2014年5月7日水曜日

7日 水曜日、赤口

+ Opera 21 released
http://www.opera.com/docs/changelogs/unified/2100/

+ squid 3.4.5 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: HPSBGN03010 rev.4 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04250814-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBGN03034 rev.1 - HP OneView, Remote Elevation of Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04273152-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2602

+ HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04275280-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBMU03033 rev.2 - HP Insight Control Software Components running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04272892-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU03024 rev.2 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267749-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU03018 rev.2 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260505-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02987 rev.2 - HP Universal Configuration Management Database Integration Service, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04219959-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBMU02967 rev.3 - HP Unified Functional Testing Running on Windows, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04122007-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBNS03003 rev.4 - HP NonStop Volume Level Encryption (VLE) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04242672-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBST03027 rev.1 - HP StoreVirtual 4000 Storage and HP P4000 G2 Storage using HP System Management Homepage (SMH) running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04273303-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ UPDATE: HPSBST03004 rev.2 - HP IBRIX X9320 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04264595-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.14.3, 3.10.39, 3.4.89 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.89

+ Apache Ant 1.9.4 Released
http://ant.apache.org/bindownload.cgi

+ Apache Struts 2.3.16.3 GA
http://struts.apache.org/announce.html

+ PHP 5.4.28 Released
http://www.php.net/ChangeLog-5.php#5.4.28

+ Linux Kernel PTY Write Buffer Race Condition Lets Local Users Deny Service and Potentially Gain Elevated Privileges
http://www.securitytracker.com/id/1030192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ OpenSSL Null Pointer Dereference in do_ssl3_write() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

+ PHP FastCGI Process Manager Socket Permission Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185

+ REMOTE: Adobe Flash Player Integer Underflow Remote Code Execution
http://www.exploit-db.com/exploits/33212

+ LOCAL: Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
http://www.exploit-db.com/exploits/33213

+ SA58416 Opera Multiple Vulnerabilities
http://secunia.com/advisories/58416/

+ SA58412 Apache Struts CookieInterceptor ClassLoader Manipulation Vulnerability
http://secunia.com/advisories/58412/

+ SA58490 Kaspersky PURE RPC Server "call_table_ref" Use-After-Free Vulnerability
http://secunia.com/advisories/58490/

+ SA58489 Kaspersky Internet Security OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/58489/

+ SA58297 OpenSSL "do_ssl3_write()" NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/58297/

+ SA58091 Linux Kernel "try_to_unmap_cluster()" Denial of Service Vulnerability
http://secunia.com/advisories/58091/

+ Linux Kernel pty layer race condition memory corruption
http://cxsecurity.com/issue/WLB-2014050029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196

+ Struts 2.3.16.3 Manipulation Fix
http://cxsecurity.com/issue/WLB-2014050026

+ Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
http://cxsecurity.com/issue/WLB-2014050024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1300

+ Adobe Flash Player Integer Underflow Remote Code Execution
http://cxsecurity.com/issue/WLB-2014050023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0497

+ OpenSSL NULL pointer dereference in do_ssl3_write
http://cxsecurity.com/issue/WLB-2014050016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

+ Apache Struts ClassLoader Manipulation Remote Code Execution
http://cxsecurity.com/issue/WLB-2014050014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

+ Linux Kernel mm/try_to_unmap_cluster() should lock_page() before mlocking
http://cxsecurity.com/issue/WLB-2014050009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122

+ Google Chrom 34.0.1847.131 m 32-bit DLL Order Hijacking
http://cxsecurity.com/issue/WLB-2014050004

+ Apache Struts 'CookieInterceptor' Security Bypass Vulnerability
http://www.securityfocus.com/bid/67218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0116

+ PHP 'php-fpm' and 'php-cgi' Denial of Service Vulnerability
http://www.securityfocus.com/bid/67217

+ OpenSSL 'so_ssl3_write()' Function NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/67193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198

緊急サーバメンテナンスのお知らせ(2014/5/5)
http://app.trendmicro.co.jp/support/news.asp?id=2122

pgBadger 5.1 is out
http://www.postgresql.org/about/news/1520/

TeamPostgreSQL 1.07 - free PostgreSQL web interface
http://www.postgresql.org/about/news/1518/

PostgresDAC 2.12.0 meets RAD Studio XE6!
http://www.postgresql.org/about/news/1519/

オープンソースOS「FreeBSD」のTCP処理に脆弱性、サービス停止の危険あり
http://itpro.nikkeibp.co.jp/article/NEWS/20140502/554423/?ST=security

「IEのゼロデイ脆弱性」を修正するパッチが緊急公開、Windows XPも対象
http://itpro.nikkeibp.co.jp/article/NEWS/20140502/554422/?ST=security

JVNVU#92280347 Internet Explorer に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU92280347/

JVNVU#94205147 Google 検索アプライアンス ダイナミック ナビゲーションにクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU94205147/

0 件のコメント:

コメントを投稿