+ RED HAT ENTERPRISE LINUX 7.1 BETA
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.1_Release_Notes/index.html
+ CESA-2015:0266 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/634943/
+ CESA-2015:0266 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/634944/
+ HPSBUX03273 SSRT101951 rev.1 - HP-UX running Java6, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04580241&docLocale=ja_JP
+ Apache Log4j 2.2 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.2
News & Trend
CSIRTを構築する企業が急増中、一方で広がる「温度差」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/021900172/?ST=security
不正アクセス被害が報じられたGemalto、暗号化キーの大量流出を否定
http://itpro.nikkeibp.co.jp/atcl/news/15/022600700/?ST=security
「ShellShock」を狙った攻撃が急増、Webサーバーを乗っ取られる恐れ
http://itpro.nikkeibp.co.jp/atcl/news/15/022600699/?ST=security
JVNVU#99205169 Bluetooth Stack for Windows by Toshiba および TOSHIBA Service Station に権限昇格の脆弱性
http://jvn.jp/vu/JVNVU99205169/
2015年2月27日金曜日
2015年2月26日木曜日
26日 木曜日、先勝
+ RHSA-2015:0266 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-0266.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ CESA-2015:0265 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/634760/
+ CESA-2015:0265 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/634758/
+ CESA-2015:0265 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/634759/
+ BIND 9.10.2, 9.9.7 released
https://kb.isc.org/article/AA-01257/81/BIND-9.10.2-Release-Notes.html
https://kb.isc.org/article/AA-01256/81/BIND-9.9.7-Release-Notes.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
+ HPSBST03257 rev.1 - HP Storage Provisioning Manager for HP Matrix Operating Environment running OpenSSL, Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04568546&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
+ FreeBSD-SA-15:05.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:05.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ FreeBSD-SA-15:04.igmp Integer overflow in IGMP protocol
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ FreeBSD IGMP Integer Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ SA63113 FreeBSD IGMP Packets Handling Denial of Service Vulnerability
http://secunia.com/advisories/63113/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ FreeBSD CVE-2015-1414 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/72777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
JVNDB-2015-000026 シンクグラフィカ製メールフォームプロ CGI において任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000026.html
JVNDB-2015-000027 日本語版 Zen Cart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000027.html
世界のセキュリティ・ラボから
便利なIoTよりセキュアなIoTを
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/022400033/?ST=security
国内ユーザー10万人を詐欺サイトに誘導、「不正広告」の脅威
http://itpro.nikkeibp.co.jp/atcl/news/15/022500691/?ST=security
F5がネットセキュリティのSaaSを開始、第一弾はDDoS対策
http://itpro.nikkeibp.co.jp/atcl/news/15/022500684/?ST=security
JVN#30135729 シンクグラフィカ製メールフォームプロ CGI において任意のコードを実行される脆弱性
http://jvn.jp/jp/JVN30135729/index.html
JVN#44544694 日本語版 Zen Cart におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN44544694/index.html
https://rhn.redhat.com/errata/RHSA-2015-0266.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ CESA-2015:0265 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/634760/
+ CESA-2015:0265 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/634758/
+ CESA-2015:0265 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/634759/
+ BIND 9.10.2, 9.9.7 released
https://kb.isc.org/article/AA-01257/81/BIND-9.10.2-Release-Notes.html
https://kb.isc.org/article/AA-01256/81/BIND-9.9.7-Release-Notes.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
+ HPSBST03257 rev.1 - HP Storage Provisioning Manager for HP Matrix Operating Environment running OpenSSL, Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04568546&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBUX03162 SSRT101885 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS) and Other Vulnerabilites
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
+ FreeBSD-SA-15:05.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:05.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ FreeBSD-SA-15:04.igmp Integer overflow in IGMP protocol
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ FreeBSD IGMP Integer Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ SA63113 FreeBSD IGMP Packets Handling Denial of Service Vulnerability
http://secunia.com/advisories/63113/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
+ FreeBSD CVE-2015-1414 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/72777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414
JVNDB-2015-000026 シンクグラフィカ製メールフォームプロ CGI において任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000026.html
JVNDB-2015-000027 日本語版 Zen Cart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000027.html
世界のセキュリティ・ラボから
便利なIoTよりセキュアなIoTを
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/022400033/?ST=security
国内ユーザー10万人を詐欺サイトに誘導、「不正広告」の脅威
http://itpro.nikkeibp.co.jp/atcl/news/15/022500691/?ST=security
F5がネットセキュリティのSaaSを開始、第一弾はDDoS対策
http://itpro.nikkeibp.co.jp/atcl/news/15/022500684/?ST=security
JVN#30135729 シンクグラフィカ製メールフォームプロ CGI において任意のコードを実行される脆弱性
http://jvn.jp/jp/JVN30135729/index.html
JVN#44544694 日本語版 Zen Cart におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN44544694/index.html
2015年2月25日水曜日
25日 水曜日、先勝
+ RHSA-2015:0265 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-0265.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ RHSA-2015:0265 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2015:0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ Mozilla Firefox 36.0 released
https://www.mozilla.org/en-US/firefox/36.0/releasenotes/
+ MFSA-2015-27 Caja Compiler JavaScript sandbox bypass
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820
+ MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
+ MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
+ MSFA-2015-24 Reading of local files through manipulation of form autocomplete
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
+ MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
+ MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
+ MSFA-2015-21 Buffer underflow during MP3 playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
+ MSFA-2015-20 Buffer overflow during CSS restyling
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
+ MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
+ MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
+ MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
+ MSFA-2015-16 Use-after-free in IndexedDB
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
+ MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
+ MSFA-2015-14 Malicious WebGL content crash when writing strings
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
+ MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832
+ MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
+ MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
+ Mozilla Thunderbird 31.5.0 released
https://www.mozilla.org/en-US/thunderbird/31.5.0/releasenotes/
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
+ Samba 4.1.17, 4.0.25 and 3.6.25 Security Releases Available for Download
https://www.samba.org/samba/latest_news.html#4.1.17
https://www.samba.org/samba/history/samba-4.1.17.html
+ DoS/PoC: PHP 5.6.5 DateTime Use-After-Free
http://cxsecurity.com/issue/WLB-2015020121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
+ DoS/PoC: PHP 5.6.5 DateTimeZone Type Confusion Infoleak
http://cxsecurity.com/issue/WLB-2015020120
+ SA63051 Samba RPC Netlogon Handling Code Execution Vulnerability
http://secunia.com/advisories/63051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
JVNDB-2015-000023 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000023.html
News & Trend
ついに始まった五輪商戦、監視カメラシステムへの投資をにらみ各社動く
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/022200175/?ST=security
レノボ搭載のSuperfish、セキュリティ各社が“ウイルス”として検出
http://itpro.nikkeibp.co.jp/atcl/news/15/022400674/?ST=security
「Superfish」だけではない、SSL盗聴を招く危険なソフトが相次ぐ
http://itpro.nikkeibp.co.jp/atcl/news/15/022400668/?ST=security
JVNVU#91326102 Adtrustmedia PrivDog に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU91326102/
JVN#42768331 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN42768331/
JVNTA#91476059 Superfish がインストールされた Lenovo 製 PC に HTTPS スプーフィングの脆弱性
