28日 金曜日、仏滅

+ HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04511778&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7879

+ ActivePerl 5.20.1.2000 released
http://www.activestate.com/activeperl/downloads

+ SA60229 Yamaha WLX302 Router OpenSSL "tls_decrypt_ticket()" Denial of Service Vulnerability
http://secunia.com/advisories/60229/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

+ SA62542 ClamAV "cli_scanpe()" Buffer Overflow Vulnerability
http://secunia.com/advisories/62542/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050

+ SA60239 Linux Kernel #SS Trap Handling Denial of Service Vulnerability
http://secunia.com/advisories/60239/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9090

+ SA60043 Kaspersky Security Center OpenSSL Security Issue and Two Vulnerabilities
http://secunia.com/advisories/60043/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ MantisBT Captcha System Security Weakness
http://www.securityfocus.com/bid/71321

+ Linux Kernel 'lesspipe' Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/71248

【社長に説明できるセキュリティ】
セキュリティ対策に見えないセキュリティ対策とは
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/111100004/?ST=security

チェックしておきたい脆弱性情報＜2014.11.28＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600029/?ST=security

トレンドマイクロ、標的型攻撃の原因を過去に遡って探る新機能
http://itpro.nikkeibp.co.jp/atcl/news/14/112702048/?ST=security

EU、米国版Google検索にも「忘れられる権利」の適用を迫る指針策定
http://itpro.nikkeibp.co.jp/atcl/news/14/112702043/?ST=security

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

27日 木曜日、先負

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2014:1911 Moderate: ruby security update
https://rhn.redhat.com/errata/RHSA-2014-1911.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090

+ RHSA-2014:1912 Moderate: ruby security update
https://access.redhat.com/errata/RHSA-2014:1912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090

+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076

+ HPSBGN03202 rev.1 - HP CMS: Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507568&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ SA62180 MantisBT Multiple Vulnerabilities
http://secunia.com/advisories/62180/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9089

+ SA60087 Microsoft Windows Flash Player Vulnerability
http://secunia.com/advisories/60087/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439

+ SA60219 Google Chrome Flash Player Vulnerability
http://secunia.com/advisories/60219/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439

+ SA60217 Adobe Flash Player Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/60217/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439

+ PHP 5.x / Bash Shellshock Proof Of Concept
http://cxsecurity.com/issue/WLB-2014110176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

+ PHP 5.6.1 open_basedir exist file check bypass
http://cxsecurity.com/issue/WLB-2014110192

+ Android Settings Pendingintent Leak
http://cxsecurity.com/issue/WLB-2014110189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8609

+ Android SMS Resend
http://cxsecurity.com/issue/WLB-2014110188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8610

+ Android WAPPushManager SQL Injection
http://cxsecurity.com/issue/WLB-2014110187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8507

+ MantisBT 'view_all_set.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/71298

+ Linux Kernel 'espfix64' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71250

+ phpMyAdmin CVE-2014-8959 Local File Include Vulnerability
http://www.securityfocus.com/bid/71247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959

+ phpMyAdmin CVE-2014-8958 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/71243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958

「脅迫ウイルス」が企業の大きな脅威に、業務データを失う恐れ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111800105/?ST=security

ESET製セキュリティ対策ソフトの新版発売、ボットネット対策機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/14/112602033/?ST=security

ソニーピクチャーズにサイバー攻撃か、米メディアが報道
http://itpro.nikkeibp.co.jp/atcl/news/14/112602024/?ST=security

REMOTE: Pandora FMS SQLi Remote Code Execution
http://www.exploit-db.com/exploits/35380

LOCAL: Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 (.wax) SEH Buffer Overflow
http://www.exploit-db.com/exploits/35377

DoS/PoC: Elipse E3 HTTP Denial of Service
http://www.exploit-db.com/exploits/35379

DoS/PoC: Android WAPPushManager - SQL Injection
http://www.exploit-db.com/exploits/35382

26日 水曜日、友引

+ Google Chrome 39.0.2171.71 released
http://googlechromereleases.blogspot.jp/2014/11/stable-channel-update_25.html

+ APSB14-26 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-26.html

+ CESA-2014:1893 Important CentOS 5 libXfont Security Update
http://lwn.net/Alerts/623061/

+ CESA-2014:1885 Moderate CentOS 5 libxml2 Security Update
http://lwn.net/Alerts/622556/

+ HPSBGN03200 rev.1 - HP Project Portfolio Manager running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507244&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBGN03203 rev.1 - HP CMS: UCMDB Browser running OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507636&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBMU03213 rev.1 - HP BSM running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510230&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBMU03214 rev.1 - HP Systinet running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510286&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBMU03211 rev.1 - HP Automation Insight running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04510061&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ UPDATE: HPSBST03131 rev.2 - HP StoreOnce Backup Systems running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04477872&docLocale=ja_JP

+ HPSBST03148 rev.1 - HP StoreOnce Gen 2 Backup Systems running Bash Shell, Remote Code Execution
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04479974&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186

+ HPSBUX03166 SSRT101489 rev.1 - HP-UX running PAM libpam_updbe, Remote Authentication Bypass
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04511778&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7879

+ Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439

+ LOCAL: Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406
http://www.exploit-db.com/exploits/35370

+ PHP 5.5.12 Locale::parseLocale Memory Corruption
http://cxsecurity.com/issue/WLB-2014110168

+ SA62632 GNU C Library "wordexp()" Argument Parsing Security Bypass Vulnerability
http://secunia.com/advisories/62632/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817

+ GNU Coreutils 'parse_datetime()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71281

ファイア・アイ日本法人の新CTO名和氏、国際サイバースパイの実態を説明
http://itpro.nikkeibp.co.jp/atcl/news/14/112502020/?ST=security

「構造改革後にIoTなど挑戦を」ソニーモバイルが事業方針を説明
http://itpro.nikkeibp.co.jp/atcl/news/14/112502018/?ST=security

