31日 金曜日、仏滅

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008

+ RHSA-2014:1768 Important: php53 security update
https://rhn.redhat.com/errata/RHSA-2014-1768.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ RHSA-2014:1767 Important: php security update
https://rhn.redhat.com/errata/RHSA-2014-1767.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ RHSA-2014:1764 Moderate: wget security update
https://rhn.redhat.com/errata/RHSA-2014-1764.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ RHSA-2014:1764 Moderate: wget security update
https://access.redhat.com/errata/RHSA-2014:1764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ RHSA-2014:1767 Important: php security update
https://access.redhat.com/errata/RHSA-2014:1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04486577-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBNS03158 rev.1 - HP NonStop SOAP 4 running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04489188-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04483249-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7875

+ HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04488200-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04492722-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ Linux kernel 3.17.2, 3.16.7, 3.14.23, 3.10.59 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.23
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.59

+ GCC 4.9.2 release
https://gcc.gnu.org/gcc-4.9/

+ Sudo 1.8.11p2 released
http://www.sudo.ws/sudo/stable.html#1.8.11p2

+ UPDATE JVNVU#97219505 GNU Bash に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97219505/

+ HP-UX Unspecified Kernel Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1031139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7877

+ BSD FTP Client HTTP Redirect Flaw Lets Remote Servers Execute Arbitrary Commands on the Target User's System
http://www.securitytracker.com/id/1031136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517

+ GNU Wget FTP Symlink Arbitrary Filesystem Access
http://cxsecurity.com/issue/WLB-2014100172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ SA61196 HP-UX Kernel Denial of Service Vulnerability
http://secunia.com/advisories/61196/

+ SA60802 OpenBSD "sys_execve()" Executable Header Parsing Denial of Service Vulnerability
http://secunia.com/advisories/60802/

世界のセキュリティ・ラボから
アカウント情報を盗む偽Dropboxログインページ
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/102700018/?ST=security

「Tポイント」新規約施行へ、個人情報の第三者提供停止には手続きが必要
http://itpro.nikkeibp.co.jp/atcl/news/14/103001704/?ST=security

SSL 3.0の「POODLE」情報漏洩問題、IEなどが影響緩和策打ち出す
http://itpro.nikkeibp.co.jp/atcl/news/14/103001701/?ST=security

［続報］JALが情報漏洩問題で中間報告、4131件の流出が特定
http://itpro.nikkeibp.co.jp/atcl/news/14/103001695/?ST=security

JVNVU#97177029 drchrono Electronic Health Record (EHR) のウェブアプリケーションに複数の脆弱性
http://jvn.jp/vu/JVNVU97177029/

JVN#55667175 QNAP QTS における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN55667175/

30日 木曜日、先負

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008

+ CESA-2014:1724 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/618431/

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ UPDATE: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

+ HPSBMU03152 rev.1 - HP Operations Orchestration running SSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04486577-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBST03157 rev.1 - HP StoreEver ESL E-series Tape Library and HP Virtual Library System (VLS) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04488200-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBUX03162 SSRT101767 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Unauthorized Access, Man-in-the-Middle (MitM) Attack
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04492722-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ UPDATE: HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04491186-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ JVNVU#98581917 GNU Wget にシンボリックリンクの扱いに関する問題
http://jvn.jp/vu/JVNVU98581917/index.html

+ Linux Kernel KVM CVE-2014-3645 Denial of Service Vulnerability
http://www.securityfocus.com/bid/70746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645

チェックしておきたい脆弱性情報＜2014.10.30＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/102700026/?ST=security

パスワードリスト型攻撃を無力化、新認証システム携え英国ベンチャー上陸
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/102400086/?ST=security

VU#973460 drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery
http://www.kb.cert.org/vuls/id/973460

REMOTE: Konke Smart Plug K - Authentication Bypass Vulnerability
http://www.exploit-db.com/exploits/35103

REMOTE: CUPS Filter Bash Environment Variable Code Injection
http://www.exploit-db.com/exploits/35115

LOCAL: IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation
http://www.exploit-db.com/exploits/35112

29日 水曜日、友引

+ RHSA-2014:1724 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077

+ Mozilla Firefox 33.0.2 released
https://www.mozilla.org/en-US/firefox/33.0.2/releasenotes/

+ nginx 1.7.7 released
http://nginx.org/

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ UPDATE: Apache HTTPd Range Header Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache

+ HPSBHF03153 rev.1 - HP TippingPoint Next Generation Firewall (NGFW) Local Security Manager (LSM) running SSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04486578-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04473828-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ HPSBUX03159 SSRT101785 rev.2 - HP-UX kernel, Local Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04491186-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7877

+ VU#685996 GNU Wget creates arbitrary symbolic links during recursive FTP download
http://www.kb.cert.org/vuls/id/685996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ wget Default FTP Retrieval Method Lets Remote Users Create Arbitrary Files and Directories
http://www.securitytracker.com/id/1031121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ LOCAL: Windows TrackPopupMenu Win32k NULL Pointer Dereference
http://www.exploit-db.com/exploits/35101

+ MacOS X 10.10 & FreeBSD10 ftp Remote Comand Execution
http://cxsecurity.com/issue/WLB-2014100174

+ GNU Wget FTP Symlink Arbitrary Filesystem Access
http://cxsecurity.com/issue/WLB-2014100172

+ Windows TrackPopupMenu Win32k NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2014100171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113

+ Apple iOS 8.0.2 Denial Of Service
http://cxsecurity.com/issue/WLB-2014100170

+ Google Youtube Filter Bypass / Cross Site Scripting
http://cxsecurity.com/issue/WLB-2014100168

+ GNU Wget CVE-2014-4877 Symlink Vulnerability
http://www.securityfocus.com/bid/70751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ Linux Kernel CVE-2014-3687 Denial of Service Vulnerability
http://www.securityfocus.com/bid/70766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687

POWA 1.2 is out !
http://www.postgresql.org/about/news/1551/

JVNDB-2014-000126 QNAP QTS に OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000126.html

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

世界のセキュリティ・ラボから
ドバイ警察が顔認識捜査にGoogle Glassを導入
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/102700017/?ST=security

EMCジャパン、企業内セキュリティセンター運用向けサービス提供
http://itpro.nikkeibp.co.jp/atcl/news/14/102801656/?ST=security

LCOAL: Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation
http://www.exploit-db.com/exploits/35077

28日 火曜日、先勝

+ Google Chrome 38.0.2125.111 released
http://googlechromereleases.blogspot.jp/2014/10/stable-channel-update_27.html

+ HPSBHF03153 rev.1 - HP TippingPoint Next Generation Firewall (NGFW) Local Security Manager (LSM) running SSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04486578-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBST03160 rev.1 - HP XP Command View Advanced Edition running Apache Struts, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04473828-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ Linux Kernel KVM 'virt/kvm/iommu.c' Incomplete Fix Denial of Service Vulnerability
http://www.securityfocus.com/bid/70747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

+ Linux Kernel KVM CVE-2014-3645 Denial of Service Vulnerability
http://www.securityfocus.com/bid/70746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645

チェックしておきたい脆弱性情報＜2014.10.28＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/102700025/?ST=security

新人D太と先輩M子のITビジネス日誌
中小企業も被害急増「インターネットバンキング」の不正送金、いかにして防ぐ？
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/102100007/?ST=security

エムオーテックスが情報漏洩対策サイトを設立、無料MDMアプリも11月に提供開始
http://itpro.nikkeibp.co.jp/atcl/news/14/102701636/?ST=security

標的型メールの演習を無料で実施、縁マーケティング研究所が新サービス
http://itpro.nikkeibp.co.jp/atcl/news/14/102701624/?ST=security

UPDATE: JVNVU#97219505 GNU Bash に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97219505/index.html

UPDATE: JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/index.html

JVNVU#99291862 複数の NAT-PMP デバイスが WAN 側から操作可能な問題
http://jvn.jp/vu/JVNVU99291862/index.html

REMOTE: Centreon SQL and Command Injection
http://www.exploit-db.com/exploits/35078

LOCAL: Free WMA MP3 Converter 1.8 (.wav) - Buffer Overflow
http://www.exploit-db.com/exploits/35074

DoS/PoC: Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash
http://www.exploit-db.com/exploits/35081

27日 月曜日、赤口

+ PostgreSQL ODBC Driver 09_03_400
http://www.postgresql.org/ftp/odbc/versions/msi/

+ Mozilla Firefox 33.0.1 released
https://www.mozilla.org/en-US/firefox/33.0.1/releasenotes/