http://jvn.jp/ta/JVNTA91476059/
JVNVU#92865923 Komodia Redirector がルート CA 証明書と秘密鍵をインストールする問題
http://jvn.jp/vu/JVNVU92865923/
REMOTE: HP Client Automation Command Injection
http://www.exploit-db.com/exploits/36169
https://rhn.redhat.com/errata/RHSA-2015-0265.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ RHSA-2015:0265 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2015:0265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
+ Mozilla Firefox 36.0 released
https://www.mozilla.org/en-US/firefox/36.0/releasenotes/
+ MFSA-2015-27 Caja Compiler JavaScript sandbox bypass
https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0820
+ MFSA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0819
+ MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0821
+ MSFA-2015-24 Reading of local files through manipulation of form autocomplete
https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
+ MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0823
+ MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0824
+ MSFA-2015-21 Buffer underflow during MP3 playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0825
+ MSFA-2015-20 Buffer overflow during CSS restyling
https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0826
+ MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
+ MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0828
+ MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0829
+ MSFA-2015-16 Use-after-free in IndexedDB
https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
+ MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0834
+ MSFA-2015-14 Malicious WebGL content crash when writing strings
https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0830
+ MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0832
+ MSFA-2015-12 Invoking Mozilla updater will load locally stored DLL files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0833
+ MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0835
+ Mozilla Thunderbird 31.5.0 released
https://www.mozilla.org/en-US/thunderbird/31.5.0/releasenotes/
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
+ Samba 4.1.17, 4.0.25 and 3.6.25 Security Releases Available for Download
https://www.samba.org/samba/latest_news.html#4.1.17
https://www.samba.org/samba/history/samba-4.1.17.html
+ DoS/PoC: PHP 5.6.5 DateTime Use-After-Free
http://cxsecurity.com/issue/WLB-2015020121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
+ DoS/PoC: PHP 5.6.5 DateTimeZone Type Confusion Infoleak
http://cxsecurity.com/issue/WLB-2015020120
+ SA63051 Samba RPC Netlogon Handling Code Execution Vulnerability
http://secunia.com/advisories/63051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ Samba 'TALLOC_FREE()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
JVNDB-2015-000023 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000023.html
News & Trend
ついに始まった五輪商戦、監視カメラシステムへの投資をにらみ各社動く
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/022200175/?ST=security
レノボ搭載のSuperfish、セキュリティ各社が“ウイルス”として検出
http://itpro.nikkeibp.co.jp/atcl/news/15/022400674/?ST=security
「Superfish」だけではない、SSL盗聴を招く危険なソフトが相次ぐ
http://itpro.nikkeibp.co.jp/atcl/news/15/022400668/?ST=security
JVNVU#91326102 Adtrustmedia PrivDog に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU91326102/
JVN#42768331 Speed Software 製 Root Explorer および Explorer におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN42768331/
JVNTA#91476059 Superfish がインストールされた Lenovo 製 PC に HTTPS スプーフィングの脆弱性
http://jvn.jp/ta/JVNTA91476059/
JVNVU#92865923 Komodia Redirector がルート CA 証明書と秘密鍵をインストールする問題
http://jvn.jp/vu/JVNVU92865923/
REMOTE: HP Client Automation Command Injection
http://www.exploit-db.com/exploits/36169
2015年2月24日火曜日
24日 火曜日、赤口
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
+ RHSA-2015:0249 Critical: samba3x security update
https://rhn.redhat.com/errata/RHSA-2015-0249.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0251 Critical: samba security update
https://rhn.redhat.com/errata/RHSA-2015-0251.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0250 Critical: samba4 security update
https://rhn.redhat.com/errata/RHSA-2015-0250.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0252 Important: samba security update
https://access.redhat.com/errata/RHSA-2015:0252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ CESA-2015:0251 Critical CentOS 6 samba Security Update
http://lwn.net/Alerts/634407/
+ CESA-2015:0252 Important CentOS 7 samba Security Update
http://lwn.net/Alerts/634408/
+ CESA-2015:0249 Critical CentOS 5 samba3x Security Update
http://lwn.net/Alerts/634409/
+ CESA-2015:0250 Critical CentOS 6 samba4 Security Update
http://lwn.net/Alerts/634410/
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ Samba smbd Memory Free Error Lets Remote Users Execute Arbitrary Code with Root Privileges
http://www.securitytracker.com/id/1031783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ DoS/PoC: PHP DateTime Use After Free Vulnerability
http://www.exploit-db.com/exploits/36158
+ Apple OS X: Don't trust and don't prompt to trust certificates
http://cxsecurity.com/issue/WLB-2015020113
+ glibc 2.19 _IO_wstr_overflow integer overflow
http://cxsecurity.com/issue/WLB-2015020111
+ Samba 'TALLOC_FREE()' Funtion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
新人D太と先輩M子のITビジネス
セキュリティ分野から始まった顔認証、出退勤管理やおもてなしへと活用拡大
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/021800015/?ST=security
チェックしておきたい脆弱性情報<2015.02.24>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/022000044/?ST=security
日本オラクルが鍵管理サーバーを提供、DBをセキュリティを促進
http://itpro.nikkeibp.co.jp/atcl/news/15/022300648/?ST=security
「ノートン」が原因でIEを使えなくなる障害、アップデートで解消
http://itpro.nikkeibp.co.jp/atcl/news/15/022300640/?ST=security
レノボが「Superfish」セキュリティ問題の自動削除ツールを公開
http://itpro.nikkeibp.co.jp/atcl/news/15/022300638/?ST=security
米英情報機関がSIMカード大手に不正侵入の疑い、大量の携帯盗聴か
http://itpro.nikkeibp.co.jp/atcl/news/15/022300637/?ST=security
VU#366544 Adtrustmedia PrivDog fails to validate SSL certificates
http://www.kb.cert.org/vuls/id/366544
DoS/PoC: Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC
http://www.exploit-db.com/exploits/36152
https://technet.microsoft.com/ja-jp/library/security/3009008
+ RHSA-2015:0249 Critical: samba3x security update
https://rhn.redhat.com/errata/RHSA-2015-0249.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0251 Critical: samba security update
https://rhn.redhat.com/errata/RHSA-2015-0251.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0250 Critical: samba4 security update
https://rhn.redhat.com/errata/RHSA-2015-0250.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ RHSA-2015:0252 Important: samba security update
https://access.redhat.com/errata/RHSA-2015:0252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ CESA-2015:0251 Critical CentOS 6 samba Security Update
http://lwn.net/Alerts/634407/
+ CESA-2015:0252 Important CentOS 7 samba Security Update
http://lwn.net/Alerts/634408/
+ CESA-2015:0249 Critical CentOS 5 samba3x Security Update
http://lwn.net/Alerts/634409/
+ CESA-2015:0250 Critical CentOS 6 samba4 Security Update
http://lwn.net/Alerts/634410/
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ Samba smbd Memory Free Error Lets Remote Users Execute Arbitrary Code with Root Privileges
http://www.securitytracker.com/id/1031783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
+ DoS/PoC: PHP DateTime Use After Free Vulnerability
http://www.exploit-db.com/exploits/36158
+ Apple OS X: Don't trust and don't prompt to trust certificates
http://cxsecurity.com/issue/WLB-2015020113
+ glibc 2.19 _IO_wstr_overflow integer overflow
http://cxsecurity.com/issue/WLB-2015020111
+ Samba 'TALLOC_FREE()' Funtion Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0240
新人D太と先輩M子のITビジネス
セキュリティ分野から始まった顔認証、出退勤管理やおもてなしへと活用拡大
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/021800015/?ST=security
チェックしておきたい脆弱性情報<2015.02.24>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/022000044/?ST=security
日本オラクルが鍵管理サーバーを提供、DBをセキュリティを促進
http://itpro.nikkeibp.co.jp/atcl/news/15/022300648/?ST=security
「ノートン」が原因でIEを使えなくなる障害、アップデートで解消
http://itpro.nikkeibp.co.jp/atcl/news/15/022300640/?ST=security
レノボが「Superfish」セキュリティ問題の自動削除ツールを公開
http://itpro.nikkeibp.co.jp/atcl/news/15/022300638/?ST=security
米英情報機関がSIMカード大手に不正侵入の疑い、大量の携帯盗聴か
http://itpro.nikkeibp.co.jp/atcl/news/15/022300637/?ST=security
VU#366544 Adtrustmedia PrivDog fails to validate SSL certificates
