30日 金曜日、仏滅

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ CESA-2015:0087 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/631078/

+ CESA-2015:0100 Moderate CentOS 6 libyaml Security Update
http://lwn.net/Alerts/631079/

+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

+ SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ Check Point Response to CVE-2015-0235 (glibc - GHOST)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104443&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability.
http://www.vmware.com/security/advisories/VMSA-2015-0002.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4632

+ SYM15-002 Security Advisories Relating to Symantec Products - Symantec Encryption Management Server Database Backup Command Line Injection and Email Header Injection
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7288

+ The glibc (Ghost) vulnerability: affected versions, recommended steps and workarounds
https://www.sophos.com/ja-jp/support/knowledgebase/121879.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ LOCAL: OS X < 10.10.x - Gatekeeper bypass Vulnerability
http://www.exploit-db.com/exploits/35934

+ LOCAL: Microsoft Windows Server 2003 SP2 - Privilege Escalation
http://www.exploit-db.com/exploits/35936

+ DoS/PoC: FreeBSD Kernel Multiple Vulnerabilities
http://www.exploit-db.com/exploits/35938

+ SA62707 Linux Kernel splice Denial of Service Vulnerability
http://secunia.com/advisories/62707/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822

+ Mantis BugTracker 1.2.19 Open Redirect
http://cxsecurity.com/issue/WLB-2015010150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6316

+ Linux Kernel 'fs/fhandle.c' Local Race Condition Vulnerability
http://www.securityfocus.com/bid/72357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1420

+ Linux Kernel CVE-2015-1421 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/72356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421

JVNDB-2015-000007 複数の VMware 製品における任意のファイルが上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000007.html

「個人情報を削除してあげます」、国民生活センターをかたる電話に注意
http://itpro.nikkeibp.co.jp/atcl/news/15/012900348/?ST=security

REMOTE: VSAT Sailor 900 - Remote Exploit
http://www.exploit-db.com/exploits/35932

LOCAL: UniPDF 1.1 - Crash PoC (SEH overwritten)
http://www.exploit-db.com/exploits/35935

29日 木曜日、先負

+ RHSA-2015:0100 Moderate: libyaml security update
https://rhn.redhat.com/errata/RHSA-2015-0100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

+ RHSA-2015:0102 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2015:0102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

+ RHSA-2015:0100 Moderate: libyaml security update
https://access.redhat.com/errata/RHSA-2015:0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

+ About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
http://support.apple.com/en-us/HT204244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8834

+ About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
http://support.apple.com/en-us/HT204243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of iOS 8.1.3
http://support.apple.com/en-us/HT204245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of Apple TV 7.0.3
http://support.apple.com/en-us/HT204246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ CESA-2015:0092 Critical CentOS 7 glibc Security Update
http://lwn.net/Alerts/630931/

+ CESA-2015:0092 Critical CentOS 6 glibc Security Update
http://lwn.net/Alerts/630930/

+ CESA-2015:0090 Critical CentOS 5 glibc Security Update
http://lwn.net/Alerts/630929/

+ Wireshark 1.12.3, 1.10.12 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html

+ GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Cisco Prime Service Catalog XML External Entity Processing Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0581

+ Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
http://support.citrix.com/article/CTX200391

+ FreeBSD-SA-15:02.kmem SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8612

+ FreeBSD-SA-15:03.sctp SCTP stream reset vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8613

+ JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/

+ VU#967332 GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow
http://www.kb.cert.org/vuls/id/967332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ VMSA-2015-0001 VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
http://www.vmware.com/security/advisories/VMSA-2015-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

+ glibc 2.20 getaddrinfo() writes DNS queries to random file descriptors (PoC)
http://cxsecurity.com/issue/WLB-2015010141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423

+ FreeBSD Kernel Crash / Code Execution / Disclosure
http://cxsecurity.com/issue/WLB-2015010144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0998

+ GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/72325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ libpng CVE-2015-0973 Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/71994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973

ヤバイメールの処方箋
（9）翻訳、日時指定など、便利なメールサービス＆スマホアプリ
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300010/?ST=security

記者の眼
サポート終了まで半年を切るも、まだ残るWindows Server 2003
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/012600170/?ST=security

Web経由のゼロデイ攻撃が出現、Flash Playerに危険な脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/15/012800324/?ST=security

アズジェント、マルウエア添付メールを無害化するセキュリティ製品を発売
http://itpro.nikkeibp.co.jp/atcl/news/15/012800323/?ST=security

「IoTにはセキュリティリスク」、FTCがメーカーに改善策を提案
http://itpro.nikkeibp.co.jp/atcl/news/15/012800318/?ST=security

JVNVU#96447236 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU96447236/

REMOTE: ClearSCADA - Remote Authentication Bypass Exploit
http://www.exploit-db.com/exploits/35924

28日 水曜日、友引

+ RHSA-2015:0090 Critical: glibc security update
https://rhn.redhat.com/errata/RHSA-2015-0090.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ RHSA-2015:0087 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0087.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

+ RHSA-2015:0092 Critical: glibc security update
https://rhn.redhat.com/errata/RHSA-2015-0092.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ RHSA-2015:0092 Critical: glibc security update
https://access.redhat.com/errata/RHSA-2015:0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Opera 27 released
http://www.opera.com/docs/changelogs/unified/2700/

+ APSB15-03 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-031

+ CESA-2015:0085 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/630782/

+ CESA-2015:0085 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/630781/

+ CESA-2015:0085 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/630783/

+ CESA-2015:0074 Important CentOS 7 jasper Security Update
http://lwn.net/Alerts/630665/

+ CESA-2015:0074 Important CentOS 6 jasper Security Update
http://lwn.net/Alerts/630448/

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Linux kernel 3.18.4, 3.14.30, 3.10.66 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.30
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.66

+ Apache HTTP Server 2.4.12 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704

+ Apache Tomcat 8.0.18 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.18_(markt)

