2014年10月6日月曜日
6日 月曜日、先負
+ RHSA-2014:1326 Moderate: php53 and php security update
https://rhn.redhat.com/errata/RHSA-2014-1326.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
+ RHSA-2014:1306 Important: bash security update
https://rhn.redhat.com/errata/RHSA-2014-1306.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ RHSA-2014:1307 Important: nss security update
https://rhn.redhat.com/errata/RHSA-2014-1307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
+ RHSA-2014:1319 Moderate: xerces-j2 security update
https://rhn.redhat.com/errata/RHSA-2014-1319.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
+ RHSA-2014:1307 Important: nss security update
https://access.redhat.com/errata/RHSA-2014:1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
+ RHSA-2014:1319 Moderate: xerces-j2 security update
https://access.redhat.com/errata/RHSA-2014:1319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
+ RHSA-2014:1352 Moderate: libvirt security and bug fix update
https://access.redhat.com/errata/RHSA-2014:1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657
+ RHSA-2014:1327 Moderate: php security update
https://access.redhat.com/errata/RHSA-2014:1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120
+ RHSA-2014:1306 Important: bash security update
https://access.redhat.com/errata/RHSA-2014:1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
+ RHSA-2014:1293 Critical: bash security update
https://access.redhat.com/errata/RHSA-2014:1293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+ Selenium IDE 2.8.0 released
http://code.google.com/p/selenium/wiki/SeIDEReleaseNotes
+ About OS X bash Update 1.0
http://support.apple.com/kb/HT6495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ nginx 1.7.6 released
http://nginx.org/
+ nginx: SSL session reuse vulnerability
http://nginx.org/en/security_advisories.html
+ CESA-2014:X011 Moderate kernel Xen4CentOS Security Update
http://lwn.net/Alerts/614366/
+ CESA-2014:X012 Moderate libvirt Xen4CentOS Security Update
http://lwn.net/Alerts/614367/
+ CESA-2014:X010 Moderate xen Xen4CentOS Security Update
http://lwn.net/Alerts/614368/
+ CESA-2014:X013 Important xen Xen4CentOS Security Update
http://lwn.net/Alerts/614369/
+ CESA-2014:1243 Low CentOS 5 automake Security Update
http://lwn.net/Alerts/614149/
+ CESA-2014:1293 Critical CentOS 5 bash Security Update
http://lwn.net/Alerts/614150/
+ CESA-2014:1306 Important CentOS 5 bash Security Update
http://lwn.net/Alerts/614151/
+ CESA-2014:1244 Moderate CentOS 5 bind97 Security Update
http://lwn.net/Alerts/614152/
+ CESA-2014:1194 Moderate CentOS 5 conga Security Update
http://lwn.net/Alerts/614153/
+ CESA-2014:1245 Moderate CentOS 5 krb5 Security Update
http://lwn.net/Alerts/614154/
+ CESA-2014:1307 Important CentOS 5 nss Security Update
http://lwn.net/Alerts/614155/
+ CESA-2014:1246 Moderate CentOS 5 nss Security Update
http://lwn.net/Alerts/614156/
+ CESA-2014:1327 Moderate CentOS 7 php Security Update
http://lwn.net/Alerts/614158/
+ CESA-2014:1326 Moderate CentOS 6 php Security Update
http://lwn.net/Alerts/614157/
+ CESA-2014:1326 Moderate CentOS 5 php53 Security Update
http://lwn.net/Alerts/614159/
+ CESA-2014:1319 Moderate CentOS 7 xerces-j2 Security Update
http://lwn.net/Alerts/614161/
+ CESA-2014:1319 Moderate CentOS 6 xerces-j2 Security Update
http://lwn.net/Alerts/614160/
+ CESA-2014:1307 Important CentOS 6 nss Security Update
http://lwn.net/Alerts/613413/
+ CESA-2014:1306 Important CentOS 7 bash Security Update
http://lwn.net/Alerts/613410/
+ CESA-2014:1306 Important CentOS 6 bash Security Update
http://lwn.net/Alerts/613411/
+ CESA-2014:1306 Important CentOS 5 bash Security Update
http://lwn.net/Alerts/613409/
+ CESA-2014:1307 Important CentOS 7 nss Security Update
http://lwn.net/Alerts/613412/
+ phpMyAdmin 4.0.10.4, 4.1.14.5, 4.2.9.1 released
http://sourceforge.net/p/phpmyadmin/news/2014/10/phpmyadmin-40104-41145-and-4291-are-released/
+ PMASA-2014-11 XSS vulnerabilities in table search and table structure pages
http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217
+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
+ UPDATE: Cisco IOS Software RSVP Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp
+ make 4.1 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D
+ HPSBGN03117 rev.1 - HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04467807-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ UPDATE: HPSBHF03119 rev.2 - HP DreamColor Professional Display running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04468293-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBHF03124 rev.1 - HP Thin Clients running Bash, Remote Execution of Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04471546-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ HPSBMU03112 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04463322-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2642
+ HPSBMU03118 rev.1 - HP Systems Insight Manager (SIM) on Linux and Windows, Multiple Remote Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04468121-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2645
+ UPDATE: HPSBMU02895 SSRT101253 rev.2 - HP データプロテクタ、権限のリモート強化、サービス拒否 (DoS)、任意コードの実行
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04083772-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ HPSBMU03123 rev.1 - HP Network Automation running on Linux, Solaris, and Windows, Local Unauthorized Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04470581-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2646
