2015年4月14日火曜日

14日 火曜日、先負

+ RHSA-2015:0800 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2015-0800.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293

+ CESA-2015:0797 Moderate CentOS 6 xorg-x11-server Security Update
http://lwn.net/Alerts/640130/

+ phpMyAdmin 4.4.2 released
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.4.2/phpMyAdmin-4.4.2-notes.html/view

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ UPDATE: Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd

+ HPSBGN03316 rev.1 - HP Support Solution Framework on Windows, Remote Execution of Code, Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04634535&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2114

+ Linux kernel 3.19.4, 3.14.38, 3.10.74 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.4
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.38
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.74

+ Postfix 3.0.1, 2.11.5, 2.10.7, 2.9.13 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.1.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.7.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.13.HISTORY

+ VU#672268 Microsoft Windows NTLM automatically authenticates via SMB when following a file:// URL
http://www.kb.cert.org/vuls/id/672268

+ REMOTE: Adobe Flash Player casi32 Integer Overflow
http://www.exploit-db.com/exploits/36744/

+ LOCAL: Mac OS X "Rootpipe" Privilege Escalation
http://www.exploit-db.com/exploits/36745/

+ DoS/PoC: Linux Kernel splice() System Call - Local DoS
http://www.exploit-db.com/exploits/36743/

+ Safari Cross-Domain Hijacking
http://cxsecurity.com/issue/WLB-2015040066

+ net-snmp snmp_pdu_parse() function incompletely initializaition vulnerability
http://cxsecurity.com/issue/WLB-2015040064

UPDATE: JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/

富士通SSLが「Tectia SSH」の取り扱いを開始
http://itpro.nikkeibp.co.jp/atcl/news/15/041301290/?ST=security

中国の新サイバー兵器「Great Cannon」、カナダの研究チームが報告
http://itpro.nikkeibp.co.jp/atcl/news/15/041301287/?ST=security

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)