:: IT Security Neophyte Investigator's MEMO ::: 10月 2015

2015年10月30日金曜日

30日金曜日、友引

+ Apache OpenOffice 4.1.2 released
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.2+Release+Notes

+ RHSA-2015:1930 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2015-1930.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704

+ RHSA-2015:1943 Moderate: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-1943.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1779

+ Selenium Client & WebDriver 2.48.2 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG

+ Opera 33 released
http://www.opera.com/docs/changelogs/unified/3300/

+ nginx 1.9.6 released
http://nginx.org/en/download.html

+ APSB15-26 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb15-26.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7649

+ CESA-2015:1943 Moderate CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/662259/

+ CESA-2015:1930 Important CentOS 6 ntp Security Update
http://lwn.net/Alerts/662160/

+ CESA-2015:1930 Important CentOS 7 ntp Security Update
http://lwn.net/Alerts/662161/

+ CESA-2015:1925 Important CentOS 5 kvm Security Update
http://lwn.net/Alerts/661884/

+ CESA-2015:1924 Important CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/661885/

+ CVE-2015-1774: Out-of-Bounds Write in HWP File Filter
http://www.openoffice.org/security/cves/CVE-2015-1774.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1774

+ PDFCreator 2.2.0 released
http://www.pdfforge.org/blog/pdfcreator-220-released

+ phpMyAdmin 4.5.1, 4.4.15.1 released
https://www.phpmyadmin.net/news/2015/10/23/phpmyadmin-451-release-notes/
https://www.phpmyadmin.net/news/2015/10/23/phpmyadmin-44151-release-notes/

+ PMASA-2015-5 Content spoofing vulnerability when redirecting user to an external site
https://www.phpmyadmin.net/security/PMASA-2015-5/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873

+ VMware Workstation 12.0.1 Player released
https://pubs.vmware.com/Release_Notes/en/workstation/12player/player-1201-release-notes.html

+ Linux kernel 4.2.5, 4.1.12, 3.18.23, 3.14.56, 3.10.92 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.12
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.56
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.92

+ UPDATE: Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

+ Samba 4.2.5 Available for Download
http://samba.org/samba/history/samba-4.2.5.html

+ HS15-027 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-027/index.html

+ HS15-026 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS15-026/index.html

+ HS15-027 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-027/index.html

+ HS15-026 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS15-026/index.html

+ FreeBSD-SA-15:25.ntp Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:25.ntp.asc

+ Sysstat 11.0.8 released
http://sebastien.godard.pagesperso-orange.fr/

+ Linux Kernel <= 3.18 Buffer overflow when copying data from skbuff to userspace
https://cxsecurity.com/issue/WLB-2015100170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8019

VU#573848 Qolsys IQ Panel contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/573848

VU#350508 HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password
http://www.kb.cert.org/vuls/id/350508

VU#672500 EPSON Network Utility contains a privilege escalation vulnerability
http://www.kb.cert.org/vuls/id/672500

2015年10月23日金曜日

23日金曜日、先勝

+ RHSA-2015:1921 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1921.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

+ RHSA-2015:1924 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2015-1924.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5279

+ RHSA-2015:1919 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1919.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

+ RHSA-2015:1920 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-1920.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

+ RHSA-2015:1917 Important: libwmf security update
https://rhn.redhat.com/errata/RHSA-2015-1917.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4696

+ About the security content of OS X Server 5.0.15
https://support.apple.com/ja-jp/HT205376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7031

+ About the security content of iTunes 12.3.1
https://support.apple.com/ja-jp/HT205372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7017

+ About the security content of OS X El Capitan v10.11.1 and Security Update 2015-007
https://support.apple.com/ja-jp/HT205375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5943

+ About the security content of Safari 9.0.1
https://support.apple.com/ja-jp/HT205377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7014

+ About the security content of watchOS 2.0.1
https://support.apple.com/ja-jp/HT205378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5916
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6974

+ About the security content of iOS 9.1
https://support.apple.com/ja-jp/HT205370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7014

+ Google Chrome 46.0.2490.80 released
http://googlechromereleases.blogspot.jp/2015/10/stable-channel-update_22.html

+ Mozilla Firefox 41.0.2 released
https://www.mozilla.org/en-US/firefox/41.0.2/releasenotes/

MFSA-2015-115 Cross-origin restriction bypass using Fetch
https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/

+ APSB15-27 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7648

+ CESA-2015:1920 Critical CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/661745/