+ Glibc Buffer Overflow in __nss_hostname_digits_dots() Lets Remote and Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Adobe Flash Player Double-Free Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312

+ MantisBT Bugs Permit Remote Cross-Site Scripting, SQL Injection, and Security Bypass Attacks
http://www.securitytracker.com/id/1031633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1042

+ REMOTE: D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit
http://www.exploit-db.com/exploits/35917

+ SA62543 Microsoft Windows Flash Two Code Execution Vulnerabilities
http://secunia.com/advisories/62543/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0312

+ SA62626 MariaDB Multiple Vulnerabilities
http://secunia.com/advisories/62626/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432

+ SA60686 Opera Multiple Vulnerabilities
http://secunia.com/advisories/60686/

+ glibc gethostbyname buffer overflow (aka GHOST)
http://cxsecurity.com/issue/WLB-2015010140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Android WiFi-Direct Denial of Service
http://cxsecurity.com/issue/WLB-2015010139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0997

+ Apple iOS APPLE-SA-2015-01-27-2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/72333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4467

+ WebKit CVE-2014-4477 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/72331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477

+ WebKit CVE-2014-4479 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/72330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ WebKit CVE-2014-4476 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/72329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476

+ Apple Mac OS X Prior to 10.10.2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/72328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8817

+ Multiple Apple Products Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/72327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492

+ GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/72325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Linux Kernel Crypto API CVE-2013-7421 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/72322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7421

+ Multiple Android Devices CVE-2014-0997 Denial of Service Vulnerability
http://www.securityfocus.com/bid/72311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0997

JVNDB-2015-000012 複数の ASUS 製無線 LAN ルータにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000012.html

JVNDB-2015-000011 複数の ASUS 製無線 LAN ルータにおける OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000011.html

JVN#22440986 アライドテレシス製の複数の製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN22440986/

ヤバイメールの処方箋
（8）困ったときのメールのトラブル回避＆バックアップのテクニック
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300009/?ST=security

狙われるWebサイト、改ざんの脅威から守る
第3回　管理者アカウントが危ない
http://itpro.nikkeibp.co.jp/atcl/column/15/011600011/011600003/?ST=security

最新ウイルス解析レポート
第3回：巧妙な隠蔽技法を備えた標的型攻撃用ツール「BKDR_PLUGX」
http://itpro.nikkeibp.co.jp/atcl/column/14/121100126/011600005/?ST=security

世界のセキュリティ・ラボから
個人情報を平文送信するモバイルアプリ
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/012600029/?ST=security

サイボウズの報奨金に半年で158件の報告、2015年は特定攻撃を増額
http://itpro.nikkeibp.co.jp/atcl/news/15/012700309/?ST=security

CSIRTを構築した企業は4割以上、Server 2003の移行が完了しているのは1割
http://itpro.nikkeibp.co.jp/atcl/news/15/012700306/?ST=security

27日 火曜日、先勝

+ MantisBT 1.2.19 Released
http://www.mantisbt.org/blog/?p=408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1042

+ RHSA-2015:0085 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0085.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ RHSA-2015:0085 Important: java-1.6.0-openjdk security update
https://access.redhat.com/errata/RHSA-2015:0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ Mozilla Firefox 35.0.1 released
https://www.mozilla.org/en-US/firefox/35.0.1/releasenotes/

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

+ DoS/PoC: Android WiFi-Direct Denial of Service
http://www.exploit-db.com/exploits/35913

Barman 1.4.0 released
http://www.postgresql.org/about/news/1566/

Nordic PGDay 2015 - registration open and schedule posted
http://www.postgresql.org/about/news/1567/

JVNDB-2015-000009 NP-BBRM における UPnP に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000009.html

UPDATE: JVNVU#94001499 QPR Portal に複数の脆弱性
http://jvn.jp/vu/JVNVU94001499/

JVNVU#99446981 LabTech に権限昇格の脆弱性
http://jvn.jp/vu/JVNVU99446981/

JVN#27142693 NP-BBRM における UPnP に関する脆弱性
http://jvn.jp/jp/JVN27142693/

西本逸郎のIT社会サバイバル術
「被害が次々と表面化、サイバーテロも頻発」――2015年は波乱の年に
http://itpro.nikkeibp.co.jp/atcl/column/14/507007/012300003/?ST=security

狙われるWebサイト、改ざんの脅威から守る
第2回　脆弱性は必ず狙われる
http://itpro.nikkeibp.co.jp/atcl/column/15/011600011/011600002/?ST=security

最新ウイルス解析レポート
第2回:日本のインターネットバンキングを狙う詐欺ツール「AIBATOOK」
http://itpro.nikkeibp.co.jp/atcl/column/14/121100126/011600004/?ST=security

ヤバイメールの処方箋
（7）すぐに使えるメールの効率アップ&自動化のテクニック
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300008/?ST=security

NTTが東京五輪のゴールドパートナー1号に、サイバーテロ対策へ万全を期す
http://itpro.nikkeibp.co.jp/atcl/news/15/012600298/?ST=security

Android 4.3以前のブラウザー脆弱性に関するGoogleの方針に非難の声
http://itpro.nikkeibp.co.jp/atcl/news/15/012600292/?ST=security

「偽画面にご注意！」を偽画面に表示、三菱東京UFJ銀行をかたるフィッシング
http://itpro.nikkeibp.co.jp/atcl/news/15/012300286/?ST=security

LOCAL: VLC Player 2.1.5 - DEP Access Violation Vulnerability
http://www.exploit-db.com/exploits/35901

LOCAL: VLC Player 2.1.5 - Write Access Violation Vulnerability
http://www.exploit-db.com/exploits/35902

LOCAL: Comodo Backup 4.4.0.0 - NULL Pointer Dereference EOP
http://www.exploit-db.com/exploits/35905

26日 月曜日、赤口

+ UPDATE: APSA15-01 Security Advisory for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

