29日 金曜日、赤口

+ Android-x86 4.4.4_r2 (Kitkat-MR2.2) released
http://www.android-x86.org/

+ UPDATE: MS14-045 - 重要 カーネルモード ドライバーの脆弱性により、特権が昇格される (2984615)
https://technet.microsoft.com/ja-jp/library/security/ms14-045

+ Google Chrome 37.0.2062.102 released
http://googlechromereleases.blogspot.jp/2014/08/stable-channel-update_28.html

+ PDFCreator 1.9.5 released
http://www.pdfforge.org/blog/pdfcreator-195-released

+ squid 3.4.7, 3.3.13 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html

+ PHP 5.6.0 released
http://php.net/archive/2014.php#id2014-08-28-1

+ REMOTE: Firefox WebIDL Privileged Javascript Injection
http://www.exploit-db.com/exploits/34448

+ DoS/PoC: Internet Explorer MS14-029 Memory Corruption PoC
http://www.exploit-db.com/exploits/34458

+ glibc Off-by-One NUL Byte gconv_translit_find Exploit
http://cxsecurity.com/issue/WLB-2014080131

+ Firefox WebIDL Privileged Javascript Injection
http://cxsecurity.com/issue/WLB-2014080130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1511

+ SA60830 Linux Kernel "kvm_iommu_map_pages()" Mapping Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/60830/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601

+ SA60179 Squid HTTP Range Request Handling Denial of Service Vulnerability
http://secunia.com/advisories/60179/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3609

+ PHP Pear '/tmp/' Directory Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/69388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5459

世界のセキュリティ・ラボから
アプリの偽装を可能にするAndroidの脆弱性「Fake ID」
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/082500008/?ST=security

チェックしておきたい脆弱性情報＜2014.08.29＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/082500015/?ST=security

マイクロソフト、「PCが起動しなくなるパッチ」の修正版を公開
http://itpro.nikkeibp.co.jp/atcl/news/14/082800605/?ST=security

28日 木曜日、大安

+ Google Chrome 37.0.2062.94 released
http://googlechromereleases.blogspot.jp/2014/08/stable-channel-update_26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3175

+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2

+ Linux kernel 3.12.27 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.27

+ NetBSD modctl() Memory Allocation Error Lets Local Users Deny Service
http://www.securitytracker.com/id/1030766

+ NetBSD Compatibility Layer Flaws Let Local Users Deny Service
http://www.securitytracker.com/id/1030765

+ NetBSD execve Kernel Bugs Let Local Users Crash the System
http://www.securitytracker.com/id/1030764

+ VMware Tools Temporary File Permission Flaws Lets Local Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4200

+ LOCAL: glibc Off-by-One NUL Byte gconv_translit_find Exploit
http://www.exploit-db.com/exploits/34421

+ SA59084 GNU C Library "__gconv_translit_find()" Off-By-One Vulnerability
http://secunia.com/advisories/59084/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119

+ SA60268 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/60268/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3177

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

UPDATE: JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/index.html

チェックしておきたい脆弱性情報＜2014.08.28＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/082500013/?ST=security

顧客企業の2割でドライブ・バイ・ダウンロード攻撃を検知、日本IBMが報告
http://itpro.nikkeibp.co.jp/atcl/news/14/082700591/?ST=security

米CapyがSaaS型リスクベース認証、1ユーザー当たり月額10円で提供
http://itpro.nikkeibp.co.jp/atcl/news/14/082700588/?ST=security

［続報］日産サイト改ざん、自動検知対象外が発覚遅延の理由
http://itpro.nikkeibp.co.jp/atcl/news/14/082700586/?ST=security

BYODを禁止されている従業員の6割以上が「自分のスマホを業務利用」
http://itpro.nikkeibp.co.jp/atcl/news/14/082700584/?ST=security

27日 水曜日、仏滅

+ Apache Tomcat 8.0.11 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

+ Tcl/Tk 8.6.2 released
http://wiki.tcl.tk/21276

+ SA59877 Apache OpenOffice Information Disclosure and Command Injection Vulnerabilities
http://secunia.com/advisories/59877/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575

+ Google Chrome CVE-2014-3174 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/69407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3174

+ Google Chrome CVE-2014-3171 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/69406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3171

+ Google Chrome CVE-2014-3169 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/69405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3169

+ Google Chrome Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/69404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3177

+ Google Chrome CVE-2014-3173 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/69403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173

+ Google Chrome CVE-2014-3175 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/69402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3175

+ Google Chrome CVE-2014-3172 Unspecified Security Vulnerability
http://www.securityfocus.com/bid/69401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3172

+ Google Chrome CVE-2014-3170 Extension permission Dialog Spoofing Vulnerability
http://www.securityfocus.com/bid/69400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3170

+ Google Chrome CVE-2014-3168 Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/69398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3168

+ Linux Kernel 'ISOFS' Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/69396

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/

JVN#94409737 WordPress 用プラグイン MailPoet Newsletters におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN94409737/

世界のセキュリティ・ラボから
ライフログデバイスがプライバシーを侵害する
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/082500007/?ST=security

チェックしておきたい脆弱性情報＜2014.08.27＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/082500010/?ST=security

日産自動車のサイトに不正アクセス、改ざんされた状態が2カ月続く
http://itpro.nikkeibp.co.jp/atcl/news/14/082600574/?ST=security