+ CESA-2015:1919 Important CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/661747/

+ CESA-2015:1920 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/661743/

+ CESA-2015:1921 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/661744/

+ CESA-2015:1919 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/661746/

+ CESA-2015:1917 Important CentOS 7 libwmf Security Update
http://lwn.net/Alerts/661570/

+ CESA-2015:1917 Important CentOS 6 libwmf Security Update
http://lwn.net/Alerts/661569/

+ Wireshark 1.12.8 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.8.html

+ UPDATE: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp

+ Cisco ASA Software DNS Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2

+ Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1

+ Cisco ASA Software DNS Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1

+ Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike

+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

+ Linux kernel 4.2.4, 4.1.11, 3.14.55, 3.10.91, 3.4.110 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.11
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.55
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.91
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.110

+ Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

+ Oracle Linux Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

+ Samba 4.3.1 Available for Download
https://www.samba.org/samba/history/samba-4.3.1.html

+ Oracle Critical Patch Update Advisory - October 2015
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

+ Apache Tomcat 8.0.28, 7.0.65 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.28_(markt)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

+ Java SE 8u65 / 8u66 released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html

+ NTP 4.2.8p4 released
http://archive.ntp.org/ntp4/ChangeLog-stable

+ Postfix stable release 3.0.3 and legacy releases 2.11.7, 2.10.9, and 2.9.15
http://www.postfix.org/announcements/postfix-3.0.3.html

+ ntp Multiple Flaws Let Remote Users Deny Service, View Files, and Bypass Authentication to Modify the Time
http://www.securitytracker.com/id/1033951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871

+ Linux Kernel PPP Device Driver Bug Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1033809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799

+ Linux Kernel SCTP Initialization Race Condition Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1033808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5283

+ Safari 9.0 (11601.1.56) file prefix crash in HashTable
https://cxsecurity.com/issue/WLB-2015100138

+ Adobe Flash Type Confusion IExternalizable When Performing Local Serialization
https://cxsecurity.com/issue/WLB-2015100136

pgFormatter 1.5 released
http://www.postgresql.org/about/news/1622/

Ora2Pg 16 released
http://www.postgresql.org/about/news/1620/

+ MySQL 5.7.9 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-9.html

+ Tcl/Tk 8.6.4 released
http://www.tcl.tk/software/tcltk/8.6.html

JVNDB-2015-000160 アバストにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000160.html

JVNDB-2015-000162 Android アプリ AirDroid における暗黙的 Intent の扱いに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000162.html

JVNDB-2015-000126 eXtplorer におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000126.html

JVNDB-2015-000159 iOS 版 Party Track SDK におけるサーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000159.html

TEDがNRIセキュアと組んでWAF「BIG-IP ASM」の運用監視サービスを提供
http://itpro.nikkeibp.co.jp/atcl/news/15/102303493/?ST=security

キヤノンITソリューションズ、デスクトップLinux用ウイルス対策ソフト
http://itpro.nikkeibp.co.jp/atcl/news/15/102203490/?ST=security

トレンドマイクロ、HPから事業買収に驚き
http://itpro.nikkeibp.co.jp/atcl/column/14/509445/102200343/?ST=security

トレンドマイクロ、HPの侵入防止システム事業を約3億ドルで買収へ
http://itpro.nikkeibp.co.jp/atcl/news/15/102203482/?ST=security

［迷惑ソフト編］いつの間に？効果はある？不要なら削除
http://itpro.nikkeibp.co.jp/atcl/column/15/101500244/101500004/?ST=security

フォーティネット、無線LANアクセスポイントにUTM機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/15/102003443/?ST=security

米中首脳会談後も米企業にサイバー攻撃、米セキュリティ会社が報告
http://itpro.nikkeibp.co.jp/atcl/news/15/102003436/?ST=security

JVNVU#92655282 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92655282/

JVNVU#99671861 UPnP を実装した複数のルータ製品にセキュリティ機能の実装が不十分な問題
http://jvn.jp/vu/JVNVU99671861/

JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/

JVNVU#99430390 Windows NTLM が file:// URL へのリダイレクト時に SMB 接続を行いユーザ認証情報を送信する問題
http://jvn.jp/vu/JVNVU99430390/

JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/

VU#840844 HP Photosmart B210 printer SMB server buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/840844

VU#966927 HP Client Automation and Radia Client Automation is vulnerable to remote code execution
http://www.kb.cert.org/vuls/id/966927

