+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2015:1526 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1526.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ Selenium Standalone Server 2.47.0 released
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 2.47.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Selenium Client & WebDriver 2.47.0 released
http://docs.seleniumhq.org/download/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4291
+ HPSBGN03372 rev.1 - HP Business Process Monitor using RC4, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04739254&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ HPSBGN03367 rev.1 - HP TransactionVision with RC4 Stream Cipher, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04727082&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Linux kernel 3.12.45 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.45
+ UPDATE: Oracle Critical Patch Update Advisory - July 2015
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
+ SYM15-007 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Multiple Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1492
+ OpenBSD patch Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1033126
+ Internet Explorer 11 Remote Crash POC
http://cxsecurity.com/issue/WLB-2015070140
News & Trend
緊急対応依頼が急増、サイバー攻撃対策の理想と現実のギャップが浮き彫りに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072900309/?ST=security
チェックしておきたい脆弱性情報<2015.07.31>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072700069/?ST=security
シャトレーゼにSQLインジェクション攻撃、Web会員情報約21万人分流出の可能性
http://itpro.nikkeibp.co.jp/atcl/news/15/073002537/?ST=security
日立ソリューションズ、Salesforceの利用状況を見える化するダッシュボードを提供
http://itpro.nikkeibp.co.jp/atcl/news/15/073002526/?ST=security
メッセージ受信だけでスマホ遠隔操作の恐れ、ほぼ全てのAndroidに脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/15/073002520/?ST=security
「日本市場は追い風」、セキュリティベンダーのデジタルガーディアンが日本で攻勢に
http://itpro.nikkeibp.co.jp/atcl/news/15/073002519/?ST=security
VU#577140 BIOS implementations fail to properly set UEFI write protections after waking from sleep mode
http://www.kb.cert.org/vuls/id/577140
2015年7月31日金曜日
2015年7月30日木曜日
30日 木曜日、友引
+ CESA-2015:1513 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/652757/
+ CESA-2015:1514 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/652758/
+ CESA-2015:1515 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/652759/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ JVNVU#91955066 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91955066/
+ FreeBSD TCP Reassembly Flaw Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1033111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1417
+ FreeBSD patch(1) Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1033110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
+ ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1033100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ McAfee Application Control Bypass / Driver Issues
http://cxsecurity.com/issue/WLB-2015070137
JVNDB-2015-000109 yoyaku_v41 における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000109.html
JVNDB-2015-000108 yoyaku_v41 における認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000108.html
JVNDB-2015-000107 yoyaku_v41 における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000107.html
チェックしておきたい脆弱性情報<2015.07.29>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072700068/?ST=security
JVNVU#92141772 Android Stagefright に複数の脆弱性
http://jvn.jp/vu/JVNVU92141772/
http://lwn.net/Alerts/652757/
+ CESA-2015:1514 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/652758/
+ CESA-2015:1515 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/652759/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ JVNVU#91955066 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91955066/
+ FreeBSD TCP Reassembly Flaw Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1033111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1417
+ FreeBSD patch(1) Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1033110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
+ ISC BIND TKEY Query Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1033100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ McAfee Application Control Bypass / Driver Issues
http://cxsecurity.com/issue/WLB-2015070137
JVNDB-2015-000109 yoyaku_v41 における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000109.html
JVNDB-2015-000108 yoyaku_v41 における認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000108.html
JVNDB-2015-000107 yoyaku_v41 における任意のファイルを作成される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000107.html
チェックしておきたい脆弱性情報<2015.07.29>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072700068/?ST=security
JVNVU#92141772 Android Stagefright に複数の脆弱性
http://jvn.jp/vu/JVNVU92141772/
2015年7月29日水曜日
29日 水曜日、先勝
+ RHSA-2015:1514 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1514.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ RHSA-2015:1515 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2015-1515.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ RHSA-2015:1513 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1513.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ Google Chrome 44.0.2403.125 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_28.html
+ CESA-2015:1510 Moderate CentOS 7 clutter Security Update
http://lwn.net/Alerts/652630/
+ CESA-2015:1507 Important CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/652631/
+ BIND 9.10.2-P3, 9.9.7-P2 released
http://ftp.isc.org/isc/bind9/9.10.2-P3/RELEASE-NOTES-9.10.2-P3.html
http://ftp.isc.org/isc/bind9/9.9.7-P2/RELEASE-NOTES-9.9.7-P2.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure
https://kb.isc.org/article/AA-01272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ FreeBSD-SA-15:17.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:17.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ FreeBSD-SA-15:16.openssh OpenSSH multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:16.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600
+ FreeBSD-SA-15:15.tcp Resource exhaustion in TCP reassembly
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1417
+ FreeBSD-SA-15:14.bsdpatch shell injection vulnerability in patch(1)
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
+ VU#924951 Android Stagefright contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/924951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829
+ Google Android MMS Media Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1033094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829
pgCluu release 2.4 is out
http://www.postgresql.org/about/news/1600/
JVNDB-2015-000106 画像掲示板plus のファイルアップロード処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000106.html
News & Trend
Flash Playerは賞味期限切れか? 相次ぐ脆弱性を突くサイバー攻撃が国内で発生
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072700308/?ST=security
チェックしておきたい脆弱性情報<2015.07.29>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072700068/?ST=security
勝手にTポイントへ交換、オリコ会員サイトがリスト型攻撃被害
IDとパスワードを使い回さないように注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/072802495/?ST=security
標的型攻撃対策の「虎の巻」、ラックが無償公開
対象企業・団体を絞った個別指南書も8月に
http://itpro.nikkeibp.co.jp/atcl/news/15/072802491/?ST=security
三菱東京UFJ銀行から「こんにちは!」、実は偽メール
フィッシング対策協議会が注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/072802489/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-1514.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ RHSA-2015:1515 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2015-1515.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ RHSA-2015:1513 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1513.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ Google Chrome 44.0.2403.125 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_28.html
+ CESA-2015:1510 Moderate CentOS 7 clutter Security Update
http://lwn.net/Alerts/652630/
+ CESA-2015:1507 Important CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/652631/
+ BIND 9.10.2-P3, 9.9.7-P2 released
http://ftp.isc.org/isc/bind9/9.10.2-P3/RELEASE-NOTES-9.10.2-P3.html
http://ftp.isc.org/isc/bind9/9.9.7-P2/RELEASE-NOTES-9.9.7-P2.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure
https://kb.isc.org/article/AA-01272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ FreeBSD-SA-15:17.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:17.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
+ FreeBSD-SA-15:16.openssh OpenSSH multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:16.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5600
+ FreeBSD-SA-15:15.tcp Resource exhaustion in TCP reassembly
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1417
+ FreeBSD-SA-15:14.bsdpatch shell injection vulnerability in patch(1)
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
+ VU#924951 Android Stagefright contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/924951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829
+ Google Android MMS Media Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1033094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3829
