31日 月曜日、先負

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04352674-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2613

+ HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04349897-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04349789-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux kernel 3.15.2 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2

+  FreeBSD-9.3 RC2 released
http://www.freebsd.org/news/newsflash.html#event20140628:01

+ PHP 5.5.14 is released
http://www.php.net/archive/2014.php#id2014-06-27-1

+ Linux Kernel aio_read_events_ring() Bugs Let Local Users Obtain Kernel Memory
http://www.securitytracker.com/id/1030479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206

+ Linux Kernel Floppy Driver Bugs Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ SA59560 Linux Kernel "__do_follow_link()" Denial of Service Vulnerability
http://secunia.com/advisories/59560/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0203

+ SA59575 PHP Multiple Vulnerabilities
http://secunia.com/advisories/59575/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049

+ SA58128 Trend Micro Multiple Products OpenSSL SSL/TLS Handshakes Security Issue
http://secunia.com/advisories/58128/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ SA58385 Trend Micro Deep Security OpenSSL SSL/TLS Handshakes Security Issue
http://secunia.com/advisories/58385/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ SA59383 Trend Micro ServerProtect for Linux OpenSSL SSL/TLS Handshakes Security Issue
http://secunia.com/advisories/59383/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux Kernel sctp sk_ack_backlog wrap-around problem
http://cxsecurity.com/issue/WLB-2014060154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

+ MS13-097 Registry Symlink IE Sandbox Escape
http://cxsecurity.com/issue/WLB-2014060150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5045

+ MS14-009 .NET Deployment Service IE Sandbox Escape
http://cxsecurity.com/issue/WLB-2014060152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0257

+ Linux Kernel 'sctp_association_free()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/68224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

複雑化するセキュリティ、あなたに迫る脅威
http://itpro.nikkeibp.co.jp/article/COLUMN/20140620/565684/?ST=security

【複雑化するセキュリティ、あなたに迫る脅威】
第1回　攻撃対象は家電や社内機器も、根本的な対策の見直しが必須に
http://itpro.nikkeibp.co.jp/article/COLUMN/20140620/565685/?ST=security

「スカパー！」が顧客管理システム障害で全手続きを停止、個人情報漏洩も
http://itpro.nikkeibp.co.jp/article/NEWS/20140627/567324/?ST=security

Google I/Oの陰で忘れてはいけない「忘れられる権利」
http://itpro.nikkeibp.co.jp/article/COLUMN/20140627/567142/?ST=security

ITproまとめ日経コンピュータ
リスト型アカウントハッキング
http://itpro.nikkeibp.co.jp/article/COLUMN/20140625/566582/?ST=security

REMOTE: chkrootkit 0.49 - Local Root Vulnerability
http://www.exploit-db.com/exploits/33899

REMOTE: check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Condition Exploit
http://www.exploit-db.com/exploits/33904

27日 金曜日、赤口

+ CESA-2014:0790 Moderate CentOS 6 dovecot Update
http://lwn.net/Alerts/603595/

+ CESA-2014:0788 Important CentOS 6 mod_wsgi Update
http://lwn.net/Alerts/603596/

+ phpMyAdmin 4.2.5 is released
http://sourceforge.net/p/phpmyadmin/news/2014/06/phpmyadmin-425-is-released/

+ Squid 3.4.5 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04351097-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.14.9, 3.10.45, 3.4.95 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.9
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.45
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.95

+ Tomcat 8.0.9 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

+ Eclipse Luna (4.4) released
http://eclipse.org/org/press-release/20140625_luna_release_train.php

+ PHP 5.4.30 released
http://www.php.net/archive/2014.php#id2014-06-26-1

+ PgBackMan 1.0.0 released
http://www.postgresql.org/about/news/1530/

+ Cisco IOS IPSec Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1030473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3299

+ Symantec Data Insight Input Validation Flaw in Management Console Permits Cross-Site Scripting and HTML Injection Attacks
http://www.securitytracker.com/id/1030472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3433

+ Sophos Antivirus 9.5.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2014060143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2385

+ SA59278 Linux Kernel "aio_read_events_ring()" Information Disclosure Vulnerability
http://secunia.com/advisories/59278/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206

+ Linux Kernel 'control.c' File Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68164

+ Linux Kernel Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/68162

+ Linux Kernel LZO Implementation 'lzo1x_decompress_safe.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608

世界のセキュリティ・ラボから日経コミュニケーション
Apple IDハッキング、iPhoneが人質に
http://itpro.nikkeibp.co.jp/article/COLUMN/20140626/566925/?ST=security

管理者が指定した不審ファイルを自動的に削除、DTIが新ソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20140626/566977/?ST=security

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/

26日 木曜日、先負

+ RHSA-2014:0790 Moderate: dovecot security update
https://rhn.redhat.com/errata/RHSA-2014-0790.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3430

+ RHSA-2014:0788 Important: mod_wsgi security update
https://rhn.redhat.com/errata/RHSA-2014-0788.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0242

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ HPSBMU03054 rev.1 - HP Server Automation running OpenSSL, Remote Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04348873-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04347711-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ UPDATE: HPSBUX02960 SSRT101419改訂版2 － NTP を実行する HP-UX、リモート サービス拒否 (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04093819-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.12.23 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.23

+ SYM14-012 Security Advisories Relating to Symantec Products - Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00

+ VMSA-2014-0007 VMware product updates address security vulnerabilities in Apache Struts library
http://www.vmware.com/security/advisories/VMSA-2014-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

+ Sophos Anti-Virus Input Validation Flaw in Configuration Console Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2385

+ DoS/PoC: Internet Explorer 8, 9 & 10 - CInput Use-After-Free (MS14-035) - Crash PoC
http://www.exploit-db.com/exploits/33860/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0282

+ SA59492 VMware vCenter Orchestrator (vCO) Denial of Service Vulnerability
http://secunia.com/advisories/59492/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050

+ SA59500 VMware vCenter Operations Manager (vCOps) Two Vulnerabilities
http://secunia.com/advisories/59500/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

+ phpMyAdmin 4.2.3 XSS
http://cxsecurity.com/issue/WLB-2014060139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4349

+ Linux kernel 3.15.1 sensitive information leak
http://cxsecurity.com/issue/WLB-2014060138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206

