:: IT Security Neophyte Investigator's MEMO ::: 15日水曜日、赤口

2014年10月15日水曜日

15日水曜日、赤口

+ 2014 年 10 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/library/security/ms14-oct

+ MS14-056 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2987107)
https://technet.microsoft.com/library/security/ms14-056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4141

+ MS14-057 - 緊急 .NET Framework の脆弱性により、リモートでコードが実行される (3000414)
https://technet.microsoft.com/library/security/ms14-057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4073

+ MS14-058 ? 緊急カーネルモードドライバーの脆弱性により、リモートでコードが実行される (3000061)
https://technet.microsoft.com/library/security/ms14-058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4148

+ MS14-059 - 重要 ASP.NET MVC の脆弱性により、セキュリティ機能のバイパスが起こる (2990942)
https://technet.microsoft.com/library/security/ms14-059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4075

+ MS14-060 - 重要 Windows OLE の脆弱性により、リモートでコードが実行される (3000869)
https://technet.microsoft.com/library/security/ms14-060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4114

+ MS14-061 - 重要 Microsoft Word および Office Web Apps の脆弱性により、リモートでコードが実行される (3000434)
https://technet.microsoft.com/library/security/ms14-061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4117

+ MS14-062 ? 重要メッセージキューサービスの脆弱性により、特権が昇格される (2993254)
https://technet.microsoft.com/library/security/ms14-062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4971

+ MS14-063 - 重要 FAT32 ディスクパーティションドライバーの脆弱性により、特権が昇格される (2998579)
https://technet.microsoft.com/library/security/ms14-063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4115

+ マイクロソフトセキュリティアドバイザリ 2977292 TLS の使用を可能にする Microsoft EAP 実装用の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2977292

+ マイクロソフトセキュリティアドバイザリ 2949927 Windows 7 および Windows Server 2008 R2 で SHA-2 ハッシュアルゴリズムを利用可能
https://technet.microsoft.com/ja-jp/library/security/2949927

+ マイクロソフトセキュリティアドバイザリ 2871997 資格情報の保護と管理を改善する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2871997

+ マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2014:1634 Important: java-1.6.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1634.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1633 Important: java-1.7.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1633.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1635 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-1635.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583

+ RHSA-2014:1389 Moderate: krb5 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1389.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345

+ RHSA-2014:1636 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2014-1636.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6562

+ RHSA-2014:1552 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1552.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653

+ RHSA-2014:1388 Moderate: cups security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1388.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031

+ RHSA-2014:1606 Moderate: file security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1606.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480

+ RHSA-2014:1507 Low: trousers security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1507.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0698

+ RHSA-2014:1392 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1392.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077

+ RHSA-2014:1436 Moderate: X11 client libraries security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1436.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066

+ RHSA-2014:1391 Moderate: glibc security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1391.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4458

+ RHSA-2014:1620 Important: java-1.7.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1620.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1634 Important: java-1.6.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ RHSA-2014:1397 Important: rsyslog security update
https://access.redhat.com/errata/RHSA-2014:1397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ RHSA-2014:1620 Important: java-1.7.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ Mozilla Firefox 33.0 released
https://www.mozilla.org/en-US/firefox/33.0/releasenotes/

+ MFSA 2014-82 Accessing cross-origin objects via the Alarms API
https://www.mozilla.org/security/announce/2014/mfsa2014-82.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1583

+ MFSA 2014-81 Inconsistent video sharing within iframe
https://www.mozilla.org/security/announce/2014/mfsa2014-81.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1586

+ MFSA 2014-80 Key pinning bypasses
https://www.mozilla.org/security/announce/2014/mfsa2014-80.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1584

+ MFSA 2014-79 Use-after-free interacting with text directionality
https://www.mozilla.org/security/announce/2014/mfsa2014-79.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1581

+ MFSA 2014-78 Further uninitialized memory use during GIF
https://www.mozilla.org/security/announce/2014/mfsa2014-78.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1580

+ MFSA 2014-77 Out-of-bounds write with WebM video
https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1578

+ MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
https://www.mozilla.org/security/announce/2014/mfsa2014-76.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1577

+ MFSA 2014-75 Buffer overflow during CSS manipulation
https://www.mozilla.org/security/announce/2014/mfsa2014-75.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1576

+ MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)
https://www.mozilla.org/security/announce/2014/mfsa2014-74.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1575

+ APSB14-23 Security update: hotfixes available for ColdFusion
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0572

+ APSB14-22 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0569

+ CESA-2014:1397 Important CentOS 7 rsyslog Security Update
http://lwn.net/Alerts/616141/

+ Mozilla Thunderbird 31.2.0 released
https://www.mozilla.org/en-US/thunderbird/31.2.0/releasenotes/

+ HPSBGN03138 rev.1 - HP Operations Analytics running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475942-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475466-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03133 rev.1 - HP Enterprise Maps Virtual Appliance running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04475347-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ UPDATE: HPSBMU03079 rev.2 - HP Service Manager, Multiple Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04388127-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ UPDATE: HPSBST03122 rev.2 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471532-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04476799-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7874

+ CVE-2014-3618 Buffer Errors vulnerability in Procmail
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3618_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618

+ CVE-2014-3621 Information Disclosure vulnerability in OpenStack Identity (Keystone)
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3621_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621

+ CVE-2012-6151 Resource Management Errors vulnerability in Net-SNMP
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6151_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151

+ CVE-2014-3613 Cookie leak vulnerability in Libcurl
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3613_cookie_leak
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3613

+ CVE-2014-5461 Buffer Errors vulnerability in Lua
https://blogs.oracle.com/sunsecurity/entry/cve_2014_5461_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461

+ CVE-2014-3517 Information Disclosure vulnerability in OpenStack Compute (Nova)
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3517_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3517

+ Multiple vulnerabilities in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wan_boot
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ CVE-2003-1294 Symlink attack vulnerability in Xscreensaver
https://blogs.oracle.com/sunsecurity/entry/cve_2003_1294_symlink_attack
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1294

+ CVE-2009-2409 Cryptographic Issues in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2409_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409

+ CVE-2014-3511 Cryptographic vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3511_cryptographic_vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511

+ Multiple Denial Of Service(DoS) vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

+ CVE-2014-3508 Information Disclosure vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508

+ CVE-2014-0224 Cryptographic Issues vulnerability in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2014-0224 Cryptographic Issues vulnerability in WAN Boot
https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ CVE-2013-4396 Use-after-free vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4396_use_after
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4396

+ Oracle Critical Patch Update Advisory - October 2014
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

+ Dovecot 2.2.14 released
http://www.dovecot.org/list/dovecot-news/2014-October/000276.html

+ Java SE 8u25, 7u71/72 released
http://www.oracle.com/technetwork/java/javase/8u25-relnotes-2296185.html
http://www.oracle.com/technetwork/java/javase/7u72-relnotes-2296190.html
http://www.oracle.com/technetwork/java/javase/7u71-relnotes-2296187.html

+ Postfix 2.11.2, 2.10.4, 2.9.10, 2.8.18 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.10.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.18.HISTORY

+ sysklogd LOG_NFACILITIES Array Overrun Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ rsyslog LOG_NFACILITIES Array Overrun Lets Remote Users Deny Service
http://www.securitytracker.com/id/1030997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634

+ DNS Reverse Lookup Shellshock
http://cxsecurity.com/issue/WLB-2014100086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

Snapchatの画像が大量流出、原因はサードパーティーのサイト
http://itpro.nikkeibp.co.jp/atcl/news/14/101401337/?ST=security

LOCAL: Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/34966

LOCAL: Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation
http://www.exploit-db.com/exploits/34967

:: IT Security Neophyte Investigator's MEMO ::

2014年10月15日水曜日

15日水曜日、赤口

0 件のコメント:

コメントを投稿

2014年10月15日水曜日

15日 水曜日、赤口

0 件のコメント:

コメントを投稿

15日水曜日、赤口