高度なスパイウエア「Regin」、政府が国際的スパイ活動に使用か
http://itpro.nikkeibp.co.jp/atcl/news/14/112502009/?ST=security

DoS/PoC: TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF
http://www.exploit-db.com/exploits/35363

25日 火曜日、先勝

+ RHSA-2014:1893 Important: libXfont security update
https://rhn.redhat.com/errata/RHSA-2014-1893.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ Selenium Server 44.0 released
http://docs.seleniumhq.org/download/

+ Selenium: The Internet Explorer Driver Server 2.44.0 released
http://selenium.googlecode.com/git/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 2.44.0 released
http://selenium.googlecode.com/git/java/CHANGELOG

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ HPSBGN03200 rev.1 - HP Project Portfolio Manager running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04507244&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ UPDATE: HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04396638&docLocale=ja_JP

+ Linux kernel 3.17.4, 3.14.25, 3.12.33, 3.10.61, 2.6.32.64 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.61
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.64

+ Apache Tomcat 6.0.43 Released
http://tomcat.apache.org/download-60.cgi

+ libpng 1.6.15, 1.2.52 released
http://www.libpng.org/pub/png/src/libpng-1.6.15-README.txt
http://www.libpng.org/pub/png/src/libpng-1.2.52-README.txt

+ SA62400 Linux Kernel ARM64 "__clear_user()" Denial of Service Vulnerability
http://secunia.com/advisories/62400/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7843

+ SA59820 phpMyAdmin Script Insertion and Information Disclosure Vulnerabilities
http://secunia.com/advisories/59820/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8960

+ SA62399 Linux Kernel KVM Nested VMX Emulation Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/62399/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842

+ SA62390 Linux Kernel "sctp_process_param()" NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/62390/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

+ DoS/PoC: PHP 5.5.12 Locale::parseLocale Memory Corruption
http://www.exploit-db.com/exploits/35358

+ DoS/PoC: tcpdump 4.6.2 Geonet Decoder Denial of Service
http://www.exploit-db.com/exploits/35359

+ Linux 'less' can probably get you owned
http://cxsecurity.com/issue/WLB-2014110160

+ Firefox 31 Integer Overflow
http://cxsecurity.com/issue/WLB-2014110159

+ Linux kernel LDT handling bugs
http://cxsecurity.com/issue/WLB-2014110158

+ Linux Kernel Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/71253

+ Linux Kernel 'espfix64' Double Fault Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/71252

+ Linux Kernel 'espfix64' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71250

+ Linux Kernel 'lesspipe' Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/71248

JVNDB-2014-000134 BSD 系 OS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000134.html

世界のセキュリティ・ラボから
巧妙に複数のサイトになりすますフィッシング手口
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/112000020/?ST=security

モバイルとクラウドにより企業の「壁」が壊された――トレンドマイクロ社長
http://itpro.nikkeibp.co.jp/atcl/news/14/112102002/?ST=security

攻撃よりも「信用」を優先、国内企業を狙う「やり取り型」が新たに5件
http://itpro.nikkeibp.co.jp/atcl/news/14/112102000/?ST=security

米当局、技術サポート詐欺グループを摘発、被害額1.2億ドル
http://itpro.nikkeibp.co.jp/atcl/news/14/112101998/?ST=security

REMOTE: Hikvision DVR RTSP Request Remote Code Execution
http://www.exploit-db.com/exploits/35356

21日 金曜日、先勝

+ RHSA-2014:1885 Moderate: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2014-1885.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

+ RHSA-2014:1880 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2014:1880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6512
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6531
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6558

+ phpMyAdmin 4.0.10.6, 4.1.14.7 and 4.2.12 are released
http://sourceforge.net/p/phpmyadmin/news/2014/11/phpmyadmin-40106-41147-and-4212-are-released/

+ PMASA-2014-13 Multiple XSS vulnerabilities.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8958

+ PMASA-2014-14 Local file inclusion vulnerability.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8959

+ PMASA-2014-15 XSS vulnerability in error reporting functionality.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8960

+ PMASA-2014-16 Leakage of line count of an arbitrary file.
http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8961

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: Apache HTTPd Range Header Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache

+ UPDATE: Multiple Vulnerabilities in Cisco Small Business RV Series Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

+ CVE-2014-4345 Numeric Errors vulnerability in Kerberos
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345

+ Multiple vulnerabilities fixed in NSS 3.16
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_nss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492

+ PostgreSQL 9.4 RC1 Released
http://www.postgresql.org/about/news/1555/

+ Sudo 1.8.11p2 released
http://www.sudo.ws/sudo/changes.html

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
http://www.securitytracker.com/id/1031241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7910

+ REMOTE: Internet Explorer OLE Pre-IE11 - Automation Array Remote Code Execution / Powershell VirtualAlloc (MS14-064)
http://www.exploit-db.com/exploits/35308

+ Android <5.0 java.io.ObjectInputStream Privilege Escalation
http://cxsecurity.com/issue/WLB-2014110136

新人D太と先輩M子のITビジネス日誌
社会インフラをサイバー攻撃から守れ！　制御システムの国際セキュリティ標準が始動
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/111700009/?ST=security

News ＆ Trend
50人対象に規模縮小、大阪駅ビル「顔画像追跡」実験の誤算
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111900107/?ST=security

不正プロキシ事件、ロジテック製品ユーザーのアカウントが悪用される
http://itpro.nikkeibp.co.jp/atcl/news/14/112001989/?ST=security

UPDATE: JVNTA14-317A Apple iOS に対する攻撃手法 Masque Attack
http://jvn.jp/ta/JVNTA14-317A/

UPDATE: JVNTA14-069A Microsoft Windows XP および Office 2003 のサポート終了について
http://jvn.jp/ta/JVNTA14-069A/