+ Ubuntu 14.10 released
https://wiki.ubuntu.com/UtopicUnicorn/ReleaseNotes

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ Linux kernel 3.12.31 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.31

+ Dovecot 2.2.15 released
http://www.dovecot.org/list/dovecot-news/2014-October/000277.html

+ libpng 1.6.14 released
http://www.libpng.org/pub/png/src/libpng-1.6.14-README.txt

+ REMOTE: Windows OLE - Remote Code Execution "Sandworm" Exploit (MS14-060)
http://www.exploit-db.com/exploits/35055

+ DoS/PoC: OpenBSD <= 5.5 - Local Kernel Panic
http://www.exploit-db.com/exploits/35058

+ Linux Kernel iommu.c excessive unpinning
http://cxsecurity.com/issue/WLB-2014100155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

+ iTunes 12.0.1 for Windows DLL Hijacking
http://cxsecurity.com/issue/WLB-2014100154

+ Linux Kernel KVM CVE-2014-8481 Incomplete Fix Denial of Service Vulnerability
http://www.securityfocus.com/bid/70712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8481

+ Linux Kernel KVM CVE-2014-8480 Denial of Service Vulnerability
http://www.securityfocus.com/bid/70710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8480

パスロジ、パスワード記録用のマトリックス型のメモ帳「PassClip」をリリース
http://itpro.nikkeibp.co.jp/atcl/news/14/102401609/?ST=security

パロアルト、モバイル向けセキュリティソリューション最新版を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/102401607/?ST=security

ITproまとめ
ShellShock
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/102200030/?ST=security

JVNVU#99291862 複数の NAT-PMP デバイスが WAN 側から操作可能な問題
http://jvn.jp/vu/JVNVU99291862/

JVN#27388160 Android 版 「スマ保」における SSL/TLS サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN27388160/

24日 金曜日、先負

+ APSB14-25 Security update available for Adobe Digital Editions
http://helpx.adobe.com/security/products/Digital-Editions/apsb14-25.html

+ UPDATE: TCP Vulnerabilities in Multiple Non-IOS Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios

+ VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.
http://www.vmware.com/security/advisories/VMSA-2014-0011.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4624

+ FreeBSD-SA-14:23.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:23.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ FreeBSD-SA-14:22.namei memory leak in sandboxed namei lookup
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:22.namei.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3711

+ FreeBSD-SA-14:21.routed routed(8) remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:21.routed.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3955

+ FreeBSD-SA-14:20.rtsold rtsold(8) remote buffer overflow vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:20.rtsold.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3954

+ VMware vSphere Data Protection Discloses Authentication Information to Remote Users
http://www.securitytracker.com/id/1031114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4624

+ Wireshark Multiple Dissector Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1031111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432

+ SA61674 Yamaha WLX302 Router GNU Bash Multiple Vulnerabilities
http://secunia.com/advisories/61674/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

JVNDB-2014-000125 Android 版 スマ保における SSL/TLS サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000125.html

世界のセキュリティ・ラボから
Shellshock脆弱性の影響、様々なプロトコルに拡大
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/102300016/?ST=security

ITpro Report
［ボットネットと戦う3］「一方的な仮処分」で、ドメイン名を差し押さえる
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/102100022/?ST=security

富士通SSL、ファイアウォールの設定ファイルを変更管理/構成管理するソフト
http://itpro.nikkeibp.co.jp/atcl/news/14/102301590/?ST=security

NECネッツエスアイ子会社の元経理部員逮捕、8年にわたって18億円着服か
http://itpro.nikkeibp.co.jp/atcl/news/14/102301588/?ST=security

知的財産を失う恐れ、企業も「脅迫ウイルス」に気を付けろ
http://itpro.nikkeibp.co.jp/atcl/news/14/102301583/?ST=security

富士通SSL、メール誤送信防止ソフトで英語画面を利用可能に
http://itpro.nikkeibp.co.jp/atcl/news/14/102301578/?ST=security

JVN#27388160 Android 版 スマ保における SSL/TLS サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN27388160/

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/index.html

VU#184540 Incorrect implementation of NAT-PMP in multiple devices
http://www.kb.cert.org/vuls/id/184540

23日 木曜日、友引

+ マイクロソフト セキュリティ アドバイザリ 3010060 Microsoft OLE の脆弱性により、リモートでコードが実行される
https://technet.microsoft.com/library/security/3010060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

