2015年2月9日月曜日

9日 月曜日、友引

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ CESA-2015:0118 Moderate CentOS 7 mariadb Security Update
http://lwn.net/Alerts/632226/

+ VMware Player 6.0.5 released
https://www.vmware.com/support/player60/doc/player-605-release-notes.html

+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

+ HPSBGN03255 rev.1 - HP OpenCall Media Platform (OCMP) running SSLv3, Remote Denial of Service (DoS),Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04566948&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

+ HPSBGN03253 rev.1 - HP Business Process Insight (BPI) running SSLv3, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04565855&docLocale=ja_JP

+ Linux kernel 3.18.6, 3.14.32, 3.10.68 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.6
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.32
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.68

+ glibc 2.21 released
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/

+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Bypass Same-Origin Restrictions
http://www.securitytracker.com/id/1031709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212

+ SA62806 PostgreSQL Multiple Vulnerabilities
http://secunia.com/advisories/62806/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0244

+ SA62787 OpenLDAP slapd Two Denial of Service Vulnerabilities
http://secunia.com/advisories/62787/

+ SA62393 Linux Kernel "dst_entries" Caching Denial of Service Vulnerability
http://secunia.com/advisories/62393/

+ SA62831 PHP "header()" HTTP Response Splitting Vulnerability
http://secunia.com/advisories/62831/

+ SA62777 Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/62777/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0330

+ SA62779 Trend Micro Titanium Internet Security "tmeext.sys" Privilege Escalation Vulnerability
http://secunia.com/advisories/62779/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9641

+ SA62670 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/62670/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1212

+ PHP/LLVM/MYSQL/BSD regex library Heap Buffer Overflow
http://cxsecurity.com/issue/WLB-2015020029

+ Windows tcpip.sys Arbitrary Write Privilege Escalation
http://cxsecurity.com/issue/WLB-2015020024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4076

from テレコムインサイド
[スクープ]「VAIOスマホ」は法人用途も重視、不正侵入防止アプリを搭載へ
http://itpro.nikkeibp.co.jp/atcl/column/15/012600016/020400006/?ST=security

News & Trend
住所不要の通信教育やボディスキャナー、ベネッセの“常識を超える”施策は実を結ぶか
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/020800162/?ST=security

IPAが「情報セキュリティ10大脅威 2015」を発表、オンライン銀行狙う不正が1位
http://itpro.nikkeibp.co.jp/atcl/news/15/020600451/?ST=security

WebアクセスだけでPCを乗っ取られる恐れ、Flash Playerを狙う恐るべき攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/020600450/?ST=security

JVNVU#93696199 Ektron CMS に複数の脆弱性
http://jvn.jp/vu/JVNVU93696199/

JVNVU#96466523 Topline Systems Opportunity Form に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU96466523/

0 件のコメント:

コメントを投稿