「Windows Server 2003リプレースは、攻めのチャンス」――有識者らが議論
http://itpro.nikkeibp.co.jp/atcl/news/14/082600571/?ST=security

アズジェント、SaaS型のWAFを運用監視サービス付きで提供
http://itpro.nikkeibp.co.jp/atcl/news/14/082600567/?ST=security

PCゲーマーの1割超はセキュリティソフトを無効に、3割はトラブル経験
http://itpro.nikkeibp.co.jp/atcl/news/14/082600566/?ST=security

大量不正アクセスで停止の「Suicaポイントクラブ」、10日ぶりに全面再開
http://itpro.nikkeibp.co.jp/atcl/news/14/082600565/?ST=security

26日 火曜日、先負

+ RHSA-2014:1091 Important: mod_wsgi security update
https://access.redhat.com/errata/RHSA-2014:1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0240

+ CESA-2014:1091 Important CentOS 7 mod_wsgi Security Update
http://lwn.net/Alerts/609472/

+ HPSBMU03079 rev.1 - HP Service Manager, Multiple Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04388127-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2634

+ UPDATE: HPSBMU03076 rev.2 - HP Systems Insight Manager (SIM) on Linux and Windows running OpenSSL, Multiple Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04379485-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Zimbra Collaboration Suite Open Source Edition 8.5.0 GA Release
http://files.zimbra.com/website/docs/8.5/ZCS_850_OS_ReleaseNotes_UpgradeInst.pdf

+ SA60746 phpMyAdmin Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/60746/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5274

+ MySQL token (Keystone) retain access via an expired token
http://cxsecurity.com/issue/WLB-2014080110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251

+ Apache Traffic Server releases for security incident
http://cxsecurity.com/issue/WLB-2014080107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3525

+ phpMyAdmin CVE-2014-5274 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/69269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5274

+ phpMyAdmin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/69268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273

JVNDB-2014-000101 WordPress 用プラグイン MailPoet Newsletters におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000101.html

新人D太と先輩M子のITビジネス日誌
金銭奪取を目的とする「リスト型攻撃」が急増、利用者をどう守る？
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/082100003/?ST=security

記者の眼
2015年は官民挙げての“セキュリティブーム”が来る？
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/082200035/?ST=security

プレステ関連サービスにDDoS攻撃、約20時間アクセス不安定に
http://itpro.nikkeibp.co.jp/atcl/news/14/082500549/?ST=security

POS端末を狙うマルウエア「Backoff」の感染拡大を米当局が警告
http://itpro.nikkeibp.co.jp/atcl/news/14/082500537/?ST=security

25日 月曜日、友引

+ Selenium IDE 2.6.0 released
http://code.google.com/p/selenium/wiki/SeIDEReleaseNotes

+ HPSBST03098 rev.1 - HP StoreEver MSL6480 Tape Library running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04406535-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Apache Log4j 2.0.2 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.0.2

+ PHP 5.5.16 is released
http://php.net/archive/2014.php#id2014-08-22-1
http://www.php.net/ChangeLog-5.php#5.5.16

+ Database .NET 12.6 released
http://www.postgresql.org/about/news/1539/

+ Tcl/Tk 8.5.16 released
http://www.tcl.tk/software/tcltk/8.5.html

+ Apache OpenOffice Calc Lets Remote Users Inject Commands
http://www.securitytracker.com/id/1030755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3524

+ Apache OpenOffice OLE Object Preview Flaw May Let Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575

+ SA60823 WinSCP OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60823/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139

+ Apache Traffic Server releases for security incident
http://cxsecurity.com/issue/WLB-2014080107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3525

FFRIが標的型攻撃対策ソフトに新版、機械学習のHIPSエンジンを追加
http://itpro.nikkeibp.co.jp/atcl/news/14/082200532/?ST=security

REMOTE: Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/34399

22日 金曜日、先負

+ Apache OpenOffice 4.1.1 is released!
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.1+Release+Notes

+ HPSBMU03101 rev.1 - HP Asset Manager, CloudSystem Chargeback, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04401858-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBMU03094 rev.1 - HP Connect-IT, running OpenSSL, Remote Disclosure of Information or Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04401666-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ UPDATE: HPSBNS03077 rev.2 - HP NonStop NetBatch and NetBatch-Plus, Remote Job Execution with Local Privileges
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04383854-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX03092 SSRT101668 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04398943-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ HPSBUX03091 SSRT101667 rev.1 - HP-UX running Java7, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04398922-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4268

+ SYM14-014 Security Advisories Relating to Symantec Products - Symantec Encryption Desktop Compressed Mail File Denial-of-Service
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140821_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3436

+ Apache HttpComponents client Hostname verification MITM attack
http://cxsecurity.com/issue/WLB-2014080073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577

+ Panda Security 2014 Privilege Escalation
http://cxsecurity.com/issue/WLB-2014080089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5307

+ SA60681 CyberAgent Ameba for Android SSL Certificate Verification Security Issue
http://secunia.com/advisories/60681/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3902

+ Symantec Encryption Desktop CVE-2014-3436 Denial-of-Service Vulnerability
http://www.securityfocus.com/bid/69259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3436

Barman 1.3.3 released
http://www.postgresql.org/about/news/1538/

記者の眼
あなたはパスワードをいくつ覚えていますか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/081800029/?ST=security