+ Samba 4.1.8 remote Denial of Service
http://cxsecurity.com/issue/WLB-2014060137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244

+ FreeBSD 'iconv_open' Function Remote Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/68178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3951

+ Symantec Data Insight Management Console CVE-2014-3433 HTML Injection Vulnerability
http://www.securityfocus.com/bid/68161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3433

+ Symantec Data Insight Management Console CVE-2014-3432 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/68160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3432

JVNDB-2014-000064 Web給金帳におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000064.html

JVNDB-2014-000063 Web給金帳におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000063.html

【企業内のネット接続機器、不適切な情報公開とその対策】
第4回　オフィス機器のセキュリティ対策、3つのポイント
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/562889/?ST=security

3週間で50万件超の不正ログイン、「リスト型攻撃」が止まらない
http://itpro.nikkeibp.co.jp/article/COLUMN/20140624/566362/?ST=security

夏季休暇中のシステム障害を電話で人が伝えてくれるサービス
http://itpro.nikkeibp.co.jp/article/NEWS/20140625/566664/?ST=security

企業が社員の個人ソーシャルメディアアカウントを監視する時代が来るか
http://itpro.nikkeibp.co.jp/article/COLUMN/20140625/566563/?ST=security

LINEやmixiの乗っ取りで被害者続出、友達関係までが突然終了
http://itpro.nikkeibp.co.jp/article/COLUMN/20140620/565702/?ST=security

REMOTE: Cogent DataHub Command Injection
http://www.exploit-db.com/exploits/33880

25日 水曜日、友引

+ FreeBSD-SA-14:16.file Multiple vulnerabilities in file(1) and libmagic(3)
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270

+ FreeBSD-SA-14:15.iconv iconv(3) NULL pointer dereference and out-of-bounds array access
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:15.iconv.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3951

+ FreeBSD Memory Errors in iconv(3) Let Remote Users Deny Service
http://www.securitytracker.com/id/1030458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3951

+ SA59421 Symantec Encryption Desktop Professional Insecure Temporary Files Security Issue
http://secunia.com/advisories/59421/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3431

+ SA59162 McAfee Multiple Products OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/59162/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ SA59066 JustSystems JUST Online Update Signature Verification Vulnerability
http://secunia.com/advisories/59066/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2003

+ Linux Kernel '/fs/aio.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/68176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0206

+ Linux Kernel 'control.c' Local Memory Corruption Vulnerabilit
http://www.securityfocus.com/bid/68165

Advisory: Issue with Sophos Disk Encryption when managed from Sophos Enterprise Console ? potentially missing authentication step when resuming a laptop from sleep mode
http://www.sophos.com/en-us/support/knowledgebase/121066.aspx

JVNDB-2014-000061 Sophos Disk Encryption における認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000061.html

JVNDB-2014-000062 WordPress 用プラグイン Login rebuilder におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000062.html

【企業内のネット接続機器、不適切な情報公開とその対策】
第3回　SHODANを自組織の検査で活用する手順
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/562888/?ST=security

REMOTE: D-Link authentication.cgi Buffer Overflow
http://www.exploit-db.com/exploits/33862

REMOTE: D-Link hedwig.cgi Buffer Overflow in Cookie Header
http://www.exploit-db.com/exploits/33863

REMOTE: AlienVault OSSIM av-centerd Command Injection
http://www.exploit-db.com/exploits/33865

OpenSSL: Team status changes including six new development team members
http://www.openssl.org/about/

24日 火曜日、先勝

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ HPSBMU03051 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04345210-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450

+ CVE-2013-1620 Lucky Thirteen vulnerability in NSS
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620

+ CVE-2014-0224 Cryptographic Issues vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2014-0224 Cryptographic Issues vulnerability in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Samba 4.1.9, 4.0.19 and 3.6.24 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.9.html

+ Samba smbd and nmbd Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1030455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ SA59433 Samba Denial of Service Vulnerabilities
http://secunia.com/advisories/59433/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ Linux Kernel 3.15.1 mm/shmem.c denial of service
http://cxsecurity.com/issue/WLB-2014060099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171

+ Linux kernel 2.6.32 local denial of service
http://cxsecurity.com/issue/WLB-2014060126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0203

+ Samba CVE-2014-3493 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

Bucardo 5 released
http://www.postgresql.org/about/news/1529/

【企業内のネット接続機器、不適切な情報公開とその対策】
第2回　検索サービスSHODANを使うと何が見えるのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/562887/?ST=security

はてなに約160万回の不正ログイン試行、Amazonギフト券交換3件は阻止
http://itpro.nikkeibp.co.jp/article/NEWS/20140623/566043/?ST=security

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

VU#849500 SpamTitan contains a reflected cross-site scripting (XSS) vulnerability
http://www.kb.cert.org/vuls/id/849500

23日 月曜日、赤口

+ CESA-2014:0771 Important CentOS 6 kernel Update
http://lwn.net/Alerts/602994/

+ phpMyAdmin 4.1.14.1 released
http://sourceforge.net/p/phpmyadmin/news/2014/06/phpmyadmin-41141-has-been-released/

+ PMASA-2014-3 Self-XSS due to unescaped HTML output in navigation items hiding feature
http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ SYM14-011 Security Advisories Relating to Symantec Products - Symantec Encryption Desktop for OS X World-Writable Files Insecure File Handling
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140620_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3431

+ UPDATE: Advisory: OpenSSL Security Advisory [05 Jun 2014]
http://www.sophos.com/en-us/support/knowledgebase/121108.aspx

+ FreeBSD-9.3 RC1 released
http://www.freebsd.org/news/newsflash.html#event20140621:01

+ LOCAL: Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
http://www.exploit-db.com/exploits/33824
2014-4014

+ Linux Kernel user namespace Local Privilege Escalation PoC
http://cxsecurity.com/issue/WLB-2014060120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

+ Linux Kernel user namespace bug
http://cxsecurity.com/issue/WLB-2014060069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

+ Symantec Encryption Desktop for OS X CVE-2014-3431 Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/68077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3431

JVNDB-2014-000060 Webmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000060.html

JVNDB-2014-000059 Webmin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000059.html