pgCluu release 2.4 is out
http://www.postgresql.org/about/news/1600/
JVNDB-2015-000106 画像掲示板plus のファイルアップロード処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000106.html
News & Trend
Flash Playerは賞味期限切れか? 相次ぐ脆弱性を突くサイバー攻撃が国内で発生
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072700308/?ST=security
チェックしておきたい脆弱性情報<2015.07.29>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/072700068/?ST=security
勝手にTポイントへ交換、オリコ会員サイトがリスト型攻撃被害
IDとパスワードを使い回さないように注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/072802495/?ST=security
標的型攻撃対策の「虎の巻」、ラックが無償公開
対象企業・団体を絞った個別指南書も8月に
http://itpro.nikkeibp.co.jp/atcl/news/15/072802491/?ST=security
三菱東京UFJ銀行から「こんにちは!」、実は偽メール
フィッシング対策協議会が注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/15/072802489/?ST=security
2015年7月28日火曜日
28日 火曜日、赤口
+ RHSA-2015:1507 Important: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-1507.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154
+ RHSA-2015:1510 Moderate: clutter security update
https://rhn.redhat.com/errata/RHSA-2015-1510.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3213
+ vsftpd 3.0.3 released
https://security.appspot.com/vsftpd/Changelog.txt
+ Citrix XenServer Security Update for CVE-2015-5154
http://support.citrix.com/article/CTX201593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154
+ libpng 1.6.18 released
http://www.libpng.org/pub/png/src/libpng-1.6.18-README.txt
JVNVU#90018179 Fiat-Chrysler Automative (FCA) UConnect に車両の遠隔操作の脆弱性
http://jvn.jp/vu/JVNVU90018179/index.html
JVNVU#92850780 Honeywell Tuxedo Touch Controller に複数の脆弱性
http://jvn.jp/vu/JVNVU92850780/index.html
https://rhn.redhat.com/errata/RHSA-2015-1507.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154
+ RHSA-2015:1510 Moderate: clutter security update
https://rhn.redhat.com/errata/RHSA-2015-1510.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3213
+ vsftpd 3.0.3 released
https://security.appspot.com/vsftpd/Changelog.txt
+ Citrix XenServer Security Update for CVE-2015-5154
http://support.citrix.com/article/CTX201593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5154
+ libpng 1.6.18 released
http://www.libpng.org/pub/png/src/libpng-1.6.18-README.txt
JVNVU#90018179 Fiat-Chrysler Automative (FCA) UConnect に車両の遠隔操作の脆弱性
http://jvn.jp/vu/JVNVU90018179/index.html
JVNVU#92850780 Honeywell Tuxedo Touch Controller に複数の脆弱性
http://jvn.jp/vu/JVNVU92850780/index.html
2015年7月27日月曜日
27日 月曜日、大安
+ Google Chrome 44.0.2403.107 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_24.html
+ CESA-2015:1483 Important CentOS 7 libuser Security Update
http://lwn.net/Alerts/652345/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03384 rev.1 - HP Connect-IT with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748844&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HS15-026 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ HS15-026 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ MySQL 5.6.26, 5.5.45 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
+ HP Project and Portfolio Management Center TLS RC4 Algorithm Lets Remote Users Decrypt Data
http://www.securitytracker.com/id/1033072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Microsoft Internet Explorer Use-After-Free Memory Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1033039
+ Microsoft Internet Explorer Mobile Flaw Array Element Out-of-Bounds Memory Access Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1033038
+ Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
http://cxsecurity.com/issue/WLB-2015070116
Alpha Release of 2ndQuadrant Unified Data Analytics (2UDA)
http://www.postgresql.org/about/news/1599/
JVNDB-2015-000103 Welcart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000103.html
JVNDB-2014-007612 WordPress 用 Welcart e-Commerce プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007612.html
JVNDB-2015-000105 Research Artisan Lite における認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000105.html
JVNDB-2015-000104 Research Artisan Lite におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000104.html
[データは語る]2015年第2四半期に「身代金要求型」マルウエアが急増、前四半期比5倍以上に―IPA
http://itpro.nikkeibp.co.jp/atcl/news/15/072402467/?ST=security
カスペルスキー、法人向けメールセキュリティ製品の最新版
http://itpro.nikkeibp.co.jp/atcl/news/15/072402466/?ST=security
[データは語る]2015年2Qに163件の脆弱性が新たに判明、不正な遠隔操作に注意
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/072400249/?ST=security
VU#819439 Fiat-Chrysler Automative UConnect allows a vehicle to be remotely controlled
http://www.kb.cert.org/vuls/id/819439
VU#857948 Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/857948
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_24.html
+ CESA-2015:1483 Important CentOS 7 libuser Security Update
http://lwn.net/Alerts/652345/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ UPDATE: GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
+ HPSBGN03384 rev.1 - HP Connect-IT with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748844&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HS15-026 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ HS15-026 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ MySQL 5.6.26, 5.5.45 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-26.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-45.html
+ HP Project and Portfolio Management Center TLS RC4 Algorithm Lets Remote Users Decrypt Data
http://www.securitytracker.com/id/1033072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Microsoft Internet Explorer Use-After-Free Memory Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1033039
+ Microsoft Internet Explorer Mobile Flaw Array Element Out-of-Bounds Memory Access Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1033038
+ Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation
http://cxsecurity.com/issue/WLB-2015070116
Alpha Release of 2ndQuadrant Unified Data Analytics (2UDA)
http://www.postgresql.org/about/news/1599/
JVNDB-2015-000103 Welcart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000103.html
JVNDB-2014-007612 WordPress 用 Welcart e-Commerce プラグインにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007612.html
JVNDB-2015-000105 Research Artisan Lite における認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000105.html
JVNDB-2015-000104 Research Artisan Lite におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000104.html
[データは語る]2015年第2四半期に「身代金要求型」マルウエアが急増、前四半期比5倍以上に―IPA
http://itpro.nikkeibp.co.jp/atcl/news/15/072402467/?ST=security
カスペルスキー、法人向けメールセキュリティ製品の最新版
http://itpro.nikkeibp.co.jp/atcl/news/15/072402466/?ST=security
[データは語る]2015年2Qに163件の脆弱性が新たに判明、不正な遠隔操作に注意
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/072400249/?ST=security
VU#819439 Fiat-Chrysler Automative UConnect allows a vehicle to be remotely controlled
http://www.kb.cert.org/vuls/id/819439
VU#857948 Honeywell Tuxedo Touch Controller contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/857948
2015年7月24日金曜日
24日 金曜日、友引
+ RHSA-2015:1482 Important: libuser security update
https://rhn.redhat.com/errata/RHSA-2015-1482.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3246
+ RHSA-2015:1483 Important: libuser security update
https://rhn.redhat.com/errata/RHSA-2015-1483.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3246
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ HPSBGN03358 rev.1 - HP Project and Portfolio Management Center running RC4, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04718342&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Spoof URLs
http://www.securitytracker.com/id/1033031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5605
松村太郎の生搾りアップル情報
Flashの脆弱性問題で再燃するジョブズ氏の「Thoughts on Flash」
http://itpro.nikkeibp.co.jp/atcl/column/14/110600091/072200025/?ST=security
News & Trend
FISC 安全対策基準が改訂、サイバー攻撃・クラウド利用への対応強化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072200305/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-1482.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3246
+ RHSA-2015:1483 Important: libuser security update
https://rhn.redhat.com/errata/RHSA-2015-1483.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3246
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ HPSBGN03358 rev.1 - HP Project and Portfolio Management Center running RC4, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04718342&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Spoof URLs
http://www.securitytracker.com/id/1033031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5605
松村太郎の生搾りアップル情報
Flashの脆弱性問題で再燃するジョブズ氏の「Thoughts on Flash」
http://itpro.nikkeibp.co.jp/atcl/column/14/110600091/072200025/?ST=security
News & Trend
FISC 安全対策基準が改訂、サイバー攻撃・クラウド利用への対応強化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/072200305/?ST=security
2015年7月23日木曜日
23日 木曜日、先勝
+ RHSA-2015:1471 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1471.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Red Hat Enterprise Linux 6.7 released
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.7_Release_Notes/index.html