+ HPSBNS03111 rev.1 - Bashシェルを実行しているHP NonStopサーバー、リモートからのコード実行
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04465250-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ HPSBNS03114 rev.1 - HP NonStop CLIM running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04466552-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ HPSBNS03115 rev.1 - HP NonStop Virtual TapeServer (VTS) running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04466586-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
+ HPSBST02958 rev.1 - HP MPIO Device Specific Module Manager, Local Execution of Arbitrary Code with Privilege Elevation
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04048122-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2639
+ Linux kernel 3.16.4, 3.14.20, 3.12.29, 3.10.56 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.20
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.29
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56
+ CentOS Linux 5.11 for x86_64 and i386 is released
http://centosnow.blogspot.jp/2014/09/centos-linux-511-for-x8664-and-i386-is.html
+ VMSA-2014-0010.7 VMware product updates address critical Bash security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
+ Apache Tomcat 8.0.14 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html
+ DeleGate 9.9.12 released
http://www.delegate.org/delegate/updates/
+ libpng 1.6.13 released
http://www.libpng.org/pub/png/src/libpng-1.6.13-README.txt
+ OpenLDAP 2.4.40 released
http://www.openldap.org/
+ PHP 5.6.1 released
http://php.net/archive/2014.php#id2014-10-02-1
+ Linux Kernel Seed Initialization Flaw Reduces Randomness in Certain Values and May Make TCP Sequence Numbers More Predictable
http://www.securitytracker.com/id/1030959
+ REMOTE: GNU bash 4.3.11 Environment Variable dhclient Exploit
http://www.exploit-db.com/exploits/34860
+ REMOTE: Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.0 Bypass (MS12-037)
http://www.exploit-db.com/exploits/34815
+ SA61630 phpMyAdmin Script Insertion Vulnerabilities
http://secunia.com/advisories/61630/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217
+ SA61549 GNU Bash Environment Variables Function Parsing Two Vulnerabilities
http://secunia.com/advisories/61549/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
+ SA61700 Apple OS X GNU Bash Two OS Commands Injection Vulnerabilities
http://secunia.com/advisories/61700/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ SA61546 GNU Bash Script Parsing Two Vulnerabilities
http://secunia.com/advisories/61546/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ SA61564 GNU Bash Environment Variables Parsing OS Commands Injection Vulnerability
http://secunia.com/advisories/61564/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
+ GNU Bash 4.3.11 dhclient Shellshocker
http://cxsecurity.com/issue/WLB-2014100019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ GNU Bash 4.3 Command Injection
http://cxsecurity.com/issue/WLB-2014090159
+ Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass
http://cxsecurity.com/issue/WLB-2014090157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1876
+ Apache mod_cgi Bash Environment Variable Code Injection
http://cxsecurity.com/issue/WLB-2014090146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+ Linux Kernel 'net_get_random_once' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/70209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7284
+ Microsoft Internet Explorer 'ScriptEngine' Objects Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/70218
JVNVU#97219505 GNU Bash に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97219505/
JVN#61247051 OpenSSL における Change Cipher Spec メッセージの処理に脆弱性
http://jvn.jp/jp/JVN61247051/
チェックしておきたい脆弱性情報<2014.10.06>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/092900020/?ST=security
Apple、iOSデバイスのロック状態を確認するWebツールを公開
http://itpro.nikkeibp.co.jp/atcl/news/14/100301204/?ST=security
「iCloud」のセレブ画像流出問題がGoogleに飛び火
http://itpro.nikkeibp.co.jp/atcl/news/14/100301199/?ST=security
世界のセキュリティ・ラボから
横行するフィッシングの3大手口
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/092900014/?ST=security
チェックしておきたい脆弱性情報<2014.10.02>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/092900019/?ST=security
香港デモ参加者のiOS端末を狙ったスパイウエア、中国政府が関与か
http://itpro.nikkeibp.co.jp/atcl/news/14/100201174/?ST=security
物理サーバーをホスティングするIaaSクラウド、データ消去証明書を発行可能に
http://itpro.nikkeibp.co.jp/atcl/news/14/100101165/?ST=security
日本IBM、セキュリティ機器の監視/運用サービスがFireEyeも対象に
http://itpro.nikkeibp.co.jp/atcl/news/14/100101163/?ST=security
VU#125228 HP System Management Homepage vulnerable to cross-site scripting
http://www.kb.cert.org/vuls/id/125228
VU#111588 Brocade Vyatta 5400 vRouter contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/111588
REMOTE: Kolibri Webserver 2.0 Buffer Overflow with EMET 5.0 and EMET 4.1 Partial Bypass
http://www.exploit-db.com/exploits/34856
REMOTE: Pure-FTPd External Authentication Bash Environment Variable Code Injection
http://www.exploit-db.com/exploits/34862
REMOTE: HP Network Node Manager I PMD Buffer Overflow
http://www.exploit-db.com/exploits/34866
REMOTE: ManageEngine OpManager / Social IT Arbitrary File Upload
http://www.exploit-db.com/exploits/34867
DoS/PoC: TeamSpeak Client 3.0.14 - Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/34857
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