JVNDB-2014-000058 Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000058.html

JVNDB-2014-000057 Usermin における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000057.html

企業内のネット接続機器、不適切な情報公開とその対策
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/562885/?ST=security

企業内のネット接続機器、不適切な情報公開とその対策
第1回　狙われるオフィス機器、サーバー機能が脅威の温床に
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/562886/?ST=security

20日 金曜日、先負

+ RHSA-2014:0771 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0771.html
CVE-2013-6378
CVE-2014-0203
CVE-2014-1737
CVE-2014-1738
CVE-2014-1874
CVE-2014-2039
CVE-2014-3153

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Additional response to SSL/TLS MITM vulnerability (CVE-2014-0224)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101356&src=securityAlerts
CVE-2014-0224

+ PHP 5.6.0RC1 is available
http://www.php.net/archive/2014.php#id2014-06-19-1

+ Linux Kernel PI Futex Requeuing Bug Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030451
CVE-2014-3153

+ SA59337 Microsoft Products Malware Protection Engine File Parsing Denial of Service Vulnerability
http://secunia.com/advisories/59337/
CVE-2014-2779

ソフォスがUTMを刷新、性能向上で複数の機能を同時実行可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20140619/565467/?ST=security

脆弱性を見つけたら最大100万円謝礼、サイボウズが報奨金制度を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140619/565426/?ST=security

アズジェント、トレンドマイクロとサイバー攻撃の可視化サービス提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140619/565407/?ST=security

パロアルト、国内404社のサイバー攻撃の実態を報告
http://itpro.nikkeibp.co.jp/article/NEWS/20140619/565363/?ST=security

CDNetworksのウイルス被害、認証サーバーを介さずに直接改ざん
http://itpro.nikkeibp.co.jp/article/NEWS/20140619/565342/?ST=security

JVNVU#93510009 Belkin N150 におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU93510009/index.html

REMOTE: Ericom AccessNow Server Buffer Overflow
http://www.exploit-db.com/exploits/33817

19日 木曜日、友引

+ マイクロソフト セキュリティ アドバイザリ 2974294 Microsoft Malware Protection Engine の脆弱性により、サービス拒否が起こる
https://technet.microsoft.com/ja-jp/library/security/2974294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2779

+ HPSBOV03047 rev.1 - HP OpenVMS running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04337774-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux kernel 2.6.32.63 released
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.63

+ Linux Kernel shmem_fallocate() Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1030450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171

+ Symantec Web Gateway Bugs Permit Cross-Site Scripting, SQL Injection, and Command Injection Attacks
http://www.securitytracker.com/id/1030443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1652

+ SA58491 Trend Micro InterScan Messaging Security Virtual Appliance "addWhiteListDomainStr" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/58491/

+ SA59026 Juniper NetScreen ScreenOS IPv6 Packets and DNS Lookup Two Denial of Service Vulnerabilities
http://secunia.com/advisories/59026/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3814

+ SA59134 Linux Kernel SCSI Initiator I/O Operations Information Disclosure Vulnerability
http://secunia.com/advisories/59134/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027

+ Linux Kernel mm/shmem.c denial of service
http://cxsecurity.com/issue/WLB-2014060099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171

+ Symantec Web Gateway CVE-2013-5017 'SNMPConfig.php' Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/67752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5017

+ Linux Kernel CVE-2014-4014 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

+ Symantec Web Gateway CVE-2014-1651 SQL Injection Vulnerability
http://www.securityfocus.com/bid/67754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1651

+ Symantec Web Gateway CVE-2014-1652 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/67755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1652

+ Perl 'Email::Address' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/68084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0477

JVNDB-2014-000050 Android 版アプリ「JR東日本アプリ」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000050.html

巧妙化する標的型攻撃メール、事例で知るその手口ITpro
第4回　最近の標的型攻撃メールの対策例
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561870/?ST=security

LINEに不正ログイン攻撃で303件の被害確認、友だちに金品要求も
http://itpro.nikkeibp.co.jp/article/NEWS/20140618/565083/?ST=security

サムライズ、人に優しいパズル型CAPTCHAサービスを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20140618/565073/?ST=security

VU#774788 Belkin N150 path traversal vulnerability
http://www.kb.cert.org/vuls/id/774788

REMOTE: Rocket Servergraph Admin Center fileRequestor Remote Code Execution
http://www.exploit-db.com/exploits/33807

LOCAL: docker 0.11 VMM-container Breakout
http://www.exploit-db.com/exploits/33808

DoS/PoC: Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/33804

18日 水曜日、先勝

+ nginx-1.7.2 mainline version has been released
http://nginx.org/en/CHANGES

+ CESA-2014:X008 Moderate: Xen4CentOS xen Security Update
http://lwn.net/Alerts/602532/

+ CESA-2014:X009 Important: Xen4CentOS kernel Security Update
http://lwn.net/Alerts/602531/

+ HPSBMU03048 rev.1 - HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04341295-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2611

+ UPDATE: HPSBUX03046 SSRT101590 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04336637-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2014-0224 Cryptographic Issues vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2014-0224 Cryptographic Issues vulnerability in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2014-0591 Buffer Errors vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0591_buffer_errors1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ CVE-2012-5581 Denial of Service vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581

+ CVE-2014-0397 Buffer Errors vulnerability in libXtsol
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0397_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0397

+ Sysstat 11.0.0 released
http://sebastien.godard.pagesperso-orange.fr/changelog.html

+ Microsoft Malware Protection Engine Scanning Bug Lets Remote and Local Users Deny Service
http://www.securitytracker.com/id/1030438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2779

+ VMware vCenter Server Appliance RVC Bug Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1030436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3790

+ VU#719172 Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/719172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1651

+ REMOTE: Java Debug Wire Protocol Remote Code Execution
http://www.exploit-db.com/exploits/33789

+ LOCAL: Adobe Reader for Android addJavascriptInterface Exploit
http://www.exploit-db.com/exploits/33791/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0514

+ Java Debug Wire Protocol Remote Code Execution
http://cxsecurity.com/issue/WLB-2014060093

+ Adobe Reader for Android addJavascriptInterface Exploit
http://cxsecurity.com/issue/WLB-2014060092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0514

