2014年12月11日木曜日

11日 木曜日、大安

+ About the security content of iOS 8.1.2.
http://support.apple.com/en-us/HT6598

+ CESA-2014:1971 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/625470/

+ CESA-2014:1976 Important CentOS 7 rpm Security Update
http://lwn.net/Alerts/625473/

+ CESA-2014:1974 Important CentOS 6 rpm Security Update
http://lwn.net/Alerts/625471/

+ CESA-2014:1974 Important CentOS 5 rpm Security Update
http://lwn.net/Alerts/625472/

+ squid 3.4.10 released
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html

+ BIND 9.10.1-P1, 9.9.6-P1 released
https://kb.isc.org/article/AA-01223/81/BIND-9.10.1-P1-Release-Notes.html
https://kb.isc.org/article/AA-01224/81/BIND-9.9.6-P1-Release-Notes.html

+ CVE-2014-8680: Defects in GeoIP features can cause BIND to crash
https://kb.isc.org/article/AA-01217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8680

+ CVE-2014-8500: A Defect in Delegation Handling Can Be Exploited to Crash BIND
https://kb.isc.org/article/AA-01216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

+ HPSBMU03043 rev.1 - HP Smart Update Manager for Windows and Linux, Local Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04302476&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2608

+ UPDATE: HPSBST03154 rev.2 - HP StoreFabric C-series MDS switches and HP C-series Nexus 5K switches running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04487558&docLocale=ja_JP

+ VMSA-2014-0014 AirWatch by VMware product update addresses information disclosure vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8372

+ VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2014-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8373

+ FreeBSD-SA-14:29.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:29.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

+ FreeBSD-SA-14:28.file Multiple vulnerabilities in file(1) and libmagic(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117

+ FreeBSD-SA-14:27.stdio Buffer overflow in stdio
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:27.stdio.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611

+ VU#264212 Recursive DNS resolver implementations may follow referrals infinitely
http://www.kb.cert.org/vuls/id/264212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8602

+ ISC BIND CVE-2014-8500 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/71590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

JVNDB-2014-000149 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000149.html

次世代サンドボックスをうたう米Lastlineが日本法人設立
http://itpro.nikkeibp.co.jp/atcl/news/14/121002198/?ST=security

パスワードを自動変更する「Password Changer」、Dashlaneがベータ公開
http://itpro.nikkeibp.co.jp/atcl/news/14/121002196/?ST=security

米国における盗難事件の1割はスマホ関連、2013年には100万台以上が盗まれる
http://itpro.nikkeibp.co.jp/atcl/news/14/121002193/?ST=security

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/

JVN#54775800 FAST/TOOLS における XML 外部実体参照処理の脆弱性
http://jvn.jp/jp/JVN54775800/

JVN#13160869 Chyrp におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN13160869/

0 件のコメント:

コメントを投稿