FJM、Windows Server 2003の移行先サーバーをサービスメニュー化
http://itpro.nikkeibp.co.jp/atcl/news/14/082100513/?ST=security

やっと強化されたANAのユーザー認証
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/082000028/?ST=security

REMOTE: HybridAuth install.php PHP Code Execution
http://www.exploit-db.com/exploits/34390

21日 木曜日、友引

+ CESA-2014:1075 Moderate CentOS 6 qemu-kvm Update
http://lwn.net/Alerts/609023/

+ UPDATE: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise

【リリース後に確認された問題】2014 年 8 月 13 日公開の更新プログラムの適用により問題が発生する場合がある [対応方法まとめ]
http://blogs.technet.com/b/jpsecurity/archive/2014/08/20/2982791-mitigations.aspx

UPDATE: JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/

【「ソーシャル新人類」の不夜城?10代は何を考えているのか】
ゲーム気分で「友達削除」、SNSでデジタル処理される人間関係
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/080800004/?ST=security

海外データ活用の現状
[海外データ活用4]「第2のベネッセを生まない」、カード業界推奨の内部脅威対策とは
PCI SSC ボブ・ルッソGM、トロイ・リーチCTO、エッラ・ネビルVP
http://itpro.nikkeibp.co.jp/atcl/column/14/080600034/080700005/?ST=security

20日 水曜日、先勝

+ RHSA-2014:1075 Moderate: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1075.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0223

+ CESA-2014:1073 Low CentOS 7 nss-util Security Update
http://lwn.net/Alerts/608902/

+ CESA-2014:1073 Low CentOS 7 nss-softokn Security Update
http://lwn.net/Alerts/608903/

+ CESA-2014:1073 Low CentOS 7 nss Security Update
http://lwn.net/Alerts/608904/

+ CVE-2013-0900 Race Conditions vulnerability in ICU
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0900_race_conditions
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0900

+ Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Horizon
https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_xss1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475

+ CVE-2014-4020 Numeric Errors vulnerability in Wireshark
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4020_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4020

+ CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3520_privilege_escalation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520

+ CVE-2014-0191 Denial of Service(DOS) vulnerability in Libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0191_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

+ Multiple vulnerabilities in Samba
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493

+ REMOTE: Firefox toString console.time Privileged Javascript Injection
http://www.exploit-db.com/exploits/34363

+ REMOTE: Gitlab-shell Code Execution
http://www.exploit-db.com/exploits/34362

+ Firefox toString console.time Privileged Javascript Injection
http://cxsecurity.com/issue/WLB-2014080078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670

+ Outlook.com For Android Failed Validation
http://cxsecurity.com/issue/WLB-2014080075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5239

JVNDB-2014-000099 Advance-Flow における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000099.html

UPDATE: JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/

NRM、クラウド型のクライアント管理サービスを中小企業向けに提供
http://itpro.nikkeibp.co.jp/atcl/news/14/081900482/?ST=security

米国の病院に中国からサイバー攻撃、患者450万人のデータが流出
http://itpro.nikkeibp.co.jp/atcl/news/14/081900473/?ST=security

多様化する「DDoS攻撃」、国内のホームルーターも踏み台に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072800020/?ST=security

19日 火曜日、赤口

+ RHSA-2014:1073 Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2014:1073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492

+ Apache POI 3.10.1 available
http://www.apache.org/dyn/closer.cgi/poi/release/RELEASE-NOTES.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3529
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3574

+ Apache HttpComponents client Hostname verification MITM attack
http://cxsecurity.com/issue/WLB-2014080073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3577

+ Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
http://cxsecurity.com/issue/WLB-2014080069

JVNDB-2014-000100 WordPress 用テーマ Cakifo におけるクロスサイトスクリプティングの脆弱
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000100.html

ANAがユーザー認証を強化、英数8文字以上のパスワードが設定可能に
http://itpro.nikkeibp.co.jp/atcl/news/14/081800468/?ST=security

Windowsのパッチに不具合、PCが起動しなくなる恐れあり
http://itpro.nikkeibp.co.jp/atcl/news/14/081800467/?ST=security

JR東のSuicaポイントクラブに大量のアクセス、一部会員で不正ログイン
http://itpro.nikkeibp.co.jp/atcl/news/14/081800465/?ST=security

BitDefenderを統合した2重エンジンのウイルス対策ソフトに新版、使い勝手を向上
http://itpro.nikkeibp.co.jp/atcl/news/14/081800463/?ST=security

多様化する「DDoS攻撃」、国内のホームルーターも踏み台に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072800020/?ST=security

18日 月曜日、大安

+ RHSA-2014:1052 Moderate: openssl security update
https://access.redhat.com/errata/RHSA-2014:1052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ RHSA-2014:1031 Important: 389-ds-base security update
https://access.redhat.com/errata/RHSA-2014:1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562

+ phpMyAdmin 4.0.10.2, 4.1.14.3 and 4.2.7.1 released
http://sourceforge.net/p/phpmyadmin/news/2014/08/phpmyadmin-40102-41143-and-4271-are-released/

+ PMASA-2014-9 XSS in view operations page.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5274

+ PMASA-2014-8 Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273

+ UPDATE: Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3327

+ HPSBUX03095 SSRT101674 rev.1 - HP-UX running OpenSSL, Multiple Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04404655-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510