JVNVU#99458129 Microsoft Windows の Kerberos Key Distribution Center (KDC) に Privilege Attribute Certificate (PAC) 署名検証不備の脆弱性
http://jvn.jp/vu/JVNVU99458129/

20日 木曜日、赤口

+ CESA-2014:1873 Moderate CentOS 6 libvirt Security Update
http://lwn.net/Alerts/621966/

+ CESA-2014:1870 Important CentOS 7 libXfont Security Update
http://lwn.net/Alerts/621967/

+ Microsoft Windows Kerberos KDC Signature Validation Flaw Lets Remote Authenticated Users
http://www.securitytracker.com/id/1031237
CVE-2014-6324

+ DoS/PoC: MINIX 3.3.0 Remote TCP/IP Stack DoS
http://www.exploit-db.com/exploits/35302

+ tcpdump 4.6.2 AOVD Unreliable Output
http://cxsecurity.com/issue/WLB-2014110128
CVE-2014-8769

+ tcpdump 4.6.2 Geonet Denial Of Service
http://cxsecurity.com/issue/WLB-2014110130
CVE-2014-8768

+ tcpdump 4.6.2 OSLR Denial Of Service
http://cxsecurity.com/issue/WLB-2014110129
CVE-2014-8767

統計＆調査
［データは語る］情報漏えい対策市場は年13％強で成長し2018年は95億円に、IDCが予測
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/111900021/?ST=security

NECがサイバーセキュリティで2500億円、要員も倍増へ
http://itpro.nikkeibp.co.jp/atcl/news/14/111901976/?ST=security

ソリトンがID管理ソフトに新版、SSOとRadiusにIDを反映
http://itpro.nikkeibp.co.jp/atcl/news/14/111901970/?ST=security

2014年Q3のデータ漏えい件数は1億8300万件、日本セーフネット
http://itpro.nikkeibp.co.jp/atcl/news/14/111901969/?ST=security

トレンドマイクロがSaaSを拡充、WebゲートウエイとUTM
http://itpro.nikkeibp.co.jp/atcl/news/14/111901968/?ST=security

JVNVU#99458129 Microsoft Windows の Kerberos Key Distribution Center (KDC) に Privilege Attribute Certificate (PAC) 署名検証不備の脆弱性
http://jvn.jp/vu/JVNVU99458129/

19日 水曜日、大安

+ MS14-068 - 緊急 Kerberos の脆弱性により特権が昇格される (3011780)
https://technet.microsoft.com/ja-jp/library/security/ms14-068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324

+ RHSA-2014:1870 Important: libXfont security update
https://rhn.redhat.com/errata/RHSA-2014-1870.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ RHSA-2014:1873 Moderate: libvirt security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1873.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823

+ RHSA-2014:1870 Important: libXfont security update
https://access.redhat.com/errata/RHSA-2014:1870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ About the security content of Apple TV 7.0.2
https://support.apple.com/en-us/HT6592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461

+ About the security content of OS X Yosemite v10.10.1
https://support.apple.com/en-us/HT6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459

+ About the security content of iOS 8.1.1
https://support.apple.com/en-us/HT6590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4462

+ CESA-2014:1870 Important CentOS 6 libXfont Security Update
http://lwn.net/Alerts/621563/

+ CESA-2014:1861 Important CentOS 7 mariadb Security Update
http://lwn.net/Alerts/621564/

+ CESA-2014:1859 Important CentOS 5 mysql55-mysql Security Update
http://lwn.net/Alerts/621565/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: HPSBUX03139 SSRT101608 rev.3 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04476799&docLocale=ja_JP

+ Tcpdump Multiple Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1031235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769

+ Apple iOS Lets Local Users Bypass Access Controls and Remote Applications Launch Arbitrary Binaries
http://www.securitytracker.com/id/1031232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4463

+ Apple TV Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4462

+ Apple OS X Bugs Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460

+ VU#213119 Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature
http://www.kb.cert.org/vuls/id/213119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6324

+ REMOTE: Samsung Galaxy KNOX Android Browser RCE
http://www.exploit-db.com/exploits/35282

+ REMOTE: MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability
http://www.exploit-db.com/exploits/35283

+ REMOTE: Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)
http://www.exploit-db.com/exploits/35273

+ Internet Explorer 8 Fixed Col Span ID full ASLR, DEP and EMET 5.1 bypass
http://cxsecurity.com/issue/WLB-2014110125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1876

+ Samsung Galaxy KNOX Android Browser Remote Code Execution
http://cxsecurity.com/issue/WLB-2014110124

+ MantisBT XmlImportExport Plugin PHP Code Injection
http://cxsecurity.com/issue/WLB-2014110118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146

+ Linux Kernel User Namespace Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/71154

+ tcpdump CVE-2014-8769 Out-of-bounds Memory Access Vulnerability
http://www.securityfocus.com/bid/71153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8769

+ Microsoft Windows Phone Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/71152

+ tcpdump 'olsr_print()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/71150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8767

「パスポート顔写真の加工は誤認招く」、出国・帰国審査“顔パス”実験で
http://itpro.nikkeibp.co.jp/atcl/news/14/111801954/?ST=security

標的型攻撃を検知してSDNで自動制御、NECが来春販売
http://itpro.nikkeibp.co.jp/atcl/news/14/111801951/?ST=security

18日 火曜日、仏滅

+ RHSA-2014:1859 Important: mysql55-mysql security update
https://rhn.redhat.com/errata/RHSA-2014-1859.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559

+ RHSA-2014:1861 Important: mariadb security update
https://access.redhat.com/errata/RHSA-2014:1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559

+ UPDATE: JVNVU#96617862 Microsoft Windows OLE ライブラリに任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU96617862/index.html

+ UPDATE: JVNVU#99732679 Microsoft Secure Channel (Schannel) に任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU99732679/index.html