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ Cisco Application Policy Infrastructure Controller Access Control Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4235
+ Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4262
+ Cisco IOS Software TFTP Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0681
+ Linux kernel 4.1.3, 4.0.9, 3.18.19 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.9
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.19
+ Sudo 1.8.14p3 released
http://www.sudo.ws/stable.html#1.8.14p3
+ FreeBSD LAST_ACK State Transition Bug Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1033007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5358
ファイア・アイ日本法人、「FireEye as a Service」の国内提供を開始へ
http://itpro.nikkeibp.co.jp/atcl/news/15/072202444/?ST=security
模型のタミヤ、最大10万人の個人情報流出の恐れ
http://itpro.nikkeibp.co.jp/atcl/news/15/072202437/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-1471.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Red Hat Enterprise Linux 6.7 released
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.7_Release_Notes/index.html
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ Cisco Application Policy Infrastructure Controller Access Control Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4235
+ Cisco Unified MeetingPlace Unauthorized Password Change Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-mp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4262
+ Cisco IOS Software TFTP Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-tftp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0681
+ Linux kernel 4.1.3, 4.0.9, 3.18.19 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.3
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.9
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.19
+ Sudo 1.8.14p3 released
http://www.sudo.ws/stable.html#1.8.14p3
+ FreeBSD LAST_ACK State Transition Bug Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1033007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5358
ファイア・アイ日本法人、「FireEye as a Service」の国内提供を開始へ
http://itpro.nikkeibp.co.jp/atcl/news/15/072202444/?ST=security
模型のタミヤ、最大10万人の個人情報流出の恐れ
http://itpro.nikkeibp.co.jp/atcl/news/15/072202437/?ST=security
2015年7月22日水曜日
22日 水曜日、赤口
+ Google Chrome 44.0.2403.89 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
+ CESA-2015:1455 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/651839/
+ CESA-2015:1443 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/651838/
+ CESA-2015:1455 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/651840/
+ CESA-2015:1455 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/651841/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ FreeBSD-SA-15:13.tcp Resource exhaustion due to sessions stuck in LAST_ACK state
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5358
+ Postfix 3.0.2, 2.11.6, 2.10.8, 2.9.14 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.6.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.14.HISTORY
+ Sudo 1.8.14p2 released
http://www.sudo.ws/stable.html#1.8.14p2
Networkキーワード
バッファーオーバーフローとは
http://itpro.nikkeibp.co.jp/atcl/keyword/14/260922/071500032/?ST=security
Microsoft、クラウドセキュリティのイスラエル企業を買収か
http://itpro.nikkeibp.co.jp/atcl/news/15/072102421/?ST=security
JVNVU#91026764 SolarWinds N-able N-central にドメイン管理パスワードを復号するためのパラメータがハードコードされている問題
http://jvn.jp/vu/JVNVU91026764/index.html
JVNVU#91359631 Total Commander 用プラグイン FileInfo にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91359631/index.html
UPDATE: JVN#73568461 Windows 版 PHP における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN73568461/index.html
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289
+ CESA-2015:1455 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/651839/
+ CESA-2015:1443 Important CentOS 7 bind Security Update
http://lwn.net/Alerts/651838/
+ CESA-2015:1455 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/651840/
+ CESA-2015:1455 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/651841/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ FreeBSD-SA-15:13.tcp Resource exhaustion due to sessions stuck in LAST_ACK state
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:13.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5358
+ Postfix 3.0.2, 2.11.6, 2.10.8, 2.9.14 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.6.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.14.HISTORY
+ Sudo 1.8.14p2 released
http://www.sudo.ws/stable.html#1.8.14p2
Networkキーワード
バッファーオーバーフローとは
http://itpro.nikkeibp.co.jp/atcl/keyword/14/260922/071500032/?ST=security
Microsoft、クラウドセキュリティのイスラエル企業を買収か
http://itpro.nikkeibp.co.jp/atcl/news/15/072102421/?ST=security
JVNVU#91026764 SolarWinds N-able N-central にドメイン管理パスワードを復号するためのパラメータがハードコードされている問題
http://jvn.jp/vu/JVNVU91026764/index.html
JVNVU#91359631 Total Commander 用プラグイン FileInfo にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91359631/index.html
UPDATE: JVN#73568461 Windows 版 PHP における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN73568461/index.html
2015年7月21日火曜日
21日 火曜日、大安
+ MS15-078 - 緊急 Microsoft フォント ドライバーの脆弱性により、リモートでコードが実行される (3079904)
https://technet.microsoft.com/ja-jp/library/security/ms15-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426
+ RHSA-2015:1455 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-1455.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
+ RHSA-2015:1443 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1443.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ phpMyAdmin 4.4.12 released
https://www.phpmyadmin.net/files/4.4.12/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ HPSBGN03381 rev.1 - HP Service Manager with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748615&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HPSBGN03383 rev.1 - HP Asset Manager with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748838&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HPSBMU03382 rev.1 - HP Systems Insight Manager on Linux affected by VENOM, Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748720&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04746490&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2134
+ UPDATE: Oracle Solaris Third Party Bulletin - July 2015
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
+ Sudo 1.8.14p1 released
http://www.sudo.ws/stable.html#1.8.14p1
+ JVNDB-2015-000101 Windows 版 PHP における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000101.html
+ UPDATE: JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/index.html
+ Windows Adobe Type Manager Library OpenFont File Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426
+ Apache Struts Incorrect Default 'excludeParams' Configuration Lets Remote Users Bypass Security Restrictions
http://www.securitytracker.com/id/1032985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1831
+ Apache Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1032967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
+ OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)
http://cxsecurity.com/issue/WLB-2015070097
New ODBC Driver for PostgreSQL
http://www.postgresql.org/about/news/1598/
記者の眼
年金情報流出問題、次はあなた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/061700297/?ST=security
美人研究員は見た! ビジネスメール事件簿
外出先でのメールは、誰かに見られている!?――「ビジネスメール実態調査2015」
http://itpro.nikkeibp.co.jp/atcl/column/14/537680/071400029/?ST=security
【ITpro編集長日記】
役員はメールに気を付けよう
http://itpro.nikkeibp.co.jp/atcl/column/14/509445/071700270/?ST=security
「役員の標的型メール開封率は1.5倍、開封前提の対策を」、NRIセキュア
http://itpro.nikkeibp.co.jp/atcl/news/15/071702409/?ST=security
VU#912036 N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
http://www.kb.cert.org/vuls/id/912036
VU#813631 Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read
http://www.kb.cert.org/vuls/id/813631
https://technet.microsoft.com/ja-jp/library/security/ms15-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426
+ RHSA-2015:1455 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-1455.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
+ RHSA-2015:1443 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2015-1443.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ phpMyAdmin 4.4.12 released
https://www.phpmyadmin.net/files/4.4.12/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ HPSBGN03381 rev.1 - HP Service Manager with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748615&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HPSBGN03383 rev.1 - HP Asset Manager with TLS/Diffie-Hellman Export Ciphersuite, Remote Unauthorized Modification
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748838&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ HPSBMU03382 rev.1 - HP Systems Insight Manager on Linux affected by VENOM, Execution of Arbitrary Code, Denial of Service (DoS)
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04748720&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
+ HPSBMU03380 rev.1 - HP System Management Homepage (SMH) on Linux and Windows, Multiple Vulnerabilities