+ phpMyAdmin 4.3.8 released
http://sourceforge.net/p/phpmyadmin/news/2015/01/phpmyadmin-438-release-notes/

+ HPSBMU03236 rev.1 - HP Systems Insight Manager for Windows running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04552143&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ UPDATE: HPSBMU03216 rev.2 - HP Service Manager running SSLv3, Multiple Remote Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04512909&docLocale=ja_JP

+ UPDATE: HPSBMU03232 rev.2 - HP SiteScope, Remote Elevation of Privilege
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04539443&docLocale=ja_JP

+ PHP 5.4.37 Released
http://www.php.net/ChangeLog-5.php#5.4.37

+ PHP Bugs Let Remote Users Deny Service and Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1031627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232

+ Apple OS X Memory Corruption Flaw in IOKit IOBluetoothDevice Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031626

+ Apple OS X Null Pointer Dereference in IOKit IntelAccelerator Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031625

+ Apple OS X networkd XPC Parsing Flaw Lets Local Users Bypass Sandbox Restrictions
http://www.securitytracker.com/id/1031624

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service
http://www.securitytracker.com/id/1031623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1346

+ Samba Active Directory Domain Controller Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143

+ SA62533 Microsoft Windows Flash Player Memory Randomization Security Bypass Vulnerability
http://secunia.com/advisories/62533/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310

+ Samba CVE-2014-8143 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/72278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8143

PGConf US 2015 Schedule & Early-Bird Registration Open
http://www.postgresql.org/about/news/1565/

JVNDB-2015-000008 shiromuku(bu2)BBS における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000008.html

狙われるWebサイト、改ざんの脅威から守る
第1回　「被害者」なのに「加害者」に
http://itpro.nikkeibp.co.jp/atcl/column/15/011600011/011600001/?ST=security

News ＆ Trend
サイバーセキュリティを全学部で必修に、九大が16年度開始を目指す
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012200152/?ST=security

最新ウイルス解析レポート
第1回：PC内部のファイルを人質にとるランサムウエア「CryptoWall」
http://itpro.nikkeibp.co.jp/atcl/column/14/121100126/011300002/?ST=security

ヤバイメールの処方箋
（6）PCに山ほどたまったメールは高リスク
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300007/?ST=security

チェックしておきたい脆弱性情報＜2015.01.26＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011900040/?ST=security

JVN#94502417 shiromuku(bu2)BBS における任意のファイルを作成される脆弱性
http://jvn.jp/jp/JVN94502417/

VU#546340 QPR Portal contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/546340

VU#637068 LabTech contains privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/637068

23日 金曜日、先負

+ RHSA-2015:0074 Important: jasper security update
https://rhn.redhat.com/errata/RHSA-2015-0074.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158

+ RHSA-2015:0074 Important: jasper security update
https://access.redhat.com/errata/RHSA-2015:0074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158

+ APSB15-02 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

+ PDFCreator 2.0.2 released
http://www.pdfforge.org/blog/pdfcreator-202

+ PHP 5.6.5, 5.5.21 released
http://php.net/ChangeLog-5.php#5.6.5
http://php.net/ChangeLog-5.php#5.5.21

+ OpenSSL 1.0.2 released
http://www.openssl.org/news/openssl-1.0.2-notes.html

+ Adobe Flash Player Memory Leak Lets Remote Users Bypass Address Randomization
http://www.securitytracker.com/id/1031609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310

+ Adobe Flash Player Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031597

+ OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2015010122

+ SA62432 Adobe Flash Player Unspecified Code Execution Vulnerability
http://secunia.com/advisories/62432/

+ SA62383 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/62383/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7948

+ Adobe Flash Player CVE-2015-0310 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/72261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0310

JVNVU#92114748 Windows 向け iPass Open Mobile クライアントに任意のコード実行の脆弱性
http://jvn.jp/vu/JVNVU92114748/

ヤバイメールの処方箋
（5）Win 8.1時代に選ぶべき快適メールソフトはどれ？
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300005/?ST=security

CSCがクラウド連動型WAFをAMI化、ワンクリックで導入可能に
http://itpro.nikkeibp.co.jp/atcl/news/15/012200270/?ST=security

パイプドビッツ、メール配信サービスの迷惑メール対策を強化、DMARCの設定を事前チェック
http://itpro.nikkeibp.co.jp/atcl/news/15/012200267/?ST=security

地域の不審者出没情報などをプッシュ配信、「Yahoo!防災速報」が機能強化
http://itpro.nikkeibp.co.jp/atcl/news/15/012200265/?ST=security

JALがマイレージ会員4131人分の情報漏洩を確定、お詫びにQUOカード500円分
http://itpro.nikkeibp.co.jp/atcl/news/15/012200263/?ST=security

DoS/PoC: Exif Pilot 4.7.2 - SEH Based Buffer Overflow
http://www.exploit-db.com/exploits/35870

22日 木曜日、友引

+ Google Chrome 40.0.2214.91 released
http://googlechromereleases.blogspot.jp/2015/01/stable-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7948

+ CESA-2015:0068 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/630183/

+ CESA-2015:0067 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/630184/

+ CESA-2015:0067 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/630185/

+ CESA-2015:0069 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/630186/

+ CESA-2015:0066 Moderate CentOS 6 openssl Security Update
http://lwn.net/Alerts/630187/

+ CESA-2015:0066 Moderate CentOS 7 openssl Security Update
http://lwn.net/Alerts/630188/

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04550240&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500

+ SA62325 Oracle Solaris Multiple Vulnerabilities
http://secunia.com/advisories/62325/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8714

+ SA62344 Oracle Linux update for openssl
http://secunia.com/advisories/62344/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

+ OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
http://cxsecurity.com/issue/WLB-2015010111

+ OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2015010112

PoWA 1.2.1 released
http://www.postgresql.org/about/news/1563/

世界のセキュリティ・ラボから
企業の約8割が2015年のセキュリティ予算を増額
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/011900028/?ST=security