+ Cisco IOS DLSw Processing Flaw Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1031220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7992

+ Cisco Aironet EAP Processing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7998

+ Cisco Aironet DHCP Lease Renewal Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7997

+ REMOTE: .NET Remoting Services Remote Command Execution
http://www.exploit-db.com/exploits/35280

+ DoS/PoC: Safari 8.0 / OS X 10.10 - Crash PoC
http://www.exploit-db.com/exploits/35279

+ Linux user namespaces can bypass group-based restrictions
http://cxsecurity.com/issue/WLB-2014110113

+ Safari 8.0 / OS X 10.10 Crash PoC
http://cxsecurity.com/issue/WLB-2014110112

+ .NET Remoting Services Remote Command Execution
http://cxsecurity.com/issue/WLB-2014110111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1806

+ SA61495 Linux Kernel "ext4_file_write_iter()" Denial of Service Vulnerability
http://secunia.com/advisories/61495/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8086

+ SA62269 Cybozu Dezie / Mailwise Buffer Overflow Vulnerability
http://secunia.com/advisories/62269/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314

+ SA62248 Cybozu Office / Mailwise Buffer Overflow Vulnerability
http://secunia.com/advisories/62248/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5314

+ Apple iOS CVE-2013-4457 Security Bypass Vulnerability
http://www.securityfocus.com/bid/71143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4457

+ Apple iOS Lock Screen CVE-2014-4463 Security Bypass Vulnerability
http://www.securityfocus.com/bid/71141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4463

+ Apple iOS and TV CVE-2014-4455 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/71140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455

+ Apple Mac OS X CVE-2014-4458 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4458

+ Apple iOS Lock Screen CVE-2014-4451 Security Bypass Vulnerability
http://www.securityfocus.com/bid/71138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4451

+ Apple iOS and TV CVE-2014-4461 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461

+ Apple Mac OS X and iOS Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/71135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4453

NECと北陸先端大、セキュリティ教育プログラムを共同開発へ
http://itpro.nikkeibp.co.jp/atcl/news/14/111701940/?ST=security

アシストがログ分析システムを強化、マルウエア通信先リストを提供
http://itpro.nikkeibp.co.jp/atcl/news/14/111701931/?ST=security

セキュリティフライデー、Windowsネット可視化ツール新版「VISUACT3」を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/111701929/?ST=security

ITpro NOW
SDNがセキュリティ機能と協調した時代背景
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/111700087/?ST=security

17日 月曜日、先負

+ Mozilla Firefox 33.1.1 released
https://www.mozilla.org/en-US/firefox/33.1.1/releasenotes/

+ Linux kernel 3.17.3, 3.14.24, 3.10.60 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.60

+ FreeBSD 10.1-RELEASE Announcement
https://www.freebsd.org/releases/10.1R/announce.html

+ jetty 9.2.5 released
http://download.eclipse.org/jetty/

+ Zimbra Collaboration Suite 8.5.1, 8.0.9 released
http://files.zimbra.com/website/docs/8.5/ZCS_851R1_OS_ReleaseNotes_UpgradeInst.pdf
http://files.zimbra.com/website/docs/8.0/ZCS_809R1_OS_ReleaseNotes_UpgradeInst.pdf

+ PHP 5.4.35 released
http://php.net/archive/2014.php#id2014-11-13-3

+ JVNVU#96617862 Microsoft Windows OLE ライブラリに任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU96617862/

+ JVNVU#99732679 Microsoft Secure Channel (Schannel) に任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU99732679/

+ JVN#89852154 iLogScanner におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN89852154/

+ LOCAL: MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python
http://www.exploit-db.com/exploits/35235

+ LOCAL: MS14-064 Microsoft Windows OLE Package Manager Code Execution
http://www.exploit-db.com/exploits/35236

+ PHP Fileinfo libmagic ELF Note Handling Denial of Service Vulnerability
http://secunia.com/advisories/62413/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ Google DoubleClick Open Redirect
http://cxsecurity.com/issue/WLB-2014110106

+ Linux Kernel SCTP fix remote memory pressure from excessive queueing
http://cxsecurity.com/issue/WLB-2014110098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688

+ Linux Kernel SCTP fix panic on duplicate ASCONF chunks
http://cxsecurity.com/issue/WLB-2014110097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687

+ Linux Kernel SCTP fix skb_over_panic when receiving malformed ASCONF chunks
http://cxsecurity.com/issue/WLB-2014110096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673

+ Microsoft Windows OLE Package Manager Code Execution
http://cxsecurity.com/issue/WLB-2014110095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

+ Windows OLE Automation Array Remote Code Execution
http://cxsecurity.com/issue/WLB-2014110094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332

+ Microsoft Windows OLE Package Manager Code Execution Through Python
http://cxsecurity.com/issue/WLB-2014110093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

+ Linux Kernel 'ttusbdecfe.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/71097

JVNDB-2014-000133 iLogScanner におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000133.html

JVNDB-2014-000118 Direct Web Remoting (DWR) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000118.html

JVNDB-2014-000117 Direct Web Remoting (DWR) における XML 外部実体参照 (XXE) に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000117.html

「一太郎」に見つかった脆弱性、日本を狙うゼロデイ攻撃に使われていた
http://itpro.nikkeibp.co.jp/atcl/news/14/111401911/?ST=security

ITproまとめ
サイバーセキュリティ基本法
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/111300037/?ST=security

正規のiOSアプリをマルウエアに変える攻撃手口「Masque Attack」
http://itpro.nikkeibp.co.jp/atcl/news/14/111401907/?ST=security

Facebook、プライバシーポリシー改訂案を公開、より分かりやすい説明に
http://itpro.nikkeibp.co.jp/atcl/news/14/111401906/?ST=security

