2014年6月9日月曜日

9日 月曜日、仏滅

+ 2014 年 6 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/library/security/ms14-jun

+ RHSA-2014:0626 Important: openssl097a and openssl098e security update
https://rhn.redhat.com/errata/RHSA-2014-0626.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ RHSA-2014:0624 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-0624.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ RHSA-2014:0625 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-0625.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Selenium Server 2.42.2 released
https://code.google.com/p/selenium/wiki/Grid2

+ Selenium IE Driver Server 2.42.0 released
http://selenium.googlecode.com/git/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 2.42.2 released
http://selenium.googlecode.com/git/java/CHANGELOG

+ CESA-2014:0624 Important CentOS 5 openssl Update
http://lwn.net/Alerts/601516/

+ CESA-2014:0625 Important CentOS 6 openssl Update
http://lwn.net/Alerts/601394/

+ CESA-2014:0626 Important CentOS 6 openssl098e Update
http://lwn.net/Alerts/601395/

+ CESA-2014:0626 Important CentOS 5 openssl097a Update
http://lwn.net/Alerts/601396/

+ phpMyAdmin 4.2.3 is released
http://sourceforge.net/p/phpmyadmin/news/2014/06/phpmyadmin-423-is-released/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ UPDATE: HPSBMU03024 rev.3 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04267749-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.15, 3.14.6, 3.10.42, 3.4.92 released
https://www.kernel.org/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.42
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.92

+ OpenSSL 1.0.1h, 1.0.0m, 0.9.8za released
http://www.openssl.org/source/

+ OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ JVNDB-2014-000048 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000048.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/

+ UPDATE: JVNVU#94401838 OpenSSL の heartbeat 拡張に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94401838/

+ VU#978508 OpenSSL is vulnerable to a man-in-the-middle attack
http://www.kb.cert.org/vuls/id/978508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ OpenSSL ssl3_read_bytes() and Anonymous ECDH Ciphersuite Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1030338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ OpenSSL DTLS Processing Bugs Let Remote Users Deny Service and Execute Arbitrary Code
http://www.securitytracker.com/id/1030337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221

+ OpenSSL SSL/TLS Weak Key Man-in-the-Middle Attack Lets Remote Users Decrypt and Modify Data
http://www.securitytracker.com/id/1030336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Sendmail 'close-on-exec' File Descriptor Error Lets Local Users Interfere With SMTP Connections in Certain Cases
http://www.securitytracker.com/id/1030331

+ SA58472 FreeBSD update for openssl
http://secunia.com/advisories/58472/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ SA59029 Linux Kernel Futex Requeue Privilege Escalation Vulnerability
http://secunia.com/advisories/59029/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

+ SA58921 Linux Kernel "page_check_address_pmd()" Denial of Service Vulnerability
http://secunia.com/advisories/58921/

+ SA58403 OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/58403/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux Kernel 3.14.5 futex local privilege escalation
http://cxsecurity.com/issue/WLB-2014060054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

+ OpenSSL 1.0.1g long non-initial fragment buffer overflow
http://cxsecurity.com/issue/WLB-2014060043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195

+ OpenSSL 1.0.1g ChangeCipherSpec Attack
http://cxsecurity.com/issue/WLB-2014060042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ OpenSSL 1.0.1g NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2014060041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ OpenSSL Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2014060035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ Linux Kernel 'mm/huge_memory.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/67908

Mobile Access Blade - SSL/TLS MITM vulnerability (CVE-2014-0224)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk101186&src=securityAlerts

スマートスキャンパターンが更新されていない事象について
http://app.trendmicro.co.jp/support/news.asp?id=2145

緊急サーバメンテナンス実施のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2144

InterScan Messaging Security Virtual Appliance8.2 Critical Patch 公開のお知らせ
http://app.trendmicro.co.jp/support/news.asp?id=2135

VNC & Zimbra Take Email Collaboration to a New Level
http://telligent.com/news/b/press_releases/archive/2014/06/06/vnc-amp-zimbra-take-email-collaboration-to-a-new-level.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Zimbra Named a Leader in Enterprise Social Platforms by Independent Research Firm
http://telligent.com/news/b/press_releases/archive/2014/06/05/zimbra-named-a-leader-in-enterprise-social-platforms-by-independent-research-firm.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Zimbra Announces Move to OSI-based Licensing for Zimbra Collaboration 8.5 Open Source Edition
http://telligent.com/news/b/press_releases/archive/2014/06/04/zimbra-announces-move-to-osi-based-licensing-for-zimbra-collaboration-8-5-open-source-edition.aspx?__hstc=122069652.2225436ba83b8c1fdfbe1abb5d7957e4.1378771371855.1386302884723.1402272674494.20&__hssc=122069652.1.1402272674494&__hsfp=2951930969

Admin4 V2.1.4 featuring PostgreSQL module released
http://www.postgresql.org/about/news/1527/

Postgres Open 2014 Early Bird Tickets and Tutorials on Sale!
http://www.postgresql.org/about/news/1528/

フォーティネット、サンドボックス型の標的型攻撃対策製品に下位モデル
http://itpro.nikkeibp.co.jp/article/NEWS/20140606/562282/?ST=security

GMOペパボのウイルス被害、CDNetworksの不正アクセスが原因
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561962/?ST=security

シマンテック、メールアーカイブのクラウド版を開始
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561902/?ST=security

CTCがNetBackupアプライアンス販売、14TB構成は1500万円
http://itpro.nikkeibp.co.jp/article/NEWS/20140605/561782/?ST=security

0 件のコメント:

コメントを投稿