2014年4月17日木曜日

17日 木曜日、友引

+ RHSA-2014:0406 Critical: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2014-0406.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427

+ RHSA-2014:0408 Important: java-1.6.0-openjdk security and bug fix update
http://rhn.redhat.com/errata/RHSA-2014-0408.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427

+ CESA-2014:0408 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/594994/

+ CESA-2014:0408 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/594995/

+ CESA-2014:0406 Critical CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/594996/

+ CESA-2014:0407 Important CentOS 5 java-1.7.0-openjdk Update
http://lwn.net/Alerts/594997/

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04239374-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU02996 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access, Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04026039-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6218

+ HPSBNS03003 rev.1 - HP NonStop Volume Level Encryption (VLE) running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04242672-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ RHSA-2014:0407 Important: java-1.7.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2014-0407.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427

+ VMware Workstation and Player IOCTL Pointer Dereference Lets Local Users Deny Service
http://www.securitytracker.com/id/1030103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2384

+ MySQL Multiple Bugs Let Remote Authenticated Users Partially Access and Modify Data and Remote Users Partially Deny Service
http://www.securitytracker.com/id/1030102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2451

+ REMOTE: MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
http://www.exploit-db.com/exploits/32904

+ OpenSSL 1.0.1 Missing critical flag for extended key usage
http://cxsecurity.com/issue/WLB-2014040111

+ Microsoft Internet Explorer CMarkup Use-After-Free Metasploit
http://cxsecurity.com/issue/WLB-2014040108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

+ OpenSSL use-after-free race condition read buffer
http://cxsecurity.com/issue/WLB-2014040079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298

+ Apache HTTPD 2.2.22/ModSecurity 2.7.5 bypass RequestHeader unset
http://cxsecurity.com/issue/WLB-2014040107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5705

JVNDB-2014-000041 Redmine におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000041.html

東京地裁がMTGOXの再生手続開始の申立てを棄却、破産手続きへ
http://itpro.nikkeibp.co.jp/article/NEWS/20140417/551102/?ST=security

Javaに危険な脆弱性が複数、最新版にアップデートを
http://itpro.nikkeibp.co.jp/article/NEWS/20140416/551064/?ST=security

2013年は大規模データ侵害の年、シマンテックがセキュリティ脅威発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140416/551026/?ST=security

OpenSSLの「心臓出血」脆弱性、被害報告が相次ぐ
http://itpro.nikkeibp.co.jp/article/NEWS/20140416/550986/?ST=security

2014年4月 Oracle Java SE のクリティカルパッチアップデートに関する注意喚起
http://www.jpcert.or.jp/at/2014/at140017.html

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/index.html

JVNVU#800113 複数の DNS 実装にキャッシュポイズニングの脆弱性
http://jvn.jp/vu/JVNVU800113/index.html

JVN#93004610 Redmine におけるオープンリダイレクトの脆弱性
http://jvn.jp/jp/JVN93004610/index.html

VU#495476 Openfire contains an uncontrolled resource consumption vulnerability
http://www.kb.cert.org/vuls/id/495476

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)