JVNTA14-317A Apple iOS に対する攻撃手法 Masque Attack
http://jvn.jp/ta/JVNTA14-317A/

LOCAL: OSSEC 2.8 - Insecure Temporary File Creation Vulnerability Privilege Escalation
http://www.exploit-db.com/exploits/35234

14日 金曜日、赤口

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ Apache Tomcat 7.0.57 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ PHP 5.6.3, 5.5.19 released
http://php.net/archive/2014.php#id2014-11-13-2
http://php.net/archive/2014.php#id2014-10-16-3

+ JVNDB-2014-000131 一太郎シリーズにおいて任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000131.html

+ 一太郎に緊急対策が必要な脆弱性発覚、標的型攻撃でPCを乗っ取られるリスク
http://itpro.nikkeibp.co.jp/atcl/news/14/111301901/?ST=security

+ VU#158647 Microsoft Windows Object Linking and Embedding (OLE) OleAut32 library SafeArrayRedim function vulnerable to remote code execution via Internet Explorer
http://www.kb.cert.org/vuls/id/158647
CVE-2014-6332

+ VU#505120 Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
http://www.kb.cert.org/vuls/id/505120
CVE-2014-6321

+ REMOTE: Internet Explorer OLE Automation Array Remote Code Execution
http://www.exploit-db.com/exploits/35229

+ REMOTE: Internet Explorer OLE Automation Array Remote Code Execution (msf)
http://www.exploit-db.com/exploits/35230

+ MS Office 2007 and 2010 OLE Arbitrary Command Execution
http://cxsecurity.com/issue/WLB-2014110081
CVE-2014-6352

+ Linux Kernel CVE-2014-7843 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/71082
CVE-2014-7843

+ Linux Kernel CVE-2014-7841 SCTP NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/71081
CVE-2014-7841

+ Multiple Ichitaro Products CVE-2014-7247 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71079
CVE-2014-7247

+ Linux Kernel KVM CVE-2014-7842 Local Denial of Service Vulnerabilit
http://www.securityfocus.com/bid/71078
CVE-2014-7842

+ Wireshark AMQP Dissector CVE-2014-8711 Denial of Service Vulnerability
http://www.securityfocus.com/bid/71070
CVE-2014-8711

攻撃検知でITインフラを自動制御、トレンドマイクロがSDN連携技術を発表
http://itpro.nikkeibp.co.jp/atcl/news/14/111301892/?ST=security

統計＆調査
［データは語る］米国人の9割が「消費者は自身の個人情報を守れない」
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/111300010/?ST=security

フォーティネット、200万円台の中規模UTMに新モデル
http://itpro.nikkeibp.co.jp/atcl/news/14/111301888/?ST=security

13日 木曜日、大安

+ RHSA-2014:1846 Moderate: gnutls security update
https://access.redhat.com/errata/RHSA-2014:1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564

+ RHSA-2014:1827 Moderate: kdenetwork security update
https://access.redhat.com/errata/RHSA-2014:1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055

+ CESA-2014:1827 Moderate CentOS 7 kdenetwork Security Update
http://lwn.net/Alerts/620010/

+ CESA-2014:1826 Moderate CentOS 7 libvncserver Security Update
http://lwn.net/Alerts/620013/

+ CESA-2014:1846 Moderate CentOS 7 gnutls Security Update
http://lwn.net/Alerts/620009/

+ CESA-2014:1826 Moderate CentOS 6 libvncserver Security Update
http://lwn.net/Alerts/620012/

+ CESA-2014:1843 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/620011/

+ Wireshark 1.12.2, 1.10.11 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

+ HPSBMU03183 rev.1 - HP Sever Automation and Server Automation Virtual Appliance, running SSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04497090-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial of Service (DoS) and other Vulnerabilities
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04499681-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653

+ Apache Tomcat 8.0.15 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

+ GnuTLS ECC Certificate Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564

+ LOCAL: MS Office 2007 and 2010 - OLE Arbitrary Command Execution
http://www.exploit-db.com/exploits/35216

JVN#14691234 複数のサイボウズ製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN14691234/

JVN#65559247 OpenAM におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN65559247/

ITpro NOW
「オートラン」の悪夢を思い出した
http://itpro.nikkeibp.co.jp/atcl/column/14/560135/111200084/?ST=security

DoS/PoC: CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability
http://www.exploit-db.com/exploits/35217

12日 水曜日、仏滅

+ 2014 年 11 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/library/security/ms14-nov

+ MS14-064 - 緊急 Windows OLE の脆弱性により、リモートでコードが実行される (3011443)
https://technet.microsoft.com/library/security/MS14-064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6352

+ MS14-065 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3003057)
https://technet.microsoft.com/library/security/MS14-065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6353

+ MS14-066 - 緊急 Schannel の脆弱性によりリモートでコードが実行される (2992611)
https://technet.microsoft.com/library/security/MS14-066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321

+ MS14-067 - 緊急 Microsoft XML コア サービスの脆弱性により、リモートでコードが実行される (2993958)
https://technet.microsoft.com/library/security/MS14-067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4118

+ MS14-069 - 重要 Microsoft Office の脆弱性によりリモートでコードが実行される (3009710)
https://technet.microsoft.com/library/security/MS14-069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6335

+ MS14-070 - 重要 TCP/IP の脆弱性により、特権が昇格される (2989935)
https://technet.microsoft.com/library/security/MS14-070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076

+ MS14-072 - 重要 .NET Framework の脆弱性により、特権が昇格される (3005210)
https://technet.microsoft.com/library/security/MS14-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4149

+ MS14-073 - 重要 Microsoft SharePoint Foundation の脆弱性により、特権が昇格される (3000431)
https://technet.microsoft.com/library/security/MS14-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4116

+ MS14-074 - 重要 リモート デスクトップ プロトコルの脆弱性により、セキュリティ機能のバイパスが起こる (3003743)
https://technet.microsoft.com/library/security/MS14-074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6318