+ About the security content of QuickTime 7.7.6
https://support.apple.com/kb/HT6493

+ CESA-2014:1655 Moderate CentOS 7 libxml2 Security Update
http://lwn.net/Alerts/617613/

+ CESA-2014:1669 Low CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/617614/

+ CESA-2014:1671 Moderate CentOS 5 rsyslog5 Security Update
http://lwn.net/Alerts/617615/

+ CESA-2014:1676 Moderate CentOS 7 wireshark Security Update
http://lwn.net/Alerts/617616/

+ CESA-2014:1677 Moderate CentOS 5 wireshark Security Update
http://lwn.net/Alerts/617617/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ FreeBSD namei Kernel Facility Memory Leak Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3711

+ FreeBSD routed(8) Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3955

+ FreeBSD Buffer Overflow in rtsold(8) IPv6 Router Solicitation Daemon May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3954

+ Microsoft Windows OLE Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

+ SA61883 FreeBSD SSL Version 3.0 CBC Cipher Padding Security Issue
http://secunia.com/advisories/61883/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ SA61813 FreeBSD update for openssl
http://secunia.com/advisories/61813/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ SA61803 Microsoft Windows OLE Object Handling Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/61803/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

ITpro Report
［ボットネットと戦う2］“司令塔”を守る、脅威の「ファストフラックス」
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/102000021/?ST=security

トレンドマイクロ、スマホ・タブレット向けセキュリティソフト最新版
http://itpro.nikkeibp.co.jp/atcl/news/14/102201568/?ST=security

PC不正操作と連動して物理ドアをロック、DNPが内部犯行防止システムを発売
http://itpro.nikkeibp.co.jp/atcl/news/14/102201571/?ST=security

官民のシステム管理者200人が参加、総務省のサイバー攻撃防御演習「CYDER」
http://itpro.nikkeibp.co.jp/atcl/news/14/102201565/?ST=security

ファイルを開くだけで被害の恐れ、Windowsに未修正の脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/14/102201564/?ST=security

中国のiCloudユーザーを狙ったサイバー攻撃、中国政府が関与か
http://itpro.nikkeibp.co.jp/atcl/news/14/102201550/?ST=security

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

LOCAL: iBackup 10.0.0.32 - Local Privilege Escalation
http://www.exploit-db.com/exploits/35040

22日 水曜日、先勝

+ RHSA-2014:1677 Moderate: wireshark security update
https://rhn.redhat.com/errata/RHSA-2014-1677.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432

+ RHSA-2014:1676 Moderate: wireshark security update
https://rhn.redhat.com/errata/RHSA-2014-1676.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432

+ RHSA-2014:1676 Moderate: wireshark security update
https://access.redhat.com/errata/RHSA-2014:1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6432

+ PMASA-2014-12 XSS vulnerabilities in SQL debug output and server monitor page.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8326

+ HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04483248-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981

+ CentOS-6.6 Released
http://lists.centos.org/pipermail/centos-announce/2014-October/020698.html
http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.6

+ Apple iOS Bugs Let Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4450

+ REMOTE: HP Data Protector EXEC_INTEGUTIL Remote Code Execution
http://www.exploit-db.com/exploits/35034

+ SA61327 WinSCP OpenSSL "no-ssl3" Build Option Vulnerabilit
http://secunia.com/advisories/61327/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ SA61044 Hitachi Multiple Cosminexus / uCosminexus Products Java Multiple Vulnerabilities
http://secunia.com/advisories/61044/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ SA60945 HP System Management Homepage for HP-UX Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/60945/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7874

+ SA61827 Apple TV SSL Version 3.0 Information Disclosure Security Issue and Bluetooth Pairing Vulnerability
http://secunia.com/advisories/61827/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4428

+ SA61825 Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/61825/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4449

+ PHP 'libxmlrpc/xmlrpc.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/70666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668

ITpro Report
［ボットネットと戦う1］不正送金にも悪用、その恐るべき実態
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/102000020/?ST=security

「ソーシャル新人類」の不夜城?10代は何を考えているのか
SNSは個人情報の宝庫、使い方によっては「ストーカー」になる危険も
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/101700013/?ST=security

インストール数無制限で月額制の「ウイルスバスター」、2014年中に提供予定
http://itpro.nikkeibp.co.jp/atcl/news/14/102101538/?ST=security