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04746490&docLocale=ja_JP
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2134
+ UPDATE: Oracle Solaris Third Party Bulletin - July 2015
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
+ Sudo 1.8.14p1 released
http://www.sudo.ws/stable.html#1.8.14p1
+ JVNDB-2015-000101 Windows 版 PHP における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000101.html
+ UPDATE: JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/index.html
+ Windows Adobe Type Manager Library OpenFont File Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2426
+ Apache Struts Incorrect Default 'excludeParams' Configuration Lets Remote Users Bypass Security Restrictions
http://www.securitytracker.com/id/1032985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1831
+ Apache Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1032967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
+ OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)
http://cxsecurity.com/issue/WLB-2015070097
New ODBC Driver for PostgreSQL
http://www.postgresql.org/about/news/1598/
記者の眼
年金情報流出問題、次はあなた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/061700297/?ST=security
美人研究員は見た! ビジネスメール事件簿
外出先でのメールは、誰かに見られている!?――「ビジネスメール実態調査2015」
http://itpro.nikkeibp.co.jp/atcl/column/14/537680/071400029/?ST=security
【ITpro編集長日記】
役員はメールに気を付けよう
http://itpro.nikkeibp.co.jp/atcl/column/14/509445/071700270/?ST=security
「役員の標的型メール開封率は1.5倍、開封前提の対策を」、NRIセキュア
http://itpro.nikkeibp.co.jp/atcl/news/15/071702409/?ST=security
VU#912036 N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password
http://www.kb.cert.org/vuls/id/912036
VU#813631 Total Commander File Info plugin vulnerable to denial of service via an out-of-bounds read
http://www.kb.cert.org/vuls/id/813631
2015年7月17日金曜日
17日 金曜日、先勝
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ CESA-2015:1229 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651234/
+ CESA-2015:1229 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651235/
+ CESA-2015:1230 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651236/
+ CESA-2015:1228 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/651237/
+ CESA-2015:1228 Important CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/651238/
+ CESA-2015:1221 Moderate CentOS 6 kernel Security Update
http://lwn.net/Alerts/651239/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Apache HTTP Server 2.2.31 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ GCC 5.2 released
https://gcc.gnu.org/gcc-5/
+ Sudo 1.8.14 released
http://www.sudo.ws/stable.html#1.8.14
+ PHP 5.6/7.0Git use after free
http://cxsecurity.com/issue/WLB-2015070078
UPDATE: JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/
UPDATE: JVNTA#97243368 Adobe Flash Player および Microsoft Windows の脆弱性
http://jvn.jp/ta/JVNTA97243368/
UPDATE: JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
UPDATE: JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
IT部門への“極言暴論”を斬る 長谷島×木村直接対決
第3回:現場任せではサイバー攻撃に対応できない
http://itpro.nikkeibp.co.jp/atcl/column/15/070900168/070900003/?ST=security
C&Cサーバー通信を検知するマルウエア対策装置、ネットワールドが販売
http://itpro.nikkeibp.co.jp/atcl/news/15/071602397/?ST=security
https://technet.microsoft.com/ja-jp/library/security/2755801
+ CESA-2015:1229 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651234/
+ CESA-2015:1229 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651235/
+ CESA-2015:1230 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/651236/
+ CESA-2015:1228 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/651237/
+ CESA-2015:1228 Important CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/651238/
+ CESA-2015:1221 Moderate CentOS 6 kernel Security Update
http://lwn.net/Alerts/651239/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Apache HTTP Server 2.2.31 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
+ GCC 5.2 released
https://gcc.gnu.org/gcc-5/
+ Sudo 1.8.14 released
http://www.sudo.ws/stable.html#1.8.14
+ PHP 5.6/7.0Git use after free
http://cxsecurity.com/issue/WLB-2015070078
UPDATE: JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/
UPDATE: JVNTA#97243368 Adobe Flash Player および Microsoft Windows の脆弱性
http://jvn.jp/ta/JVNTA97243368/
UPDATE: JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
UPDATE: JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
IT部門への“極言暴論”を斬る 長谷島×木村直接対決
第3回:現場任せではサイバー攻撃に対応できない
http://itpro.nikkeibp.co.jp/atcl/column/15/070900168/070900003/?ST=security
C&Cサーバー通信を検知するマルウエア対策装置、ネットワールドが販売
http://itpro.nikkeibp.co.jp/atcl/news/15/071602397/?ST=security
2015年7月16日木曜日
16日 木曜日、赤口
+ RHSA-2015:1230 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1230.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ RHSA-2015:1229 Critical: java-1.7.0-openjdk security update
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ RHSA-2015:1228 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1228.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ Cisco Videoscape Delivery System Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150715-vds
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0725
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Windows 7/8 32bits and WS2012 RDP Remote Code Execution
http://cxsecurity.com/issue/WLB-2015070075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373
JVNDB-2015-000099 Thetis における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000099.html
JVNDB-2015-000098 acmailer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000098.html
IT部門への“極言暴論”を斬る 長谷島×木村直接対決
第2回:「CIO不要論」はビジネスを破綻させる
http://itpro.nikkeibp.co.jp/atcl/column/15/070900168/070900002/?ST=security
チェックしておきたい脆弱性情報<2015.07.16>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700067/?ST=security
IPAがFlash Playerの欠陥で改めて注意喚起、国内でサイバー攻撃活動を確認
http://itpro.nikkeibp.co.jp/atcl/news/15/071502389/?ST=security
学研、Webサイトへの不正アクセスで最大2万2108人の情報が流出か
http://itpro.nikkeibp.co.jp/atcl/news/15/071502379/?ST=security
Mozilla、セキュリティ対策として「Firefox」でFlashを一時無効に
http://itpro.nikkeibp.co.jp/atcl/news/15/071502376/?ST=security
JVN#19011483 Thetis における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN19011483/
JVN#64051989 acmailer におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN64051989/
JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
https://rhn.redhat.com/errata/RHSA-2015-1230.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ RHSA-2015:1229 Critical: java-1.7.0-openjdk security update
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ RHSA-2015:1228 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1228.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ Cisco Videoscape Delivery System Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150715-vds
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0725
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Windows 7/8 32bits and WS2012 RDP Remote Code Execution
http://cxsecurity.com/issue/WLB-2015070075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373
JVNDB-2015-000099 Thetis における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000099.html
JVNDB-2015-000098 acmailer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000098.html
IT部門への“極言暴論”を斬る 長谷島×木村直接対決
第2回:「CIO不要論」はビジネスを破綻させる
http://itpro.nikkeibp.co.jp/atcl/column/15/070900168/070900002/?ST=security
チェックしておきたい脆弱性情報<2015.07.16>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700067/?ST=security
IPAがFlash Playerの欠陥で改めて注意喚起、国内でサイバー攻撃活動を確認
http://itpro.nikkeibp.co.jp/atcl/news/15/071502389/?ST=security
学研、Webサイトへの不正アクセスで最大2万2108人の情報が流出か
http://itpro.nikkeibp.co.jp/atcl/news/15/071502379/?ST=security
Mozilla、セキュリティ対策として「Firefox」でFlashを一時無効に
http://itpro.nikkeibp.co.jp/atcl/news/15/071502376/?ST=security
JVN#19011483 Thetis における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN19011483/
JVN#64051989 acmailer におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN64051989/
JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
2015年7月15日水曜日
15日 水曜日、仏滅
+ 2015 年 7 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-jul
+ MS15-058 - 重要 SQL Server の脆弱性により、リモートでコードが実行される (3065718)
https://technet.microsoft.com/library/security/MS15-058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1763
+ MS15-065 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (3076321)
https://technet.microsoft.com/ja-JP/library/security/ms15-065.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2414
+ MS15-066 - 緊急 VBScript スクリプト エンジンの脆弱性により、リモートでコードが実行される (3072604)
https://technet.microsoft.com/ja-JP/library/security/ms15-066.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2372
+ MS15-067 - 緊急 RDP の脆弱性により、リモートでコードが実行される (3073094)
https://technet.microsoft.com/ja-JP/library/security/ms15-067.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2373
+ MS15-068 - 緊急 Windows Hyper-V の脆弱性により、リモートでコードが実行される (3072000)
https://technet.microsoft.com/ja-JP/library/security/ms15-068.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2362
+ MS15-069 - 重要 Windows の脆弱性により、リモートでコードが実行される (3072631)
https://technet.microsoft.com/ja-JP/library/security/ms15-069.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2369