+ MS14-076 - 重要 インターネット インフォメーション サービス (IIS) の脆弱性により、セキュリティ機能のバイパスが起こる (2982998)
https://technet.microsoft.com/library/security/MS14-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4078

+ MS14-077 - 重要 Active Directory フェデレーション サービスの脆弱性により、情報漏えいが起こる (3003381)
https://technet.microsoft.com/library/security/MS14-077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6331

+ MS14-078 - 警告 IME (日本語版) の脆弱性により、特権が昇格される (2992719)
https://technet.microsoft.com/library/security/MS14-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4077

+ MS14-079 - 警告 カーネルモード ドライバーの脆弱性により、サービス拒否が起こる (3002885)
https://technet.microsoft.com/library/security/MS14-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6317

+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3010060 Microsoft OLE の脆弱性により、リモートでコードが実行される
https://technet.microsoft.com/ja-jp/library/security/3010060

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2014:1843 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2014-1843.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646

+ RHSA-2014:1826 Moderate: libvncserver security update
https://rhn.redhat.com/errata/RHSA-2014-1826.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055

+ APSB14-24 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442

+ HPSBMU03165 rev.1 - HP Propel running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04497075-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBMU03184 rev.1 - HP SiteScope running SSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04497114-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBMU03190 rev.1 - HP Helion Cloud Development Platform Community and Commercial Editions, Remote Unauthenticated Access
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04500238-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7878

+ HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04497042-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBST03181 rev.1 - HP StoreEver ESL G3 Tape Library running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04496383-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBST03154 rev.1 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04487558-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBST03155 rev.1 - HP StoreFabric H-series switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04487573-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ SA61146 Google Chrome Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/61146/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8442

+ SA62284 GnuTLS "_gnutls_ecc_ansi_x963_export()" Integer Underflow Vulnerability
http://secunia.com/advisories/62284/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8564

+ SA61997 Hitachi Multiple Cosminexus / uCosminexus Products Oracle Mojarra HtmlResponseWriter Cross-Site Scripting Vulnerability
http://secunia.com/advisories/61997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5855

+ Internet Explorer 8 MS14-035 Use-After-Free Exploit
http://cxsecurity.com/issue/WLB-2014110068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2782

JVNDB-2014-000130 複数のサイボウズ製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000130.html

「ソーシャル新人類」の不夜城?10代は何を考えているのか
10代に広がる自分撮り（セルフィー）、過度な利用は危険の兆候？
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/110700016/?ST=security

新刊・近刊
情報セキュリティ白書2014
もはや安全ではない：高めようリスク感度
http://itpro.nikkeibp.co.jp/atcl/column/14/308749/110400048/?ST=security

「部屋から出さない」対策も、内部犯行防止ソリューション続々
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110700096/?ST=security

記者の眼
記者は「BadUSB」を試してみた、そして凍りついた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/110700106/?ST=security

「ウイルスがお出迎え」、ホテル宿泊者を狙う「Darkhotel」に気を付けろ
http://itpro.nikkeibp.co.jp/atcl/news/14/111101849/?ST=security

ジェイズ、中小企業向けのUTM運用サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/14/111101847/?ST=security

「エンドポイントとネットワークの防御を連携」、ソフォスCEOが新戦略
http://itpro.nikkeibp.co.jp/atcl/news/14/111101844/?ST=security

11日 火曜日、先負

+ Mozilla Firefox 33.1 released
https://www.mozilla.org/en-US/firefox/33.1/releasenotes/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ REMOTE: Internet Explorer 8 MS14-035 Use-After-Free Exploit
http://www.exploit-db.com/exploits/35213

+ Linux Kernel mac80211 poor encryption
http://cxsecurity.com/issue/WLB-2014110057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709

+ SA62109 Symantec Endpoint Protection Manager Multiple Vulnerabilities
http://secunia.com/advisories/62109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3439

+ MantisBT XmlImportExport Plugin CVE-2014-8598 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/70996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8598

+ MantisBT XmlImportExport Plugin 'ImportXml.php' Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/70993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7146

JVNDB-2014-000129 OpenAM におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000129.html

チェックしておきたい脆弱性情報＜2014.11.11＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/111000027/?ST=security

NECが識別タグ不要の認証技術、スマホのカメラで真贋判定
http://itpro.nikkeibp.co.jp/atcl/news/14/111001832/?ST=security

200人以上の専任技術者が働く、ゼロデイ攻撃を140件検知
米フォーティネットがラボを披露
http://itpro.nikkeibp.co.jp/atcl/news/14/111001825/?ST=security

Macに感染してiPhoneやiPadを攻撃、新種ウイルス「WireLurker」が出現
http://itpro.nikkeibp.co.jp/atcl/news/14/111001819/?ST=security

「金銭目的のサイバー犯罪が増加する」とトレンドマイクロが警告
http://itpro.nikkeibp.co.jp/atcl/news/14/111001816/?ST=security

REMOTE: Visual Mining NetCharts Server Remote Code Execution
http://www.exploit-db.com/exploits/35211

10日 月曜日、友引

+ 2014 年 11 月のマイクロソフト セキュリティ情報事前通知
https://technet.microsoft.com/ja-jp/library/security/ms14-nov

+ CESA-2014:1824 Important CentOS 5 php Security Updat
http://lwn.net/Alerts/619453/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2728

+ Multiple vulnerabilities in Samba
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694

+ CVE-2011-0465 Improper Input Validation vulnerability in X.Org
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0465_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465

+ Multiple vulnerabilities in libpng
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2692

+ CVE-2012-3401 Denial of Service vulnerability in libtiff
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3401_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401

+ Multiple Denial of Service (DoS) vulnerabilities in FreeType
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144

+ CVE-2004-1010 Buffer Overflow vulnerability in Zip utility
https://blogs.oracle.com/sunsecurity/entry/cve_2004_1010_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010