http://www.kb.cert.org/vuls/id/366544
DoS/PoC: Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC
http://www.exploit-db.com/exploits/36152
2015年2月23日月曜日
23日 月曜日、大安
+ UPDATE: APSB15-04 Security updates available for Adobe Flash Player
https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb15-04.html
+ phpMyAdmin 4.3.10 released
http://sourceforge.net/p/phpmyadmin/news/2015/02/phpmyadmin-4310-release-notes/
+ CVE-2015-1349: A Problem with Trust Anchor Management Can Cause named to Crash
https://kb.isc.org/article/AA-01235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0618
+ HPSBMU03261 rev.1 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04571454&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
+ HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04571379&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
+ HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04574882&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04554677&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
+ Linux kernel 3.12.38, 3.2.67 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.67
+ JVNDB-2015-000022 AL-Mail32 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000022.html
+ JVNDB-2015-000021 AL-Mail32 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000021.html
+ JVNDB-2015-000020 AL-Mail32 におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000020.html
+ SA62993 Linux Kernel AMD CPU Core Denial of Service Vulnerability
http://secunia.com/advisories/62993/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
JVNDB-2015-000019 Squid における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000019.html
世界のセキュリティ・ラボから
BMW、リモートのドアロック解除を許す脆弱性を修正
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/022000032/?ST=security
チェックしておきたい脆弱性情報<2015.02.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/022000043/?ST=security
ITproまとめ
Superfish
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/022000074/?ST=security
あなたは大丈夫?「Superfish」の確認と対策を急げ
http://itpro.nikkeibp.co.jp/atcl/news/15/022000632/?ST=security
「回収はしない」「自分で削除を」、Superfishセキュリティ問題でレノボ日本法人
http://itpro.nikkeibp.co.jp/atcl/news/15/022000629/?ST=security
マカフィー、中小企業向けにセキュリティスイートを用意
http://itpro.nikkeibp.co.jp/atcl/news/15/022000628/?ST=security
東陽テクニカ、Android/iOS上で動作するホスト型IPSを発売
http://itpro.nikkeibp.co.jp/atcl/news/15/022000626/?ST=security
SSL通信を盗聴される恐れ、ノートPCに潜む「Superfish」の正体
http://itpro.nikkeibp.co.jp/atcl/news/15/022000625/?ST=security
https://helpx.adobe.com/content/help/en/security/products/flash-player/apsb15-04.html
+ phpMyAdmin 4.3.10 released
http://sourceforge.net/p/phpmyadmin/news/2015/02/phpmyadmin-4310-release-notes/
+ CVE-2015-1349: A Problem with Trust Anchor Management Can Cause named to Crash
https://kb.isc.org/article/AA-01235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco IOS XR Software IPv6 Malformed Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150220-ipv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0618
+ HPSBMU03261 rev.1 - HP Systems Insight Manager running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04571454&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
+ HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04571379&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
+ HPSBPV03266 rev.1 - Certain HP Networking and H3C Switches and Routers running NTP, Remote Execution of Code, Disclosure of Information, and Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04574882&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
+ HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04554677&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
+ Linux kernel 3.12.38, 3.2.67 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.67
+ JVNDB-2015-000022 AL-Mail32 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000022.html
+ JVNDB-2015-000021 AL-Mail32 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000021.html
+ JVNDB-2015-000020 AL-Mail32 におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000020.html
+ SA62993 Linux Kernel AMD CPU Core Denial of Service Vulnerability
http://secunia.com/advisories/62993/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
JVNDB-2015-000019 Squid における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000019.html
世界のセキュリティ・ラボから
BMW、リモートのドアロック解除を許す脆弱性を修正
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/022000032/?ST=security
チェックしておきたい脆弱性情報<2015.02.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/022000043/?ST=security
ITproまとめ
Superfish
http://itpro.nikkeibp.co.jp/atcl/column/14/494329/022000074/?ST=security
あなたは大丈夫?「Superfish」の確認と対策を急げ
http://itpro.nikkeibp.co.jp/atcl/news/15/022000632/?ST=security
「回収はしない」「自分で削除を」、Superfishセキュリティ問題でレノボ日本法人
http://itpro.nikkeibp.co.jp/atcl/news/15/022000629/?ST=security
マカフィー、中小企業向けにセキュリティスイートを用意
http://itpro.nikkeibp.co.jp/atcl/news/15/022000628/?ST=security
東陽テクニカ、Android/iOS上で動作するホスト型IPSを発売
http://itpro.nikkeibp.co.jp/atcl/news/15/022000626/?ST=security
SSL通信を盗聴される恐れ、ノートPCに潜む「Superfish」の正体
http://itpro.nikkeibp.co.jp/atcl/news/15/022000625/?ST=security
2015年2月20日金曜日
20日 金曜日、友引
+ Google Chrome 40.0.2214.115 released
http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update_19.html
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HS15-006 Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-006/index.html
+ HS15-005 Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-005/index.html
+ HS15-004 Multiple Cross-site Scripting Vulnerabilities in Hitachi Compute Systems Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-004/index.html
+ HS15-006 Hitachi IT Operations Analyzerにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-006/index.html
+ HS15-005 JP1/IT Desktop Management - Manager, Hitachi IT Operations Directorのオンラインヘルプにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-005/index.html
+ HS15-004 Hitachi Compute Systems Managerにおける複数のクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-004/index.html
+ PHP 5.6.6, 5.5.22, 5.4.38 Released
http://www.php.net/ChangeLog-5.php#5.6.6
http://www.php.net/ChangeLog-5.php#5.5.22
http://www.php.net/ChangeLog-5.php#5.4.38
+ JVNVU#93982119 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93982119/
+ BIND DNSSEC Trust Anchor Management Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031763
CVE-2015-1349
+ PHP Code Execution in jui_filter_rules Parsing Library
http://cxsecurity.com/issue/WLB-2015020102
+ Linux Kernel ASLR Implementation Insufficient Entropy Weakness
http://www.securityfocus.com/bid/72680
「中身を読みたければマクロを有効にして」、帰ってきたマクロウイルスの手口
http://itpro.nikkeibp.co.jp/atcl/news/15/021900606/?ST=security
ソリトンのRADIUS認証サーバー、連続失敗でアカウントロック
http://itpro.nikkeibp.co.jp/atcl/news/15/021900603/?ST=security
エクシード、延命のためのWindows Server 2003運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/15/021900598/?ST=security
約600匹の猫たちが状況をお知らせ、キングソフトが無料セキュリティソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/021900597/?ST=security
日本MS、「サイバークライムセンター日本サテライト」を開設
http://itpro.nikkeibp.co.jp/atcl/news/15/021900594/?ST=security
VU#529496 Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys
http://www.kb.cert.org/vuls/id/529496
REMOTE: jQuery jui_filter_rules PHP Code Execution
http://www.exploit-db.com/exploits/36124
http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update_19.html
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HS15-006 Cross-site Scripting Vulnerability in Hitachi IT Operations Analyzer
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-006/index.html
+ HS15-005 Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-005/index.html
+ HS15-004 Multiple Cross-site Scripting Vulnerabilities in Hitachi Compute Systems Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-004/index.html
+ HS15-006 Hitachi IT Operations Analyzerにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-006/index.html
+ HS15-005 JP1/IT Desktop Management - Manager, Hitachi IT Operations Directorのオンラインヘルプにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-005/index.html
+ HS15-004 Hitachi Compute Systems Managerにおける複数のクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-004/index.html
+ PHP 5.6.6, 5.5.22, 5.4.38 Released
http://www.php.net/ChangeLog-5.php#5.6.6
http://www.php.net/ChangeLog-5.php#5.5.22
http://www.php.net/ChangeLog-5.php#5.4.38
+ JVNVU#93982119 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93982119/
