2015年8月13日木曜日

13日 木曜日、仏滅

+ 2015 年 8 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-aug

+ MS15-079 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3082442)
https://technet.microsoft.com/library/security/MS15-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423

+ MS15-080 - 緊急 Microsoft Graphics コンポーネントの脆弱性により、リモートでコードが実行される (3078662)
https://technet.microsoft.com/library/security/MS15-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2454
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2465

+ MS15-081 - 緊急 Microsoft Office の脆弱性により、リモートでコードが実行される (3080790)
https://technet.microsoft.com/library/security/MS15-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2470

+ MS15-082 - 重要 RDP の脆弱性により、リモートでコードが実行される (3080348)
https://technet.microsoft.com/library/security/ms15-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2473

+ MS15-083 - 重要 サーバー メッセージ ブロックの脆弱性により、リモートでコードが実行される (3073921)
https://technet.microsoft.com/library/security/ms15-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2474

+ MS15-084 - 重要 XML コア サービスの脆弱性により、情報漏えいが起こる (3080129)
https://technet.microsoft.com/library/security/ms15-084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2440

+ MS15-085 - 重要 マウント マネージャーの脆弱性により、特権が昇格される (3082487)
https://technet.microsoft.com/library/security/MS15-085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1769

+ MS15-086 - 重要 System Center Operations Manager の脆弱性により、特権が昇格される (3075158)
https://technet.microsoft.com/ja-jp/library/security/ms15-086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2420

+ MS15-087 - 重要 UDDI サービスの脆弱性により、特権が昇格される (3082459)
https://technet.microsoft.com/library/security/MS15-087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2475

+ MS15-088 - 重要 安全ではないコマンド ライン パラメーターの受け渡しにより、情報漏えいが起こる (3082458)
https://technet.microsoft.com/library/security/MS15-088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2423

+ MS15-089 - 重要 WebDAV の脆弱性により、情報漏えいが起こる (3076949)
https://technet.microsoft.com/library/security/MS15-089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2476

+ MS15-090 - 重要 Microsoft Windows の脆弱性により、特権が昇格される (3060716)
https://technet.microsoft.com/library/security/MS15-090

+ MS15-091 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3084525)
https://technet.microsoft.com/library/security/MS15-091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2449

+ MS15-092 - 重要 .NET Framework の脆弱性により、特権が昇格される (3086251)
https://technet.microsoft.com/library/security/MS15-092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2481

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ RHSA-2015:1586 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-1586.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493

+ Mozilla Firefox 40.0 released
https://www.mozilla.org/en-US/firefox/40.0/releasenotes/

+ MFSA 2015-93 Integer overflows in libstagefright while processing MP4 video metadata
https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4496

+ MFSA 2015-92 Use-after-free in XMLHttpRequest with shared workers
https://www.mozilla.org/en-US/security/advisories/mfsa2015-92/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492

+ MFSA 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
https://www.mozilla.org/en-US/security/advisories/mfsa2015-91/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4490

+ MFSA 2015-90 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489

+ MFSA 2015-89 Buffer overflows on Libvpx when decoding WebM video
https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486

+ MFSA 2015-88 Heap overflow in gdk-pixbuf when scaling bitmap images
https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491

+ MFSA 2015-87 Crash when using shared memory in JavaScript
https://www.mozilla.org/en-US/security/advisories/mfsa2015-87/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484

+ MFSA 2015-86 Feed protocol with POST bypasses mixed content protections
https://www.mozilla.org/en-US/security/advisories/mfsa2015-86/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4483

+ MFSA 2015-85 Out-of-bounds write with Updater and malicious MAR file
https://www.mozilla.org/en-US/security/advisories/mfsa2015-85/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4482

+ MFSA 2015-84 Arbitrary file overwriting through Mozilla Maintenance Service with hard links
https://www.mozilla.org/en-US/security/advisories/mfsa2015-84/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4481

+ MFSA 2015-83 Overflow issues in libstagefright
https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4493

+ MFSA 2015-82 Redefinition of non-configurable JavaScript object properties
https://www.mozilla.org/en-US/security/advisories/mfsa2015-82/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478

+ MFSA 2015-81 Use-after-free in MediaStream playback
https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4477

+ MFSA 2015-80 Out-of-bounds read with malformed MP3 file
https://www.mozilla.org/en-US/security/advisories/mfsa2015-80/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475

+ MFSA 2015-79 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474

+ APSB15-19 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565

+ CESA-2015:1586 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/654246/

+ CESA-2015:1586 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/654247/

+ CESA-2015:1586 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/654248/

+ Wireshark 1.12.7 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.7.html

+ ActivePerl 5.22.0.2000, 5.20.2.2002, 5.18.4.1805 released
http://www.activestate.com/activeperl/downloads

+ cURL 7.44.0 released
http://curl.haxx.se/changes.html

+ OpenSSH 7.0 released
http://www.openssh.com/txt/release-7.0

+ JVNDB-2015-000112 Microsoft Office における情報漏えいの問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000112.html

+ Windows 10に「緊急」の脆弱性3件、リリース後初の月例パッチ
http://itpro.nikkeibp.co.jp/atcl/news/15/081202637/?ST=security

+ GnuTLS Double Free Memory Error in DN Decoding Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1033226

JVNDB-2015-000114 「【Gallery01】PC、スマホ、ガラケー3デバイス対応写真ギャラリーCMS フリー(無料)版」におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000114.html

JVNDB-2015-000113 「【Gallery01】PC、スマホ、ガラケー3デバイス対応写真ギャラリーCMS フリー(無料)版」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000113.html

JVNVU#91620801 Actiontec GT784WN Wireless N DSL モデムルータに複数の脆弱性
http://jvn.jp/vu/JVNVU91620801/index.html

JVNVU#93910224 Mobile Devices 製 C4 OBD2 ドングルに複数の脆弱性
http://jvn.jp/vu/JVNVU93910224/index.html

VU#335192 Actiontec GT784WN Wireless N DSL Modem contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/335192

VU#209512 Mobile Devices C4 ODB2 dongle contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/209512

0 件のコメント:

コメントを投稿