14日 月曜日、大安

+ phpMyAdmin 4.1.13 released
http://sourceforge.net/p/phpmyadmin/news/2014/04/phpmyadmin-4113-is-released/

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239375-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239372-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04236102-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04236062-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0003.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210

+ MySQL 5.6.18 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-18.html

+ Juniper Junos IGMP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0614

+ Juniper Junos Input Validation Flaw in J-Web Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2711

+ Juniper Junos SRX Series Enhanced Web Filtering Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2714

+ Juniper Junos MX Series and T4000 IP Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2713

+ Juniper Junos Input Validation Flaw in J-Web Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2712

+ Juniper Junos Branch SRX Series Dynamic VPN Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1030057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0612

+ VMware vSphere Client Bugs Let Remote Users Execute Arbitrary Code and Spoof Servers
http://www.securitytracker.com/id/1030055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210

+ SA57891 VMware vSphere Client Update Spoofing Vulnerability
http://secunia.com/advisories/57891/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209

+ SA57885 VMware vSphere Client Two Spoofing Vulnerabilities
http://secunia.com/advisories/57885/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1210

+ SA57881 LibreOffice OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/57881/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ SA57730 Linux Kernel RDMA MAC Resolve Random Memory Pointer Dereference Denial of Service Vulnerability
http://secunia.com/advisories/57730/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2739

+ LOCAL: Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit
http://www.exploit-db.com/exploits/32813

+ OpenSSL use-after-free race condition read buffer
http://cxsecurity.com/issue/WLB-2014040079

+ VMware Workstation / Player Invalid Pointer Dereference
http://cxsecurity.com/issue/WLB-2014040078

+ Linux Kernel net/ping refcount issue in ping_init_sock() function
http://cxsecurity.com/issue/WLB-2014040072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851

+ Mac OS X Lion Kernel <= xnu-1699.32.7 NFS Mount Local Root
http://cxsecurity.com/issue/WLB-2014040070

+ OpenSSL information leak client/server exploit
http://cxsecurity.com/issue/WLB-2014040061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Linux Kernel 'ping_init_sock()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/66779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851

+ Linux Kernel Random Memory Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/66775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2739

+ Juniper Junos J-Web CVE-2014-2712 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/66767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2712

+ Juniper Junos CVE-2014-2713 Denial of Service Vulnerability
http://www.securityfocus.com/bid/66764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2713

+ Juniper Junos CVE-2014-0614 Denial of Service Vulnerability
http://www.securityfocus.com/bid/66762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0614

+ Juniper Junos J-Web CVE-2014-2711 HTML Injection Vulnerability
http://www.securityfocus.com/bid/66770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2711

定期サーバメンテナンスのお知らせ（2014/4/18）
http://app.trendmicro.co.jp/support/news.asp?id=2111

KADOKAWA、2度の不正アクセス被害で閉鎖していたサイトを3週間ぶりに再開
http://itpro.nikkeibp.co.jp/article/NEWS/20140411/550143/?ST=security

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

JVNVU#96484185 Microsoft Office file format converter にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU96484185/

JVN#47386847 SD Card Manager におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN47386847/

VU#901156 PivotX 2.3.8 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/901156

VU#251628 Amtelco miSecureMessages app lacks authentication
http://www.kb.cert.org/vuls/id/251628

VU#667340 Fortinet FortiADC contains a cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/667340

VU#939260 ZyXEL Wireless N300 NetUSB Router NBG-419N devices contain multiple
http://www.kb.cert.org/vuls/id/939260