kb.isc.org/article/AA-01135/81/BIND-9.8.7-W1-Release-Notes.html

+ ISC DHCP 4.3.0, 4.2.6, 4.1-ESV-R9 released
https://deepthought.isc.org/article/AA-01117/82/DHCP-4.3.0-Release-Notes.html
https://deepthought.isc.org/article/AA-01116/82/DHCP-4.2.6-Release-Notes.html
https://deepthought.isc.org/article/AA-01115/82/DHCP-4.1-ESV-R9-Release-Notes.html

+ RHSA-2014:0186 Moderate: mysql55-mysql security update
http://rhn.redhat.com/errata/RHSA-2014-0186.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0437

+ RHSA-2014:0185 Moderate: openswan security update
http://rhn.redhat.com/errata/RHSA-2014-0185.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466

+ Samba 4.0.15 Available for Download
http://samba.org/samba/history/samba-4.0.15.html

+ Sendmail 8.14.8 released
http://sendmail.com/sm/open_source/download/8.14.8/

+ RSAが偽スマホアプリを監視して削除する代行サービス開始、国内企業に被害事例も
http://itpro.nikkeibp.co.jp/article/NEWS/20140218/537422/?ST=security

+ JVNVU#91275940 Microsoft XML DOM ActiveX コントロールに情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU91275940/index.html

+ REMOTE: Oracle Forms and Reports Remote Code Execution
http://www.exploit-db.com/exploits/31737

+ SA56997 Cisco Email Security Appliance Web Framework Cross-Site Scripting Vulnerability
http://secunia.com/advisories/56997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3396

+ PHP 5.5.8 imagecrop() Heap Overflow Vulnerability
http://cxsecurity.com/issue/WLB-2014020148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2020

+ Oracle Forms / Reports Remote Code Execution
http://cxsecurity.com/issue/WLB-2014020146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3153

+ Linux Kernel '/fs/cifs/file.c' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/65588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069

Advisory: Sophos Endpoint Security and Control version 10.3.7
http://www.sophos.com/en-us/support/knowledgebase/120492.aspx

VU#656302 Belkin Wemo Home Automation devices contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/656302