+ Multiple vulnerabilities in X.Org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0211

+ CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip
https://blogs.oracle.com/sunsecurity/entry/cve_2009_2624_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2624

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062

+ CVE-2012-3410 stack-based buffer overflow vulnerability in Bash
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3410_stack_based
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410

+ CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3439_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439

+ CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3256_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256

+ VU#432608 IBM Notes Traveler for Android transmits user credentials over HTTP
http://www.kb.cert.org/vuls/id/432608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6130

+ Symantec Endpoint Protection Manager Bugs Permit Cross-Site Scripting, XML External Entity Injection, and File Ovevwrite Attacks
http://www.securitytracker.com/id/1031176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3439

+ PHP ISO 8601 Date Parsing Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8626

+ Linux Kernel mac80211 poor encryption
http://cxsecurity.com/issue/WLB-2014110057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709

ファームウエアを勝手に書き換える、USBの危険すぎる脆弱性「BadUSB」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110600093/?ST=security

ITpro EXPO AWARD 2014 受賞製品／サービス レビュー
サイト改ざんの「瞬時検知・瞬時復旧」にこだわったシステム
＜優秀賞＞WebARGUS（ウェブアルゴス）［デジタル・インフォメーション・テクノロジー］
http://itpro.nikkeibp.co.jp/atcl/column/14/103000088/103000001/?ST=security

「サイバーセキュリティ基本法」成立、省庁横断の“司令塔”を新設
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110700098/?ST=security

医療費通知を偽装した電子メールにご用心、遠隔操作ウイルス感染も
http://itpro.nikkeibp.co.jp/atcl/news/14/110701797/?ST=security

「サイバーセキュリティ基本法」が成立、国の責務を明確化
http://itpro.nikkeibp.co.jp/atcl/news/14/110701794/?ST=security

中国のiOS端末ユーザーを狙ったマルウエア、Appleが対応
http://itpro.nikkeibp.co.jp/atcl/news/14/110701793/?ST=security

7日 金曜日、大安

+ RHSA-2014:1824 Important: php security update
https://rhn.redhat.com/errata/RHSA-2014-1824.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8626

+ Mozilla Firefox 33.0.3 released
https://www.mozilla.org/en-US/firefox/33.0.3/releasenotes/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ DoS/PoC: VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read
http://www.exploit-db.com/exploits/35182

+ VMWare vmx86.sys Arbitrary Kernel Read
http://cxsecurity.com/issue/WLB-2014110023

+ SA62132 LibreOffice Impress Remote Use-After-Free Vulnerability
http://secunia.com/advisories/62132/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3693

+ PHP 'date_from_ISO8601()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/70928

+ Linux Kernel 'net/mac80211/tx.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/70965

+ Trend Micro InterScan Web Security Virtual Appliance Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/70964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8510

UPDATE: JVNVU#97219505 GNU Bash に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97219505/

デンソーウェーブとレピカが提携、QRコードでブランド品の真贋判定
http://itpro.nikkeibp.co.jp/atcl/news/14/110601787/?ST=security

REMOTE: Citrix NetScaler SOAP Handler Remote Code Execution
http://www.exploit-db.com/exploits/35180

REMOTE: X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution
http://www.exploit-db.com/exploits/35183

LOCAL: i-FTP 2.20 - Buffer Overflow SEH Exploit
http://www.exploit-db.com/exploits/35177

DoS/PoC: MINIX 3.3.0 Local Denial of Service PoC
http://www.exploit-db.com/exploits/35173

DoS/PoC: i.Hex 0.98 - Local Crash PoC
http://www.exploit-db.com/exploits/35178

DoS/PoC: i.Mage 1.11 - Local Crash PoC
http://www.exploit-db.com/exploits/35179

6日 木曜日、仏滅

+ RHSA-2014:1803 Important: mod_auth_mellon security update
https://rhn.redhat.com/errata/RHSA-2014-1803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8567

+ CESA-2014:1803 Important CentOS 6 mod_auth_mellon Security Update
http://lwn.net/Alerts/619200/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ Multiple Vulnerabilities in Cisco Small Business RV Series Routers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2179

+ Linux kernel 3.12.32, 3.2.64 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.64

+ SYM14-015 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Manager Multiple Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3439

+ curl and libcurl 7.39.0 released
http://curl.haxx.se/changes.html#7_39_0
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3707

+ FreeBSD-SA-14:24.sshd Denial of service attack against sshd(8)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:24.sshd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8475

+ FreeBSD-SA-14:25.setlogin Kernel stack disclosure in setlogin(2) / getlogin(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:25.setlogin.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8476

+ FreeBSD-SA-14:26.ftp Remote command execution in ftp(1)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:26.ftp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517

+ FreeBSD setlogin() Lets Local Users Obtain Portions of Kernel Memory
http://www.securitytracker.com/id/1031169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8476

+ FreeBSD OpenSSH Child Process Deadlock Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8475

+ SA61118 FreeBSD "sys_getlogin()" Information Disclosure Weakness
http://secunia.com/advisories/61118/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8476

+ SA61440 FreeBSD sshd Denial of Service Vulnerability
http://secunia.com/advisories/61440/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8475

+ SA61491 FreeBSD ftp "fetch_url()" Command Injection Vulnerability
http://secunia.com/advisories/61491/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517

+ SA62038 Linux Kernel KVM invept Invocation Handling Denial of Service Vulnerability
http://secunia.com/advisories/62038/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645

+ Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/68111

PostgreSQL PHP Generator 14.10 released
http://www.postgresql.org/about/news/1554/

登録情報の不正書き換えによるドメイン名ハイジャックに関する注意喚起
http://www.jpcert.or.jp/at/2014/at140044.html

世界のセキュリティ・ラボから
強力なパスワードの作成は本当に意味があるか
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/110300019/?ST=security