ヤバイメールの処方箋
（4）少しのミスが命取り！メールマナーを見直そう
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300004/?ST=security

ロデスター、機密ファイルを社外で安全に利用するためのソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/012100249/?ST=security

ラネクシー、Win/Mac両方のPC操作ログを管理できるソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/012100245/?ST=security

統計＆調査
［データは語る］2014年に流出したパスワード、最多は「123456」で2位は「password」
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012100077/?ST=security

VU#110652 iPass Open Mobile Windows Client contains a remote code execution vulnerability
http://www.kb.cert.org/vuls/id/110652

21日 水曜日、先勝

+ Oracle Critical Patch Update Advisory - January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

+ RHSA-2015:0068 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0068.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ RHSA-2015:0066 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2015-0066.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

+ RHSA-2015:0069 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0069.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0437

+ RHSA-2015:0067 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0067.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ RHSA-2015:0066 Moderate: openssl security update
https://access.redhat.com/errata/RHSA-2015:0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

+ patch 2.7.2 released
http://ftp.gnu.org/gnu/patch/?C=M;O=D

+ Multiple vulnerabilities in NTP
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ Java SE 8u31, 7u75/76 Released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html

+ MySQL Multiple Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1031581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432

+ Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
http://www.securitytracker.com/id/1031580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0437

+ Oracle Database Multiple Flaws Let Remote Authenticated Users Access Data, Partially Modify Data, Gain Elevated Privileges, and Deny Service
http://www.securitytracker.com/id/1031572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0373

+ Oracle WebLogic Bugs Let Remote Users Partially Access Data, Partially Modify Data, and Partially Deny Service
http://www.securitytracker.com/id/1031571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6569

+ Oracle Fusion Middleware Bugs Let Remote Users Gain Elevated Privileges and Partially Access and Modify Data and Let Local and Remote Users Partially Deny Service
http://www.securitytracker.com/id/1031568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0434

+ LOCAL: OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
http://www.exploit-db.com/exploits/35847

+ LOCAL: OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
http://www.exploit-db.com/exploits/35848

+ DoS/PoC: OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
http://www.exploit-db.com/exploits/35849

+ SA62270 PolarSSL "asn1_get_sequence_of()" Memory Corruption Vulnerability
http://secunia.com/advisories/62270/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1182

+ OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
http://cxsecurity.com/issue/WLB-2015010111

+ OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2015010112

【CSIRTメモ】
チェックしておきたい脆弱性情報＜2015.01.21＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011900039/?ST=security

【ヤバイメールの処方箋】
（3）メールボックスにあふれる広告メールをスッキリ整理
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300003/?ST=security

News ＆ Trend
MSがパッチの事前通知を突然終了、企業は適用体制の見直しを
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011900148/?ST=security

記者の眼
記者は対ハッキング演習に参加した、そして砕け散った
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011500161/?ST=security

首都大学東京が個人情報5万人分を閲覧可能に、1027件のアクセスを確認
http://itpro.nikkeibp.co.jp/atcl/news/15/012000238/?ST=security

米当局は5年前から北朝鮮ネットワークに侵入、米メディアが報道
http://itpro.nikkeibp.co.jp/atcl/news/15/012000215/?ST=security

UPDATE: JVNVU#99458129 Microsoft Windows の Kerberos Key Distribution Center (KDC) に Privilege Attribute Certificate (PAC) 署名検証不備の脆弱性
http://jvn.jp/vu/JVNVU99458129/

JVNVU#96617862 Microsoft Windows OLE ライブラリに任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU96617862/

REMOTE: Bsplayer 2.68 - HTTP Response Buffer Overflow
http://www.exploit-db.com/exploits/35841

REMOTE: ManageEngine Multiple Products Authenticated File Upload
http://www.exploit-db.com/exploits/35845

REMOTE: Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
http://www.exploit-db.com/exploits/35822

DoS/PoC: MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS
http://www.exploit-db.com/exploits/35842

20日 火曜日、赤口

+ SYM15-001 Security Advisories Relating to Symantec Products - Symantec Data Center Security: Server Advanced, Multiple Security Issues on Management Server and Protection Policies Rule Bypass
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9226

+ grep heap buffer overrun
http://cxsecurity.com/issue/WLB-2015010097

+ GNU patch Directory Traversal Vulnerability
http://www.securityfocus.com/bid/72074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196

JVNDB-2015-000006 シンクグラフィカ製ダウンロードログCGI におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000006.html

ヤバイメールの処方箋
（2）ウイルスを付けて狙い撃ちする、標的型攻撃メール
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300002/?ST=security

5分刻みで仮想化イメージをバックアップできる高可用性ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/011900206/?ST=security

PSNおよびXbox Liveに対するサイバー攻撃で英当局が18歳少年を逮捕
http://itpro.nikkeibp.co.jp/atcl/news/15/011900200/?ST=security

JVNVU#93489463 Ceragon FibeAir IP-10 に root パスワードがハードコードされている問題
http://jvn.jp/vu/JVNVU93489463/

JVN#88559134 シンクグラフィカ製ダウンロードログCGI におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN88559134/

REMOTE: Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
http://www.exploit-db.com/exploits/35822

19日 月曜日、先負

+ squid 3.5.1 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.1-RELEASENOTES.html

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Linux kernel 3.18.3, 3.14.29, 3.10.65 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.3
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.29
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.65

+ Apache Tomcat 8.0.17 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

+ UPDATE: JVNVU#99732679 Microsoft Secure Channel (Schannel) に任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU99732679/index.html

+ Windows Kernel CNG.sys Access Control Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031550

+ Microsoft Windows NtApphelpCacheControl Improper Authorization Check
http://cxsecurity.com/issue/WLB-2015010094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0002