+ 050 plus for Android CVE-2014-2000 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/68074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2000

+ Xen CVE-2014-4021 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/68070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4021

JVNDB-2014-000056 TERASOLUNA Server Framework for Java において ClassLoader が操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000056.html

JVNDB-2014-000049 Android 版アプリ「050 plus」における情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000049.html

大騒動を呼ぶ「犯罪予告」、承認欲求の発現か自暴自棄か
http://itpro.nikkeibp.co.jp/article/COLUMN/20140614/564082/?ST=security

巧妙化する標的型攻撃メール、事例で知るその手口ITpro
第3回　痕跡を消し巧妙化するウイルスを見抜くには
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561869/?ST=security

丸紅が7000人利用の仮想化基盤を導入
Webメールからの情報漏えい防ぐ
http://itpro.nikkeibp.co.jp/article/COLUMN/20140606/562163/?ST=security

脆弱性を突かれて、実家と自宅の250kmを一晩で往復した話
http://itpro.nikkeibp.co.jp/article/Watcher/20140617/564502/?ST=security

ミクシィに不正ログイン攻撃、430万回超の試行が現在も継続
http://itpro.nikkeibp.co.jp/article/NEWS/20140617/564787/?ST=security

VU#210884 F5 ARX Data Manager contains a SQL injection vulnerability
http://www.kb.cert.org/vuls/id/210884

REMOTE: Easy File Management Web Server Stack Buffer Overflow
http://www.exploit-db.com/exploits/33790

17日 火曜日、赤口

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Linux kernel 3.15.1, 3.14.8, 3.10.44, 3.4.94 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.44
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.94

+ SYM14-010 Security Advisories Relating to Symantec Products - Symantec Web Gateway Security Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140616_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1652

+ Hanako Signature Validation Flaw in JUST Online Update Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2003

+ Ichitaro Signature Validation Flaw in JUST Online Update Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2003

+ SA59220 Linux Kernel Inode Capabilities Privilege Escalation Vulnerability
http://secunia.com/advisories/59220/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

+ SA58683 PHP "php_parserr()" Buffer Overflow Vulnerability
http://secunia.com/advisories/58683/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049

+ Linux Kernel CVE-2014-4014 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/67988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

巧妙化する標的型攻撃メール、事例で知るその手口ITpro
第2回　バックドアで多重感染狙う標的型攻撃メール
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561868/?ST=security

50人体制でサイバー攻撃に対応、NECがセキュリティ新施設を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140616/564446/?ST=security

情報漏洩で最高1億円を補償、NANAROQがコンプライアンス教育教材
http://itpro.nikkeibp.co.jp/article/NEWS/20140616/564389/?ST=security

16日 月曜日、大安

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6

+ HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04336637-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
CVE-2014-0076
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470

+ FreeBSD-9.3 Beta3 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2014-June/078959.html

+ GCC 4.7.4 released
https://gcc.gnu.org/gcc-4.7/changes.html
https://gcc.gnu.org/onlinedocs/4.7.4/

+ libpng 1.6.12 released
http://www.libpng.org/pub/png/src/libpng-1.6.12-README.txt

+ ISC BIND 9.10.0 P1 remote denial of service
http://cxsecurity.com/issue/WLB-2014060084
CVE-2014-3214
CVE-2014-3859

+ Linux Kernel 3.15-rc3 media_enum_entities() Infoleak vulnerability
http://cxsecurity.com/issue/WLB-2014060085
CVE-2014-1739

+ DoS/PoC: PostgreSQL <= 8.4.1 JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/33729
2010-0733

+ SA58697 GNU C Library "posix_spawn_file_actions_addopen()" Denial of Service Vulnerability
http://secunia.com/advisories/58697/

+ SA58832 Wireshark Frame Metadissector Denial of Service Vulnerability
http://secunia.com/advisories/58832/
CVE-2014-4020

+ GNU glibc 'xc_cpupool_getinfo()' Function Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68006

+ PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/68007

JVNDB-2014-000055 SEIL シリーズにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000055.html

JVNDB-2014-000054 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000054.html

巧妙化する標的型攻撃メール、事例で知るその手口ITpro
第1回　分析が暴いた標的型攻撃メールの特性
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561867/?ST=security

巧妙化する標的型攻撃メール 事例で知るその手口
http://itpro.nikkeibp.co.jp/article/COLUMN/20140605/561866/?ST=security

ニコニコ動画に不正ログイン攻撃、約220万回の試行で17万円の被害
http://itpro.nikkeibp.co.jp/article/NEWS/20140613/564042/?ST=security

パスワードによるアクセス制御はもう限界
http://itpro.nikkeibp.co.jp/article/COLUMN/20140613/563877/?ST=security

UPDATE: JVN#61247051  OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

REMOTE: ZTE and TP-Link RomPager - DoS Exploit
http://www.exploit-db.com/exploits/33737

REMOTE: Yealink VoIP Phone SIP-T38G - Default Credentials
http://www.exploit-db.com/exploits/33739

REMOTE: Yealink VoIP Phone SIP-T38G - Local File Inclusion
http://www.exploit-db.com/exploits/33740

REMOTE: Yealink VoIP Phone SIP-T38G - Remote Command Execution
http://www.exploit-db.com/exploits/33741

REMOTE: Yealink VoIP Phone SIP-T38G - Privileges Escalation
http://www.exploit-db.com/exploits/33742

13日 金曜日、友引

+ Red Hat Enterprise Linux 7 released
https://access.redhat.com/site/announcements/911103

+ CESA-2014:0741 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/602178/

+ CESA-2014:0741 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/602179/

+ CESA-2014:0740 Important CentOS 5 kernel Update
http://lwn.net/Alerts/602180/

+ CESA-2014:0747 Moderate CentOS 6 python-jinja2 Update
http://lwn.net/Alerts/602181/

+ CESA-2014:0743 Moderate CentOS 6 qemu-kvm Update
http://lwn.net/Alerts/602182/

+ CESA-2014:0742 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/602183/

+ CESA-2014:0742 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/602184/

+ Wireshark 1.10.8 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.8.html

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: HPSBST03016 rev.4 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04263038-4%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ ISC BIND EDNS Option Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3859

+ Netscape Portable Runtime API Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545