迷惑メールの1割は米国から、日本発も3％を占める
http://itpro.nikkeibp.co.jp/atcl/news/14/110501768/?ST=security

アズム、社内データを暗号化する鍵管理サーバー製品群を販売
http://itpro.nikkeibp.co.jp/atcl/news/14/110501767/?ST=security

登録情報不正書き換えによる「ドメイン名乗っ取り」、JPRSが緊急警告
http://itpro.nikkeibp.co.jp/atcl/news/14/110501764/?ST=security

「HeartbleedもShellShockもPOODLEもWAFでまとめて止められる」F5がデモ
http://itpro.nikkeibp.co.jp/atcl/news/14/110401749/?ST=security

富士通エフサス、ウォッチガード製品の取扱い開始
http://itpro.nikkeibp.co.jp/atcl/news/14/110401748/?ST=security

5日 水曜日、先負

+ RHSA-2014:1801 Moderate: shim security update
https://access.redhat.com/errata/RHSA-2014:1801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3677

+ CESA-2014:1795 Moderate CentOS 7 cups-filters Security Update
http://lwn.net/Alerts/619119/

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ make 4.1 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D

+ Multiple vulnerabilities in OpenSSL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ SA62069 NetBSD SSL Version 3.0 CBC Cipher Padding Security Issue
http://secunia.com/advisories/62069/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ SA62028 NetBSD ftp "fetch_url()" Commands Injection Vulnerability
http://secunia.com/advisories/62028/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517

+ SA61935 Linux Kernel SCTP Stack Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/61935/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688

【クロサカタツヤ 業界の先を読むICT千里眼】
正解不在の領域に踏み込むパーソナルデータ利活用
http://itpro.nikkeibp.co.jp/atcl/watcher/14/360592/102900007/?ST=security

「ソーシャル新人類」の不夜城?10代は何を考えているのか
身の回りの不幸も事件もSNSの素材、「ネタ消費」が行き着く先は
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/102900015/?ST=security

JVNVU#98989920 uIP と lwIP の DNS リゾルバにキャッシュポイズニングの脆弱性
http://jvn.jp/vu/JVNVU98989920/index.html

JVNVU#96488651 Linksys SMART WiFi 対応ファームウェアに複数の脆弱性
http://jvn.jp/vu/JVNVU96488651/index.html

4日 火曜日、友引

+ RHSA-2014:1795 Moderate: cups-filters security update
https://access.redhat.com/errata/RHSA-2014:1795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338

+ CESA-2014:1767 Important CentOS 6 php Security Update
http://lwn.net/Alerts/618825/

+ CESA-2014:1767 Important CentOS 7 php Security Update
http://lwn.net/Alerts/618826/

+ CESA-2014:1768 Important CentOS 5 php53 Security Update
http://lwn.net/Alerts/618827/

+ CESA-2014:1764 Moderate CentOS 7 wget Security Update
http://lwn.net/Alerts/618828/

+ CESA-2014:1764 Moderate CentOS 6 wget Security Update
http://lwn.net/Alerts/618829/

+ phpMyAdmin 4.2.11 is released
http://sourceforge.net/p/phpmyadmin/news/2014/10/phpmyadmin-4211-is-released/

+ Squid 3.4.9 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ VMware Player 6.0.4 released
https://www.vmware.com/support/player60/doc/player-604-release-notes.html

+ HPSBNS03158 rev.1 - HP NonStop SOAP 4 running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04489188-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04483249-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7875

+ Multiple vulnerabilities in Bash
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HS14-023 Cross-site Scripting Vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-023/index.html

+ HS14-023 Cosminexusにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-023/index.html

+ NetBSD Flaws in Mount System Call Let Local Users Deny Service
http://www.securitytracker.com/id/1031155

+ PHP Bugs Let Remote Users Deny Service or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1031150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

+ PHP fileinfo Out-of-Bounds Read in Processing ELF Files Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ REMOTE: Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability
http://www.exploit-db.com/exploits/35151

+ DoS/PoC: Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation
http://www.exploit-db.com/exploits/35153

+ SA62042 Linux Kernel KVM Instruction Decoding Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/62042/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8481

+ SA62041 Linux Kernel KVM clflush Emulating Denial of Service Vulnerabilities
http://secunia.com/advisories/62041/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8480

+ SA62040 Linux Kernel KVM iommu Mapping Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/62040/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

+ SA62039 Linux Kernel KVM Instructions Emulating Noncanonical Addresses Handling Denial of Service Vulnerqabilities
http://secunia.com/advisories/62039/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647

+ SA62037 Linux Kernel KVM invvpid Invocation Handling Denial of Service Vulnerability
http://secunia.com/advisories/62037/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646

+ SA62036 Linux Kernel "__kvm_migrate_pit_timer()" Race Condition Denial of Service Vulnerability
http://secunia.com/advisories/62036/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611

+ SA62013 Linux Kernel KVM MSR Registers Written Noncanonical Values Handling Denial of Service Vulnerabilities
http://secunia.com/advisories/62013/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610

+ SA61702 OpenSSL "ssl23_get_client_hello()" Denial of Service Vulnerability
http://secunia.com/advisories/61702/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569

+ SA61675 PHP Fileinfo libmagic Two Denial of Service Vulnerabilities
http://secunia.com/advisories/61675/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit
http://cxsecurity.com/issue/WLB-2014110002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ Linux Kernel CVE-2014-7207 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/70867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7207

日本でも感染報告、急増中の脅迫ウイルス「Crowti」に注意
http://itpro.nikkeibp.co.jp/atcl/news/14/103101722/?ST=security

マルウエア疑いのファイルを調査報告するサービス、IIJが開始
http://itpro.nikkeibp.co.jp/atcl/news/14/103101715/?ST=security

VU#210620 uIP and lwIP DNS resolver vulnerable to cache poisoning
http://www.kb.cert.org/vuls/id/210620