+ MS15-070 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (3072620)
https://technet.microsoft.com/ja-JP/library/security/ms15-070.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2378
+ MS15-071 - 重要 Netlogon の脆弱性により、特権が昇格される (3068457)
https://technet.microsoft.com/ja-JP/library/security/ms15-071.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2374
+ MS15-072 - 重要 Windows Graphics コンポーネントの脆弱性により、特権が昇格される (3069392)
https://technet.microsoft.com/ja-JP/library/security/ms15-072.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2364
+ MS15-073 - 重要 Windows カーネルモード ドライバーの脆弱性により、特権が昇格される (3070102)
https://technet.microsoft.com/ja-JP/library/security/ms15-073.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2382
+ MS15-074 - 重要 Windows Installer サービスの脆弱性により、特権が昇格される (3072630)
https://technet.microsoft.com/ja-JP/library/security/ms15-074.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2371
+ MS15-075 - 重要 OLE の脆弱性により、特権が昇格される (3072633)
https://technet.microsoft.com/ja-JP/library/security/ms15-075.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2417
+ MS15-076 - 重要 Windows リモート プロシージャ コールの脆弱性により、特権が昇格される (3067505)
https://technet.microsoft.com/ja-JP/library/security/ms15-076.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2370
+ MS15-077 - 重要 ATM フォント ドライバーの脆弱性により、特権が昇格される (3077657)
https://technet.microsoft.com/ja-JP/library/security/ms15-077.aspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2387
+ マイクロソフト セキュリティ アドバイザリ 3057154 DES 暗号化の固定的な使用のための更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3057154
+ マイクロソフト セキュリティ アドバイザリ 3074162 Microsoft 悪意のあるソフトウェアの削除ツール (MSRT) の脆弱性により、特権が昇格される
https://technet.microsoft.com/ja-jp/library/security/3074162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2418
+ RHSA-2015:1221 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-1221.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636
+ Google Chrome 43.0.2357.134 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update_14.html
+ nginx 1.9.3 released
http://nginx.org/en/download.html
+ APSB15-18 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
+ APSB15-17 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5121
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
+ Oracle Solaris Third Party Bulletin - July 2015
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6511
+ Samba 4.2.3 Available for Download
http://samba.org/samba/history/samba-4.2.3.html
+ Oracle Critical Patch Update Advisory - July 2015
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4744
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4773
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4750
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4774
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4779
+ Apache HTTP Server 2.4.16 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0228
+ Java Platform, Standard Edition 8 Update 51 (Java SE 8u51) is Now Available
http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
http://www.oracle.com/technetwork/java/javase/8u51-relnotes-2587590.html
+ Java? SE Development Kit 7, Update 85 (JDK 7u85) released
http://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html
+ Sudo 1.8.13 released
http://www.sudo.ws/changes.html
+ Adobe Flash opaqueBackground Use After Free
http://cxsecurity.com/issue/WLB-2015070059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
進むドローン規制、一律規制で「新大陸」上陸を遅らせるな
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/071300002/?ST=security
Adobe Flash Playerの更新版を緊急リリース、ゼロデイ脆弱性に対応
http://itpro.nikkeibp.co.jp/atcl/news/15/071402370/?ST=security
「アドビはもうFlashを“終活”すべし」、Facebookのセキュリティ責任者
http://itpro.nikkeibp.co.jp/atcl/news/15/071402358/?ST=security
Flash Playerに致命的な脆弱性、修正プログラムなくIPAは無効化を推奨
http://itpro.nikkeibp.co.jp/atcl/news/15/071302350/?ST=security
UPDATE: JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
UPDATE: JVNVU#98974537 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98974537/index.html
UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
UPDATE: JVNVU#93531657 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93531657/index.html
JVNVU#91626651 Kaseya VSA に複数の脆弱性
http://jvn.jp/vu/JVNVU91626651/index.html
2015年7月14日火曜日
14日 火曜日、先負
+ Mozilla Thunderbird 38.1.0 released
https://www.mozilla.org/en-US/thunderbird/38.1.0/releasenotes/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
pgBadger 7.1 is out
http://www.postgresql.org/about/news/1597/
チェックしておきたい脆弱性情報<2015.07.14>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700066/?ST=security
アイティフォー、軽度の論理障害に特化したHDD簡易復旧サービス
http://itpro.nikkeibp.co.jp/atcl/news/15/071302344/?ST=security
「マルウエア感染はなく問題なし」、日本郵政が発表
http://itpro.nikkeibp.co.jp/atcl/news/15/071302334/?ST=security
JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
JVNVU#90834367 Adobe Flash Player (ByteArray) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
VU#919604 Kaseya Virtual System Administrator contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/919604
https://www.mozilla.org/en-US/thunderbird/38.1.0/releasenotes/
+ UPDATE: OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
pgBadger 7.1 is out
http://www.postgresql.org/about/news/1597/
チェックしておきたい脆弱性情報<2015.07.14>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700066/?ST=security
アイティフォー、軽度の論理障害に特化したHDD簡易復旧サービス
http://itpro.nikkeibp.co.jp/atcl/news/15/071302344/?ST=security
「マルウエア感染はなく問題なし」、日本郵政が発表
http://itpro.nikkeibp.co.jp/atcl/news/15/071302334/?ST=security
JVNVU#94770908 Adobe Flash Player (BitmapData) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU94770908/
JVNVU#93769860 Adobe Flash Player (opaqueBackground) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93769860/
JVNVU#90834367 Adobe Flash Player (ByteArray) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
VU#919604 Kaseya Virtual System Administrator contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/919604
2015年7月13日月曜日
13日 月曜日、友引
+ Gpg4win 2.2.5 released
http://gpg4win.org/change-history.html
+ APSA15-04 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
+ CESA-2015:1218 Moderate CentOS 6 php Security Update
http://lwn.net/Alerts/650708/
+ OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ Linux kernel 4.1.2, 4.0.8, 3.18.18, 3.14.48, 3.10.84 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.18
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.84
+ OpenLDAP 2.4.41 released
http://www.openldap.org/software/release/
+ PHP 5.6.11, 5.5.27, 5.4.43 released
http://www.php.net/ChangeLog-5.php#5.6.11
http://www.php.net/ChangeLog-5.php#5.5.27
http://www.php.net/ChangeLog-5.php#5.4.43
+ JVNVU#90834367 Adobe Flash Player に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ VU#918568 Adobe Flash ActionScript 3 BitmapData use-after-free vulnerability
http://www.kb.cert.org/vuls/id/918568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
+ VU#338736 Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability
http://www.kb.cert.org/vuls/id/338736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
+ Squid CONNECT Method Peer Response Processing Flaw Lets Remote Users Bypass Security Controls
http://www.securitytracker.com/id/1032873
+ VMware Workstation/Player Access Control Flaw Lets Local Users Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1032823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ VMware Horizon View Client Access Control Flaw Lets Local Users Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1032822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ NTP MON_GETLIST Query Amplification DDoS
http://cxsecurity.com/issue/WLB-2015070042
FreeBSD 10.2-BETA1 Now Available
https://lists.freebsd.org/pipermail/freebsd-stable/2015-July/082704.html
JVNDB-2015-000095 LINE@ における意図しないアプリ内関数が呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000095.html
JVNDB-2015-000097 シンプルお絵描き掲示板における任意のファイル削除の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000097.html
JVNDB-2015-000096 シンプルお絵描き掲示板におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000096.html
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
UPDATE: JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/
JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/
トレンドマイクロがサイバー犯罪対策で愛知県警に協力、捜査員に助言
http://itpro.nikkeibp.co.jp/atcl/news/15/071002318/?ST=security
福岡県の飯塚地区消防本部から最大1798人のアドレス流出、不審なメール届く
http://itpro.nikkeibp.co.jp/atcl/news/15/071002317/?ST=security
米政府人事管理局のセキュリティ侵害、情報流出は2000万人以上
http://itpro.nikkeibp.co.jp/atcl/news/15/071002307/?ST=security
[IT Japan 2015]「9割の企業には未知の脅威が侵入済み」、トレンドマイクロの大三川副社長
http://itpro.nikkeibp.co.jp/atcl/news/15/070902291/?ST=security
http://gpg4win.org/change-history.html
+ APSA15-04 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
+ CESA-2015:1218 Moderate CentOS 6 php Security Update
http://lwn.net/Alerts/650708/
+ OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ Linux kernel 4.1.2, 4.0.8, 3.18.18, 3.14.48, 3.10.84 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.18
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.84