+ LOCAL: IBM AIX 6.1.8 libodm - Arbitrary File Write
http://www.exploit-db.com/exploits/33725

+ PHP 5.6 heap-based buffer overflow in DNS TXT record parsing
http://cxsecurity.com/issue/WLB-2014060076

世界のセキュリティ・ラボから日経コミュニケーション
元IT社員、多数が旧職場のパスワード保持
http://itpro.nikkeibp.co.jp/article/COLUMN/20140609/562726/?ST=security

9割以上のユーザーが「パスワードを使い回し」、トレンドマイクロが調査
http://itpro.nikkeibp.co.jp/article/NEWS/20140612/563522/?ST=security

ITpro NOW日経コンピュータ
Windows XPの脆弱性は必ず狙われる
http://itpro.nikkeibp.co.jp/article/COLUMN/20140612/563463/?ST=security

TweetDeckにXSS攻撃、すでに脆弱性を修正済み
http://itpro.nikkeibp.co.jp/article/NEWS/20140612/563422/?ST=security

ISC BIND 9 サービス運用妨害の脆弱性 (CVE-2014-3859) に関する注意喚起
http://www.jpcert.or.jp/at/2014/at140027.html

DoS/PoC: Core FTP LE 2.2 - Heap Overflow PoC
http://www.exploit-db.com/exploits/33713

12日 木曜日、先勝

+ RHSA-2014:0747 Moderate: python-jinja2 security update
https://rhn.redhat.com/errata/RHSA-2014-0747.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1402

+ BIND 9.10.0-P2, 9.9.5-P1, 9.8.7-P1 released
https://kb.isc.org/article/AA-01171/81/BIND-9.10.0-P2-Release-Notes-.html
https://kb.isc.org/article/AA-01170/81/BIND-9.9.5-P1-Release-Notes.html
https://kb.isc.org/article/AA-01169/81/BIND-9.8.7-P1-Release-Notes.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3214

+ UPDATE: CVE-2014-3859: BIND named can crash due to a defect in EDNS printing processing
https://kb.isc.org/article/AA-01166

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2176

+ Linux kernel 3.14.7, 3.12.22, 3.10.43, 3.4.93 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.22
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.43
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.93

+ SA59011 Linux Kernel HugeTBL Entries Denial of Service Vulnerability
http://secunia.com/advisories/59011/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3940

+ Linux Kernel 3.14 / target information leak
http://cxsecurity.com/issue/WLB-2014060070

+ Linux Kernel user namespace bug
http://cxsecurity.com/issue/WLB-2014060069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014

UPDATE: JVNDB-2014-000051 C-BOARD Moyuku におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000051.html

UPDATE: JVNDB-2014-000053 複数のジャストシステム製品同梱のオンラインアップデートプログラムに任意のコード実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000053.html

IEに59件の脆弱性が発覚、すぐにパッチの適用を
http://itpro.nikkeibp.co.jp/article/NEWS/20140611/563302/?ST=security

世界のセキュリティ・ラボから日経コミュニケーション
2013年下半期の標的型攻撃分析
http://itpro.nikkeibp.co.jp/article/COLUMN/20140606/562362/?ST=security

チェックしておきたい脆弱性情報＜2014.06.12＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20140606/562347/?ST=security

銃製造検挙で顕在化した3Dプリンターの“暗黒面”、悪用を防げるのか？
http://itpro.nikkeibp.co.jp/article/COLUMN/20140610/563083/?ST=security

Microsoft、中国のセキュリティ企業「Qihoo 360」と提携
http://itpro.nikkeibp.co.jp/article/NEWS/20140611/563143/?ST=security

中国の米国に対するサイバースパイ、さらなる活動を米企業が指摘
http://itpro.nikkeibp.co.jp/article/NEWS/20140611/563123/?ST=security

Adobe Flash Player の脆弱性 (APSB14-16) に関する注意喚起
http://www.jpcert.or.jp/at/2014/at140026.html

2014年6月 Microsoft セキュリティ情報 (緊急 2件含) に関する注意喚起
http://www.jpcert.or.jp/at/2014/at140025.html

11日 水曜日、赤口

+ 2014 年 6 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms14-jun

+ MS14-030 重要 リモート デスクトップの脆弱性により改ざんが起こる (2969259)
https://technet.microsoft.com/library/security/ms14-030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0296

+ MS14-031 重要 TCP プロトコルの脆弱性により、サービス拒否が起こる (2962478)
https://technet.microsoft.com/library/security/ms14-031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1811

+ MS14-032 重要 Microsoft Lync Server の脆弱性により、情報漏えいが起こる (2969258)
https://technet.microsoft.com/library/security/ms14-032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1823

+ MS14-033 Important Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)
https://technet.microsoft.com/en-us/library/security/ms14-033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1816

+ MS14-034 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2969261)
https://technet.microsoft.com/library/security/ms14-034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2778

+ MS14-035 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2969262)
https://technet.microsoft.com/library/security/ms14-035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2776

+ MS14-036 緊急 Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される (2967487)
https://technet.microsoft.com/library/security/ms14-036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1818

+ RHSA-2014:0741 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-0741.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541

+ RHSA-2014:0740 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0740.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738

+ RHSA-2014:0742 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-0742.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541

+ RHSA-2014:0743 Moderate: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-0743.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3461

+ Google Chrome 35.0.1916.153 released
http://googlechromereleases.blogspot.jp/2014/06/stable-channel-update.html

+ Mozilla Firefox 30.0 released
http://www.mozilla.org/en-US/firefox/30.0/releasenotes/


+ MFSA 2014-54 Buffer overflow in Gamepad API
http://www.mozilla.org/security/announce/2014/mfsa2014-54.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1543

+ MFSA 2014-53 Buffer overflow in Web Audio Speex resampler
http://www.mozilla.org/security/announce/2014/mfsa2014-53.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1542

+ MFSA 2014-52 Use-after-free with SMIL Animation Controller
http://www.mozilla.org/security/announce/2014/mfsa2014-52.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541

+ MFSA 2014-51 Use-after-free in Event Listener Manager
http://www.mozilla.org/security/announce/2014/mfsa2014-51.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1540