VU#935424 Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability
http://www.kb.cert.org/vuls/id/935424

VU#675052 Medicomp MEDCIN Engine contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/675052

VU#842252 HP ArcSight Logger contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/842252

VU#943167 Voice over LTE implementations contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/943167

2015年10月14日水曜日

14日水曜日、仏滅

+ 2015 年 10 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms15-oct

+ MS15-106 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3096441)
https://technet.microsoft.com/library/security/MS15-106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6059

+ MS15-107 - 重要 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3096448)
https://technet.microsoft.com/library/security/MS15-107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6058

+ MS15-108 - 緊急リモートでのコード実行に対処する JScript および VBScript 用のセキュリティ更新プログラム (3089659)
https://technet.microsoft.com/ja-jp/library/security/ms15-108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6059

+ MS15-109 - 緊急リモートでのコード実行に対処する Windows Shell 用のセキュリティ更新プログラム (3096443)
https://technet.microsoft.com/library/security/MS15-109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2548

+ MS15-110 - 重要リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3096440)
https://technet.microsoft.com/library/security/MS15-110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6039

+ MS15-111 - 重要特権の昇格に対処する Windows カーネル用のセキュリティ更新プログラム (3096447)
https://technet.microsoft.com/library/security/MS15-111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2553

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ UPDATE: マイクロソフトセキュリティアドバイザリ 2960358 .NET TLS で RC4 を無効化するための更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2960358

+ UPDATE: マイクロソフトセキュリティアドバイザリ 3042058 既定の暗号スイートの優先度の設定の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3042058

+ UPDATE: マイクロソフトセキュリティアドバイザリ 3097966 不注意で発行されたデジタル証明書により、なりすましが行われる
https://technet.microsoft.com/ja-jp/library/security/3097966

+ Selenium Standalone Server 2.48.2 released
https://github.com/SeleniumHQ/selenium/wiki/Grid2

+ Google Chrome 46.0.2490.71 released
http://googlechromereleases.blogspot.jp/2015/10/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6757
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6762

+ APSB15-25 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7644

+ APSB15-24 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb15-24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7624

+ CESA-2015:1890 Important CentOS 7 spice Security Update
http://lwn.net/Alerts/660505/

+ CESA-2015:1889 Important CentOS 6 spice-server Security Update
http://lwn.net/Alerts/660506/

+ Linux kernel 3.2.72 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.72

+ Samba 4.1.21 Available for Download
https://www.samba.org/samba/history/samba-4.1.21.html

+ CentOS Linux 7 32-bit x86 (i386) Architecture Released
http://seven.centos.org/?p=528

+ Apache Log4j 2.4.1 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.4.1

2UDA Beta (1) Released
http://www.postgresql.org/about/news/1618/

Database Designer for PostgreSQL 1.10.6 available
http://www.postgresql.org/about/news/1619/

New version of Oracle-to-PostgreSQL converter has been released
http://www.postgresql.org/about/news/1617/

安全快適無線LAN、最新設定テクニック
［3］各社最新Wi-Fiルーターの機能を点検、特徴をつかむ
http://itpro.nikkeibp.co.jp/atcl/column/15/100800238/100800003/?ST=security

Networkキーワード
CSIRTとは
http://itpro.nikkeibp.co.jp/atcl/keyword/14/260922/101300039/?ST=security

ITpro Report
［改正個人情報保護法の全貌2］携帯番号や端末IDは個人情報？
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/100200093/?ST=security

マイナンバーで初のトラブル、取手市が69世帯の住民票に個人番号を誤記載
http://itpro.nikkeibp.co.jp/atcl/news/15/101303364/?ST=security

パロアルト、SaaS向けのマルウエア検査サービスと脅威情報の検索サービスを提供
http://itpro.nikkeibp.co.jp/atcl/news/15/101303359/?ST=security

ALSOK、監視カメラの録画映像を保管するクラウドサービス
http://itpro.nikkeibp.co.jp/atcl/news/15/101303358/?ST=security

警視庁が厚労省室長補佐を逮捕、マイナンバー関連システムで収賄容疑
http://itpro.nikkeibp.co.jp/atcl/news/15/101303356/?ST=security

セキュリティ対策ソフトの新版「カスペルスキー2016」、Webポータルでリモート管理可能に
http://itpro.nikkeibp.co.jp/atcl/news/15/101303355/?ST=security

