2014年4月28日月曜日

28日 月曜日、先勝

+ MantisTouch 1.3.2 released
http://www.mantisbt.org/blog/?p=293

+ CESA-2014:0433 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/596215/

+ PDFCreator 1.7.3 released
http://www.pdfforge.org/blog/pdf-architect-20-and-pdfcreator-173-released

+ phpMyAdmin 4.1.14 released
http://sourceforge.net/p/phpmyadmin/news/2014/04/phpmyadmin-4114-has-been-released/

+ UPDATE: HPSBGN03010 rev.2 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04250814-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03025 rev.1 - HP Diagnostics running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267775-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03023 rev.1 - HP BladeSystem c-Class Virtual Connect Support Utility (VCSU) running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04264271-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03022 rev.1 - HP Systems Insight Manager (SIM) Bundled Software running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263236-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU03017 rev.2 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260456-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Linux kernel 3.14.2, 3.10.38, 3.4.88 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.88

+ Struts 2.3.16.2 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23162.html

+ Microsoft Internet Explorer Object Access Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

+ VU#222929 Microsoft Internet Explorer use-after-free vulnerability
http://www.kb.cert.org/vuls/id/222929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

+ VU#719225 Apache Struts2 ClassLoader allows access to class properties via request parameters
http://www.kb.cert.org/vuls/id/719225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094

+ DoS/PoC: Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC
http://www.exploit-db.com/exploits/33056

+ Ubuntu 14.04 security problem in the lock screen
http://cxsecurity.com/issue/WLB-2014040176

+ Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC
http://cxsecurity.com/issue/WLB-2014040178

+ Mac OS X 10.7 Lion x64 NFS Mount Privilege Escalation
http://cxsecurity.com/issue/WLB-2014040174

+ SA57908 Microsoft Internet Explorer Use-After-Free Vulnerability
http://secunia.com/advisories/57908/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776

JVNDB-2014-000045 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000045.html

国税庁がStruts脆弱性で確定申告書作成サービス停止、「再開までは手書きで」
http://itpro.nikkeibp.co.jp/article/NEWS/20140425/553462/?ST=security

「Strutsの脆弱性を突く攻撃を検知、早急な対策を」、ラック西本専務
http://itpro.nikkeibp.co.jp/article/NEWS/20140425/553442/?ST=security

Google、MS、Facebookなど大手IT企業、Heartbleed再発防止を支援
http://itpro.nikkeibp.co.jp/article/NEWS/20140425/553266/?ST=security

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

JVNVU#90945962 POCO C++ Libraries の NetSSL ライブラリにおけるワイルドカード証明書を適切に検証しない脆弱性
http://jvn.jp/vu/JVNVU90945962/

JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

REMOTE: Kolibri 2.0 GET Request - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33027

LOCAL: JRuby Sandbox 0.2.2 - Sandbox Escape
http://www.exploit-db.com/exploits/33028

PoC/DoS: cFos Personal Net 3.09 - Remote Heap Memory Corruption Denial of Service
http://www.exploit-db.com/exploits/33018

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)