+ OpenLDAP 2.4.41 released
http://www.openldap.org/software/release/
+ PHP 5.6.11, 5.5.27, 5.4.43 released
http://www.php.net/ChangeLog-5.php#5.6.11
http://www.php.net/ChangeLog-5.php#5.5.27
http://www.php.net/ChangeLog-5.php#5.4.43
+ JVNVU#90834367 Adobe Flash Player に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ VU#918568 Adobe Flash ActionScript 3 BitmapData use-after-free vulnerability
http://www.kb.cert.org/vuls/id/918568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
+ VU#338736 Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability
http://www.kb.cert.org/vuls/id/338736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122
+ Squid CONNECT Method Peer Response Processing Flaw Lets Remote Users Bypass Security Controls
http://www.securitytracker.com/id/1032873
+ VMware Workstation/Player Access Control Flaw Lets Local Users Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1032823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ VMware Horizon View Client Access Control Flaw Lets Local Users Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1032822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ NTP MON_GETLIST Query Amplification DDoS
http://cxsecurity.com/issue/WLB-2015070042
FreeBSD 10.2-BETA1 Now Available
https://lists.freebsd.org/pipermail/freebsd-stable/2015-July/082704.html
JVNDB-2015-000095 LINE@ における意図しないアプリ内関数が呼び出される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000095.html
JVNDB-2015-000097 シンプルお絵描き掲示板における任意のファイル削除の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000097.html
JVNDB-2015-000096 シンプルお絵描き掲示板におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000096.html
UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
UPDATE: JVN#19294237 Apache Struts において ClassLoader が操作可能な脆弱性
http://jvn.jp/jp/JVN19294237/
JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/
トレンドマイクロがサイバー犯罪対策で愛知県警に協力、捜査員に助言
http://itpro.nikkeibp.co.jp/atcl/news/15/071002318/?ST=security
福岡県の飯塚地区消防本部から最大1798人のアドレス流出、不審なメール届く
http://itpro.nikkeibp.co.jp/atcl/news/15/071002317/?ST=security
米政府人事管理局のセキュリティ侵害、情報流出は2000万人以上
http://itpro.nikkeibp.co.jp/atcl/news/15/071002307/?ST=security
[IT Japan 2015]「9割の企業には未知の脅威が侵入済み」、トレンドマイクロの大三川副社長
http://itpro.nikkeibp.co.jp/atcl/news/15/070902291/?ST=security
2015年7月10日金曜日
10日 金曜日、大安
+ RHSA-2015:1218 Moderate: php security update
https://rhn.redhat.com/errata/RHSA-2015-1218.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04725401&docLocale=ja_JP
+ Oracle Critical Patch Update Pre-Release Announcement - July 2015
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
+ VMSA-2015-0005 VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2015-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ FreeBSD-SA-15:12.openssl OpenSSL alternate chains certificate forgery vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL Security Advisory [9 Jul 2015]
http://www.openssl.org/news/secadv_20150709.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL 1.0.2d, 1.0.1p released
http://www.openssl.org/news/openssl-1.0.2-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html
+ JVNVU#90834367 Adobe Flash Player に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/
+ OpenSSL Alternative Certificate Chain Validation Flaw Lets Remote Users Forge Certificates
http://www.securitytracker.com/id/1032817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL 1.0.2c Alternative chains certificate forgery
http://cxsecurity.com/issue/WLB-2015070040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
JVNDB-2014-002239 Cacti におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html
JVNDB-2009-003901 Cacti におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html
JVNDB-2015-000094 Cacti におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000094.html
チェックしておきたい脆弱性情報<2015.07.10>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700065/?ST=security
防衛省関連ホテルへの標的型攻撃は、年金機構への攻撃と同一犯の可能性
http://itpro.nikkeibp.co.jp/atcl/news/15/070902290/?ST=security
NY証券取引所で一時取引停止、原因は「サイバー攻撃ではなく技術的問題」
http://itpro.nikkeibp.co.jp/atcl/news/15/070902284/?ST=security
https://rhn.redhat.com/errata/RHSA-2015-1218.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4603
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ HPSBUX03363 rev.1 - HP-UX Apache Web Server running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04725401&docLocale=ja_JP
+ Oracle Critical Patch Update Pre-Release Announcement - July 2015
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
+ VMSA-2015-0005 VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2015-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650
+ FreeBSD-SA-15:12.openssl OpenSSL alternate chains certificate forgery vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:12.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL Security Advisory [9 Jul 2015]
http://www.openssl.org/news/secadv_20150709.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL 1.0.2d, 1.0.1p released
http://www.openssl.org/news/openssl-1.0.2-notes.html
http://www.openssl.org/news/openssl-1.0.1-notes.html
+ JVNVU#90834367 Adobe Flash Player に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90834367/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ JVNVU#92689788 Windows の Adobe Type Manager モジュールに特権昇格の脆弱性
http://jvn.jp/vu/JVNVU92689788/
+ OpenSSL Alternative Certificate Chain Validation Flaw Lets Remote Users Forge Certificates
http://www.securitytracker.com/id/1032817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
+ OpenSSL 1.0.2c Alternative chains certificate forgery
http://cxsecurity.com/issue/WLB-2015070040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793
JVNDB-2014-002239 Cacti におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html
JVNDB-2009-003901 Cacti におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html
JVNDB-2015-000094 Cacti におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000094.html
チェックしておきたい脆弱性情報<2015.07.10>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/070700065/?ST=security
防衛省関連ホテルへの標的型攻撃は、年金機構への攻撃と同一犯の可能性
http://itpro.nikkeibp.co.jp/atcl/news/15/070902290/?ST=security
NY証券取引所で一時取引停止、原因は「サイバー攻撃ではなく技術的問題」
http://itpro.nikkeibp.co.jp/atcl/news/15/070902284/?ST=security
2015年7月9日木曜日
9日 木曜日、仏滅
+ APSB15-16 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ APSB15-15 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb15-15.html
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ JVNVU#93531657 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93531657/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ VU#103336 Windows Adobe Type Manager privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/103336
+ Adobe Flash Player Multiple Bugs Let Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
http://www.securitytracker.com/id/1032810
+ Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ Adobe Flash Player ByteArray Use After Free
http://cxsecurity.com/issue/WLB-2015070032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/75568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
ISMS認証が2016年度から拡充へ、企業トップに「セキュリティ経営」求める
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/070600292/?ST=security
[IT Japan 2015]「分析クラウドでデータ民主化」、セールスフォース小出会長
http://itpro.nikkeibp.co.jp/atcl/news/15/070802279/?ST=security
総務省が国際電話の規制を要請、IP電話乗っ取り不正利用問題で
http://itpro.nikkeibp.co.jp/atcl/news/15/070702263/?ST=security
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ APSB15-15 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb15-15.html
+ UPDATE: Multiple Vulnerabilities in Cisco ASA Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa
+ JVNVU#93531657 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93531657/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ VU#103336 Windows Adobe Type Manager privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/103336
+ Adobe Flash Player Multiple Bugs Let Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
http://www.securitytracker.com/id/1032810
+ Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1032809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ Adobe Flash Player ByteArray Use After Free
http://cxsecurity.com/issue/WLB-2015070032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/75568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
ISMS認証が2016年度から拡充へ、企業トップに「セキュリティ経営」求める
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/070600292/?ST=security
[IT Japan 2015]「分析クラウドでデータ民主化」、セールスフォース小出会長
http://itpro.nikkeibp.co.jp/atcl/news/15/070802279/?ST=security
総務省が国際電話の規制を要請、IP電話乗っ取り不正利用問題で
http://itpro.nikkeibp.co.jp/atcl/news/15/070702263/?ST=security
2015年7月8日水曜日
8日 水曜日、先負
+ RHSA-2015:1210 Moderate: abrt security update
https://rhn.redhat.com/errata/RHSA-2015-1210.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3315
+ Google Chrome 43.0.2357.132 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update.html
+ APSA15-03 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ CESA-2015:1207 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/650384/
+ CESA-2015:1207 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/650383/
