2014年11月4日火曜日

4日 火曜日、友引

+ RHSA-2014:1795 Moderate: cups-filters security update
https://access.redhat.com/errata/RHSA-2014:1795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338

+ CESA-2014:1767 Important CentOS 6 php Security Update
http://lwn.net/Alerts/618825/

+ CESA-2014:1767 Important CentOS 7 php Security Update
http://lwn.net/Alerts/618826/

+ CESA-2014:1768 Important CentOS 5 php53 Security Update
http://lwn.net/Alerts/618827/

+ CESA-2014:1764 Moderate CentOS 7 wget Security Update
http://lwn.net/Alerts/618828/

+ CESA-2014:1764 Moderate CentOS 6 wget Security Update
http://lwn.net/Alerts/618829/

+ phpMyAdmin 4.2.11 is released
http://sourceforge.net/p/phpmyadmin/news/2014/10/phpmyadmin-4211-is-released/

+ Squid 3.4.9 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ VMware Player 6.0.4 released
https://www.vmware.com/support/player60/doc/player-604-release-notes.html

+ HPSBNS03158 rev.1 - HP NonStop SOAP 4 running OpenSSL, Remote Unauthorized Access or Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04489188-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224

+ HPSBPI03147 rev.1 - Certain HP Color LaserJet Printers, Remote Unauthorized Access, Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04483249-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7875

+ Multiple vulnerabilities in Bash
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_bash
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HS14-023 Cross-site Scripting Vulnerability in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-023/index.html

+ HS14-023 Cosminexusにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-023/index.html

+ NetBSD Flaws in Mount System Call Let Local Users Deny Service
http://www.securitytracker.com/id/1031155

+ PHP Bugs Let Remote Users Deny Service or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1031150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3670

+ PHP fileinfo Out-of-Bounds Read in Processing ELF Files Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ REMOTE: Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability
http://www.exploit-db.com/exploits/35151

+ DoS/PoC: Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation
http://www.exploit-db.com/exploits/35153

+ SA62042 Linux Kernel KVM Instruction Decoding Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/62042/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8481

+ SA62041 Linux Kernel KVM clflush Emulating Denial of Service Vulnerabilities
http://secunia.com/advisories/62041/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8480

+ SA62040 Linux Kernel KVM iommu Mapping Failure Handling Denial of Service Vulnerability
http://secunia.com/advisories/62040/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

+ SA62039 Linux Kernel KVM Instructions Emulating Noncanonical Addresses Handling Denial of Service Vulnerqabilities
http://secunia.com/advisories/62039/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647

+ SA62037 Linux Kernel KVM invvpid Invocation Handling Denial of Service Vulnerability
http://secunia.com/advisories/62037/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646

+ SA62036 Linux Kernel "__kvm_migrate_pit_timer()" Race Condition Denial of Service Vulnerability
http://secunia.com/advisories/62036/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611

+ SA62013 Linux Kernel KVM MSR Registers Written Noncanonical Values Handling Denial of Service Vulnerabilities
http://secunia.com/advisories/62013/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610

+ SA61702 OpenSSL "ssl23_get_client_hello()" Denial of Service Vulnerability
http://secunia.com/advisories/61702/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569

+ SA61675 PHP Fileinfo libmagic Two Denial of Service Vulnerabilities
http://secunia.com/advisories/61675/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710

+ GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit
http://cxsecurity.com/issue/WLB-2014110002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877

+ Linux Kernel CVE-2014-7207 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/70867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7207

日本でも感染報告、急増中の脅迫ウイルス「Crowti」に注意
http://itpro.nikkeibp.co.jp/atcl/news/14/103101722/?ST=security

マルウエア疑いのファイルを調査報告するサービス、IIJが開始
http://itpro.nikkeibp.co.jp/atcl/news/14/103101715/?ST=security

VU#210620 uIP and lwIP DNS resolver vulnerable to cache poisoning
http://www.kb.cert.org/vuls/id/210620

0 件のコメント:

コメントを投稿