+ MFSA 2014-50 Clickjacking through cursor invisability after Flash interaction
http://www.mozilla.org/security/announce/2014/mfsa2014-50.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1539

+ MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2014/mfsa2014-49.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538

+ MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)
http://www.mozilla.org/security/announce/2014/mfsa2014-48.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534

+ APSB14-16 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0536

+ Moziila Thunderbird 24.6 released
http://www.mozilla.org/en-US/thunderbird/24.6.0/releasenotes/

+ HPSBMU03045 rev.1 - HP Service Virtualization Running AutoPass License Server, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04333125-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6221

+ CVE-2014-0591 Buffer Errors vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE_2014_0591_buffer_errors1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ CVE-2014-0591 Buffer Errors vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE_2014_0591_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591

+ HS14-014 XXE (Xml eXternal Entity) Vulnerability in COBOL2002
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-014/index.html

+ HS14-013 Multiple Vulnerabilities in Hitachi Tuning Manager, and JP1/Performance Management - Manager Web Option
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html

+ HS14-014 COBOL2002におけるXXE(Xml eXternal Entity)の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-014/index.html

+ HS14-013 Hitachi Tuning Manager, JP1/Performance Management - Manager Web Optionにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-013/index.html

+ SA58585 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/58585/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0533
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3157

+ SA57455 Sendmail Close-on-Exec File Descriptors Access Bypass Security Issue
http://secunia.com/advisories/57455/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956

+ Sendmail File Descriptor Security Vulnerability
http://www.securityfocus.com/bid/67791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956

Trend Micro Security (for Mac) 2.0 Service Pack 1 (ビルド 3030) の公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2142

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

JVNVU#94501306 複数製品の UEFI ファームウェアの実装に脆弱性
http://jvn.jp/vu/JVNVU94501306/index.html

「偽画面にご注意！」、三菱東京UFJ銀行をかたるフィッシング
http://itpro.nikkeibp.co.jp/article/NEWS/20140610/562867/?ST=security

サイバー犯罪が世界経済に与える損害は年間4450億ドル
http://itpro.nikkeibp.co.jp/article/NEWS/20140610/562829/?ST=security

Google、「忘れられる権利」に基づく削除を明示する手法を検討中
http://itpro.nikkeibp.co.jp/article/NEWS/20140610/562802/?ST=security

VU#613308 Cisco AsyncOS contains a reflected cross-site scripting (XSS) vulnerability
http://www.kb.cert.org/vuls/id/613308

10日 火曜日、大安

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Linux kernel 3.2.60 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.60

+ SA58627 FreeBSD "ktrace" Information Disclosure Vulnerability
http://secunia.com/advisories/58627/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3873

+ SA57709 Chrome for Android OpenSSL Security Issue and Vulnerability
http://secunia.com/advisories/57709/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ PHP 5.5.13 acinclude.m4 overwrite arbitrary files
http://cxsecurity.com/issue/WLB-2014060055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981

+ PHP '/tmp/phpglibccheck' Symlink Vulnerability
http://www.securityfocus.com/bid/67837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981

InterScan Web Security Suite 5.6 Critical Patch build 1077 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2143

スマートスキャンパターンが更新されていない事象について
http://app.trendmicro.co.jp/support/news.asp?id=2145

ソフォスが暗号化ソフトのMac版を強化、USB接続や共有ファイルも暗号化
http://itpro.nikkeibp.co.jp/article/NEWS/20140609/562662/?ST=security

「名前衝突」で組織内情報が漏洩するリスク、JPNICが対策を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20140609/562622/?ST=security

一部の国で政府が通信を傍受できる、Vodafoneが調査報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20140609/562503/?ST=security

UPADTE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/

UPDATE: JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

UPDATE: JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

VU#758382 Unauthorized modification of UEFI variables in UEFI systems
http://www.kb.cert.org/vuls/id/758382

9日 月曜日、仏滅

+ 2014 年 6 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/library/security/ms14-jun

+ RHSA-2014:0626 Important: openssl097a and openssl098e security update
https://rhn.redhat.com/errata/RHSA-2014-0626.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ RHSA-2014:0624 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-0624.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ RHSA-2014:0625 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-0625.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Selenium Server 2.42.2 released
https://code.google.com/p/selenium/wiki/Grid2

+ Selenium IE Driver Server 2.42.0 released
http://selenium.googlecode.com/git/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 2.42.2 released
http://selenium.googlecode.com/git/java/CHANGELOG

+ CESA-2014:0624 Important CentOS 5 openssl Update
http://lwn.net/Alerts/601516/

+ CESA-2014:0625 Important CentOS 6 openssl Update
http://lwn.net/Alerts/601394/

+ CESA-2014:0626 Important CentOS 6 openssl098e Update
http://lwn.net/Alerts/601395/

+ CESA-2014:0626 Important CentOS 5 openssl097a Update
http://lwn.net/Alerts/601396/

+ phpMyAdmin 4.2.3 is released
http://sourceforge.net/p/phpmyadmin/news/2014/06/phpmyadmin-423-is-released/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267749-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.15, 3.14.6, 3.10.42, 3.4.92 released
https://www.kernel.org/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.92

+ OpenSSL 1.0.1h, 1.0.0m, 0.9.8za released
http://www.openssl.org/source/

+ OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ JVNDB-2014-000048 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000048.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/

+ UPDATE: JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

+ VU#978508 OpenSSL is vulnerable to a man-in-the-middle attack
http://www.kb.cert.org/vuls/id/978508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ OpenSSL ssl3_read_bytes() and Anonymous ECDH Ciphersuite Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1030338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ OpenSSL DTLS Processing Bugs Let Remote Users Deny Service and Execute Arbitrary Code
http://www.securitytracker.com/id/1030337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221

+ OpenSSL SSL/TLS Weak Key Man-in-the-Middle Attack Lets Remote Users Decrypt and Modify Data
http://www.securitytracker.com/id/1030336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Sendmail 'close-on-exec' File Descriptor Error Lets Local Users Interfere With SMTP Connections in Certain Cases
http://www.securitytracker.com/id/1030331

+ SA58472 FreeBSD update for openssl
http://secunia.com/advisories/58472/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ SA59029 Linux Kernel Futex Requeue Privilege Escalation Vulnerability
http://secunia.com/advisories/59029/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

