2014年5月13日火曜日

13日 火曜日、赤口

+ Moziila Firefox 29.0.1 released
http://www.mozilla.org/en-US/firefox/29.0.1/releasenotes/

+ CESA-2014:0475 Important CentOS 6 kernel Update
http://lwn.net/Alerts/598003/

+ BIND 9.10.0-P1 released
https://kb.isc.org/article/AA-01162/81/BIND-9.10.0-P1-Release-Notes.html

+ CVE-2014-3214: A Defect in Prefetch Can Cause Recursive Servers to Crash
https://kb.isc.org/article/AA-01161/0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ HPSBHF02946 rev.1 - HP Servers with NVIDIA GPU Computing Driver, Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04036775-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5987

+ UPDATE: HPSBMU02931 rev.2 - HP Service Manager、任意コードの注入、遠隔権限昇格、権限情報の遠隔開示、およびクロスサイトスクリプティング (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03995275-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBPI03031 rev.2 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04272043-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03016 rev.3 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263038-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBST03038 rev.1 - HP H-series Fibre Channel Switches, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04277407-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2603

+ UPDATE: HPSBST03015 rev.3 - HP 3PAR OS running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04261644-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.12.19 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.19

+ CVE-2013-4242 Information Disclosure vulnerability in libgcrypt
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4242_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4242

+ CVE-2006-4810 Buffer overflow vulnerability in Texinfo
https://blogs.oracle.com/sunsecurity/entry/cve_2006_4810_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810

+ SYM14-009 Security Advisories Relating to Symantec Products - Symantec Workspace Streaming XMLRPC Unauthenticated Access
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00

+ Dovecot 2.2.13 released
http://www.dovecot.org/list/dovecot-news/2014-May/000273.html

+ Symantec Workspace Streaming XMLRPC Processing Flaw Lets Remote Users Access and Upload Files on the Target System
http://www.securitytracker.com/id/1030222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ REMOTE: Adobe Flash Player Shader Buffer Overflow
http://www.exploit-db.com/exploits/33333

+ SA58599 Trend Micro OfficeScan OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/58599/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Linux Kernel 3.14.3 /dev/fd gain privileges
http://cxsecurity.com/issue/WLB-2014050059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ Linux Kernel 3.14.3 filter prevent nla extensions
http://cxsecurity.com/issue/WLB-2014050058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ Linux Kernel 'raw_cmd_copyin()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737

+ Linux Kernel 'raw_cmd_copyout()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ Linux Kernel 'filter.c' CVE-2014-3144 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/67309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144

+ Symantec Workspace Streaming XMLRPC Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/67189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1649

+ Linux Kernel 'filter.c' CVE-2014-3145 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/67321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145

+ ISC BIND Recursive Nameservers Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/67311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214

Trend Micro Smart Protection Server 3.0 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2121

「暗証番号を入力するだけで不正送金完了」、三井住友銀行が注意喚起
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556182/?ST=security

ソリトンがWindowsストアアプリも監視できるPC操作ログソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556164/?ST=security

キヤノンITがメールフィルタリング製品に仮想アプライアンス版
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556152/?ST=security

Twitter、SMSを使ったパスワードリセット手段を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20140512/556030/?ST=security

Snapchat、ユーザーを欺いたとする問題でFTCと和解
http://itpro.nikkeibp.co.jp/article/NEWS/20140509/555562/?ST=security

JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

JVNVU#98181377 CENTUM を含む複数の YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98181377/

REMOTE: Easy Chat Server 3.1 - Stack Buffer Overflow
http://www.exploit-db.com/exploits/33326

REMOTE: Yokogawa CS3000 BKESimmgr.exe Buffer Overflow
http://www.exploit-db.com/exploits/33331

DoS/PoC: Skybox Security 6.3.x - 6.4.x - Multiple Denial Of Service Issue
http://www.exploit-db.com/exploits/33328

0 件のコメント:

コメントを投稿