2014年12月3日水曜日

3日 水曜日、先負

+ RHSA-2014:1919 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2014-1919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594

+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2014-1948.html

+ RHSA-2014:1924 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2014-1924.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594

+ RHSA-2014:1919 Critical: firefox security updat
https://access.redhat.com/errata/RHSA-2014:1919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594

+ RHSA-2014:1948 Important: nss, nss-util, and nss-softokn security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2014:1948

+ nginx 1.7.8 released
http://nginx.org/en/download.html

+ VMware Player 7.0 released
https://www.vmware.com/support/player/doc/player-70-release-notes.html

+ Linux kernel 3.4.105 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.105

+ OpenVPN Control Channel Packet Processing Flaw Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1031277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104

+ LOCAL: Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://www.exploit-db.com/exploits/35440

+ OpenSSH ~/.k5users (RedHat 7) log in as another user
http://cxsecurity.com/issue/WLB-2014120018

+ Mac OS X IOKit Keyboard Driver Root Privilege Escalation
http://cxsecurity.com/issue/WLB-2014120014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4404

+ SA62628 OpenVPN / OpenVPN Access Server Control Channel Packet Assertion Denial of Service Vulnerability
http://secunia.com/advisories/62628/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104

+ SA60587 Oracle MySQL OpenSSL Multiple Vulnerabilities
http://secunia.com/advisories/60587/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

+ SA62491 GNU gettext "get_string()" Integer Overflow Vulnerability
http://secunia.com/advisories/62491/

+ OpenVPN CVE-2014-8104 Denial of Service Vulnerability
http://www.securityfocus.com/bid/71402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104

+ Kingsoft Office CVE-2014-2271 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/71381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2271

+ Multiple FUJITSU Products CVE-2014-7253 Unspecified OS Command Injection Vulnerability
http://www.securityfocus.com/bid/71414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7253

+ ARROWS Me F-11D CVE-2014-7254 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7254

+ WhatsApp Denial of Service Vulnerability
http://www.securityfocus.com/bid/71410

UPDATE: JVNDB-2014-000140 LG Electronics 製モバイルアクセスルータにアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000140.html

UPDATE: JVNDB-2014-000139 ARROWS Me F-11D における任意の領域にアクセス可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000139.html

UPDATE: JVNDB-2014-000138 富士通製の複数の Android 端末における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000138.html

JVNDB-2014-000137 Texas Instruments OMAP モバイル・プロセッサの Syslink ドライバにおける複数のデータ検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000137.html

「ソーシャル新人類」の不夜城?10代は何を考えているのか
「エアリプ」で安全圏から言いたい放題、人間関係を壊し処分の対象にも
http://itpro.nikkeibp.co.jp/atcl/column/14/537662/112800019/?ST=security

「ドメイン名ハイジャック」攻撃に残るリスク、企業はどう対処する?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120200120/?ST=security

ベネッセが希望退職300人募集、間接部門人員を半減へ
http://itpro.nikkeibp.co.jp/atcl/news/14/120202096/?ST=security

「セクシー動画の送信は、ネット上で公開するのと同じ」、IPAが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/14/120202084/?ST=security

Intelがパスワード管理のPasswordBoxを買収、セキュリティ事業を強化
http://itpro.nikkeibp.co.jp/atcl/news/14/120202083/?ST=security

REMOTE: Tincd Post-Authentication Remote TCP Stack Buffer Overflow
http://www.exploit-db.com/exploits/35441

0 件のコメント:

コメントを投稿