2015年3月20日金曜日

20日 金曜日、友引

+ Google Chrome 41.0.2272.101 released
http://googlechromereleases.blogspot.jp/2015/03/stable-channel-update_19.html

+ CESA-2015:0696 Important CentOS 6 freetype Security Update
http://lwn.net/Alerts/637271/

+ CESA-2015:0700 Moderate CentOS 6 unzip Security Update
http://lwn.net/Alerts/637272/

+ UPDATE: Cisco Secure Access Control System SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ Linux kernel 3.12.39 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.39

+ OpenSSL 1.0.2a, 1.0.1m, 1.0.0r, 0.9.8zf released
http://www.openssl.org/news/openssl-1.0.2-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html
http://www.openssl.org/news/openssl-1.0.0-notes.html
http://www.openssl.org/news/openssl-0.9.8-notes.html

+ OpenSSL Security Advisory [19 Mar 2015]
http://www.openssl.org/news/secadv_20150319.txt
http://www.openssl.org/news/vulnerabilities.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288

+ PHP Memory Handling Error in phar Extension Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301

+ PHP Heap Overflow in ereg Extension Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305

+ PHP DateTimeZone Use-After-Free Memory Error in unserialize() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1031945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273

+ LOCAL: Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege
http://www.exploit-db.com/exploits/36424/

+ libzip "_zip_cdir_new()" Integer Overflow Vulnerability
http://secunia.com/advisories/63323/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331

「サイバー脅威に適切に対応すれば評判は落ちない」、RSAが提言
http://itpro.nikkeibp.co.jp/atcl/news/15/031901021/?ST=security

REMOTE: TWiki Debugenableplugins Remote Code Execution
http://www.exploit-db.com/exploits/36438/

LOCAL: Publish-It PUI Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/36437/

DoS/PoC: FastStone Image Viewer 5.3 .tga Crash PoC
http://www.exploit-db.com/exploits/36431/

DoS/PoC: Fortinet Single Sign On Stack Overflow
http://www.exploit-db.com/exploits/36422/

0 件のコメント:

コメントを投稿