+ HPSBUX03093 SSRT101009 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04401461-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

+ PHP 5.6.0RC4 is available
http://php.net/archive/2014.php#id2014-08-14-2

+ Microsoft Outlook.com Android App Does Not Properly Validate SSL Certificates
http://www.securitytracker.com/id/1030733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5239

JVNDB-2014-000096 Shutter におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000096.html

JVNDB-2014-000095 Shutter における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000095.html

多様化する「DDoS攻撃」、国内のホームルーターも踏み台に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072800020/?ST=security

15日 金曜日、友引

+ RHSA-2014:1060 Low: Transition Red Hat Network Classic Hosted to Red Hat Subscription Management
https://rhn.redhat.com/errata/RHSA-2014-1060.html

+ CESA-2014:1053 Moderate CentOS 5 openssl Update
http://lwn.net/Alerts/608634/

+ CESA-2014:1052 Moderate CentOS 7 openssl Security Update
http://lwn.net/Alerts/608635/

+ CESA-2014:1052 Moderate CentOS 6 openssl Update
http://lwn.net/Alerts/608636/

+ Linux kernel 3.16.1, 3.15.10, 3.14.17, 3.10.53, 3.4.103 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.10
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.17
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.103

+ PHP 5.3.29 released
http://php.net/archive/2014.php#id2014-08-14-1
http://www.php.net/ChangeLog-5.php#5.3.29

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1030732

+ Apple Safari WebKit Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030731

+ Fujitsu ServerView Operations Manager Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/59210/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3898

+ Google Chrome for iOS SPDY Information Disclosure Vulnerability
http://secunia.com/advisories/60685/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3166

+ Apple Safari WebKit Multiple Memory Corruption Vulnerabilities
http://secunia.com/advisories/60705/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1390

JVNDB-2014-000098 Android 版 Ameba における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000098.html

JVNVU#93577368 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU93577368/index.html

JVN#27702217 Android 版 Ameba における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN27702217/index.html

REMOTE: VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
http://www.exploit-db.com/exploits/34335

REMOTE: VirtualBox 3D Acceleration Virtual Machine Escape
http://www.exploit-db.com/exploits/34334

14日 木曜日、先勝

+ Collabtive 2.0 released
http://www.collabtive.o-dyn.de/blog/?p=653
http://www.collabtive.o-dyn.de/blog/?p=653#more-653

+ RHSA-2014:1053 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-1053.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510

+ RHSA-2014:1052 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-1052.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ Safari 7.0.6, 6.1.6 released
http://support.apple.com/kb/HT6367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1390

+ CESA-2014:1038 Low CentOS 6 tomcat6 Update
http://lwn.net/Alerts/608467/

+ HPSBHF03088 rev.1 - HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04397114-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Apache Log4j 2.0.1 released
http://logging.apache.org/log4j/2.0/manual/index.html

+ DeleGate 9.9.11 released
http://www.delegate.org/mail-lists/delegate-en/5102

+ Google Chrome 36.0.1985.142 Use-after-free vulnerability
http://cxsecurity.com/issue/WLB-2014080061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3165

+ Google Chrome 36.0.1985.142 PKP sensitive information leak
http://cxsecurity.com/issue/WLB-2014080062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3166

+ Linux Kernel CVE-2014-5207 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/69216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207

NewLease Expands Portfolio in APAC With Zimbra Collaboration Software
http://community.zimbra.com/zblogs/b/press_releases/archive/2014/08/13/newlease-expands-portfolio-in-apac-with-zimbra-collaboration-software

NeoNova adds Zimbra to cloud offering for rural America
http://community.zimbra.com/zblogs/b/press_releases/archive/2014/08/13/neonova-adds-zimbra-to-cloud-offering-for-rural-america

UPDATE: JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/index.html

LOCAL: VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation
http://www.exploit-db.com/exploits/34333

LOCAL: BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)
http://www.exploit-db.com/exploits/34331

13日 水曜日、赤口

+ 2014 年 8 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms14-aug

+ MS14-043 - 緊急 Windows Media Center の脆弱性により、リモートでコードが実行される (2978742)
https://technet.microsoft.com/library/security/ms14-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4060

+ MS14-044 - 重要 SQL Server の脆弱性により、特権が昇格される (2984340)
https://technet.microsoft.com/library/security/MS14-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4061

+ MS14-045 - 重要 カーネルモード ドライバーの脆弱性により、特権が昇格される (2984615)
https://technet.microsoft.com/library/security/MS14-045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4064

+ MS14-046 - 重要 .NET Framework の脆弱性により、セキュリティ機能のバイパスが起こる (2984625)
https://technet.microsoft.com/library/security/MS14-046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4062

+ MS14-047 - 重要 LRPC の脆弱性により、セキュリティ機能のバイパスが起こる (2978668)
https://technet.microsoft.com/library/security/MS14-047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0316

+ MS14-048 - 重要 OneNote の脆弱性により、リモートでコードが実行される (2977201)
https://technet.microsoft.com/library/security/MS14-048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2815

+ MS14-049 - 重要 Windows Installer サービスの脆弱性により、特権が昇格される (2962490)
https://technet.microsoft.com/library/security/MS14-049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1814