+ SA62129 Linux Kernel User Namespaces Security Bypass Vulnerability
http://secunia.com/advisories/62129/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8989

ヤバイメールの処方箋
（1）メールを利用する上で陥りがちな5つの「ヤバイ」
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300001/?ST=security

朝日新聞社でPC17台がウイルス感染、外部サーバー通じ1カ月以上情報が漏洩
http://itpro.nikkeibp.co.jp/atcl/news/15/011700198/?ST=security

日本女子プロゴルフ協会に不正アクセス、選手の写真などが流出
http://itpro.nikkeibp.co.jp/atcl/news/15/011600197/?ST=security

専用容器と宅急便でバックアップ媒体を搬送・保管するサービス
http://itpro.nikkeibp.co.jp/atcl/news/15/011600187/?ST=security

VU#936356 Ceragon FiberAir IP-10 Microwave Bridge contains a hard-coded root password
http://www.kb.cert.org/vuls/id/936356

16日 金曜日、赤口

+ CESA-2015:0046 Critical CentOS 7 xulrunner Security Update
http://lwn.net/Alerts/629638/

+ CESA-2015:0046 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/629639/

+ CESA-2015:0046 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/629640/

+ CESA-2015:0046 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/629641/

+ CESA-2015:0047 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/629642/

+ CESA-2015:0047 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/629643/

+ phpMyAdmin 4.3.7 released
http://sourceforge.net/p/phpmyadmin/news/2015/01/phpmyadmin-437-is-released/

+ squid 3.4.11 released
http://www.squid-cache.org/Versions/v3/3.4/squid-3.4.11-RELEASENOTES.html

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Oracle Critical Patch Update Pre-Release Announcement - January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

+ OpenSSL 1.0.1l, 1.0.0q, 0.9.8ze released
http://www.openssl.org/news/openssl-0.9.8-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html

+ Linux Kernel SCTP firewalling fails until SCTP module is loaded
http://cxsecurity.com/issue/WLB-2015010082

+ SA62006 Linux Kernel "key_gc_unused_keys()" Race Condition Denial of Service Vulnerability
http://secunia.com/advisories/62006/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529

+ SA62191 Apple OS X sysmond Privilege Escalation Vulnerability
http://secunia.com/advisories/62191/

記者の眼
2016年に逮捕者続出？企業に迫るマイナンバーの落とし穴
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011400159/?ST=security

News ＆ Trend
北朝鮮がソニー子会社へのサイバー攻撃に関与疑惑、日本企業が注意すべき点は？
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011500145/?ST=security

ブロードバンドルーターに「残念なフォーチュンクッキー」脆弱性、情報流出も
http://itpro.nikkeibp.co.jp/atcl/news/15/011500172/?ST=security

15日 木曜日、大安

+ Linux kernel 3.12.36 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.36

世界のセキュリティ・ラボから
サイバーセキュリティ保護の8つの約束
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/011300027/?ST=security

アイベクス、サーバーアクセスを仲介して操作を録画するソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/011400157/?ST=security

FFRIがマルウエア解析ツールに新版、Web APIで利用可能に
http://itpro.nikkeibp.co.jp/atcl/news/15/011400155/?ST=security

Windowsに危険な脆弱性が発覚、早急にパッチの適用を
http://itpro.nikkeibp.co.jp/atcl/news/15/011400154/?ST=security

イーセクター、VPN機器いらずのクラウド型P2P VPNサービス
http://itpro.nikkeibp.co.jp/atcl/news/15/011400153/?ST=security

UPDATE: JVNVU#96446762 複数のブロードバンドルータに、脆弱性が存在するバージョンの Allegro RomPager を使用している問題
http://jvn.jp/vu/JVNVU96446762/index.html

JVNVU#96405828 Panasonic Arbitrator Back-End Server (BES) に平文通信の脆弱性
http://jvn.jp/vu/JVNVU96405828/index.html

14日 水曜日、仏滅

+ 2015 年 1 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-jan

+ MS15-001 - 重要 Windows Application Compatibility Cache の脆弱性により、特権が昇格される (3023266)
https://technet.microsoft.com/library/security/MS15-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0002

+ MS15-002 - 緊急 Windows Telnet サービスの脆弱性により、リモートでコードが実行される (3020393)
https://technet.microsoft.com/library/security/MS15-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0014

+ MS15-003 - 重要 Windows User Profile Service の脆弱性により、特権が昇格される (3021674)
https://technet.microsoft.com/library/security/MS15-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0004

+ MS15-004 - 重要 Windows コンポーネントの脆弱性により、特権が昇格される (3025421)
https://technet.microsoft.com/library/security/MS15-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016

+ MS15-005 - 重要 Network Location Awareness Service の脆弱性により、セキュリティ機能のバイパスが起こる (3022777)
https://technet.microsoft.com/library/security/MS15-005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0006

+ MS15-006 - 重要 Windows エラー報告の脆弱性により、セキュリティ機能のバイパスが起こる (3004365)
https://technet.microsoft.com/library/security/MS15-006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0001

+ MS15-007 - 重要 ネットワーク ポリシー サーバーの RADIUS 実装の脆弱性により、サービス拒否が起こる (3014029)
https://technet.microsoft.com/library/security/MS15-007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0015

+ MS15-008 - 重要 Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (3019215)
https://technet.microsoft.com/library/security/MS15-008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0011

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2015:0046 Critical: firefox security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641

+ RHSA-2015:0047 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-0047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639

+ RHSA-2015:0046 Critical: firefox security and bug fix update
https://access.redhat.com/errata/RHSA-2015:0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641

+ Google Chrome 39.0.2171.99 released
http://googlechromereleases.blogspot.jp/2015/01/stable-channel-update.html

+ Mozilla Firefox 35.0 released
https://www.mozilla.org/en-US/firefox/35.0/releasenotes/

+ MSFA-2015-09 XrayWrapper bypass through DOM objects
https://www.mozilla.org/ja/security/advisories/mfsa2015-09/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8636