JVNVU#96948961 Centreon に複数の脆弱性
http://jvn.jp/vu/JVNVU96948961/

JVNVU#97537282 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97537282/

REMOTE: Numara / BMC Track-It! FileStorageService Arbitrary File Upload
http://www.exploit-db.com/exploits/35032

REMOTE: Joomla Akeeba Kickstart Unserialize Remote Code Execution
http://www.exploit-db.com/exploits/35033

21日 火曜日、赤口

+ RHSA-2014:1671 Moderate: rsyslog5 and rsyslog security update
https://rhn.redhat.com/errata/RHSA-2014-1671.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ RHSA-2014:1669 Low: qemu-kvm security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3615

+ About the security content of Apple TV 7.0.1
https://support.apple.com/kb/HT6542

+ About the security content of iOS 8.1
https://support.apple.com/kb/HT6541

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479402-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBUX03150 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04483248-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3981

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ Postfix 2.11.3, 2.10.5, 2.9.11, 2.8.19 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.11.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.19.HISTORY

+ Samba 4.1.13 Available for Download
http://samba.org/samba/history/samba-4.1.13.html

+ LOCAL: Windows OLE Package Manager SandWorm Exploit
http://www.exploit-db.com/exploits/35019

+ LOCAL: MS14-060 Microsoft Windows OLE Package Manager Code Execution
http://www.exploit-db.com/exploits/35020

+ LOCAL: Linux PolicyKit Race Condition Privilege Escalation
http://www.exploit-db.com/exploits/35021

+ SA61142 Linux Kernel "pivot_root()" Denial of Service Vulnerability
http://secunia.com/advisories/61142/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970

+ SA61145 Linux Kernel "do_umount()" Denial of Service Vulnerability
http://secunia.com/advisories/61145/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7975

UPDATE: VNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

ソフォス、UTMの全モデルを現行シリーズ「Sophos SG」に刷新
http://itpro.nikkeibp.co.jp/atcl/news/14/102001524/?ST=security

20日 月曜日、大安

+ iTunes 12.0.1 released
https://support.apple.com/kb/HT6537

+ OS X Server v4.0, v3.2.2, v2.2.5 released
https://support.apple.com/kb/HT6536
https://support.apple.com/kb/HT6527
https://support.apple.com/kb/HT6529

+ About Security Update 2014-005
https://support.apple.com/kb/HT6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ OS X Yosemite v10.10 released
https://support.apple.com/kb/HT6535

+ CESA-2014:1652 Important CentOS 7 openssl Security Update
http://lwn.net/Alerts/616669/

+ CESA-2014:1652 Important CentOS 6 openssl Security Update
http://lwn.net/Alerts/616671/

+ CESA-2014:1653 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/616668/

+ HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479402-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479601-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479505-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ UEFIファームウェア搭載HPSBHF03084 rev.1 HP PC、任意コードの実行
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04402687-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4860

+ HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04478866-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04477872-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186

+ HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04404764-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HS14-022 Vulnerability in JP1/NETM/DM, Job Management Partner 1/Software Distribution data reproduction functionality
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-022/index.html

+ HS14-021 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-021/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ HS14-022 JP1/NETM/DM, Job Management Partner 1/Software DistributionにおけるPC内蔵タイプのUSBストレージデバイスが抑止不可となる脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-022/index.html

+ HS14-021 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-021/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ Sysstat 11.0.2 released
http://sebastien.godard.pagesperso-orange.fr/

+ VU#577193 POODLE vulnerability in SSL 3.0
http://www.kb.cert.org/vuls/id/577193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ VU#298796 Centreon contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/298796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3829

+ Apple OS X Server Lets Local Users Access Passwords and Remote Users Bypass Access Control Settings
http://www.securitytracker.com/id/1031071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4447

+ Apple QuickTime Buffer Overflow in Processing Audio Samples Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4351

+ Apple OS X Multiple Flaws Let Users Execute Arbitrary Code, Obtain Elevated Privileges, Bypass Security Restrictions, and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4444

+ SA61159 PHP Multiple Vulnerabilities
http://secunia.com/advisories/61159/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

+ Linux PolicyKit Race Condition Privilege Escalation
http://cxsecurity.com/issue/WLB-2014100114

CopyCat Replication Suite 3.07.0 -- PG support added!
http://www.postgresql.org/about/news/1549/

記者の眼日経コンピュータ
内部犯行者にブラフは通用しない
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/101000083/?ST=security

