:: IT Security Neophyte Investigator's MEMO ::: 29日木曜日、先負

2015年1月29日木曜日

29日木曜日、先負

+ RHSA-2015:0100 Moderate: libyaml security update
https://rhn.redhat.com/errata/RHSA-2015-0100.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

+ RHSA-2015:0102 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2015:0102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841

+ RHSA-2015:0100 Moderate: libyaml security update
https://access.redhat.com/errata/RHSA-2015:0100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

+ About the security content of OS X Yosemite v10.10.2 and Security Update 2015-001
http://support.apple.com/en-us/HT204244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8834

+ About the security content of Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3
http://support.apple.com/en-us/HT204243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of iOS 8.1.3
http://support.apple.com/en-us/HT204245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ About the security content of Apple TV 7.0.3
http://support.apple.com/en-us/HT204246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4479

+ CESA-2015:0092 Critical CentOS 7 glibc Security Update
http://lwn.net/Alerts/630931/

+ CESA-2015:0092 Critical CentOS 6 glibc Security Update
http://lwn.net/Alerts/630930/

+ CESA-2015:0090 Critical CentOS 5 glibc Security Update
http://lwn.net/Alerts/630929/

+ Wireshark 1.12.3, 1.10.12 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.3.html
https://www.wireshark.org/docs/relnotes/wireshark-1.10.12.html

+ GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ Cisco Prime Service Catalog XML External Entity Processing Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-psc-xmlee
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0581

+ Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
http://support.citrix.com/article/CTX200391

+ FreeBSD-SA-15:02.kmem SCTP SCTP_SS_VALUE kernel memory corruption and disclosure
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8612

+ FreeBSD-SA-15:03.sctp SCTP stream reset vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:03.sctp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8613

+ JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/

+ VU#967332 GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow
http://www.kb.cert.org/vuls/id/967332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ VMSA-2015-0001 VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
http://www.vmware.com/security/advisories/VMSA-2015-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

+ glibc 2.20 getaddrinfo() writes DNS queries to random file descriptors (PoC)
http://cxsecurity.com/issue/WLB-2015010141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423

+ FreeBSD Kernel Crash / Code Execution / Disclosure
http://cxsecurity.com/issue/WLB-2015010144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0998

+ GNU glibc CVE-2015-0235 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/72325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

+ libpng CVE-2015-0973 Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/71994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973

ヤバイメールの処方箋
（9）翻訳、日時指定など、便利なメールサービス＆スマホアプリ
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300010/?ST=security

記者の眼
サポート終了まで半年を切るも、まだ残るWindows Server 2003
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/012600170/?ST=security

Web経由のゼロデイ攻撃が出現、Flash Playerに危険な脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/15/012800324/?ST=security

アズジェント、マルウエア添付メールを無害化するセキュリティ製品を発売
http://itpro.nikkeibp.co.jp/atcl/news/15/012800323/?ST=security

「IoTにはセキュリティリスク」、FTCがメーカーに改善策を提案
http://itpro.nikkeibp.co.jp/atcl/news/15/012800318/?ST=security

JVNVU#96447236 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU96447236/

REMOTE: ClearSCADA - Remote Authentication Bypass Exploit
http://www.exploit-db.com/exploits/35924

:: IT Security Neophyte Investigator's MEMO ::

2015年1月29日木曜日

29日木曜日、先負

0 件のコメント:

コメントを投稿

2015年1月29日木曜日

29日 木曜日、先負

0 件のコメント:

コメントを投稿

29日木曜日、先負