+ MSFA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
https://www.mozilla.org/ja/security/advisories/mfsa2015-08/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8642

+ MSFA-2015-07 Gecko Media Plugin sandbox escape
https://www.mozilla.org/ja/security/advisories/mfsa2015-07/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8643

+ MSFA-2015-06 Read-after-free in WebRTC
https://www.mozilla.org/ja/security/advisories/mfsa2015-06/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641

+ MSFA-2015-05 Read of uninitialized memory in Web Audio
https://www.mozilla.org/ja/security/advisories/mfsa2015-05/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8640

+ MSFA-2015-04 Cookie injection through Proxy Authenticate responses
https://www.mozilla.org/ja/security/advisories/mfsa2015-04/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8639

+ MSFA-2015-03 sendBeacon requests lack an Origin header
https://www.mozilla.org/ja/security/advisories/mfsa2015-03/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8638

+ MSFA-2015-02 Uninitialized memory use during bitmap rendering
https://www.mozilla.org/ja/security/advisories/mfsa2015-02/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8637

+ MSFA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
https://www.mozilla.org/ja/security/advisories/mfsa2015-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8635

+ APSB15-01 Security updates available for Adobe Flash Player
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0309

+ Mozilla Thunderbird 31.4.0 released
https://www.mozilla.org/en-US/thunderbird/31.4.0/releasenotes/

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ HPSBOV03228 rev.1 - HP OpenVMS running Bash Shell, Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04533737&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186

+ REMOTE: Oracle MySQL for Microsoft Windows FILE Privilege Abuse
http://www.exploit-db.com/exploits/35777

+ DoS/PoC: OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC
http://www.exploit-db.com/exploits/35771

+ DoS/PoC: OS X 10.10 Bluetooth BluetoothHCIChangeLocalName - Crash PoC
http://www.exploit-db.com/exploits/35772

+ DoS/PoC: OS X 10.10 Bluetooth TransferACLPacketToHW - Crash PoC
http://www.exploit-db.com/exploits/35773

+ DoS/Poc: OS X 10.10 Bluetooth DispatchHCIWriteStoredLinkKey - Crash PoC
http://www.exploit-db.com/exploits/35774

+ Gecko CMS 2.3 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2015010058

+ Oracle MySQL for Microsoft Windows FILE Privilege Abuse
http://cxsecurity.com/issue/WLB-2015010057

CSIRTメモ
チェックしておきたい脆弱性情報＜2015.01.14＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011300038/?ST=security

ネットアシストがサーバー監視サービス、電話通知などは有償
http://itpro.nikkeibp.co.jp/atcl/news/15/011300140/?ST=security

ミクシィ運営のポイントサイトなどにリスト型攻撃、43万円分不正利用
http://itpro.nikkeibp.co.jp/atcl/news/15/011300139/?ST=security

1万8000以上のメールアカウントに不正アクセス、So-netにリスト型攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/15/011300137/?ST=security

Webブラウザーを“乗っ取る”、スマホを狙う新手のワンクリ詐欺
http://itpro.nikkeibp.co.jp/atcl/news/15/011300133/?ST=security

「サイバーセキュリティ基本法」が全面施行、NISCは省庁横断の司令塔に
http://itpro.nikkeibp.co.jp/atcl/news/15/011300129/?ST=security

VU#117604 Panasonic Arbitrator Back-End Server (BES) uses unencrypted communication
http://www.kb.cert.org/vuls/id/117604

REMOTE: Lexmark MarkVision Enterprise Arbitrary File Upload
http://www.exploit-db.com/exploits/35776

REMOTE: WordPress WP Symposium 14.11 Shell Upload
http://www.exploit-db.com/exploits/35778

13日 月曜日、先負

+ UPDATE: GNU Bash Environment Variable Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ HPSBMU03230 rev.1 - HP Insight Control server deployment Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04537915&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7881

+ UPDATE: HPSBOV03227 rev.2 - HP SSL for OpenVMS, Remote Disclosure of Information, Denial of Service (DoS) and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04533567&docLocale=ja_JP

+ Multiple vulnerabilities in NTP
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp

+ Apple OS X Spotlight Mail Preview Function Bypasses Mail Privacy Preferences
http://www.securitytracker.com/id/1031521

+ Linux Kernel x86_64 PIE bypass using VDSO ASLR weakness
http://cxsecurity.com/issue/WLB-2015010050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585

+ OS X 10.9.x - sysmond XPC Privilege Escalation
http://cxsecurity.com/issue/WLB-2015010049

+ OpenSSL 1.0.1j Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2015010048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570

+ PHP 5.6.4 ereg() null pointer deference
http://cxsecurity.com/issue/WLB-2015010045

+ PHP 5.6.4 CORE Uninitialized pointer read
http://cxsecurity.com/issue/WLB-2015010046

+ SA62193 WinSCP OpenSSL Multiple Security Bypass Vulnerabilities
http://secunia.com/advisories/62193/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204

+ SA61922 McAfee ePolicy Orchestrator XML External Entities Vulnerability
http://secunia.com/advisories/61922/

+ Linux Kernel 'vdso_addr()' Function Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/71990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585

ByteDesigner version 2.3 is available
http://www.postgresql.org/about/news/1562/

JVNVU#98974537 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98974537/

UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/

UPDATE: JVNVU#91812636 再帰的名前解決を行う DNS リゾルバの実装に名前解決を無限に繰り返す問題
http://jvn.jp/vu/JVNVU91812636/

UPDATE: JVNVU#94007830 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU94007830/

UPDATE: JVNVU#99291862 複数の NAT-PMP デバイスが WAN 側から操作可能な問題
http://jvn.jp/vu/JVNVU99291862/

4割がネットバンキングで危険に遭遇、進むスマホシフトでセキュリティ確保も急務
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/010900142/?ST=security