FBI長官、スマホのデータ暗号化にあらためて難色
http://itpro.nikkeibp.co.jp/atcl/news/14/101701482/?ST=security

17日 金曜日、友引

+ RHSA-2014:1653 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-1653.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ RHSA-2014:1655 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2014-1655.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

+ RHSA-2014:1652 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2014-1652.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

+ RHSA-2014:1654 Important: rsyslog7 security update
https://rhn.redhat.com/errata/RHSA-2014-1654.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ RHSA-2014:1655 Moderate: libxml2 security update
https://access.redhat.com/errata/RHSA-2014:1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

+ RHSA-2014:1652 Important: openssl security update
https://access.redhat.com/errata/RHSA-2014:1652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

+ CESA-2014:1647 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/616428/

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ UPDATE: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

+ HPSBHF03125 rev.1 - HP Next Generation Firewall (NGFW) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471538-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBMU03126 rev.1 - HP Operations Manager (formerly OpenView Communications Broker), Remote Cross-site Scripting (XSS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04472444-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2647

+ HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04476799-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7874

+ PHP 5.6.2, 5.5.18, 5.4.34 released
http://php.net/archive/2014.php#id2014-10-16-3
http://php.net/archive/2014.php#id2014-10-16-1
http://php.net/archive/2014.php#id2014-10-16-2

+ Microsoft Bluetooth Personal Area Networking Privilege Escalation
http://cxsecurity.com/issue/WLB-2014100099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ SA61019 OpenSSL SSL Version 3.0 CBC Cipher Padding Information Disclosure Security Issue
http://secunia.com/advisories/61019/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ SA60914 OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60914/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ SA60965 Opera Multiple Vulnerabilities
http://secunia.com/advisories/60965/

+ Panasonic Network Camera Recorder CVE-2014-8756 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/70609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8756

JVNDB-2014-000123 GIGAPOD におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000123.html

JVNDB-2014-000122 Aflax におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000122.html

JVNDB-2014-000121 BirdBlog におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000121.html

JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

ベネッセHDが情報セキュリティ監視委員会を設置、四半期ごとに監査報告
http://itpro.nikkeibp.co.jp/atcl/news/14/101601467/?ST=security

16日 木曜日、先勝

+ Red Hat Enterprise Linux 6.6 Now Generally Available
http://www.redhat.com/en/about/press-releases/red-hat-enterprise-linux-66-now-generally-available
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/6.6_Release_Notes/index.html

+ マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ Win32 OpenSSL 1.0.1j released
http://slproweb.com/products/Win32OpenSSL.html

+ RHSA-2014:1620 Important: java-1.7.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1620.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1647 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-1647.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581

+ Opera 25 released
http://www.opera.com/docs/changelogs/unified/2500/

+ CESA-2014:1635 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/616247/

+ CESA-2014:1635 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/616248/

+ CESA-2014:1634 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/616249/

+ CESA-2014:1634 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/616250/

+ CESA-2014:1633 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/616251/

+ CESA-2014:1620 Important CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/616252/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3397

+ Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3370

+ Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102989&src=securityAlerts

+ Linux kernel 3.17.1, 3.16.6, 3.14.22, 3.10.58 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.1
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.22
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58

+ OpenSSL 1.0.1j, 1.0.0o, 0.9.8zc released
http://www.openssl.org/news/
http://www.openssl.org/news/openssl-1.0.1-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-0.9.8-notes.html

+ OpenSSL Security Advisory [15 Oct 2014]
http://www.openssl.org/news/secadv_20141015.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ OpenSSL 'no-ssl3' Build Option Fails to Prevent SSL 3.0 Handshakes
http://www.securitytracker.com/id/1031053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ OpenSSL SRTP and Session Ticket Memory Leaks Let Remote Users Deny Service
http://www.securitytracker.com/id/1031052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

+ OpenSSL SSL 3.0 Protocol Downgrade Flaw Lets Remote Users Decrypt SSL Traffic
http://www.securitytracker.com/id/1031029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ LOCAL: Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation
http://www.exploit-db.com/exploits/34982

+ SSL 3.0 fallback Design Vulnerability
http://cxsecurity.com/issue/WLB-2014100089

+ OpenSSL CVE-2014-3566 Man In The Middle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/70574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

アップル・ホットトピックス
iOS 8詳細レビュー［3］結局、Appleは何を変えたかったのか？
http://itpro.nikkeibp.co.jp/atcl/column/14/555665/101400009/?ST=security