+ BIND DNSSEC Trust Anchor Management Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031763
CVE-2015-1349
+ PHP Code Execution in jui_filter_rules Parsing Library
http://cxsecurity.com/issue/WLB-2015020102
+ Linux Kernel ASLR Implementation Insufficient Entropy Weakness
http://www.securityfocus.com/bid/72680
「中身を読みたければマクロを有効にして」、帰ってきたマクロウイルスの手口
http://itpro.nikkeibp.co.jp/atcl/news/15/021900606/?ST=security
ソリトンのRADIUS認証サーバー、連続失敗でアカウントロック
http://itpro.nikkeibp.co.jp/atcl/news/15/021900603/?ST=security
エクシード、延命のためのWindows Server 2003運用代行サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/15/021900598/?ST=security
約600匹の猫たちが状況をお知らせ、キングソフトが無料セキュリティソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/021900597/?ST=security
日本MS、「サイバークライムセンター日本サテライト」を開設
http://itpro.nikkeibp.co.jp/atcl/news/15/021900594/?ST=security
VU#529496 Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys
http://www.kb.cert.org/vuls/id/529496
REMOTE: jQuery jui_filter_rules PHP Code Execution
http://www.exploit-db.com/exploits/36124
2015年2月19日木曜日
19日 木曜日、先勝
+ squid 3.5.2, 3.4.12 released
http://www.squid-cache.org/Versions/v3/3.5/changesets/
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID_3_4_12.html
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Netgear WNDR Router SOAP Interface Discloses Authentication Information to Remote Users on the Local Network
http://www.securitytracker.com/id/1031762
+ PHP fileinfo Out-of-Bounds Memory Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
+ PHP Bugs Let Remote Users Deny Service or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1031757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
+ SA62976 MIT Kerberos 5 (krb5) "recvauth_common()" Denial of Service Vulnerability
http://secunia.com/advisories/62976/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
「.tokyo」ドメインの詐欺サイトが出現、1万件以上のアクセスを確認
http://itpro.nikkeibp.co.jp/atcl/news/15/021800589/?ST=security
2014年の日本へのサイバー攻撃関連通信は前年比倍増、NICT調べ
http://itpro.nikkeibp.co.jp/atcl/news/15/021800582/?ST=security
世界女子カーリング札幌大会サイトが改ざん、不正なファイルを仕込まれる
http://itpro.nikkeibp.co.jp/atcl/news/15/021800579/?ST=security
極めて高度なサイバー攻撃集団「Equation Group」、セキュリティ企業が報告
http://itpro.nikkeibp.co.jp/atcl/news/15/021800571/?ST=security
UPDATE: JVNVU#96347573 横河製品の HART Device DTM にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU96347573/
http://www.squid-cache.org/Versions/v3/3.5/changesets/
http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID_3_4_12.html
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Netgear WNDR Router SOAP Interface Discloses Authentication Information to Remote Users on the Local Network
http://www.securitytracker.com/id/1031762
+ PHP fileinfo Out-of-Bounds Memory Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1031758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
+ PHP Bugs Let Remote Users Deny Service or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1031757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
+ SA62976 MIT Kerberos 5 (krb5) "recvauth_common()" Denial of Service Vulnerability
http://secunia.com/advisories/62976/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355
「.tokyo」ドメインの詐欺サイトが出現、1万件以上のアクセスを確認
http://itpro.nikkeibp.co.jp/atcl/news/15/021800589/?ST=security
2014年の日本へのサイバー攻撃関連通信は前年比倍増、NICT調べ
http://itpro.nikkeibp.co.jp/atcl/news/15/021800582/?ST=security
世界女子カーリング札幌大会サイトが改ざん、不正なファイルを仕込まれる
http://itpro.nikkeibp.co.jp/atcl/news/15/021800579/?ST=security
極めて高度なサイバー攻撃集団「Equation Group」、セキュリティ企業が報告
http://itpro.nikkeibp.co.jp/atcl/news/15/021800571/?ST=security
UPDATE: JVNVU#96347573 横河製品の HART Device DTM にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU96347573/
2015年2月18日水曜日
18日 水曜日、大安
+ VMware Player 7.1 released
https://www.vmware.com/support/player/doc/player-71-release-notes.html
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ SA62404 MantisBT "filter_config_id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/62404/
+ SA62913 PHP Multiple Use-After-Free Vulnerabilities
http://secunia.com/advisories/62913/
JVNDB-2015-000018 C-BOARD Moyuku における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000018.html
JVNDB-2015-000017 Saurus CMS Community Edition におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000017.html
News & Trend
ポストパスワードの有力候補、ユーザー認証の新仕様「FIDO」が始動
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/021300167/?ST=security
マッキンゼーの7Sをセキュリティに応用、安全な経営を目指して
http://itpro.nikkeibp.co.jp/atcl/column/14/511845/021200006/?ST=security
大雪降っても慌てるな!スノータイヤやスコップ販売うたう詐欺サイトに注意
http://itpro.nikkeibp.co.jp/atcl/news/15/021700565/?ST=security
REMOTE: X360 VideoPlayer ActiveX Control Buffer Overflow
http://www.exploit-db.com/exploits/36100
REMOTE: Java JMX Server Insecure Configuration Java Code Execution
http://www.exploit-db.com/exploits/36101
2015年2月17日火曜日
17日 火曜日、仏滅
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ LANDesk Management Suite "AMTVersion" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/62356/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5360
News & Trend
「常時SSL」がセキュリティ対策の抜け穴に、対策を急げ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/021300168/?ST=security
楽天の偽サイトが2000件以上出現、偽の注文確認メールも出回る
http://itpro.nikkeibp.co.jp/atcl/news/15/021600548/?ST=security
米国のサイバー脅威対策で大統領令、官民の情報共有を促す
http://itpro.nikkeibp.co.jp/atcl/news/15/021600534/?ST=security
JVNVU#92987253 Henry Spencer の正規表現 (regex) ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU92987253/
UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
JVNVU#91424035 Microsoft Windows グループ ポリシーに脆弱性
http://jvn.jp/vu/JVNVU91424035/
JVNVU#96347573 横河製品の HART Device DTM にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU96347573/
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ LANDesk Management Suite "AMTVersion" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/62356/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5360
News & Trend
「常時SSL」がセキュリティ対策の抜け穴に、対策を急げ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/021300168/?ST=security
楽天の偽サイトが2000件以上出現、偽の注文確認メールも出回る
http://itpro.nikkeibp.co.jp/atcl/news/15/021600548/?ST=security
米国のサイバー脅威対策で大統領令、官民の情報共有を促す
http://itpro.nikkeibp.co.jp/atcl/news/15/021600534/?ST=security
JVNVU#92987253 Henry Spencer の正規表現 (regex) ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU92987253/
UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
JVNVU#91424035 Microsoft Windows グループ ポリシーに脆弱性
http://jvn.jp/vu/JVNVU91424035/
JVNVU#96347573 横河製品の HART Device DTM にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU96347573/
2015年2月16日月曜日
16日 月曜日、先負
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04568731&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321
+ Sysstat 11.0.3 released (stable version).
http://sebastien.godard.pagesperso-orange.fr/
+ Linux ASLR integer overflow
http://cxsecurity.com/issue/WLB-2015020074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593
+ Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)
http://cxsecurity.com/issue/WLB-2015020073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607
+ Google Email 4.4.2.0200 Denial Of Service
http://cxsecurity.com/issue/WLB-2015020072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1574
JVNDB-2015-000016 Android 版 スマホ通帳における情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000016.html
JVNDB-2015-000015 スマホ通帳における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000015.html
記者の眼
MSの情報公開に懸念、パッチの「事前通知終了」にかみつく理由
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/021000184/?ST=security
「わいせつ動画をばらまくぞ」――悪質アプリを使った「性的脅迫」に注意
http://itpro.nikkeibp.co.jp/atcl/news/15/021300531/?ST=security
ガソリンスタンドへのサイバー攻撃を確認、「アノニマス」が関与か
http://itpro.nikkeibp.co.jp/atcl/news/15/021300522/?ST=security
JVN#96155055 PerlTreeBBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN96155055/
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/
VU#695940 Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
http://www.kb.cert.org/vuls/id/695940
VU#787252 Microsoft Windows domain-configured client Group Policy fails to authenticate servers
http://www.kb.cert.org/vuls/id/787252
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03258 rev.1 - HP Insight Control server deployment Windows Pre-boot Execution Environment, Microsoft Schannel (Winshock) Remote Code Execution
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04568731&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6321
+ Sysstat 11.0.3 released (stable version).
