2014年10月14日火曜日

14日 火曜日、大安

+ RHSA-2014:1397 Important: rsyslog security update
https://access.redhat.com/errata/RHSA-2014:1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ CESA-2014:1255 Moderate CentOS 5 krb5 Security Update
http://lwn.net/Alerts/616007/

+ phpMyAdmin 4.2.10 is released
http://sourceforge.net/p/phpmyadmin/news/2014/10/phpmyadmin-4210-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Communications Domain Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140702-cucdm

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475942-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475466-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475347-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ HPSBNS03130 rev.1 - HP NonStop Development Environment for Eclipse (NSDEE) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04474252-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ UPDATE: HPSBST03122 rev.2 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471532-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Linux Kernel VFS Filesystem Flaw Lets Local Users Deny Service
http://www.securitytracker.com/id/1030991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970

+ rsync and librsync collisions
http://cxsecurity.com/issue/WLB-2014100074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8242

+ Google Android Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/70394

+ Google Android Browser Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/70408

JVNDB-2014-000120 Huawei E5332 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000120.html

JVNDB-2014-000119 Huawei E5332 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000119.html

【「ソーシャル新人類」の不夜城?10代は何を考えているのか】
人気がないものは使わない、10代がゲームやSNSを渡り歩く本当の理由
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/100900012/?ST=security

「1日限定サイト」トップ50ドメインの22%がサイバー攻撃に利用、ブルーコートが公表
http://itpro.nikkeibp.co.jp/atcl/news/14/101001329/?ST=security

Webmin経由で狙われる「Shellshock」、TCP 10000番へのスキャン増加
http://itpro.nikkeibp.co.jp/atcl/news/14/101001324/?ST=security

Symantec、セキュリティと情報管理に2社分割する計画を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/101001321/?ST=security

0 件のコメント:

コメントを投稿