+ MS14-050 - 重要 Microsoft SharePoint Server の脆弱性により、特権が昇格される (2977202)
https://technet.microsoft.com/library/security/MS14-050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2816

+ MS14-051 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2976627)
https://technet.microsoft.com/library/security/MS14-051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4067

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ TortoiseSVN 1.8.8 released
http://tortoisesvn.net/downloads.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504

+ APSB14-19 Security Updates available for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0546

+ APSB14-18 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0545

+ ISC DHCP 4.2.7 released
https://kb.isc.org/article/AA-01193/82/DHCP-4.2.7-Release-Notes.html

+ HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04393276-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4860

+ HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04394554-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2630

+ HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04355095-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04398968-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04396638-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ SA60100 Apache Subversion Common Names and Subject Alternate Names Spoofing Two Security Issues
http://secunia.com/advisories/60100/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522

pgBadger 6.0 is out!
http://www.postgresql.org/about/news/1535/

JVNDB-2014-000097 Dominion KX2-101 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000097.html

JSSECが企業のスマホ利用実態調査、社員の54.7％が個人端末に業務情報を保存
http://itpro.nikkeibp.co.jp/atcl/news/14/081200452/?ST=security

商業施設内で無断撮影した人物映像を研究活用、京大が謝罪
http://itpro.nikkeibp.co.jp/atcl/news/14/081200451/?ST=security

「防災コンテスト」Webサイトが改ざん被害、フィッシング詐欺が目的か
http://itpro.nikkeibp.co.jp/atcl/news/14/081200442/?ST=security

JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/

JVN#07957080 Dominion KX2-101 におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN07957080/

Yokogawa BKBCopyD.exe Client Exploit
http://cxsecurity.com/issue/WLB-2014080052

12日 火曜日、大安

+ Android-x86 4.4-r1 released
http://www.android-x86.org/releases/releasenote-4-4-r1

+ RHSA-2014:1038 Low: tomcat6 security update
https://rhn.redhat.com/errata/RHSA-2014-1038.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ RHSA-2014:1042 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2014:1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4266

+ RHSA-2014:1034 Low: tomcat security update
https://access.redhat.com/errata/RHSA-2014:1034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ RHSA-2014:1031 Important: 389-ds-base security update
https://access.redhat.com/errata/RHSA-2014:1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562

+ CESA-2014:1031 Important CentOS 6 389-ds-base Update
http://lwn.net/Alerts/608174/

+ CESA-2014:1031 Important CentOS 7 389-ds-base Security Update
http://lwn.net/Alerts/608175/

+ CESA-2014:1034 Low CentOS 7 tomcat Security Update
http://lwn.net/Alerts/608176/

+ ISC DHCP 4.3.1 released
https://kb.isc.org/article/AA-01195/82/DHCP-4.3.1-Release-Notes.html

+ HPSBMU03086 rev.1 - HP Operations Agent running Glance, Local Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04394554-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2630

+ HPSBMU03062 rev.1 - HP Insight Control server deployment on Linux and Windows running OpenSSL, Multiple Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04355095-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470

+ HPSBMU03089 rev.1 - HP Executive Scorecard, Running OpenSSL, Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04398968-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBUX03087 SSRT101413 rev.1 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04396638-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408

+ CVE-2013-1620 Lucky Thirteen vulnerability in NSS
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1620_lucky_thirteen
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620

+ MIT Kerberos Buffer Overflow in kadmind with LDAP Backend Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345

JVNDB-2014-000094 Piwigo における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000094.html

JVNDB-2014-000093 Piwigo におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000093.html

JVNDB-2014-000092 Piwigo におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000092.html

JVNVU#93614707 OpenSSL クライアントにナルポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU93614707/

JVNVU#91970952 Iridium Pilot と OpenPort に複数の脆弱性
http://jvn.jp/vu/JVNVU91970952/

JVNVU#97923152 Cobham Aviator 衛星通信用端末に複数の脆弱性
http://jvn.jp/vu/JVNVU97923152/

JVNVU#91780498 Cobham Sailor 6000 シリーズの衛星通信用端末に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU91780498/

JVNVU#95202843 Cobham Sailor の衛星通信用端末に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU95202843/

JVNVU#99941229 Cobham thraneLINK デバイスのファームウェアアップデート機能に脆弱性
http://jvn.jp/vu/JVNVU99941229/index.html

JVNVU#93326351 Cobham SATCOM 製品のウェブインターフェースのパスワード復元メカニズムに脆弱性
http://jvn.jp/vu/JVNVU93326351/index.html

JVNVU#98509080 UEFI EDK2 の Capsule Update 処理に複数の脆弱性
http://jvn.jp/vu/JVNVU98509080/index.html

JVN#87962145 Piwigo における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN87962145/index.html

JVN#09717399 Piwigo におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN09717399/index.html

JVN#80310172 Piwigo におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN80310172/index.html

「安心マーク」を銀行が初採用、送信ドメイン認証でなりすましメール防止
http://itpro.nikkeibp.co.jp/atcl/news/14/081100440/?ST=security

ハミングヘッズがサイバー攻撃対策ソフトを強化、未知の攻撃でも判断に迷わない
http://itpro.nikkeibp.co.jp/atcl/news/14/081100436/?ST=security