http://sebastien.godard.pagesperso-orange.fr/
+ Linux ASLR integer overflow
http://cxsecurity.com/issue/WLB-2015020074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593
+ Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015)
http://cxsecurity.com/issue/WLB-2015020073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1607
+ Google Email 4.4.2.0200 Denial Of Service
http://cxsecurity.com/issue/WLB-2015020072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1574
JVNDB-2015-000016 Android 版 スマホ通帳における情報管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000016.html
JVNDB-2015-000015 スマホ通帳における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000015.html
記者の眼
MSの情報公開に懸念、パッチの「事前通知終了」にかみつく理由
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/021000184/?ST=security
「わいせつ動画をばらまくぞ」――悪質アプリを使った「性的脅迫」に注意
http://itpro.nikkeibp.co.jp/atcl/news/15/021300531/?ST=security
ガソリンスタンドへのサイバー攻撃を確認、「アノニマス」が関与か
http://itpro.nikkeibp.co.jp/atcl/news/15/021300522/?ST=security
JVN#96155055 PerlTreeBBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN96155055/
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/
VU#695940 Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability
http://www.kb.cert.org/vuls/id/695940
VU#787252 Microsoft Windows domain-configured client Group Policy fails to authenticate servers
http://www.kb.cert.org/vuls/id/787252
2015年2月13日金曜日
13日 金曜日、赤口
+ マイクロソフト セキュリティ アドバイザリ 3004375 Windows コマンド ライン監査の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3004375
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
世界のセキュリティ・ラボから
米国5300カ所のガソリンスタンドにハッキングのリスク
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/020900031/?ST=security
富士通SSL、データ復旧サポート付きのSaaS型ディスク暗号化ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/021200507/?ST=security
2014年のネットバンキング不正送金は約29億円で法人被害が激増、警察庁発表
http://itpro.nikkeibp.co.jp/atcl/news/15/021200505/?ST=security
IE11の「SSL 3.0」、2015年4月には既定で無効に
http://itpro.nikkeibp.co.jp/atcl/news/15/021200502/?ST=security
WindowsやIEなどに脆弱性が56件、ゼロデイ攻撃も確認
http://itpro.nikkeibp.co.jp/atcl/news/15/021200498/?ST=security
Facebook、セキュリティ専門家向けソーシャルプラットフォームを発表
http://itpro.nikkeibp.co.jp/atcl/news/15/021200499/?ST=security
https://technet.microsoft.com/ja-jp/library/security/3004375
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 3009008 SSL 3.0 の脆弱性により、情報漏えいが起こる
https://technet.microsoft.com/ja-jp/library/security/3009008
世界のセキュリティ・ラボから
米国5300カ所のガソリンスタンドにハッキングのリスク
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/020900031/?ST=security
富士通SSL、データ復旧サポート付きのSaaS型ディスク暗号化ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/021200507/?ST=security
2014年のネットバンキング不正送金は約29億円で法人被害が激増、警察庁発表
http://itpro.nikkeibp.co.jp/atcl/news/15/021200505/?ST=security
IE11の「SSL 3.0」、2015年4月には既定で無効に
http://itpro.nikkeibp.co.jp/atcl/news/15/021200502/?ST=security
WindowsやIEなどに脆弱性が56件、ゼロデイ攻撃も確認
http://itpro.nikkeibp.co.jp/atcl/news/15/021200498/?ST=security
Facebook、セキュリティ専門家向けソーシャルプラットフォームを発表
http://itpro.nikkeibp.co.jp/atcl/news/15/021200499/?ST=security
2015年2月12日木曜日
12日 木曜日、大安
+ 2015 年 2 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-feb
+ MS15-009 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (3034682)
https://technet.microsoft.com/library/security/MS15-009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071
+ MS15-010 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (3036220)
https://technet.microsoft.com/library/security/MS15-010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0060
+ MS15-011 - 緊急 グループ ポリシーの脆弱性により、リモートでコードが実行される (3000483)
https://technet.microsoft.com/library/security/MS15-011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008
+ MS15-012 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3032328)
https://technet.microsoft.com/library/security/MS15-012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0065
+ MS15-013 - 重要 Microsoft Office の脆弱性により、セキュリティ機能のバイパスが起こる (3033857)
https://technet.microsoft.com/library/security/MS15-013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6362
+ MS15-014 - 重要 グループ ポリシーの脆弱性により、セキュリティ機能のバイパスが起こる (3004361)
https://technet.microsoft.com/library/security/MS15-014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0009
+ MS15-015 - 重要 Microsoft Windows の脆弱性により、特権が昇格される (3031432)
https://technet.microsoft.com/library/security/MS15-015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062
+ MS15-016 - 重要 Microsoft Graphics コンポーネントの脆弱性により、情報の漏えいが起こる (3029944)
https://technet.microsoft.com/library/security/MS15-016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061
+ MS15-017 - 重要 Virtual Machine Manager の脆弱性により、特権が昇格される (3035898)
https://technet.microsoft.com/library/security/MS15-017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0012
+ RHSA-2015:0164 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0164.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822
+ RHSA-2015:0165 Moderate: subversion security update
https://rhn.redhat.com/errata/RHSA-2015-0165.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ RHSA-2015:0166 Moderate: subversion security update
https://access.redhat.com/errata/RHSA-2015:0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ nginx 1.7.10 released
http://nginx.org/en/CHANGES
+ CESA-2015:0164 Moderate CentOS 5 kernel Security Update
http://lwn.net/Alerts/632887/
+ CESA-2015:0166 Moderate CentOS 7 subversion Security Update
http://lwn.net/Alerts/632889/
+ CESA-2015:0165 Moderate CentOS 6 subversion Security Update
http://lwn.net/Alerts/632888/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco Secure Access Control System SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565856&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04558068&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7196
+ Linux kernel 3.19, 3.18.7, 3.14.33, 3.10.69 released
https://www.kernel.org/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.69
+ 「NTP(VU#852879)に関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp852879.html
+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
+ Sudo 1.7.10p9 released
http://www.sudo.ws/sudo/legacy.html#1.7.10p9
+ SA62884 Linux Kernel "em_sysenter()" Sysenter Instruction Emulation Vulnerability
http://secunia.com/advisories/62884/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239
+ SA62685 Adobe Reader CoolType.dll Buffer Overflow Vulnerability
http://secunia.com/advisories/62685/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9160
+ Apple Libc wordexp(3) Issue
http://cxsecurity.com/issue/WLB-2015020050
+ Android Futex Requeue Kernel Exploit
http://cxsecurity.com/issue/WLB-2015020047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
+ Apache Tomcat Request Smuggling
http://cxsecurity.com/issue/WLB-2015020046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ Linux Kernel 'nft_flush_table' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/72552
JVN#96155055 PerlTreeBBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN96155055/index.html
CSIRTメモ
チェックしておきたい脆弱性情報<2015.02.12>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/020900042/?ST=security
シマンテック代表取締役に関屋剛氏が就任
http://itpro.nikkeibp.co.jp/atcl/news/15/021000488/?ST=security
4割強のユーザーは「6個以上のパスワードを管理」、8割は「使い回す」
http://itpro.nikkeibp.co.jp/atcl/news/15/021000479/?ST=security
REMOTE: Achat v0.150 beta7 Buffer Overflow
http://www.exploit-db.com/exploits/36056
LOCAL: SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation
http://www.exploit-db.com/exploits/36052
LOCAL: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow
http://www.exploit-db.com/exploits/36053
https://technet.microsoft.com/ja-jp/library/security/ms15-feb
+ MS15-009 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (3034682)