IEやWindowsに危険な脆弱性、ゼロデイ攻撃への悪用も確認
http://itpro.nikkeibp.co.jp/atcl/news/14/101501393/?ST=security

15日 水曜日、赤口

+ 2014 年 10 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/library/security/ms14-oct

+ MS14-056 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2987107)
https://technet.microsoft.com/library/security/ms14-056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4141

+ MS14-057 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (3000414)
https://technet.microsoft.com/library/security/ms14-057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4073

+ MS14-058 ? 緊急 カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (3000061)
https://technet.microsoft.com/library/security/ms14-058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4148

+ MS14-059 - 重要 ASP.NET MVC の脆弱性により、セキュリティ機能のバイパスが起こる (2990942)
https://technet.microsoft.com/library/security/ms14-059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4075

+ MS14-060 - 重要 Windows OLE の脆弱性により、リモートでコードが実行される (3000869)
https://technet.microsoft.com/library/security/ms14-060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114

+ MS14-061 - 重要 Microsoft Word および Office Web Apps の脆弱性により、リモートでコードが実行される (3000434)
https://technet.microsoft.com/library/security/ms14-061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4117

+ MS14-062 ? 重要 メッセージ キュー サービスの脆弱性により、特権が昇格される (2993254)
https://technet.microsoft.com/library/security/ms14-062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ MS14-063 - 重要 FAT32 ディスク パーティション ドライバーの脆弱性により、特権が昇格される (2998579)
https://technet.microsoft.com/library/security/ms14-063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4115

+ マイクロソフト セキュリティ アドバイザリ 2977292 TLS の使用を可能にする Microsoft EAP 実装用の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2977292

+ マイクロソフト セキュリティ アドバイザリ 2949927 Windows 7 および Windows Server 2008 R2 で SHA-2 ハッシュ アルゴリズムを利用可能
https://technet.microsoft.com/ja-jp/library/security/2949927

+ マイクロソフト セキュリティ アドバイザリ 2871997 資格情報の保護と管理を改善する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2871997

+ マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2014:1634 Important: java-1.6.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1634.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1633 Important: java-1.7.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1633.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1635 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-1635.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583

+ RHSA-2014:1389 Moderate: krb5 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1389.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345

+ RHSA-2014:1636 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2014-1636.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6562

+ RHSA-2014:1552 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1552.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653

+ RHSA-2014:1388 Moderate: cups security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1388.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031

+ RHSA-2014:1606 Moderate: file security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1606.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

+ RHSA-2014:1507 Low: trousers security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1507.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0698

+ RHSA-2014:1392 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1392.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077

+ RHSA-2014:1436 Moderate: X11 client libraries security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1436.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066

+ RHSA-2014:1391 Moderate: glibc security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1391.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458

+ RHSA-2014:1620 Important: java-1.7.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1620.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1634 Important: java-1.6.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1397 Important: rsyslog security update
https://access.redhat.com/errata/RHSA-2014:1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ RHSA-2014:1620 Important: java-1.7.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ Mozilla Firefox 33.0 released
https://www.mozilla.org/en-US/firefox/33.0/releasenotes/

+ MFSA 2014-82 Accessing cross-origin objects via the Alarms API
https://www.mozilla.org/security/announce/2014/mfsa2014-82.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583

+ MFSA 2014-81 Inconsistent video sharing within iframe
https://www.mozilla.org/security/announce/2014/mfsa2014-81.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586

+ MFSA 2014-80 Key pinning bypasses
https://www.mozilla.org/security/announce/2014/mfsa2014-80.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1584

+ MFSA 2014-79 Use-after-free interacting with text directionality
https://www.mozilla.org/security/announce/2014/mfsa2014-79.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581

+ MFSA 2014-78 Further uninitialized memory use during GIF
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1580

+ MFSA 2014-77 Out-of-bounds write with WebM video
https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578

+ MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
https://www.mozilla.org/security/announce/2014/mfsa2014-76.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577

+ MFSA 2014-75 Buffer overflow during CSS manipulation
https://www.mozilla.org/security/announce/2014/mfsa2014-75.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576

+ MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
https://www.mozilla.org/security/announce/2014/mfsa2014-74.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575

+ APSB14-23 Security update: hotfixes available for ColdFusion
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0572