10年の歴史に幕、マイクロソフトがパッチの事前通知を終了
http://itpro.nikkeibp.co.jp/atcl/news/15/010900117/?ST=security

TwoFive、DNSへの攻撃を防御するDNSサーバーソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/010900114/?ST=security

ITproまとめ
顔認識
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/010500057/?ST=security

ITproまとめ
WAF
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/010800058/?ST=security

LOCAL: RedStar 3.0 Desktop - Privilege Escalation (Enable sudo)
http://www.exploit-db.com/exploits/35746

LOCAL: RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit)
http://www.exploit-db.com/exploits/35748

LOCAL: RedStar 3.0 Desktop - Privilege Escalation (Software Manager - swmng.app)
http://www.exploit-db.com/exploits/35749

9日 金曜日、大安

+ CESA-2015:0016 Moderate CentOS 6 glibc Security Update
http://lwn.net/Alerts/628795/

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Linux kernel 3.18.2, 3.17.8, 3.14.28, 3.10.64 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.2
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.28
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.64

+ Multiple vulnerabilities in NTP
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ DBD::Pg 3.5.0 released
http://www.postgresql.org/about/news/1561/

+ OpenSSL Security Advisory [08 Jan 2015]
http://www.openssl.org/news/secadv_20150108.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570

+ OpenSSL 1.0.1k, 1.0.0p, 0.9.8zd released
http://www.openssl.org/news/openssl-1.0.1-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-0.9.8-notes.html

+ SA61925 cURL / libcURL Header Injection Weakness and Certificate Verification Security Issue
http://secunia.com/advisories/61925/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8151

+ SA62020 Wireshark Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/62020/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564

+ Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2015010038

+ Microweber CMS 0.95 SQL Injection
http://cxsecurity.com/issue/WLB-2015010036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9464

+ PHP '/ext/opcache/zend_shared_alloc.c' Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/71929

【社長に説明できるセキュリティ】
クライアントのセキュリティ対策、今こそ戦略的に再考の時
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/010500005/?ST=security

クライアントアプリの脆弱性を不正なサーバー応答で検知するソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/010800093/?ST=security

ハミングヘッズ、サイバー攻撃対策に割安な3年ライセンス
http://itpro.nikkeibp.co.jp/atcl/news/15/010800091/?ST=security

FBI長官、サイバー攻撃に北関与との判断に自信、理由を説明
http://itpro.nikkeibp.co.jp/atcl/news/15/010800080/?ST=security

REMOTE: Pandora v3.1 Auth Bypass and Arbitrary File Upload Vulnerability
http://www.exploit-db.com/exploits/35731

LOCAL: Ntpdc 4.2.6p3 - Local Buffer Overflow
http://www.exploit-db.com/exploits/35732

8日 木曜日、仏滅

+ RHSA-2015:0016 Moderate: glibc security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0016.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817

+ phpMyAdmin 4.3.6 is released
http://sourceforge.net/p/phpmyadmin/news/2015/01/phpmyadmin-436-is-released/

+ Wireshark 1.12.3, 1.10.12 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ CTX200355 Citrix Security Advisory for NTP Vulnerabilities
http://support.citrix.com/article/CTX200355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure
http://cxsecurity.com/issue/WLB-2015010032

+ Linux Kernel 'fs/isofs/rock.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/71883

世界のセキュリティ・ラボから
2015年のセキュリティ脅威動向の予測
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/010700026/?ST=security

だまされる、脅される、盗まれる　あなたの「お金」が危ない
セキュリティクイズ10問に挑戦しよう
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900009/?ST=security

トレンドマイクロ、パターンファイル不要のウイルス対策ソフト最新版
http://itpro.nikkeibp.co.jp/atcl/news/15/010700071/?ST=security

7日 水曜日、先負

+ CESA-2015:0008 Low CentOS 7 libvirt Security Update
http://lwn.net/Alerts/628588/

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Linux Kernel 'keys/gc.c' Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/71880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529

新人D太と先輩M子のITビジネス日誌
家電や自動車がサイバー攻撃の標的になる「IoT時代のセキュリティ対策」とは？
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/122500012/?ST=security

パソコンとの違いで見る、スマートフォンのセキュリティ対策
［通話機能］盗聴とアドレス帳の扱いに注意
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700007/?ST=security

だまされる、脅される、盗まれる　あなたの「お金」が危ない
パスワードの使い回しをやめる方法
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900008/?ST=security

記者の眼
日本は北朝鮮からのサイバー攻撃に対抗できる？ 対岸の火事ではない「ソニー事件」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122500149/?ST=security

NEC、ファイルの外部持ち出しもできる情報漏えい防止ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/010600043/?ST=security

退職者の閲覧権限を解除できる暗号化PDF閲覧管理サービス
http://itpro.nikkeibp.co.jp/atcl/news/15/010600039/?ST=security

JVNVU#91050570 複数の UEFI システムにおいて EFI S3 Resume Boot Path で使われる boot script が適切に保護されていない問題
http://jvn.jp/vu/JVNVU91050570/index.html

JVNVU#96159942 Intel BIOS ロッキングメカニズムに競合状態の脆弱性
http://jvn.jp/vu/JVNVU96159942/index.html

JVNVU#91111635 UEFI EDK1 にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91111635/index.html

LOCAL: BulletProof FTP Client BPS Buffer Overflow
http://www.exploit-db.com/exploits/35712

6日 火曜日、友引

+ RHSA-2015:0008 Low: libvirt security and bug fix update
https://access.redhat.com/errata/RHSA-2015:0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7823

+ Windows Kernel Flaw in NtApphelpCacheControl() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1031484

+ PHP Memory Error in FileInfo apprentice_load() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9426

+ PHP Double Free Error in Zend zend_ts_hash_graceful_destroy() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425

+ Linux Kernel Infinite Loop in Processing iso9660 Images Lets Users Deny Service
http://www.securitytracker.com/id/1031456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420