https://technet.microsoft.com/library/security/MS15-009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071
+ MS15-010 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (3036220)
https://technet.microsoft.com/library/security/MS15-010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0060
+ MS15-011 - 緊急 グループ ポリシーの脆弱性により、リモートでコードが実行される (3000483)
https://technet.microsoft.com/library/security/MS15-011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008
+ MS15-012 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3032328)
https://technet.microsoft.com/library/security/MS15-012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0065
+ MS15-013 - 重要 Microsoft Office の脆弱性により、セキュリティ機能のバイパスが起こる (3033857)
https://technet.microsoft.com/library/security/MS15-013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6362
+ MS15-014 - 重要 グループ ポリシーの脆弱性により、セキュリティ機能のバイパスが起こる (3004361)
https://technet.microsoft.com/library/security/MS15-014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0009
+ MS15-015 - 重要 Microsoft Windows の脆弱性により、特権が昇格される (3031432)
https://technet.microsoft.com/library/security/MS15-015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062
+ MS15-016 - 重要 Microsoft Graphics コンポーネントの脆弱性により、情報の漏えいが起こる (3029944)
https://technet.microsoft.com/library/security/MS15-016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061
+ MS15-017 - 重要 Virtual Machine Manager の脆弱性により、特権が昇格される (3035898)
https://technet.microsoft.com/library/security/MS15-017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0012
+ RHSA-2015:0164 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0164.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822
+ RHSA-2015:0165 Moderate: subversion security update
https://rhn.redhat.com/errata/RHSA-2015-0165.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
+ RHSA-2015:0166 Moderate: subversion security update
https://access.redhat.com/errata/RHSA-2015:0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108
+ nginx 1.7.10 released
http://nginx.org/en/CHANGES
+ CESA-2015:0164 Moderate CentOS 5 kernel Security Update
http://lwn.net/Alerts/632887/
+ CESA-2015:0166 Moderate CentOS 7 subversion Security Update
http://lwn.net/Alerts/632889/
+ CESA-2015:0165 Moderate CentOS 6 subversion Security Update
http://lwn.net/Alerts/632888/
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco Secure Access Control System SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565856&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04558068&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7196
+ Linux kernel 3.19, 3.18.7, 3.14.33, 3.10.69 released
https://www.kernel.org/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.69
+ 「NTP(VU#852879)に関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp852879.html
+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
+ Sudo 1.7.10p9 released
http://www.sudo.ws/sudo/legacy.html#1.7.10p9
+ SA62884 Linux Kernel "em_sysenter()" Sysenter Instruction Emulation Vulnerability
http://secunia.com/advisories/62884/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239
+ SA62685 Adobe Reader CoolType.dll Buffer Overflow Vulnerability
http://secunia.com/advisories/62685/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9160
+ Apple Libc wordexp(3) Issue
http://cxsecurity.com/issue/WLB-2015020050
+ Android Futex Requeue Kernel Exploit
http://cxsecurity.com/issue/WLB-2015020047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153
+ Apache Tomcat Request Smuggling
http://cxsecurity.com/issue/WLB-2015020046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ Linux Kernel 'nft_flush_table' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/72552
JVN#96155055 PerlTreeBBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN96155055/index.html
CSIRTメモ
チェックしておきたい脆弱性情報<2015.02.12>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/020900042/?ST=security
シマンテック代表取締役に関屋剛氏が就任
http://itpro.nikkeibp.co.jp/atcl/news/15/021000488/?ST=security
4割強のユーザーは「6個以上のパスワードを管理」、8割は「使い回す」
http://itpro.nikkeibp.co.jp/atcl/news/15/021000479/?ST=security
REMOTE: Achat v0.150 beta7 Buffer Overflow
http://www.exploit-db.com/exploits/36056
LOCAL: SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation
http://www.exploit-db.com/exploits/36052
LOCAL: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow
http://www.exploit-db.com/exploits/36053
2015年2月10日火曜日
10日 火曜日、先負
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Apache Tomcat 7.0.59 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Postfix 3.0.0, 2.11.4, 2.10.6, 2.9.12, 2.8.20 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.0.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.6.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.20.HISTORY
+ Sudo 1.8.12 released
http://www.sudo.ws/sudo/stable.html#1.8.12
+ Sudo: Arbitrary file access via TZ environment variable
http://www.sudo.ws/sudo/alerts/tz.html
+ Gecko CMS 2.3 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2015010058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1424
+ Trend Micro Multiple Products Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2015020030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9641
+ SA62768 Apache Tomcat Chunked Request Handling Vulnerability
http://secunia.com/advisories/62768/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ PHP 'exif_process_unicode()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
+ PHP CVE-2015-0231 Incomplete Fix Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
+ PHP wdsl Extension CVE-2013-6501 Security Weakness
http://www.securityfocus.com/bid/72530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6501
新人D太と先輩M子のITビジネス日誌
サイバー攻撃の被害を最小にする組織「CSIRT」はどうやってつくる?
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/020400014/?ST=security
EMC、ガバナンス機能に注力したアイデンティティ管理ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/020900465/?ST=security
「UACを回避して管理者権限で実行」――不正送金ウイルスの新手口
http://itpro.nikkeibp.co.jp/atcl/news/15/020900463/?ST=security
米大手保険会社にサイバー攻撃、顧客・従業員8000万人の情報漏洩
http://itpro.nikkeibp.co.jp/atcl/news/15/020900461/?ST=security
DoS/PoC: MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC
http://www.exploit-db.com/exploits/36022
DoS/PoC: Chemtool 1.6.14 - Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/36024
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Apache Tomcat 7.0.59 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ Postfix 3.0.0, 2.11.4, 2.10.6, 2.9.12, 2.8.20 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.0.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.6.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.20.HISTORY
+ Sudo 1.8.12 released
http://www.sudo.ws/sudo/stable.html#1.8.12
+ Sudo: Arbitrary file access via TZ environment variable
http://www.sudo.ws/sudo/alerts/tz.html
+ Gecko CMS 2.3 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2015010058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1424
+ Trend Micro Multiple Products Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2015020030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9641
+ SA62768 Apache Tomcat Chunked Request Handling Vulnerability
http://secunia.com/advisories/62768/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
+ PHP 'exif_process_unicode()' Function Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
+ PHP CVE-2015-0231 Incomplete Fix Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/72539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
+ PHP wdsl Extension CVE-2013-6501 Security Weakness
http://www.securityfocus.com/bid/72530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6501
新人D太と先輩M子のITビジネス日誌
サイバー攻撃の被害を最小にする組織「CSIRT」はどうやってつくる?