Android端末の位置や内部データをネット経由で閲覧、インターナルが販売
http://itpro.nikkeibp.co.jp/atcl/news/14/081100434/?ST=security

セゾンカード会員を狙ったフィッシング詐欺サイトが出現、注意呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/14/081100430/?ST=security

「データセンターを守るだけでは情報漏洩は防げない」チェック・ポイントCEO
http://itpro.nikkeibp.co.jp/atcl/news/14/080800423/?ST=security

8日 金曜日、先勝

+ RHSA-2014:1031 Important: 389-ds-base security update
https://rhn.redhat.com/errata/RHSA-2014-1031.html

+ RHSA-2014:1034 Low: tomcat security update
https://access.redhat.com/errata/RHSA-2014:1034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0119

+ RHSA-2014:1031 Important: 389-ds-base security update
https://access.redhat.com/errata/RHSA-2014:1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562

+ CESA-2014:1012 Moderate CentOS 5 php53 Update
http://lwn.net/Alerts/607978/

+ CESA-2014:1023 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/607980/

+ Linux kernel 3.15.9, 3.14.16, 3.10.52, 3.4.102 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.9
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.16
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.102

+ OpenSSL Bugs Let Remote Users Deny Service, Obtain Information, and Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1030693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139

+ nginx SMTP Proxy STARTTLS Flaw Lets Remote Users Inject Commands into SSL Sessions to Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556

+ SA59697 Symantec Endpoint Protection Local Client ADC Privilege Escalation Vulnerability
http://secunia.com/advisories/59697/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3434

+ SA59743 OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/59743/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510

+ SA59710 OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/59710/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139

+ Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow
http://cxsecurity.com/issue/WLB-2014080026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3434

アシスト、暗号化ソフト「秘文」の導入SIサービスをメニュー化
http://itpro.nikkeibp.co.jp/atcl/news/14/080700406/?ST=security

アセンテックがUSBシンクライアント製品の新版、接続PCのカバレッジを拡大
http://itpro.nikkeibp.co.jp/atcl/news/14/080700402/?ST=security

「金融機関ISAC」発足、サイバー攻撃の情報を共有
http://itpro.nikkeibp.co.jp/atcl/news/14/080700401/?ST=security

12億件の認証データ流出、ロシア犯罪者集団の仕業か
http://itpro.nikkeibp.co.jp/atcl/news/14/080700398/?ST=security

VU#578598 Iridium Pilot and OpenPort contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/578598

VU#882207 Cobham Aviator satellite terminals contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/882207

VU#269991 Cobham Sailor 6000 series satellite terminal contain hardcoded credentials
http://www.kb.cert.org/vuls/id/269991

VU#460687 Cobham Sailor satellite terminals contain hardcoded credentials
http://www.kb.cert.org/vuls/id/460687

VU#179732 Cobham thraneLINK improper verification of firmware updates vulnerability
http://www.kb.cert.org/vuls/id/179732

VU#602006 Cobham SATCOM products' web interface contains a weak password
http://www.kb.cert.org/vuls/id/602006

7日 木曜日、赤口

+ RHSA-2014:1012 Moderate: php53 and php security update
https://rhn.redhat.com/errata/RHSA-2014-1012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

+ RHSA-2014:1013 Moderate: php security update
https://access.redhat.com/errata/RHSA-2014:1013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4721

+ RHSA-2014:1011 Moderate: resteasy-base security update
https://access.redhat.com/errata/RHSA-2014:1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3490

+ RHSA-2014:1023 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667

+ CESA-2014:1013 Moderate CentOS 7 php Security Update
http://lwn.net/Alerts/607747/

+ CESA-2014:1012 Moderate CentOS 6 php Update
http://lwn.net/Alerts/607748/

+ CESA-2014:1011 Moderate CentOS 7 resteasy-base Security Update
http://lwn.net/Alerts/607749/

+ CESA-2014:1008 Important CentOS 7 samba Security Update
http://lwn.net/Alerts/607750/

+ CESA-2014:1009 Important CentOS 6 samba4 Update
http://lwn.net/Alerts/607751/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140806-energywise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3327

+ UPDATE: HPSBGN03050 rev.2 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04343424-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBHF03084 rev.1 HP PCs with UEFI Firmware, Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04393276-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4860

+ UPDATE: HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04275280-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04394553-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2631

+ HPSBNS03082 rev.1 - HP NonStop Safeguard Security Software, Remote Program Access
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04391893-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2629

+ UPDATE: HPSBST02980 rev.2 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04187357-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux kernel 3.2.62 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.62

+ Cisco IOS and IOS XE EnergyWise Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3327

+ Linux Kernel SCTP Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077

+ McAfee Network Security Manager Input Validation Flaw in User Management Module Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1030674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2390

+ OpenSSL 1.0.1i, 1.0.0n, 0.9.8zb released
http://www.openssl.org/source/

+ OpenSSL Security Advisory [6 Aug 2014]
http://www.openssl.org/news/secadv_20140806.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512

+ SA59709 PHP Fileinfo libmagic AWK File Processing Denial of Service Vulnerability
http://secunia.com/advisories/59709/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

+ SA60430 Linux Kernel SCTP AUTH NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/60430/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077

+ Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow
http://cxsecurity.com/issue/WLB-2014080026

JVNDB-2014-000085 GOM Player におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000085.html

