2015年2月12日木曜日

12日 木曜日、大安

+ 2015 年 2 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-feb

+ MS15-009 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (3034682)
https://technet.microsoft.com/library/security/MS15-009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0071

+ MS15-010 - 緊急 Windows カーネルモード ドライバーの脆弱性により、リモートでコードが実行される (3036220)
https://technet.microsoft.com/library/security/MS15-010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0060

+ MS15-011 - 緊急 グループ ポリシーの脆弱性により、リモートでコードが実行される (3000483)
https://technet.microsoft.com/library/security/MS15-011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0008

+ MS15-012 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3032328)
https://technet.microsoft.com/library/security/MS15-012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0065

+ MS15-013 - 重要 Microsoft Office の脆弱性により、セキュリティ機能のバイパスが起こる (3033857)
https://technet.microsoft.com/library/security/MS15-013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6362

+ MS15-014 - 重要 グループ ポリシーの脆弱性により、セキュリティ機能のバイパスが起こる (3004361)
https://technet.microsoft.com/library/security/MS15-014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0009

+ MS15-015 - 重要 Microsoft Windows の脆弱性により、特権が昇格される (3031432)
https://technet.microsoft.com/library/security/MS15-015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0062

+ MS15-016 - 重要 Microsoft Graphics コンポーネントの脆弱性により、情報の漏えいが起こる (3029944)
https://technet.microsoft.com/library/security/MS15-016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0061

+ MS15-017 - 重要 Virtual Machine Manager の脆弱性により、特権が昇格される (3035898)
https://technet.microsoft.com/library/security/MS15-017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0012



+ RHSA-2015:0164 Moderate: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-0164.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7822

+ RHSA-2015:0165 Moderate: subversion security update
https://rhn.redhat.com/errata/RHSA-2015-0165.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580

+ RHSA-2015:0166 Moderate: subversion security update
https://access.redhat.com/errata/RHSA-2015:0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108

+ nginx 1.7.10 released
http://nginx.org/en/CHANGES

+ CESA-2015:0164 Moderate CentOS 5 kernel Security Update
http://lwn.net/Alerts/632887/

+ CESA-2015:0166 Moderate CentOS 7 subversion Security Update
http://lwn.net/Alerts/632889/

+ CESA-2015:0165 Moderate CentOS 6 subversion Security Update
http://lwn.net/Alerts/632888/

+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd

+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

+ Cisco Secure Access Control System SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs

+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBGN03254 rev.1 - HP Service Health Analyzer running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565856&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBGN03252 rev.1 - HP AppPulse Active running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565853&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBMU03245 rev.1 - HP Insight Control server deployment Linux Preboot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04556845&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

+ HPSBMU03246 rev.1 - HP Insight Control for Linux Central Management Server Pre-boot Execution Environment running Bash Shell, Multiple Vulnerabilities
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04558068&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7196

+ Linux kernel 3.19, 3.18.7, 3.14.33, 3.10.69 released
https://www.kernel.org/
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.7
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.33
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.69

+ 「NTP(VU#852879)に関する脆弱性」のご報告
http://www.hitachi.co.jp/Prod/comp/network/notice/ntp852879.html

+ PostgreSQL 9.4.1, 9.3.6, 9.2.10, 9.1.15 & 9.0.19 Released
http://www.postgresql.org/about/news/1569/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161

+ Sudo 1.7.10p9 released
http://www.sudo.ws/sudo/legacy.html#1.7.10p9

+ SA62884 Linux Kernel "em_sysenter()" Sysenter Instruction Emulation Vulnerability
http://secunia.com/advisories/62884/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0239

+ SA62685 Adobe Reader CoolType.dll Buffer Overflow Vulnerability
http://secunia.com/advisories/62685/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9160

+ Apple Libc wordexp(3) Issue
http://cxsecurity.com/issue/WLB-2015020050

+ Android Futex Requeue Kernel Exploit
http://cxsecurity.com/issue/WLB-2015020047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153

+ Apache Tomcat Request Smuggling
http://cxsecurity.com/issue/WLB-2015020046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227

+ Linux Kernel 'nft_flush_table' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/72552

JVN#96155055 PerlTreeBBS におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN96155055/index.html

CSIRTメモ
チェックしておきたい脆弱性情報<2015.02.12>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/020900042/?ST=security

シマンテック代表取締役に関屋剛氏が就任
http://itpro.nikkeibp.co.jp/atcl/news/15/021000488/?ST=security

4割強のユーザーは「6個以上のパスワードを管理」、8割は「使い回す」
http://itpro.nikkeibp.co.jp/atcl/news/15/021000479/?ST=security

REMOTE: Achat v0.150 beta7 Buffer Overflow
http://www.exploit-db.com/exploits/36056

LOCAL: SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation
http://www.exploit-db.com/exploits/36052

LOCAL: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow
http://www.exploit-db.com/exploits/36053

0 件のコメント:

コメントを投稿