2015年9月28日月曜日

28日 月曜日、大安

+ マイクロソフト セキュリティ アドバイザリ 3097966 不注意で発行されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/3097966

+ RHSA-2015:1834 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-1834.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

+ RHSA-2015:1833 Moderate: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-1833.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5165

+ TortoiseSVN 1.9.2 released
http://tortoisesvn.net/tsvn_1.9_releasenotes.html

+ About the security content of watchOS 2
https://support.apple.com/ja-jp/HT205213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5918
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523

+ Google Chrome 45.0.2454.101 released
http://googlechromereleases.blogspot.jp/2015/09/stable-channel-update_24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1304

+ Mozilla Firefox 41.0 released
https://www.mozilla.org/en-US/firefox/41.0/releasenotes/

+ nginx 1.9.5 released
http://nginx.org/en/download.html

+ APSB15-23 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6682

+ CESA-2015:1834 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/658178/

+ CESA-2015:1834 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/658179/

+ CESA-2015:1833 Moderate CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/658180/

+ CESA-2015:1834 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/658177/

+ MFSA 2015-114 Information disclosure via the High Resolution Time API
https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/

+ MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library
https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7179

+ MFSA 2015-112 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

+ MFSA 2015-111 Errors in the handling of CORS preflight request headers
https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520

+ MFSA 2015-110 Dragging and dropping images exposes final URL after redirects
https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519

+ MFSA 2015-109 JavaScript immutable property enforcement can be bypassed
https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516

+ MFSA 2015-108 Scripted proxies can access inner window
https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4502

+ MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems
https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4512

+ MFSA 2015-106 Use-after-free while manipulating HTML media content
https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509

+ MFSA 2015-105 Buffer overflow while decoding WebM video
https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511

+ MFSA 2015-104 Use-after-free with shared workers and IndexedDB
https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4510

+ MFSA 2015-103 URL spoofing in reader mode
https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
VE-2015-4508

+ MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript
https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4507

+ MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video
https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506

+ MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater
https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4505

+ MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme
https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476

+ MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes
https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4504

+ MFSA 2015-97 Memory leak in mozTCPSocket to servers
https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4503

+ MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501

+ phpMyAdmin 4.5.0.2, 4.5.0.1 released
https://www.phpmyadmin.net/news/2015/9/25/phpmyadmin-4502-release-notes/
https://www.phpmyadmin.net/news/2015/9/24/phpmyadmin-4501-release-notes/

+ Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6278

+ Cisco IOS XE Software Network Address Translation Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6282

+ Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6280

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ Linux kernel 4.2.1, 4.1.8, 3.14.53, 3.12.48, 3.10.89, 3.4.109, 2.6.32.68 released
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.1
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.8
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.53
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.48
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.89
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.109
https://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.68

+ Apache Log4j 2.4 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.4

+ Apache POI 3.13 available
http://www.apache.org/dyn/closer.lua/poi/release/RELEASE-NOTES.txt

+ Apache Struts 2.3.24.1 released
http://struts.apache.org/announce.html#a20150924

+ S2-026 Special top object can be used to access Struts' internals
http://struts.apache.org/docs/s2-026.html

+ S2Container.NET 1.4.1, 1.3.20 released
https://github.com/seasarorg/s2container.net/blob/Branch_9fa203d7d48a682597ac03f198b66ccdd9997227/s2container.net/Changes.2013.txt
https://github.com/seasarorg/s2container.net/blob/s2container.net-v1.3-for.NET2.0/s2container.net/Changes.2013.txt

+ JVNVU#92999848 HTTP リクエスト経由で設定された Cookie によって HTTPS 接続がバイパスされたり情報漏えいが発生する問題
http://jvn.jp/vu/JVNVU92999848/

+ VU#804060 Cookies set via HTTP requests may be used to bypass HTTPS and reveal private information
http://www.kb.cert.org/vuls/id/804060

+ Windows 10 and others - kernel buffer overflow in NtGdiBitBlt PoC
https://cxsecurity.com/issue/WLB-2015090152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2512

PostgresDAC meets RAD Studio 10 Seattle!
http://www.postgresql.org/about/news/1610/

記者の眼
蔓延するセキュリティの勘違い、いま一度確認を
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092400377/?ST=security

チェックしておきたい脆弱性情報<2015.09.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/091900078/?ST=security

チェックしておきたい脆弱性情報<2015.09.25>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/091900077/?ST=security

堺市職員が100世帯分の国勢調査情報を一時紛失、不祥事が続くもずさんな管理は変わらず
http://itpro.nikkeibp.co.jp/atcl/news/15/092403040/?ST=security

米政府人事管理局の情報漏えい、指紋データ盗難は560万人分
http://itpro.nikkeibp.co.jp/atcl/news/15/092403039/?ST=security

App Storeの一部にマルウエア感染、「不正アプリは削除済み」とApple
http://itpro.nikkeibp.co.jp/atcl/news/15/092403035/?ST=security

堺市の有権者情報約68万人分はなぜ持ち出されたのか、市の調査担当者に聞く
http://itpro.nikkeibp.co.jp/atcl/news/15/091803030/?ST=security

JVNVU#99921475 refbase (Web Reference Database) に複数の脆弱性
http://jvn.jp/vu/JVNVU99921475/

0 件のコメント:

コメントを投稿