【社長に説明できるセキュリティ】
社内営業で経営層の判断を促す（前編） 「危険である」では効果なし
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/073000001/?ST=security

トレンドマイクロ、一般消費者向けの戦略と新サービス概要を発表
家庭内の複数の端末を一括して守る「セキュリティアットホーム」などを予定
http://itpro.nikkeibp.co.jp/atcl/news/14/080600388/?ST=security

日立システムズ、ホスト型ファイアウォールの運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/14/080600387/?ST=security

ソリトンがネット不正接続をブロックする機器の新版、一元管理を可能に
http://itpro.nikkeibp.co.jp/atcl/news/14/080600385/?ST=security

6日 水曜日、大安

+ RHSA-2014:1004 Important: yum-updatesd security update
https://rhn.redhat.com/errata/RHSA-2014-1004.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0022

+ RHSA-2014:1009 Important: samba4 security update
https://rhn.redhat.com/errata/RHSA-2014-1009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

+ RHSA-2014:1008 Important: samba security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

+ nginx 1.7.4, 1.6.1 released
http://nginx.org/

+ STARTTLS command injection
http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556

+ CESA-2014:1004 Important CentOS 5 yum-updatesd Update
http://lwn.net/Alerts/607635/

+ UPDATE: HPSBMU03037 rev.2 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04275280-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04394553-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2631

+ HPSBNS03082 rev.1 - HP NonStop Safeguard Security Software, Remote Program Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04391893-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2629

+ LOCAL: Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow
http://www.exploit-db.com/exploits/34272

+ SA59508 Hitachi JP1/Performance Management Multiple Vulnerabilities
http://secunia.com/advisories/59508/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ SA59684 McAfee Network Security Manager Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/59684/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2390

【「ソーシャル新人類」の不夜城?10代は何を考えているのか】
デジタルで瞬時に拡散、LINEいじめはなぜ10代を追い詰めるのか
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/073100003/?ST=security

法人狙う「電子証明書横取りウイルス」の正体、感染させる手口も進化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/080400029/?ST=security

「SNSを使ったストーカー行為も規制対象に」、警察庁の検討会が提言
http://itpro.nikkeibp.co.jp/atcl/news/14/080500366/?ST=security

シマンテックなど5社、中小企業を狙う不正送金マルウエアの対策で協業
http://itpro.nikkeibp.co.jp/atcl/news/14/080500361/?ST=security

JBAT、IBMメインフレームのダム端末に利用できるシンクライアント
http://itpro.nikkeibp.co.jp/atcl/news/14/080500353/?ST=security

JVNVU#98222914 Symantec Endpoint Protection にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98222914/

5日 火曜日、仏滅

+ UPDATE: HPSBST02980 rev.2 - HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux, Local Elevation of Privilege
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04187357-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ SYM14-013 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Local Client Application Device Control Buffer Overflow
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140804_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3434

+ HS14-020 Multiple Vulnerabilities in JP1/Performance Management - Web Console, and JP1/Performance Management - Manager Web Option
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-020/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ HS14-020 JP1/Performance Management - Web Console, JP1/Performance Management - Manager Web Optionにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-020/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ Java SE Development Kit 7, Update 67 released
http://www.oracle.com/technetwork/java/javase/7u67-relnotes-2251330.html

+ VU#252068 Symantec Endpoint Protection Client contains a kernel pool overflow vulnerability
http://www.kb.cert.org/vuls/id/252068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3434

+ Red Hat Enterprise Virtualization Manager Snapshot Deletion Flaw Lets Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3559

+ SA59583 Samba nbmd "unstrcpy()" Buffer Overflow Vulnerability
http://secunia.com/advisories/59583/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

+ Symantec Endpoint Protection Local Client ADC Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/68946

4日 月曜日、先負

+ CESA-2014:0981 Important CentOS 6 kernel Update
http://lwn.net/Alerts/607434/

+ UPDATE: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf

+ HPSBMU03083 rev.1 - HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04392919-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ Linux kernel 3.12.26 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.26

+ Samba 4.1.11 and 4.0.21 Security Releases Available for Download
http://www.samba.org/samba/history/samba-4.1.11.html
http://www.samba.org/samba/history/samba-4.0.21.html

+ Samba Heap Overflow in nmbd NetBIOS Name Services Daemon Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3560

+ Wireshark Catapult DCT2000/IrDA/GTP/GSM/RLC/ASN.1 BER Dissector Bugs Let Remote Users Deny Service+ Wireshark Catapult DCT2000/IrDA/GTP/GSM/RLC/ASN.1 BER Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1030662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165

+ Oracle Solaris Multiple Packages Multiple Vulnerabilities
http://secunia.com/advisories/59237/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2907

+ SA59299 Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/59299/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5165

+ Linux Kernel 3.15.7 fs/namei.c memory consumption and use-after-free
http://cxsecurity.com/issue/WLB-2014080007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045

JVNDB-2014-000091 ServerView Operations Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000091.html

電子証明書を盗むウイルスに注意、法人狙った不正送金が急増
http://itpro.nikkeibp.co.jp/atcl/news/14/080100328/?ST=security

米地裁、Microsoftに国外保存の電子メールデータの提出を命令
http://itpro.nikkeibp.co.jp/atcl/news/14/080100319/?ST=security