+ SA58921 Linux Kernel "page_check_address_pmd()" Denial of Service Vulnerability
http://secunia.com/advisories/58921/

+ SA58403 OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/58403/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux Kernel 3.14.5 futex local privilege escalation
http://cxsecurity.com/issue/WLB-2014060054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

+ OpenSSL 1.0.1g long non-initial fragment buffer overflow
http://cxsecurity.com/issue/WLB-2014060043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195

+ OpenSSL 1.0.1g ChangeCipherSpec Attack
http://cxsecurity.com/issue/WLB-2014060042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ OpenSSL 1.0.1g NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2014060041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ OpenSSL Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2014060035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux Kernel 'mm/huge_memory.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/67908

Mobile Access Blade - SSL/TLS MITM vulnerability (CVE-2014-0224)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101186&src=securityAlerts

スマートスキャンパターンが更新されていない事象について
http://app.trendmicro.co.jp/support/news.asp?id=2145

緊急サーバメンテナンス実施のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2144

InterScan Messaging Security Virtual Appliance8.2 Critical Patch 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2135

VNC & Zimbra Take Email Collaboration to a New Level
http://telligent.com/news/b/press_releases/archive/2014/06/06/vnc-amp-zimbra-take-email-collaboration-to-a-new-level.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Zimbra Named a Leader in Enterprise Social Platforms by Independent Research Firm
http://telligent.com/news/b/press_releases/archive/2014/06/05/zimbra-named-a-leader-in-enterprise-social-platforms-by-independent-research-firm.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Zimbra Announces Move to OSI-based Licensing for Zimbra Collaboration 8.5 Open Source Edition
http://telligent.com/news/b/press_releases/archive/2014/06/04/zimbra-announces-move-to-osi-based-licensing-for-zimbra-collaboration-8-5-open-source-edition.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Admin4 V2.1.4 featuring PostgreSQL module released
http://www.postgresql.org/about/news/1527/

Postgres Open 2014 Early Bird Tickets and Tutorials on Sale!
http://www.postgresql.org/about/news/1528/

フォーティネット、サンドボックス型の標的型攻撃対策製品に下位モデル
http://itpro.nikkeibp.co.jp/article/NEWS/20140606/562282/?ST=security

GMOペパボのウイルス被害、CDNetworksの不正アクセスが原因
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561962/?ST=security

シマンテック、メールアーカイブのクラウド版を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561902/?ST=security

CTCがNetBackupアプライアンス販売、14TB構成は1500万円
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561782/?ST=security

5日 木曜日、赤口

+ CESA-2014:0595 Important CentOS 6 gnutls Update
http://lwn.net/Alerts/601221/

+ CESA-2014:0597 Moderate CentOS 6 squid Update
http://lwn.net/Alerts/601224/

+ CESA-2014:0594 Important CentOS 5 gnutls Update
http://lwn.net/Alerts/601222/

+ CESA-2014:0596 Moderate CentOS 6 libtasn1 Update
http://lwn.net/Alerts/601223/

+ FreeBSD PAM Policy Parser Remote Authentication Bypass
http://www.securitytracker.com/id/1030330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3879

+ FreeBSD Kernel ktrace Bug Lets Local Users Obtain Portions of System Memory
http://www.securitytracker.com/id/1030325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3873

+ Adobe Acrobat / Reader XI-X AcroBroker Sandbox Bypass
http://cxsecurity.com/issue/WLB-2014060030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0512

+ SA58840 F-Secure Multiple Products Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/58840/

ウイルスバスター ビジネスセキュリティ 9.0 リパック版及びCritical Patch (build1439) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2138

バッファロー社のダウンロードサイトのウイルス混入に対するウイルスバスターの対応について
http://app.trendmicro.co.jp/support/news.asp?id=2140

Zimbra Announces Move to OSI-based Licensing for Zimbra Collaboration 8.5 Open Source Edition
http://telligent.com/news/b/press_releases/archive/2014/06/04/zimbra-announces-move-to-osi-based-licensing-for-zimbra-collaboration-8-5-open-source-edition.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386201561516.1386302884723.19&__hssc=122069652.2.1401926295988&__hsfp=1691656602

JVNDB-2014-000047 SOY CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000047.html

JVNDB-2014-000046 CN8000 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000046.html

CDNetworksの改ざん、エッジサーバーからのアップロード機能を悪用か
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561702/?ST=security

日本事務器、Trend Micro Deep Securityをフル機能でSaaS提供
http://itpro.nikkeibp.co.jp/article/NEWS/20140604/561582/?ST=security

CDNetworksのサーバー改ざん問題、バッファローとリクルートはAWSに切り替え
http://itpro.nikkeibp.co.jp/article/NEWS/20140604/561442/?ST=security

Google、電子メール暗号化推進でChrome拡張機能など発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140604/561428/?ST=security

JVNVU#96176042 NTP が DDoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU96176042/

JVN#54650130 SOY CMS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN54650130/

4日 水曜日、大安

+ RHSA-2014:0594 Important: gnutls security update
https://rhn.redhat.com/errata/RHSA-2014-0594.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ RHSA-2014:0597 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2014-0597.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0128

+ RHSA-2014:0596 Moderate: libtasn1 security update
https://rhn.redhat.com/errata/RHSA-2014-0596.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

+ RHSA-2014:0595 Important: gnutls security update
https://rhn.redhat.com/errata/RHSA-2014-0595.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466

+ Opera 22 released
http://www.opera.com/docs/changelogs/unified/2200/

+ FreeBSD-SA-14:13.pam Incorrect error handling in PAM policy parser
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:13.pam.asc

+ FreeBSD-SA-14:12.ktrace ktrace kernel memory disclosure
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:12.ktrace.asc

+ FreeBSD-SA-14:11.sendmail sendmail improper close-on-exec flag handling
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:11.sendmail.asc

+ Samba 4.1.8 Available for Download
http://samba.org/samba/history/samba-4.1.8.html

+ PHP CDF Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1030321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

+ Trend Micro InterScan Messaging Security Virtual Appliance Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1030318