http://itpro.nikkeibp.co.jp/atcl/column/14/493082/020400014/?ST=security
EMC、ガバナンス機能に注力したアイデンティティ管理ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/020900465/?ST=security
「UACを回避して管理者権限で実行」――不正送金ウイルスの新手口
http://itpro.nikkeibp.co.jp/atcl/news/15/020900463/?ST=security
米大手保険会社にサイバー攻撃、顧客・従業員8000万人の情報漏洩
http://itpro.nikkeibp.co.jp/atcl/news/15/020900461/?ST=security
DoS/PoC: MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC
http://www.exploit-db.com/exploits/36022
DoS/PoC: Chemtool 1.6.14 - Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/36024
2015年2月9日月曜日
9日 月曜日、友引
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ CESA-2015:0118 Moderate CentOS 7 mariadb Security Update
http://lwn.net/Alerts/632226/
+ VMware Player 6.0.5 released
https://www.vmware.com/support/player60/doc/player-605-release-notes.html
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP
+ Linux kernel 3.18.6, 3.14.32, 3.10.68 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.68
+ glibc 2.21 released
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Bypass Same-Origin Restrictions
http://www.securitytracker.com/id/1031709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ SA62806 PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/62806/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
+ SA62787 OpenLDAP slapd Two Denial of Service Vulnerabilities
http://secunia.com/advisories/62787/
+ SA62393 Linux Kernel "dst_entries" Caching Denial of Service Vulnerability
http://secunia.com/advisories/62393/
+ SA62831 PHP "header()" HTTP Response Splitting Vulnerability
http://secunia.com/advisories/62831/
+ SA62777 Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/62777/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ SA62779 Trend Micro Titanium Internet Security "tmeext.sys" Privilege Escalation Vulnerability
http://secunia.com/advisories/62779/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9641
+ SA62670 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/62670/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ PHP/LLVM/MYSQL/BSD regex library Heap Buffer Overflow
http://cxsecurity.com/issue/WLB-2015020029
+ Windows tcpip.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2015020024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076
from テレコムインサイド
[スクープ]「VAIOスマホ」は法人用途も重視、不正侵入防止アプリを搭載へ
http://itpro.nikkeibp.co.jp/atcl/column/15/012600016/020400006/?ST=security
News & Trend
住所不要の通信教育やボディスキャナー、ベネッセの“常識を超える”施策は実を結ぶか
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/020800162/?ST=security
IPAが「情報セキュリティ10大脅威 2015」を発表、オンライン銀行狙う不正が1位
http://itpro.nikkeibp.co.jp/atcl/news/15/020600451/?ST=security
WebアクセスだけでPCを乗っ取られる恐れ、Flash Playerを狙う恐るべき攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/020600450/?ST=security
JVNVU#93696199 Ektron CMS に複数の脆弱性
http://jvn.jp/vu/JVNVU93696199/
JVNVU#96466523 Topline Systems Opportunity Form に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU96466523/
https://technet.microsoft.com/ja-jp/library/security/2755801
+ CESA-2015:0118 Moderate CentOS 7 mariadb Security Update
http://lwn.net/Alerts/632226/
+ VMware Player 6.0.5 released
https://www.vmware.com/support/player60/doc/player-605-release-notes.html
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP
+ Linux kernel 3.18.6, 3.14.32, 3.10.68 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.68
+ glibc 2.21 released
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Bypass Same-Origin Restrictions
http://www.securitytracker.com/id/1031709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ SA62806 PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/62806/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
+ SA62787 OpenLDAP slapd Two Denial of Service Vulnerabilities
http://secunia.com/advisories/62787/
+ SA62393 Linux Kernel "dst_entries" Caching Denial of Service Vulnerability
http://secunia.com/advisories/62393/
+ SA62831 PHP "header()" HTTP Response Splitting Vulnerability
http://secunia.com/advisories/62831/
+ SA62777 Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/62777/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ SA62779 Trend Micro Titanium Internet Security "tmeext.sys" Privilege Escalation Vulnerability
http://secunia.com/advisories/62779/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9641
+ SA62670 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/62670/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ PHP/LLVM/MYSQL/BSD regex library Heap Buffer Overflow
http://cxsecurity.com/issue/WLB-2015020029
+ Windows tcpip.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2015020024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076
from テレコムインサイド
[スクープ]「VAIOスマホ」は法人用途も重視、不正侵入防止アプリを搭載へ
http://itpro.nikkeibp.co.jp/atcl/column/15/012600016/020400006/?ST=security
News & Trend
住所不要の通信教育やボディスキャナー、ベネッセの“常識を超える”施策は実を結ぶか
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/020800162/?ST=security
IPAが「情報セキュリティ10大脅威 2015」を発表、オンライン銀行狙う不正が1位
http://itpro.nikkeibp.co.jp/atcl/news/15/020600451/?ST=security
WebアクセスだけでPCを乗っ取られる恐れ、Flash Playerを狙う恐るべき攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/020600450/?ST=security
JVNVU#93696199 Ektron CMS に複数の脆弱性
http://jvn.jp/vu/JVNVU93696199/
JVNVU#96466523 Topline Systems Opportunity Form に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU96466523/
2015年2月6日金曜日
6日 金曜日、大安
+ RHSA-2015:0133 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2015:0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
+ Google Chrome 40.0.2214.111 released
http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ APSB15-04 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ phpMyAdmin 4.3.9 released
http://sourceforge.net/p/phpmyadmin/news/2015/02/phpmyadmin-439-release-notes/
+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
http://www.postgresql.org/docs/9.3/static/release-9-3-6.html
http://www.postgresql.org/docs/9.2/static/release-9-2-10.html
http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
http://www.postgresql.org/docs/9.0/static/release-9-0-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
+ Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ PHP 5.6.3 unserialize() execute arbitrary code
http://cxsecurity.com/issue/WLB-2014120160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
+ NTP "vallen" Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/62771/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/index.html
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/
世界のセキュリティ・ラボから
Windows 10、セキュリティ意識の高い未来に向けて
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/020200030/?ST=security
Flash Playerの最新版が提供開始、危険なゼロデイ脆弱性を修正
http://itpro.nikkeibp.co.jp/atcl/news/15/020500426/?ST=security
中国、インターネットサービスの実名登録を義務づける新規制
http://itpro.nikkeibp.co.jp/atcl/news/15/020500424/?ST=security
VU#377644 Ektron Content Management System (CMS) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/377644
VU#669156 Topline Systems Opportunity Form vulnerable to information disclosure
http://www.kb.cert.org/vuls/id/669156
REMOTE: Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit
http://www.exploit-db.com/exploits/35995
https://access.redhat.com/errata/RHSA-2015:0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
+ Google Chrome 40.0.2214.111 released
http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212
+ APSB15-04 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ phpMyAdmin 4.3.9 released
http://sourceforge.net/p/phpmyadmin/news/2015/02/phpmyadmin-439-release-notes/
+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
http://www.postgresql.org/docs/9.3/static/release-9-3-6.html
http://www.postgresql.org/docs/9.2/static/release-9-2-10.html
http://www.postgresql.org/docs/9.1/static/release-9-1-15.html
http://www.postgresql.org/docs/9.0/static/release-9-0-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
+ Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330
+ PHP 5.6.3 unserialize() execute arbitrary code
http://cxsecurity.com/issue/WLB-2014120160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
+ NTP "vallen" Information Disclosure and Denial of Service Vulnerabilities
http://secunia.com/advisories/62771/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9297
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/index.html
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/
JVN#17480391 shiromuku(u1)GUESTBOOK におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN17480391/
世界のセキュリティ・ラボから
Windows 10、セキュリティ意識の高い未来に向けて
http://itpro.nikkeibp.co.jp/atcl/column/14/264220/020200030/?ST=security
Flash Playerの最新版が提供開始、危険なゼロデイ脆弱性を修正
http://itpro.nikkeibp.co.jp/atcl/news/15/020500426/?ST=security
中国、インターネットサービスの実名登録を義務づける新規制
http://itpro.nikkeibp.co.jp/atcl/news/15/020500424/?ST=security
VU#377644 Ektron Content Management System (CMS) contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/377644
VU#669156 Topline Systems Opportunity Form vulnerable to information disclosure
http://www.kb.cert.org/vuls/id/669156
REMOTE: Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit
http://www.exploit-db.com/exploits/35995
2015年2月5日木曜日
5日 木曜日、仏滅
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco WebEx Meetings Server Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
+ HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04560440&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
+ HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04553458&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03250 rev.1 - HP Cloudsystem Foundation and HP CloudSystem Enterprise Software running Bash Shell and OpenSSL, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04561445&docLocale=ja_JP
+ HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04553906&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7883
+ HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04558068&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7196
+ NTP 4.2.8p1 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ LOCAL: AVG Internet Security 2015 Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35993
+ Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability
http://secunia.com/advisories/62658/
+ Kerberos Multiple Vulnerabilities
http://secunia.com/advisories/62770/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
+ Microsoft Internet Explorer Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/72489
インサイダー情報を盗み出す脅威グループ「FIN4」に注意
http://itpro.nikkeibp.co.jp/atcl/news/15/020400416/?ST=security
ベネッセが全身検査装置を導入、情報漏洩対策で
http://itpro.nikkeibp.co.jp/atcl/news/15/020400421/?ST=security
Flash Playerに危険な脆弱性が相次ぐ、動画サイト経由の「ゼロデイ攻撃」も
http://itpro.nikkeibp.co.jp/atcl/news/15/020400420/?ST=security
LOCAL: BullGuard Multiple Products Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35994
LOCAL: K7 Computing Multiple Products Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35992
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Cisco WebEx Meetings Server Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150204-wbx
+ HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04560440&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
+ HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04553458&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
+ HPSBGN03250 rev.1 - HP Cloudsystem Foundation and HP CloudSystem Enterprise Software running Bash Shell and OpenSSL, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04561445&docLocale=ja_JP
+ HPSBMU03239 rev.1 - HP UCMDB, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04553906&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7883
+ HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04558068&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7196
+ NTP 4.2.8p1 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ LOCAL: AVG Internet Security 2015 Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35993
+ Microsoft Internet Explorer Same Origin Policy Bypass Vulnerability
http://secunia.com/advisories/62658/
+ Kerberos Multiple Vulnerabilities
http://secunia.com/advisories/62770/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
+ Microsoft Internet Explorer Same Origin Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/72489
インサイダー情報を盗み出す脅威グループ「FIN4」に注意
http://itpro.nikkeibp.co.jp/atcl/news/15/020400416/?ST=security
ベネッセが全身検査装置を導入、情報漏洩対策で
http://itpro.nikkeibp.co.jp/atcl/news/15/020400421/?ST=security
Flash Playerに危険な脆弱性が相次ぐ、動画サイト経由の「ゼロデイ攻撃」も
http://itpro.nikkeibp.co.jp/atcl/news/15/020400420/?ST=security
LOCAL: BullGuard Multiple Products Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35994
LOCAL: K7 Computing Multiple Products Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35992
2015年2月4日水曜日
4日 水曜日、先負
+ RHSA-2015:0118 Moderate: mariadb security update
https://access.redhat.com/errata/RHSA-2015:0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/index.html
+ MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
+ Microsoft Internet Explorer Cross-Site Scripting Flaw Lets Remote Users Bypass Same Origin Policy
http://www.securitytracker.com/id/1031689
+ LOCAL: MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
http://www.exploit-db.com/exploits/35983
+ Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
http://cxsecurity.com/issue/WLB-2015020012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016
+ Internet Explorer 11 Same Origin Bypass
http://cxsecurity.com/issue/WLB-2015020011
CSIRTメモ
チェックしておきたい脆弱性情報<2015.02.04>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/020200041/?ST=security
ニフティ、家庭内のデバイスを保護するセキュリティサービス
http://itpro.nikkeibp.co.jp/atcl/news/15/020300395/?ST=security
首都大学東京から10万通の迷惑メール、学内のNASが踏み台に
http://itpro.nikkeibp.co.jp/atcl/news/15/020300390/?ST=security
JVNVU#93153088 SerVision HVG Video Gateway のウェブインターフェースに複数の脆弱性
http://jvn.jp/vu/JVNVU93153088/
JVN#88559134 シンクグラフィカ製ダウンロードログCGI におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN88559134/
https://access.redhat.com/errata/RHSA-2015:0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd
+ UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/index.html
+ MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
+ Microsoft Internet Explorer Cross-Site Scripting Flaw Lets Remote Users Bypass Same Origin Policy
http://www.securitytracker.com/id/1031689
+ LOCAL: MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
http://www.exploit-db.com/exploits/35983
+ Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
http://cxsecurity.com/issue/WLB-2015020012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0016
+ Internet Explorer 11 Same Origin Bypass
http://cxsecurity.com/issue/WLB-2015020011
CSIRTメモ
チェックしておきたい脆弱性情報<2015.02.04>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/020200041/?ST=security
ニフティ、家庭内のデバイスを保護するセキュリティサービス
http://itpro.nikkeibp.co.jp/atcl/news/15/020300395/?ST=security
首都大学東京から10万通の迷惑メール、学内のNASが踏み台に
http://itpro.nikkeibp.co.jp/atcl/news/15/020300390/?ST=security
JVNVU#93153088 SerVision HVG Video Gateway のウェブインターフェースに複数の脆弱性
http://jvn.jp/vu/JVNVU93153088/
JVN#88559134 シンクグラフィカ製ダウンロードログCGI におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN88559134/
2015年2月3日火曜日
3日 火曜日、友引
+ APSA15-02 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
+ Linux kernel 3.4.106 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.106
+ MySQL 5.6.23, 5.5.42 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-23.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html
+ Adobe Flash Player Unspecified Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
+ glibc 2.19 swscanf resource exhaustion
http://cxsecurity.com/issue/WLB-2015020006
+ Linux Kernel 'sk_dst_get()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/72435
Windows操作を録画するソフトに新版、スマホ接続も記録
http://itpro.nikkeibp.co.jp/atcl/news/15/020200382/?ST=security
“ブラックIPリスト”で不正ログインを検知、米Capyが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/15/020200377/?ST=security
警告メッセージに慌てるな!ソフトを売り込む悪質な手口
http://itpro.nikkeibp.co.jp/atcl/news/15/020200374/?ST=security
VU#522460 SerVision HVG Video Gateway web interface contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/522460
2015年2月2日月曜日
2日 月曜日、先勝
+ Google Chrome 40.0.2214.94 released
http://googlechromereleases.blogspot.jp/2015/01/stable-channel-update_30.html
+ CESA-2015:0102 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/631281/
+ CESA-2015:0100 Moderate CentOS 7 libyaml Security Update
http://lwn.net/Alerts/631282/
+ CESA-2015:0102 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/631280/
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Linux kernel 3.18.5, 3.14.31, 3.12.37, 3.10.67 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.37
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.67
+ HS15-003 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-003/index.html
+ HS15-002 Cross-site Scripting Vulnerability in Hitachi Application Server Help
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-002/index.html
+ HS15-001 Cross-site Scripting Vulnerability in Hitachi Command Suite Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
+ HS15-003 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-003/index.html
+ HS15-002 Hitachi Application Server ヘルプにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-002/index.html
+ HS15-001 Hitachi Command Suite製品におけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-001/index.html
+ patch 2.7.4 released
http://ftp.gnu.org/gnu/patch/?C=M;O=D
+ LOCAL: McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35953
+ iTunes 12.1 for Windows: still outdated
http://cxsecurity.com/issue/WLB-2015020003
JVNDB-2015-000001 サイボウズ リモートサービスマネージャーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000001.html
JVNDB-2015-000010 Fumy News Clipper におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000010.html
「Winny」などの利用者は15万人、逮捕者の半数は「Share」が原因
http://itpro.nikkeibp.co.jp/atcl/news/15/013000357/?ST=security
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/index.html
JVN#13566542 サイボウズ リモートサービスマネージャーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN13566542/index.html
JVN#33735535 Fumy News Clipper におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN33735535/index.html
http://googlechromereleases.blogspot.jp/2015/01/stable-channel-update_30.html
+ CESA-2015:0102 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/631281/
+ CESA-2015:0100 Moderate CentOS 7 libyaml Security Update
http://lwn.net/Alerts/631282/
+ CESA-2015:0102 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/631280/
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ Linux kernel 3.18.5, 3.14.31, 3.12.37, 3.10.67 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.37
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.67
+ HS15-003 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-003/index.html
+ HS15-002 Cross-site Scripting Vulnerability in Hitachi Application Server Help
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-002/index.html
+ HS15-001 Cross-site Scripting Vulnerability in Hitachi Command Suite Products
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-001/index.html
+ HS15-003 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-003/index.html
+ HS15-002 Hitachi Application Server ヘルプにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-002/index.html
+ HS15-001 Hitachi Command Suite製品におけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-001/index.html
+ patch 2.7.4 released
http://ftp.gnu.org/gnu/patch/?C=M;O=D
+ LOCAL: McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation
http://www.exploit-db.com/exploits/35953
+ iTunes 12.1 for Windows: still outdated
http://cxsecurity.com/issue/WLB-2015020003
JVNDB-2015-000001 サイボウズ リモートサービスマネージャーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000001.html
JVNDB-2015-000010 Fumy News Clipper におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000010.html
「Winny」などの利用者は15万人、逮捕者の半数は「Share」が原因
http://itpro.nikkeibp.co.jp/atcl/news/15/013000357/?ST=security
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/index.html
JVN#13566542 サイボウズ リモートサービスマネージャーにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN13566542/index.html
JVN#33735535 Fumy News Clipper におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN33735535/index.html
登録:
投稿 (Atom)