+ CESA-2015:1207 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/650382/
+ BIND 9.10.2-P2, 9.9.7-P1 released
http://ftp.isc.org/isc/bind9/9.10.2-P2/RELEASE-NOTES-9.10.2-P2.html
http://ftp.isc.org/isc/bind9/9.9.7-P1/RELEASE-NOTES-9.9.7-P1.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Apache Tomcat 8.0.24, 7.0.63 released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.24_(markt)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ FreeBSD-SA-15:11.bind BIND resolver remote denial of service when validating
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:11.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Sendmail 8.15.2 released
http://sendmail.com/sm/open_source/download/8.15.2/
+ VU#561288 Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability
http://www.kb.cert.org/vuls/id/561288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ ISC BIND DNSSEC Validation Flaw Lets Remote Users Deny Service in Certain Cases
http://www.securitytracker.com/id/1032799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating
https://kb.isc.org/article/AA-01267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Linux Kernel UDP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
Open-Source Streaming-SQL Database PipelineDB Now Available
http://www.postgresql.org/about/news/1596/
IIJがサイバー攻撃の早期検知サービス、複数のログを分析
http://itpro.nikkeibp.co.jp/atcl/news/15/070702261/?ST=security
政府に監視ソフトを販売するイタリア企業がハッキング被害に
http://itpro.nikkeibp.co.jp/atcl/news/15/070702251/?ST=security
JVNVU#92209185 ANTLabs InnGate に複数の脆弱性
http://jvn.jp/vu/JVNVU92209185/
VU#253708 Grandsteam GXV3611_HD camera is vulnerable to SQL injection
http://www.kb.cert.org/vuls/id/253708
https://rhn.redhat.com/errata/RHSA-2015-1210.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3315
+ Google Chrome 43.0.2357.132 released
http://googlechromereleases.blogspot.jp/2015/07/stable-channel-update.html
+ APSA15-03 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ CESA-2015:1207 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/650384/
+ CESA-2015:1207 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/650383/
+ CESA-2015:1207 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/650382/
+ BIND 9.10.2-P2, 9.9.7-P1 released
http://ftp.isc.org/isc/bind9/9.10.2-P2/RELEASE-NOTES-9.10.2-P2.html
http://ftp.isc.org/isc/bind9/9.9.7-P1/RELEASE-NOTES-9.9.7-P1.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Apache Tomcat 8.0.24, 7.0.63 released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.24_(markt)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ FreeBSD-SA-15:11.bind BIND resolver remote denial of service when validating
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:11.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Sendmail 8.15.2 released
http://sendmail.com/sm/open_source/download/8.15.2/
+ VU#561288 Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability
http://www.kb.cert.org/vuls/id/561288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119
+ ISC BIND DNSSEC Validation Flaw Lets Remote Users Deny Service in Certain Cases
http://www.securitytracker.com/id/1032799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating
https://kb.isc.org/article/AA-01267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4620
+ Linux Kernel UDP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1032794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
Open-Source Streaming-SQL Database PipelineDB Now Available
http://www.postgresql.org/about/news/1596/
IIJがサイバー攻撃の早期検知サービス、複数のログを分析
http://itpro.nikkeibp.co.jp/atcl/news/15/070702261/?ST=security
政府に監視ソフトを販売するイタリア企業がハッキング被害に
http://itpro.nikkeibp.co.jp/atcl/news/15/070702251/?ST=security
JVNVU#92209185 ANTLabs InnGate に複数の脆弱性
http://jvn.jp/vu/JVNVU92209185/
VU#253708 Grandsteam GXV3611_HD camera is vulnerable to SQL injection
http://www.kb.cert.org/vuls/id/253708
2015年7月7日火曜日
7日 火曜日、友引
+ phpMyAdmin 4.4.11 released
https://www.phpmyadmin.net/news/2015/7/6/phpmyadmin-4411-release-notes/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ UPDATE: HPSBGN03352 rev.2 - HP Asset Manager Using RC4, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04711380&docLocale=ja_JP
+ HPSBGN03354 rev.1 - HP Connect-IT Using RC4, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04716090&docLocale=ja_JP
CVE-2015-2808
+ HPSBMU03234 rev.1 - HP Vertica Analytics Platform running SSLv3, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04543623&docLocale=ja_JP
+ UPDATE: HPSBPI03360 rev.2 - HP LaserJet Printers and MFPs, HP OfficeJet Printers and MFPs, and HP JetDirect Networking cards using OpenSSL, Remote Disclosure of Information
https://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04720842&docLocale=ja_JP
+ Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
http://cxsecurity.com/issue/WLB-2015070018
CVE-2015-3113
CVE-2015-3043
NTT東西が「ひかり電話」国際通話不正利用対策、約120件で被害相当額返金も
http://itpro.nikkeibp.co.jp/atcl/news/15/070602249/?ST=security
VU#485324 ANTLabs InnGate gateway device contains SQL injection and reflected cross-site scripting vulnerabilities
http://www.kb.cert.org/vuls/id/485324
2015年7月6日月曜日
6日 月曜日、先勝
+ squid 3.5.6 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.6-RELEASENOTES.html
+ Linux kernel 3.14.47, 3.10.83 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.83
+ Apache Ant 1.9.6 Released
http://ftp.meisei-u.ac.jp/mirror/apache/dist//ant/README.html
+ Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
http://www.securitytracker.com/id/1032784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges
http://www.securitytracker.com/id/1032783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ Google HTTP Live Headers v1.0.6 Client Side Cross Site Scripting Web Vulnerability
http://cxsecurity.com/issue/WLB-2015070013
日本郵政グループの事務用PCから意図しない通信を確認、一部ネット遮断
http://itpro.nikkeibp.co.jp/atcl/news/15/070402240/?ST=security
NEC、既存システムに追加できる中堅・中小企業向け「マイナンバー安心セット」
http://itpro.nikkeibp.co.jp/atcl/news/15/070302237/?ST=security
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.6-RELEASENOTES.html
+ Linux kernel 3.14.47, 3.10.83 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.47
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.83
+ Apache Ant 1.9.6 Released
http://ftp.meisei-u.ac.jp/mirror/apache/dist//ant/README.html
+ Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, and Bypass Security Restrictions
http://www.securitytracker.com/id/1032784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges
http://www.securitytracker.com/id/1032783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ Google HTTP Live Headers v1.0.6 Client Side Cross Site Scripting Web Vulnerability
http://cxsecurity.com/issue/WLB-2015070013
日本郵政グループの事務用PCから意図しない通信を確認、一部ネット遮断
http://itpro.nikkeibp.co.jp/atcl/news/15/070402240/?ST=security
NEC、既存システムに追加できる中堅・中小企業向け「マイナンバー安心セット」
http://itpro.nikkeibp.co.jp/atcl/news/15/070302237/?ST=security
2015年7月3日金曜日
3日 金曜日、仏滅
+ Mozilla Firefox 39.0 released
https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
+ MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
+ MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ MFSA 2015-69 Privilege escalation in PDF.js
https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743
+ MFSA 2015-68 OS X crash reports may contain entered key press information
https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742
+ MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
+ MFSA 2015-66 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
+ MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
+ MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
+ MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
+ MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729
+ MFSA 2015-61 Type confusion in Indexed Database Manager
https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728
+ MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727
+ MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
+ CESA-2015:1197 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/650036/
+ Cisco Unified Communications Domain Manager Default Static Privileged Account Credentials
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4196
+ OpenLDAP 2.4.41 released
http://www.openldap.org/software/release/
+ OpenSSH 6.9 released
http://www.openssh.com/txt/release-6.9
+ iTunes 12.2 and QuickTime 7.7.7 (WIN) 3rd libs Vulnerable
http://cxsecurity.com/issue/WLB-2015070008
+ McAfee SiteAdvisor 3.7.2 (firefox) Use After Free
http://cxsecurity.com/issue/WLB-2015070004
FreeBSD Support for Leap Seconds
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html
PostgreSQL 9.5 Alpha 1 Released
http://www.postgresql.org/about/news/1595/
記者の眼
本当はもっと怖い「標的型攻撃」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/062600308/?ST=security
トレンドマイクロや日本オラクル、NECらIT大手、日本版サイバー事故対応指針を公開
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/070200290/?ST=security
[データは語る]2018年までに大企業の4割が大規模サイバー攻撃へのセキュリティ計画を策定――ガートナー
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/070200220/?ST=security
