:: IT Security Neophyte Investigator's MEMO ::: 20日月曜日、大安

2014年10月20日月曜日

20日月曜日、大安

+ iTunes 12.0.1 released
https://support.apple.com/kb/HT6537

+ OS X Server v4.0, v3.2.2, v2.2.5 released
https://support.apple.com/kb/HT6536
https://support.apple.com/kb/HT6527
https://support.apple.com/kb/HT6529

+ About Security Update 2014-005
https://support.apple.com/kb/HT6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ OS X Yosemite v10.10 released
https://support.apple.com/kb/HT6535

+ CESA-2014:1652 Important CentOS 7 openssl Security Update
http://lwn.net/Alerts/616669/

+ CESA-2014:1652 Important CentOS 6 openssl Security Update
http://lwn.net/Alerts/616671/

+ CESA-2014:1653 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/616668/

+ HPSBGN03142 rev.1 - HP Business Service Automation Essentials running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479402-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBHF03146 rev.1 - HP Integrity SD2 CB900s i4 & i2 Server running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479601-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ HPSBHF03145 rev.1 - HP Integrity Superdome X and HP Converged System 900 for SAP HANA running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04479505-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169

+ UEFIファームウェア搭載HPSBHF03084 rev.1 HP PC、任意コードの実行
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04402687-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4860

+ HPSBST03129 rev.1 - HP StoreFabric B-series switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04478866-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBST03131 rev.1 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04477872-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186

+ HPSBST03097 rev.1 - HP Command View for Tape Libraries (CVTL) running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04404764-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HS14-022 Vulnerability in JP1/NETM/DM, Job Management Partner 1/Software Distribution data reproduction functionality
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-022/index.html

+ HS14-021 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-021/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ HS14-022 JP1/NETM/DM, Job Management Partner 1/Software DistributionにおけるPC内蔵タイプのUSBストレージデバイスが抑止不可となる脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-022/index.html

+ HS14-021 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-021/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ Sysstat 11.0.2 released
http://sebastien.godard.pagesperso-orange.fr/

+ VU#577193 POODLE vulnerability in SSL 3.0
http://www.kb.cert.org/vuls/id/577193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ VU#298796 Centreon contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/298796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3829

+ Apple OS X Server Lets Local Users Access Passwords and Remote Users Bypass Access Control Settings
http://www.securitytracker.com/id/1031071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4447

+ Apple QuickTime Buffer Overflow in Processing Audio Samples Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4351

+ Apple OS X Multiple Flaws Let Users Execute Arbitrary Code, Obtain Elevated Privileges, Bypass Security Restrictions, and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4444

+ SA61159 PHP Multiple Vulnerabilities
http://secunia.com/advisories/61159/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

+ Linux PolicyKit Race Condition Privilege Escalation
http://cxsecurity.com/issue/WLB-2014100114

CopyCat Replication Suite 3.07.0 -- PG support added!
http://www.postgresql.org/about/news/1549/

記者の眼日経コンピュータ
内部犯行者にブラフは通用しない
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/101000083/?ST=security

FBI長官、スマホのデータ暗号化にあらためて難色
http://itpro.nikkeibp.co.jp/atcl/news/14/101701482/?ST=security

:: IT Security Neophyte Investigator's MEMO ::

2014年10月20日月曜日

20日月曜日、大安

0 件のコメント:

コメントを投稿

2014年10月20日月曜日

20日 月曜日、大安

0 件のコメント:

コメントを投稿

20日月曜日、大安