+ APSB14-22 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569

+ CESA-2014:1397 Important CentOS 7 rsyslog Security Update
http://lwn.net/Alerts/616141/

+ Mozilla Thunderbird 31.2.0 released
https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/

+ HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475942-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475466-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475347-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ UPDATE: HPSBMU03079 rev.2 - HP Service Manager, Multiple Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04388127-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03122 rev.2 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471532-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04476799-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7874

+ CVE-2014-3618 Buffer Errors vulnerability in Procmail
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3618_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

+ CVE-2014-3621 Information Disclosure vulnerability in OpenStack Identity (Keystone)
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3621_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621

+ CVE-2012-6151 Resource Management Errors vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6151_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151

+ CVE-2014-3613 Cookie leak vulnerability in Libcurl
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3613_cookie_leak
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613

+ CVE-2014-5461 Buffer Errors vulnerability in Lua
https://blogs.oracle.com/sunsecurity/entry/cve_2014_5461_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461

+ CVE-2014-3517 Information Disclosure vulnerability in OpenStack Compute (Nova)
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3517_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517

+ Multiple vulnerabilities in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ CVE-2003-1294 Symlink attack vulnerability in Xscreensaver
https://blogs.oracle.com/sunsecurity/entry/cve_2003_1294_symlink_attack
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1294

+ CVE-2009-2409 Cryptographic Issues in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2409_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409

+ CVE-2014-3511 Cryptographic vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ Multiple Denial Of Service(DoS) vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

+ CVE-2014-3508 Information Disclosure vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508

+ CVE-2014-0224 Cryptographic Issues vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2014-0224 Cryptographic Issues vulnerability in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2013-4396 Use-after-free vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4396_use_after
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396

+ Oracle Critical Patch Update Advisory - October 2014
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

+ Dovecot 2.2.14 released
http://www.dovecot.org/list/dovecot-news/2014-October/000276.html

+ Java SE 8u25, 7u71/72 released
http://www.oracle.com/technetwork/java/javase/8u25-relnotes-2296185.html
http://www.oracle.com/technetwork/java/javase/7u72-relnotes-2296190.html
http://www.oracle.com/technetwork/java/javase/7u71-relnotes-2296187.html

+ Postfix 2.11.2, 2.10.4, 2.9.10, 2.8.18 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.10.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.18.HISTORY

+ sysklogd LOG_NFACILITIES Array Overrun Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ rsyslog LOG_NFACILITIES Array Overrun Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ DNS Reverse Lookup Shellshock
http://cxsecurity.com/issue/WLB-2014100086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

Snapchatの画像が大量流出、原因はサードパーティーのサイト
http://itpro.nikkeibp.co.jp/atcl/news/14/101401337/?ST=security

LOCAL: Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/34966

LOCAL: Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/34967

14日 火曜日、大安

+ RHSA-2014:1397 Important: rsyslog security update
https://access.redhat.com/errata/RHSA-2014:1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ CESA-2014:1255 Moderate CentOS 5 krb5 Security Update
http://lwn.net/Alerts/616007/

+ phpMyAdmin 4.2.10 is released
http://sourceforge.net/p/phpmyadmin/news/2014/10/phpmyadmin-4210-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475942-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475466-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475347-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ HPSBNS03130 rev.1 - HP NonStop Development Environment for Eclipse (NSDEE) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04474252-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ UPDATE: HPSBST03122 rev.2 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471532-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux Kernel VFS Filesystem Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1030991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970

+ rsync and librsync collisions
http://cxsecurity.com/issue/WLB-2014100074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8242

+ Google Android Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/70394

+ Google Android Browser Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/70408

JVNDB-2014-000120 Huawei E5332 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000120.html

JVNDB-2014-000119 Huawei E5332 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000119.html

【「ソーシャル新人類」の不夜城?10代は何を考えているのか】
人気がないものは使わない、10代がゲームやSNSを渡り歩く本当の理由
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/100900012/?ST=security

「1日限定サイト」トップ50ドメインの22％がサイバー攻撃に利用、ブルーコートが公表
http://itpro.nikkeibp.co.jp/atcl/news/14/101001329/?ST=security

Webmin経由で狙われる「Shellshock」、TCP 10000番へのスキャン増加
http://itpro.nikkeibp.co.jp/atcl/news/14/101001324/?ST=security

Symantec、セキュリティと情報管理に2社分割する計画を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/101001321/?ST=security