https://www.mozilla.org/en-US/firefox/39.0/releasenotes/
+ MFSA 2015-71 NSS incorrectly permits skipping of ServerKeyExchange
https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
+ MFSA 2015-70 NSS accepts export-length DHE keys with regular DHE cipher suites
https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
+ MFSA 2015-69 Privilege escalation in PDF.js
https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743
+ MFSA 2015-68 OS X crash reports may contain entered key press information
https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742
+ MFSA 2015-67 Key pinning is ignored when overridable errors are encountered
https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741
+ MFSA 2015-66 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
+ MFSA 2015-65 Use-after-free in workers while using XMLHttpRequest
https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
+ MFSA 2015-64 ECDSA signature validation fails to handle some signatures correctly
https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
+ MFSA 2015-63 Use-after-free in Content Policy due to microtask execution error
https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731
+ MFSA 2015-62 Out-of-bound read while computing an oscillator rendering range in Web Audio
https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729
+ MFSA 2015-61 Type confusion in Indexed Database Manager
https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728
+ MFSA 2015-60 Local files or privileged URLs in pages can be opened into new tabs
https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727
+ MFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0 / rv:31.8 / rv:38.1)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726
+ CESA-2015:1197 Moderate CentOS 5 openssl Security Update
http://lwn.net/Alerts/650036/
+ Cisco Unified Communications Domain Manager Default Static Privileged Account Credentials
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150701-cucdm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4196
+ OpenLDAP 2.4.41 released
http://www.openldap.org/software/release/
+ OpenSSH 6.9 released
http://www.openssh.com/txt/release-6.9
+ iTunes 12.2 and QuickTime 7.7.7 (WIN) 3rd libs Vulnerable
http://cxsecurity.com/issue/WLB-2015070008
+ McAfee SiteAdvisor 3.7.2 (firefox) Use After Free
http://cxsecurity.com/issue/WLB-2015070004
FreeBSD Support for Leap Seconds
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html
PostgreSQL 9.5 Alpha 1 Released
http://www.postgresql.org/about/news/1595/
記者の眼
本当はもっと怖い「標的型攻撃」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/062600308/?ST=security
トレンドマイクロや日本オラクル、NECらIT大手、日本版サイバー事故対応指針を公開
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/070200290/?ST=security
[データは語る]2018年までに大企業の4割が大規模サイバー攻撃へのセキュリティ計画を策定――ガートナー
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/070200220/?ST=security
2015年7月1日水曜日
About the security content of iOS 8.4
About the security content of iOS 8.4
https://support.apple.com/ja-jp/HT204941
上記 URL の iOS のセキュリティアップデートの翻訳
1) Application Store
一般的提供プロファイルアプリのためのインストール処理にバンドルIDの存在の衝突を許す欠陥が存在することが原因で、悪意のある一般的提供プロファイルアプリが起動からアプリを防げる脆弱性。(CVE-2015-3722)
2) Certificate Trust Policy
中間証明書が証明局である CNNIC によって不正に発行されることが原因で、ネットワーク関連の特権を持つ攻撃者がネットワークトラフィックを遮断できる脆弱性。
3) Certificate Trust Policy
Certificate Trust Policy が更新された。
4) CFNetwork HTTPAuthentication
ある URL 認証情報の取り扱いにメモリ破壊の欠陥が存在することが原因で、悪意のある URL が任意のコードを実行する脆弱性。(CVE-2015-3684)
5) CoreGraphics
ICCプロファイルの取り扱いに複数のメモリ破壊の欠陥が存在することが原因で、悪意のある PDF ファイルを開くことでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3723, CVE-2015-3724)
6) CoreText
テキストファイルの処理に複数のメモリ破壊の欠陥が存在することが原因で、悪意のあるテキストファイルを処理することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-1157, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689)
7) coreTLS
coreTLS は短い一時的な Diffie-Hellman(DH) キーを受け入れ、外部の強力な一時的な DH 暗号群として使用する。Logjam として知られている欠陥は、ネットワーク関連の特権を持つ攻撃者が外部の強力な一時的な DH 暗号群をサポートするサーバなら 512bit DH であるセキュリティに格下げする脆弱性。(CVE-2015-4000)
8) DiskImages
ディスクイメージの処理に情報漏洩の欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルのメモリマップを決定できる脆弱性。(CVE-2015-3690)
9) FontParser
フォントファイルの処理に複数のメモリ破壊が存在することが原因で、悪意のあるフォントファイルを処理することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3694, CVE-2015-3719)
10) ImageIO
libtiff 4.0.4 以前のバージョンに複数の脆弱性が存在することが原因で、任意のコードを実行される脆弱性。(CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130)
11) Kernel
HFS パラメータの取り扱いにメモリ管理の欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルのメモリマップを決定できる脆弱性。(CVE-2015-3721)
12) Mail
HTML メールのサポートに欠陥が存在することが原因で、悪意のあるメールがメッセージが閲覧された時に任意の Web ページのメッセージ内容を置き換えることができる脆弱性。(CVE-2015-3710)
13) MobileInstallation
一般的提供プロファイルアプリのためのインストール処理にバンドルIDの存在の衝突を許す欠陥が存在することが原因で、悪意のある一般的提供プロファイルアプリが起動からアプリを防げる脆弱性。(CVE-2015-3725)
14) Safari
Safari の状態管理に欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでファイルシステム内のユーザ情報を危険にさらす脆弱性。(CVE-2015-1155)
15) Safari
Safari がクロスオリジンのリダイレクトのための Origin 要求ヘッダを保存する仕組みに欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアカウント情報を奪取される脆弱性。(CVE-2015-3658)
16) Security
S/MIME 電子メール及び他の署名されているか暗号化されたオブジェクトを解析するための Security フレームワークコードに整数オーバーフローの欠陥が存在することが原因で、リモートの攻撃者がアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2013-1741)
17) SQLite
SQLite の printf の実装に複数のバッファオーバーフローが存在することが原因で、リモートの攻撃者がアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3717)
18) Telephony
SIM/UIM ペイロードの解析処理に複数の入力検証の欠陥が存在することが原因で、悪意のある SIM カードが任意のコードを実行する脆弱性。(CVE-2015-3726)
19) WebKit
Anchor 要素にある rel 属性の取り扱いに欠陥が存在することが原因で、悪意のある Web サイトでリンクをクリックすることでユーザインターフェースなりすましされる脆弱性。(CVE-2015-1156)
20) WebKit
WebKit に複数のメモリ破壊の欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-1152, CVE-2015-1153)
21) WebKit
SQLite の認証に不適切な比較の欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3659)
22) WebKit
WebSQL テーブルを名前変更するために認証チェックに欠陥が存在することが原因で、悪意のある Web サイトが他の Web サイトの WebSQL データベースにアクセスする脆弱性。(CVE-2015-3727)
23) WiFi Connectivity
アクセスポイントのアドバタイスメントを知る WiFi 管理の評価に不適切な比較の欠陥が存在することが原因で、iOS デバイスがESSID として知られている信用のないアクセスポイントのアドバタイスメントと結び付けるがセキュリティタイプを格下げする脆弱性。(CVE-2015-3728)
https://support.apple.com/ja-jp/HT204941
上記 URL の iOS のセキュリティアップデートの翻訳
1) Application Store
一般的提供プロファイルアプリのためのインストール処理にバンドルIDの存在の衝突を許す欠陥が存在することが原因で、悪意のある一般的提供プロファイルアプリが起動からアプリを防げる脆弱性。(CVE-2015-3722)
2) Certificate Trust Policy
中間証明書が証明局である CNNIC によって不正に発行されることが原因で、ネットワーク関連の特権を持つ攻撃者がネットワークトラフィックを遮断できる脆弱性。
3) Certificate Trust Policy
Certificate Trust Policy が更新された。
4) CFNetwork HTTPAuthentication
ある URL 認証情報の取り扱いにメモリ破壊の欠陥が存在することが原因で、悪意のある URL が任意のコードを実行する脆弱性。(CVE-2015-3684)
5) CoreGraphics
ICCプロファイルの取り扱いに複数のメモリ破壊の欠陥が存在することが原因で、悪意のある PDF ファイルを開くことでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3723, CVE-2015-3724)
6) CoreText
テキストファイルの処理に複数のメモリ破壊の欠陥が存在することが原因で、悪意のあるテキストファイルを処理することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-1157, CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, CVE-2015-3689)
7) coreTLS
coreTLS は短い一時的な Diffie-Hellman(DH) キーを受け入れ、外部の強力な一時的な DH 暗号群として使用する。Logjam として知られている欠陥は、ネットワーク関連の特権を持つ攻撃者が外部の強力な一時的な DH 暗号群をサポートするサーバなら 512bit DH であるセキュリティに格下げする脆弱性。(CVE-2015-4000)
8) DiskImages
ディスクイメージの処理に情報漏洩の欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルのメモリマップを決定できる脆弱性。(CVE-2015-3690)
9) FontParser
フォントファイルの処理に複数のメモリ破壊が存在することが原因で、悪意のあるフォントファイルを処理することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3694, CVE-2015-3719)
10) ImageIO
libtiff 4.0.4 以前のバージョンに複数の脆弱性が存在することが原因で、任意のコードを実行される脆弱性。(CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130)
11) Kernel
HFS パラメータの取り扱いにメモリ管理の欠陥が存在することが原因で、悪意のあるアプリケーションがカーネルのメモリマップを決定できる脆弱性。(CVE-2015-3721)
12) Mail
HTML メールのサポートに欠陥が存在することが原因で、悪意のあるメールがメッセージが閲覧された時に任意の Web ページのメッセージ内容を置き換えることができる脆弱性。(CVE-2015-3710)
13) MobileInstallation
一般的提供プロファイルアプリのためのインストール処理にバンドルIDの存在の衝突を許す欠陥が存在することが原因で、悪意のある一般的提供プロファイルアプリが起動からアプリを防げる脆弱性。(CVE-2015-3725)
14) Safari
Safari の状態管理に欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでファイルシステム内のユーザ情報を危険にさらす脆弱性。(CVE-2015-1155)
15) Safari
Safari がクロスオリジンのリダイレクトのための Origin 要求ヘッダを保存する仕組みに欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアカウント情報を奪取される脆弱性。(CVE-2015-3658)
16) Security
S/MIME 電子メール及び他の署名されているか暗号化されたオブジェクトを解析するための Security フレームワークコードに整数オーバーフローの欠陥が存在することが原因で、リモートの攻撃者がアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2013-1741)
17) SQLite
SQLite の printf の実装に複数のバッファオーバーフローが存在することが原因で、リモートの攻撃者がアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3717)
18) Telephony
SIM/UIM ペイロードの解析処理に複数の入力検証の欠陥が存在することが原因で、悪意のある SIM カードが任意のコードを実行する脆弱性。(CVE-2015-3726)
19) WebKit
Anchor 要素にある rel 属性の取り扱いに欠陥が存在することが原因で、悪意のある Web サイトでリンクをクリックすることでユーザインターフェースなりすましされる脆弱性。(CVE-2015-1156)
20) WebKit
WebKit に複数のメモリ破壊の欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-1152, CVE-2015-1153)
21) WebKit
SQLite の認証に不適切な比較の欠陥が存在することが原因で、悪意のある Web サイトを閲覧することでアプリケーションが原因不明の異常終了したり、任意のコードを実行したりする脆弱性。(CVE-2015-3659)
22) WebKit
WebSQL テーブルを名前変更するために認証チェックに欠陥が存在することが原因で、悪意のある Web サイトが他の Web サイトの WebSQL データベースにアクセスする脆弱性。(CVE-2015-3727)
23) WiFi Connectivity
アクセスポイントのアドバタイスメントを知る WiFi 管理の評価に不適切な比較の欠陥が存在することが原因で、iOS デバイスがESSID として知られている信用のないアクセスポイントのアドバタイスメントと結び付けるがセキュリティタイプを格下げする脆弱性。(CVE-2015-3728)
登録:
投稿 (Atom)