1日 金曜日、赤口

+ phpMyAdmin 4.2.7 is released
http://sourceforge.net/p/phpmyadmin/news/2014/07/phpmyadmin-427-is-released/

+ Ubuntu 14.04.1 released
https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes/ChangeSummary/14.04.1

+ Wireshark 1.12.0 released
http://www.wireshark.org/docs/relnotes/wireshark-1.12.0.html

+ UPDATE: OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf

+ HPSBMU03081 rev.1 - HP Enterprise Maps, Remote Information Disclosure
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04390793-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2628

+ HPSBNS03077 rev.1 - HP NonStop NetBatch, Remote Job Execution with Local Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04383854-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2627

+ Linux kernel 3.15.8, 3.14.15, 3.10.51, 3.4.101 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.15
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.51
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.101

+ CVE-2013-1969 Resource Management Errors vulnerability in Libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1969_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1969

+ CVE-2013-4276 Buffer Errors vulnerability in LittleCMS
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4276_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4276

+ Multiple Buffer Errors vulnerabilities in ImageMagick
https://blogs.oracle.com/sunsecurity/entry/multiple_buffer_errors_vulnerabilities_in2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2030

+ Multiple vulnerabilities in Puppet
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_puppet
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956

+ Multiple vulnerabilities in Django
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_django
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0474

+ CVE-2013-0913 Numeric Errors vulnerability in Direct Rendering Manager (DRM) i915 driver
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0913_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ CVE-2012-2751 Improper Input Validation vulnerability in ModSecurity
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2751_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2751

+ Multiple vulnerabilities in Ejabberd
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ejabberd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6169

+ CVE-2012-3479 Arbitrary Code Execution vulnerability in Emacs
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3479_arbitrary_code
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3479

+ CVE-2013-4351 Cryptographic Issues vulnerability in GnuPG
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4351_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351

+ CVE-2013-2765 Denial of Service(DOS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_2765_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2765

+ Multiple Cryptographic Issues vulnerabilities in RubyGems
https://blogs.oracle.com/sunsecurity/entry/multiple_cryptographic_issues_vulnerabilities_in1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4363

+ CVE-2013-4244 Buffer Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4244_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244

+ CVE-2012-0804 Buffer Errors vulnerability in CVS
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0804_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0804

+ CVE-2013-0179 Buffer Errors vulnerability in Memcached
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0179_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0179

+ CVE-2014-2828 Authentication Issues vulnerability in OpenStack Identity (Keystone)
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2828_authentication_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828

+ CVE-2013-4164 Buffer Errors vulnerability in Ruby
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4164_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450

+ CVE-2013-2168 Input Validation vulnerability in DBus
https://blogs.oracle.com/sunsecurity/entry/cve_2013_2168_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168

+ Multiple vulnerabilities in Python Image Library (PIL)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python_image
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933

+ CVE-2013-6169 Cryptographic Issues vulnerability in Ejabberd
https://blogs.oracle.com/sunsecurity/entry/cve_2013_6169_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6169

+ CVE-2013-4885 Unrestricted File Upload vulnerability in NMap
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4885_unrestricted_file
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4885

+ Multiple vulnerabilities in Pidgin
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020

+ CVE-2013-4402 Input Validation vulnerability in GnuPG
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4402_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402

+ CVE-2014-2907 Denial Of Service(DOS) vulnerability in Wireshark
https://blogs.oracle.com/sunsecurity/entry/cve_2014_2907_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2907

+ CVE-2013-1915 Input Validation vulnerability in ModSecurity
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1915_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1915

+ CVE-2013-0346 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0346_permissions_privileges
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0346

+ CVE-2013-4243 Buffer Errors vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4243_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4243

+ Facebook For Android Information Disclosure / Open Proxy
http://cxsecurity.com/issue/WLB-2014070178

+ SA60353 Linux Kernel "mountpoint_last()" Vulnerability
http://secunia.com/advisories/60353/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045

+ SA60599 MySQL Multiple Vulnerabilities
http://secunia.com/advisories/60599/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ SA60264 Hitachi Command Suite Products Apache Struts ClassLoader Manipulation Vulnerability
http://secunia.com/advisories/60264/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ GNU glibc '__gconv_translit_find()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/68983

PHP 5.6.0RC3 is available
http://php.net/archive/2014.php#id2014-07-31-1

世界のセキュリティ・ラボから日経コミュニケーション
スマートメーターを巡る脅威
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/073000005/?ST=security

【セキュリティレガシー～崩壊するデータ安全保障】
［暗号技術管理］不備でシステム停止も
http://itpro.nikkeibp.co.jp/article/COLUMN/20140718/571207/?ST=security

NANAROQが情報漏洩対策を学べるクラウド型教材、1億円補償付きプランも
http://itpro.nikkeibp.co.jp/atcl/news/14/073100315/?ST=security

「担当外の業務データにアクセスした経験がある」は13.8％、トレンドが調査
http://itpro.nikkeibp.co.jp/atcl/news/14/073100309/?ST=security

中国人「出し子」に脅かされる日本のネットバンキング、警察庁小竹警視が指摘
http://itpro.nikkeibp.co.jp/atcl/news/14/073100308/?ST=security

「漏洩した個人情報を削除します」詐欺が急増、1000万円以上の被害も
http://itpro.nikkeibp.co.jp/atcl/news/14/073100302/?ST=security