JVNVU#96884018 QNAP QTS にパストラバーサルの脆弱性
http://jvn.jp/vu/JVNVU96884018/

VU#870744 ZyXEL NBG-418N, PMG5318-B20A and P-660HW-T1 routers contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/870744

2015年10月13日火曜日

13日火曜日、先負

+ RHSA-2015:1889 Important: spice-server security update
https://rhn.redhat.com/errata/RHSA-2015-1889.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5261

+ RHSA-2015:1890 Important: spice security update
https://rhn.redhat.com/errata/RHSA-2015-1890.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5261

+ UPDATE: Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2

+ Apache HTTP Server 2.4.17 Released
http://www.apache.org/dist/httpd/Announcement2.4.html

+ Postfix 3.0.3, 2.11.7, 2.10.9, 2.9.15 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.7.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.9.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.15.HISTORY

+ PostgreSQL Bugs Let Remote Users Deny Service and May Let Remote Users Obtain Portions of Memory
http://www.securitytracker.com/id/1033775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289

+ Kaspersky Internet Security Password Related Bugs Let Local Users Obtain the Application's Administration Password and Bypass Authentication to Modify the Configuration
http://www.securitytracker.com/id/1033768

+ Kaspersky Anti-Virus Password Related Bugs Let Local Users Obtain the Application's Administration Password and Bypass Authentication to Modify the Configuration
http://www.securitytracker.com/id/1033767

PostgreSQL RESTful API
http://www.postgresql.org/about/news/1616/

JVNDB-2015-000158 島根県CMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000158.html

JVNDB-2015-000154 phpRechnung における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000154.html

JVNDB-2015-000153 Dojo Toolkit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000153.html

チェックしておきたい脆弱性情報＜2015.10.13＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/100400081/?ST=security

安全快適無線LAN、最新設定テクニック
［1］最新規格は格段に速い、Wi-Fiルーターをより快適にしよう
http://itpro.nikkeibp.co.jp/atcl/column/15/100800238/100800001/?ST=security

安全快適無線LAN、最新設定テクニック
［2］実は様々な機能がある！Wi-Fiルーターの役割と違いを理解しよう
http://itpro.nikkeibp.co.jp/atcl/column/15/100800238/100800002/?ST=security

統計＆調査
［データは語る］2015年第3四半期のインシデントは4128件、前年同期比11％減―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/100900339/?ST=security

今、そこにあるウイルスメールと第3次安倍改造内閣IT担当大臣
http://itpro.nikkeibp.co.jp/atcl/column/14/509445/100900333/?ST=security

VU#751328 QNAP QTS is vulnerable to a path traversal attack when used with the AFP protocol and OS X
http://www.kb.cert.org/vuls/id/751328

2015年10月9日金曜日

9日金曜日、仏滅

+ APSB15-24 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/reader/apsb15-24.html

+ 2015-10-08 Security Update Release
http://www.postgresql.org/about/news/1615/
CVE-2015-5289
CVE-2015-5288

+ PostgreSQL 9.4.5, 9.3.10, 9.2.14, 9.1.19, 9.0.23 released
http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
http://www.postgresql.org/docs/9.2/static/release-9-2-14.html
http://www.postgresql.org/docs/9.1/static/release-9-1-19.html
http://www.postgresql.org/docs/9.0/static/release-9-0-23.html

+ PostgreSQL 9.5 Beta 1 Released
http://www.postgresql.org/about/news/1614/

+ MySQL 5.6.24 Buffer Overflow
https://cxsecurity.com/issue/WLB-2015100068

欧米間個人情報転送に関する協定は「無効」、EU裁判所が判断
http://itpro.nikkeibp.co.jp/atcl/news/15/100803312/?ST=security

2015年10月8日木曜日

8日木曜日、先負

+ RHSA-2015:1852 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-1852.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

+ Selenium Standalone Server 2.48.0 released
http://docs.seleniumhq.org/download/

+ Selenium The Internet Explorer Driver Server 2.48.0 released
http://goo.gl/LJ07LL

+ Selenium Client & WebDriver 2.48.0 released
http://docs.seleniumhq.org/download/

+ About the security content of OS X El Capitan v10.11
https://support.apple.com/ja-jp/HT205267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5854

+ About the security content of Safari 9
https://support.apple.com/ja-jp/HT205265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5828

+ iOS 9.0.2 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT205284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5923