+ McAfee Network Data Loss Prevention Bugs Let Remote Users Deny Service, Inject SQL Commands, and Conduct Clickjacking Attacks
http://www.securitytracker.com/id/1030317

+ SA59006 Opera Multiple Vulnerabilities
http://secunia.com/advisories/59006/

+ PHP 5.5.12 denial of service (infinite loop or out-of-bounds memory access)
http://cxsecurity.com/issue/WLB-2014060015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

+ PHP 5.5.12 denial of service (performance degradation) by_printf
http://cxsecurity.com/issue/WLB-2014060014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237

+ Opera Web Browser Prior to 22.0 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/67790

HISやバッファローのウイルス感染は、CDNetworksの改ざん被害が関与
http://itpro.nikkeibp.co.jp/article/NEWS/20140603/561262/?ST=security

脅威の「ゲームオーバー・ゼウス」、10カ国以上が連携して追い詰める
http://itpro.nikkeibp.co.jp/article/NEWS/20140603/561145/?ST=security

3日 火曜日、仏滅

+ UPDATE: Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos

+ Linux kernel 3.12.21 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.21

+ SA58886 McAfee Data Loss Prevention Multiple Vulnerabilities
http://secunia.com/advisories/58886/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565

+ SA58804 PHP CDF File Parsing Two Denial of Service Vulnerabilities
http://secunia.com/advisories/58804/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238

ウイルス対策製品検出用検索エンジン 3.6.8821 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2137

バッファローのサーバーが改ざん被害、一時ウイルス入りソフトを配布
http://itpro.nikkeibp.co.jp/article/NEWS/20140602/561027/?ST=security

「登録完了」画面に慌てるな！スマホを狙うワンクリ詐欺が増加中
http://itpro.nikkeibp.co.jp/article/NEWS/20140602/561003/?ST=security

NSAが1日数百万点の画像を収集、顔認識プログラムに利用
http://itpro.nikkeibp.co.jp/article/NEWS/20140602/560802/?ST=security

JVNVU#99779325 Dell ML6000 と Quantum Scalar i500 に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99779325/

JVNVU#96299627 Huawei E303 におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/vu/JVNVU96299627/

LOCAL: dbus-glib pam_fprintd - Local Root Exploit
http://www.exploit-db.com/exploits/33614

2日 月曜日、先負

+ MySQL 5.6.19, 5.5.38 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-19.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-38.html

+ Multiple Vulnerabilities in Cisco NX-OS-Based Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140521-nxos
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2201

+ Linux kernel 3.14.5, 3.10.41 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.41

+ VMSA-2014-0005 VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation
http://www.vmware.com/security/advisories/VMSA-2014-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793

+ PHP 5.5.13, 5.4.29 released
http://www.php.net/archive/2014.php#id2014-05-29-3
http://www.php.net/archive/2014.php#id2014-05-29-5

+ sendmail 8.14.9 released
http://sendmail.com/sm/open_source/download/8.14.9/

+ Windows Kernel 'win32k.sys' Null Dereference Lets Local Users Deny Service
http://www.securitytracker.com/id/1030312

+ Samba DNS Reply Flag Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0239

+ Samba Discloses Portions of System Memory to Remote Authenticated Users
http://www.securitytracker.com/id/1030308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0178

+ VU#124908 Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability
http://www.kb.cert.org/vuls/id/124908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2959

+ SA58891 Microsoft Windows Two Denial of Service Vulnerabilities
http://secunia.com/advisories/58891/

+ Apache Tomcat 8.0.3 denial of service by using a Content-Length 0
http://cxsecurity.com/issue/WLB-2014060002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095

+ Apache Tomcat XML Parser Information Disclosure
http://cxsecurity.com/issue/WLB-2014050161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ Apache Tomcat XSLT Information Disclosure
http://cxsecurity.com/issue/WLB-2014050160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0096

+ Wireshark CAPWAP Dissector Denial Of Service
http://cxsecurity.com/issue/WLB-2014050159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4074

+ InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2014050158

+ Microsoft DHCP INFORM Configuration Overwrite
http://cxsecurity.com/issue/WLB-2014050151

+ LOCAL: Ubuntu 12.04.0-2LTS x64 perf_swevent_init - Kernel Local Root Exploit
http://www.exploit-db.com/exploits/33589

+ DoS/PoC: Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero
http://www.exploit-db.com/exploits/33587

+ Trend Micro InterScan Messaging Security Virtual Appliance Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/67726

InterScan Messaging Security シリーズ Critical Patch 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2131

Trend Micro Portable Security 2.0 Critical Patch(Build_1222) 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2134

Zimbra Announces Availability of Zimbra Desktop 7.2.5 Email Client
http://telligent.com/news/b/press_releases/archive/2014/05/28/zimbra-announces-availability-of-zimbra-desktop-7-2-5-email-client.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386201561516.1386302884723.19&__hssc=122069652.2.1401667334600&__hsfp=1691656602

ラック、社員が攻撃を体験するサイバー防災訓練を実施
http://itpro.nikkeibp.co.jp/article/NEWS/20140602/560762/?ST=security

Flashの脆弱性を突く攻撃、狙いは銀行口座情報―シマンテックが警告
http://itpro.nikkeibp.co.jp/article/NEWS/20140530/560682/?ST=security

HISのウイルス警告はリクルートのサーバー改ざんが原因、両社が発表
http://itpro.nikkeibp.co.jp/article/NEWS/20140530/560662/?ST=security

攻撃者は“学習”する、巧妙化する「やり取り型」の標的型攻撃
http://itpro.nikkeibp.co.jp/article/NEWS/20140530/560623/?ST=security

デージーネットが迷惑メール配信対策を強化、POP/IMAPも保護
http://itpro.nikkeibp.co.jp/article/NEWS/20140530/560502/?ST=security

JVNVU#92769077 Alfresco Enterprise に複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU92769077/

VU#325636 Huawei E303 contains a cross-site request forgery vulnerability
http://www.kb.cert.org/vuls/id/325636

REMOTE: Easy File Management Web Server v5.3 - UserID Remote Buffer Overflow (ROP)
http://www.exploit-db.com/exploits/33610

REMOTE: ElasticSearch Dynamic Script Arbitrary Java Execution
http://www.exploit-db.com/exploits/33588