+ SA61891 PHP Fileinfo Two Vulnerabilities
http://secunia.com/advisories/61891/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425

+ SA61488 libpng "png_combine_row()" Memory Corruption Vulnerability
http://secunia.com/advisories/61488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9495

+ PHP 5.6.4 out of bounds read crashes php-cgi
http://cxsecurity.com/issue/WLB-2015010007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427

+ Outlook and others Set Program Access and Computer Defaults
http://cxsecurity.com/issue/WLB-2015010010

パソコンとの違いで見る、スマートフォンのセキュリティ対策
［外部デバイス］パソコンほど危険ではないけれど
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700006/?ST=security

だまされる、脅される、盗まれる　あなたの「お金」が危ない
あなたのお金を守る、7つの対策
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900007/?ST=security

News ＆ Trend
「2015年はiBeacon元年に」、JR東日本やJALも活用する“屋内版GPS”の本命
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/010400139/?ST=security

統計＆調査
［データは語る］国内情報セキュリティ製品市場は2018年に3000億円に――IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/010500063/?ST=security

統計＆調査
［データは語る］ネットワークセキュリティに関するサービス／製品市場は18年度に4721億円に
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/010500062/?ST=security

米政府が北朝鮮に対する金融制裁を実施、サイバー攻撃への対抗措置
http://itpro.nikkeibp.co.jp/atcl/news/15/010500002/?ST=security

UPDATE: JVNVU#96446762 複数のブロードバンドルータに、脆弱性が存在するバージョンの Allegro RomPager を使用している問題
http://jvn.jp/vu/JVNVU96446762/

UPDATE: JVNVU#91812636 再帰的名前解決を行う DNS リゾルバの実装に名前解決を無限に繰り返す問題
http://jvn.jp/vu/JVNVU91812636/

UPDATE: JVNVU#94007830 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU94007830/

VU#976132 Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot script
http://www.kb.cert.org/vuls/id/976132

VU#766164 Intel BIOS locking mechanism contains race condition that enables write protection bypass
http://www.kb.cert.org/vuls/id/766164

VU#533140 UEFI EDK1 vulnerable to buffer overflow
http://www.kb.cert.org/vuls/id/533140

5日 月曜日、先勝

+ phpMyAdmin 4.3.4 is released
http://sourceforge.net/p/phpmyadmin/news/2014/12/phpmyadmin-434-is-released/

+ The Android-x86 4.4-r2 released
http://www.android-x86.org/releases/releasenote-4-4-r2

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ Linux kernel 3.2.66 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.66

+ Multiple vulnerabilities in NTP
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ libpng 1.6.16, 1.2.52 released
http://www.libpng.org/pub/png/src/libpng-1.6.16-README.txt
http://www.libpng.org/pub/png/src/libpng-1.2.52-README.txt

+ LOCAL: Windows 8.1 (32/64 bit) - Privilege Escalation (ahcache.sys/NtApphelpCacheControl)
http://www.exploit-db.com/exploits/35661

+ SA61851 Linux Kernel "batadv_frag_merge_packets()" Denial of Service Vulnerability
http://secunia.com/advisories/61851/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9428

+ Windows 8.1 (32/64 bit) - Privilege Escalation (ahcache.sys/NtApphelpCacheControl)
http://cxsecurity.com/issue/WLB-2015010003

+ Facebook Insecure Direct Object Reference
http://cxsecurity.com/issue/WLB-2014120202

+ nginx 1.7.3 SMTP STARTTLS plaintext injection flaw
http://cxsecurity.com/issue/WLB-2014120201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556

+ PHP 'apprentice.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/71811

+ PHP 'cgi_main.c' Out of Bounds Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/71833

+ Linux Kernel 'fragmentation.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/71847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9428

+ PHP CVE-2014-9425 Double Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/71800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425

+ libpng 'png_combine_row()' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/71820

だまされる、脅される、盗まれる　あなたの「お金」が危ない
「遠隔操作ウイルス」とは何なのか？
http://itpro.nikkeibp.co.jp/atcl/column/14/120900123/120900006/?ST=security

パソコンとの違いで見る、スマートフォンのセキュリティ対策
［紛失・盗難］誰にでも起こるから入念に対策を
http://itpro.nikkeibp.co.jp/atcl/column/14/120900122/121700005/?ST=security

セコム、ウォークスルー顔認証システムをパッケージ製品化
http://itpro.nikkeibp.co.jp/atcl/news/14/122602402/?ST=security

ソニーへのサイバー攻撃、北朝鮮関与に一部専門家が異論
http://itpro.nikkeibp.co.jp/atcl/news/14/122602401/?ST=security

2014年アクセスランキング発表！
［CIO、Computerworld］SSL 3.0、Bashの脆弱性は世界の脅威、アップルも共通の話題
http://itpro.nikkeibp.co.jp/atcl/column/14/121000124/121500008/?ST=security

Facebook、プライバシー法違反の集団訴訟に直面か
http://itpro.nikkeibp.co.jp/atcl/news/14/122602399/?ST=security

プレステとXboxのオンラインサービスに障害発生
http://itpro.nikkeibp.co.jp/atcl/news/14/122602398/?ST=security

REMOTE: ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution
http://www.exploit-db.com/exploits/35688

REMOTE: ProjectSend Arbitrary File Upload
http://www.exploit-db.com/exploits/35660

REMOTE: Liferay Portal 7.0.x <= 7.0.2 - Pre-Auth RCE
http://www.exploit-db.com/exploits/35652

REMOTE: WhatsApp <= 2.11.476 - Remote Reboot/Crash App Android
http://www.exploit-db.com/exploits/35637

LOCAL: i-FTP Schedule Buffer Overflow
http://www.exploit-db.com/exploits/35671

DoS/PoC: Wickr Desktop 2.2.1 Windows - Denial of Service Vulnerability
http://www.exploit-db.com/exploits/35622