+ CESA-2015:1852 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/659016/

+ CESA-2015:1852 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/659017/

+ CESA-2015:1852 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/659018/

+ CESA-2015:1840 Important CentOS 7 openldap Security Update
http://lwn.net/Alerts/658810/

+ Mozilla Firefox 41.0.1 released
https://www.mozilla.org/en-US/firefox/41.0.1/releasenotes/

+ Mozilla Thunderbird 38.3.0 released
https://www.mozilla.org/en-US/thunderbird/38.3.0/releasenotes/

+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

+ UPDATE: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100210-ironport

+ Linux kernel 4.2.3, 4.1.10, 3.18.22, 3.14.54, 3.12.49, 3.10.90, 3.4.109, 3.2.71, 2.6.32.68 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.10
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.54
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.49
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.90
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.109
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.71
https://cdn.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.68

+ SYM15-010 Security Advisories Relating to Symantec Products - Symantec NetBackup OpsCenter Server Reflected Cross-Site Scripting
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151001_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6549

+ VMSA-2015-0007.1 VMware vCenter and ESXi updates address critical security issues.
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047

+ Apache Tomcat 8.0.27 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.27_(markt)

+ cURL 7.45.0 released
http://curl.haxx.se/

+ Dovecot 2.2.19 released
http://www.dovecot.org/list/dovecot-news/2015-October/000299.html

+ MySQL 5.6.27, 5.5.46 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html

+ PHP 5.6.14, 5.5.30 released
http://www.php.net/ChangeLog-5.php#5.6.14
http://www.php.net/ChangeLog-5.php#5.5.30

+ Apache Commons Components HttpClient HTTPS Timeout Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1033743

+ PHP Phar Extension Bugs Let Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1033740

+ Linux Kernel VHOST_SCSI_SET_ENDPOINT Call Array Index Error Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System
http://www.securitytracker.com/id/1033729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4036

+ Linux Kernel Infinite Loop in perf_callchain_user_64() Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1033728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6526

+ Apple iOS Lock Screen Flaw Lets Physically Local Users Access Photos and Contacts on the Target System
http://www.securitytracker.com/id/1033687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5923

+ Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1033666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252

+ PHP 5.6.13 Uninitialized pointer in phar_make_dirstream
https://cxsecurity.com/issue/WLB-2015100035

+ PHP 5.6.13 phar_get_fp_offset() Null pointer dereference
https://cxsecurity.com/issue/WLB-2015100034

+ Apple Safari for OS X URI spoofing
https://cxsecurity.com/issue/WLB-2015100032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5764

JVNDB-2015-000152 サイボウズガルーンにおける LDAP インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000152.html

JVNDB-2015-000151 サイボウズガルーンにおいて任意の PHP コードが実行される複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000151.html

JVNDB-2015-000149 gollum における任意のファイルを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000149.html

JVNDB-2015-000148 Dotclear におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000148.html

JVNDB-2015-000141 Windows 版 Python における任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000141.html

JVNDB-2015-000140 Canary Labs 製 Trend Web Server におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000140.html

JVNDB-2015-000147 AjaXplorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000147.html

日立製作所と米HP、サイバー攻撃の情報共有を開始
http://itpro.nikkeibp.co.jp/atcl/news/15/100603284/?ST=security

「iOSの安全神話は崩れた」、米ルックアウトとCTCが企業向けモバイルマルウエア対策製品
http://itpro.nikkeibp.co.jp/atcl/news/15/100603275/?ST=security

新たなiOSマルウエア「YiSpecter」、非脱獄デバイスも攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/100603271/?ST=security

チェックしておきたい脆弱性情報＜2015.10.06＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/100400080/?ST=security

［ITpro EXPO 2015］Jiransoft、10月1日発売の情報漏洩対策ソリューションを展示
http://itpro.nikkeibp.co.jp/atcl/news/15/100203215/?ST=security

BIGLOBE、迷惑電話を自動的に着信拒否するAndroidアプリ
http://itpro.nikkeibp.co.jp/atcl/news/15/100103204/?ST=security

記者の眼
サイバー攻撃を多層で迎撃、大企業にも普及するUTMの今どきの実力
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092400378/?ST=security

VU#693036 Datalex airline booking software allowed authorization bypass for arbitrary users
http://www.kb.cert.org/vuls/id/693036

登録: 投稿 (Atom)

2015年10月30日金曜日

30日 金曜日、友引

2015年10月23日金曜日

23日 金曜日、先勝