2014年7月23日水曜日

23日 水曜日、友引

+ RHSA-2014:0919 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-0919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

+ RHSA-2014:0916 Critical: nss and nspr security update
https://rhn.redhat.com/errata/RHSA-2014-0916.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

+ RHSA-2014:0917 Critical: nss and nspr security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-0917.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545

+ RHSA-2014:0907 Important: java-1.6.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ Mozilla Firefox 31.0 released
https://www.mozilla.org/en-US/firefox/31.0/releasenotes/

+ Mozilla Thunderbird 31.0 released
https://www.mozilla.org/en-US/thunderbird/31.0/releasenotes/

+ MFSA 2014-66 IFRAME sandbox same-origin access through redirect
https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1552

+ MFSA 2014-65 Certificate parsing broken by non-standard character encoding
https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1560

+ MFSA 2014-64 Crash in Skia library when scaling high quality images
https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

+ MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache
https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544

+ MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library
https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556

+ MFSA 2014-61 Use-after-free with FireOnStateChange event
https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555

+ MFSA 2014-60 Toolbar dialog customization event spoofing
https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1561

+ MFSA 2014-59 Use-after-free in DirectWrite font handling
https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1551

+ MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering
https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1550

+ MFSA 2014-57 Buffer overflow during Web Audio buffering for playback
https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1549

+ MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)
https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1548

+ Opera 23 released
http://www.opera.com/docs/changelogs/unified/2300/

+ CESA-2014:0907 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/606156/

+ CESA-2014:0907 Important CentOS 6 java-1.6.0-openjdk Update
http://lwn.net/Alerts/606157/

+ CESA-2014:0907 CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/606158/

+ HPSBMU03071 rev.1 - HP Autonomy IDOL, Running OpenSSL, Remote Unauthorized Access, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04370307-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.12.25 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.25

+ HS14-018 ClassLoader Manipulation Vulnerability in Hitachi Command Suite Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-018/index.html

+ HS14-018 Hitachi Command Suite製品におけるClassLoaderが操作可能な脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-018/index.html

+ OpenSSL 1.0.2 Beta 2 released
http://www.openssl.org/source/

+ LOCAL: Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/34131

+ Apache Scoreboard / Status Race Condition
http://cxsecurity.com/issue/WLB-2014070114

+ Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070113

+ Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2014070112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ SA60191 phpMyAdmin Script Insertion and Security Bypass Vulnerabilities
http://secunia.com/advisories/60191/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987

+ SA59569 Linux Kernel "lzo1x_decompress_safe()" Integer Overflow Vulnerability
http://secunia.com/advisories/59569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607

+ SA59567 Linux Kernel "lz4_uncompress()" Integer Overflow Vulnerability
http://secunia.com/advisories/59567/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4611

+ SA59434 Linux Kernel ALSA Multiple Vulnerabilities
http://secunia.com/advisories/59434/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656

+ SA60274 Apache HTTP Server Two Denial of Service Vulnerabilities
http://secunia.com/advisories/60274/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

JVNVU#93309335 MicroPact icomplaints にクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU93309335/

JVNVU#93289423 Huawei E355 にクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU93289423/

世界のセキュリティ・ラボから日経コミュニケーション
Google Glass、相次ぐプライバシーの懸念
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/071400003/?ST=security

チェックしておきたい脆弱性情報<2014.07.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/071800006/?ST=security

News & Trend日経コンピュータ
標的型攻撃対策の支援体制を強化、IPAが「サイバーレスキュー隊」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/071700012/?ST=security

ベネッセで新たな漏洩が判明、生活事業サービスの個人情報が容疑者スマホに
http://itpro.nikkeibp.co.jp/atcl/news/14/072200148/?ST=security

JSSECがAndroidアプリ開発者向けガイド改訂、利用者情報の扱い方など追加
http://itpro.nikkeibp.co.jp/atcl/news/14/071800142/?ST=security

DoS/PoC: DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation
http://www.exploit-db.com/exploits/34135

0 件のコメント:

コメントを投稿