:: IT Security Neophyte Investigator's MEMO ::: 8日木曜日、先負

2015年10月8日木曜日

8日木曜日、先負

+ RHSA-2015:1852 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-1852.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180

+ Selenium Standalone Server 2.48.0 released
http://docs.seleniumhq.org/download/

+ Selenium The Internet Explorer Driver Server 2.48.0 released
http://goo.gl/LJ07LL

+ Selenium Client & WebDriver 2.48.0 released
http://docs.seleniumhq.org/download/

+ About the security content of OS X El Capitan v10.11
https://support.apple.com/ja-jp/HT205267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5885
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5913
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5917
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5523
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5854

+ About the security content of Safari 9
https://support.apple.com/ja-jp/HT205265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5828

+ iOS 9.0.2 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT205284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5923

+ CESA-2015:1852 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/659016/

+ CESA-2015:1852 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/659017/

+ CESA-2015:1852 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/659018/

+ CESA-2015:1840 Important CentOS 7 openldap Security Update
http://lwn.net/Alerts/658810/

+ Mozilla Firefox 41.0.1 released
https://www.mozilla.org/en-US/firefox/41.0.1/releasenotes/

+ Mozilla Thunderbird 38.3.0 released
https://www.mozilla.org/en-US/thunderbird/38.3.0/releasenotes/

+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

+ UPDATE: Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100210-ironport

+ Linux kernel 4.2.3, 4.1.10, 3.18.22, 3.14.54, 3.12.49, 3.10.90, 3.4.109, 3.2.71, 2.6.32.68 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.10
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.22
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.54
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.49
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.90
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.109
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.71
https://cdn.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.68

+ SYM15-010 Security Advisories Relating to Symantec Products - Symantec NetBackup OpsCenter Server Reflected Cross-Site Scripting
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151001_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6549

+ VMSA-2015-0007.1 VMware vCenter and ESXi updates address critical security issues.
http://www.vmware.com/security/advisories/VMSA-2015-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1047

+ Apache Tomcat 8.0.27 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.27_(markt)

+ cURL 7.45.0 released
http://curl.haxx.se/

+ Dovecot 2.2.19 released
http://www.dovecot.org/list/dovecot-news/2015-October/000299.html

+ MySQL 5.6.27, 5.5.46 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-27.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-46.html

+ PHP 5.6.14, 5.5.30 released
http://www.php.net/ChangeLog-5.php#5.6.14
http://www.php.net/ChangeLog-5.php#5.5.30

+ Apache Commons Components HttpClient HTTPS Timeout Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1033743

+ PHP Phar Extension Bugs Let Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1033740

+ Linux Kernel VHOST_SCSI_SET_ENDPOINT Call Array Index Error Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System
http://www.securitytracker.com/id/1033729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4036

+ Linux Kernel Infinite Loop in perf_callchain_user_64() Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1033728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6526

+ Apple iOS Lock Screen Flaw Lets Physically Local Users Access Photos and Contacts on the Target System
http://www.securitytracker.com/id/1033687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5923

+ Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1033666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252

+ PHP 5.6.13 Uninitialized pointer in phar_make_dirstream
https://cxsecurity.com/issue/WLB-2015100035

+ PHP 5.6.13 phar_get_fp_offset() Null pointer dereference
https://cxsecurity.com/issue/WLB-2015100034

+ Apple Safari for OS X URI spoofing
https://cxsecurity.com/issue/WLB-2015100032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5764

JVNDB-2015-000152 サイボウズガルーンにおける LDAP インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000152.html

JVNDB-2015-000151 サイボウズガルーンにおいて任意の PHP コードが実行される複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000151.html

JVNDB-2015-000149 gollum における任意のファイルを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000149.html

JVNDB-2015-000148 Dotclear におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000148.html

JVNDB-2015-000141 Windows 版 Python における任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000141.html

JVNDB-2015-000140 Canary Labs 製 Trend Web Server におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000140.html

JVNDB-2015-000147 AjaXplorer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000147.html

日立製作所と米HP、サイバー攻撃の情報共有を開始
http://itpro.nikkeibp.co.jp/atcl/news/15/100603284/?ST=security

「iOSの安全神話は崩れた」、米ルックアウトとCTCが企業向けモバイルマルウエア対策製品
http://itpro.nikkeibp.co.jp/atcl/news/15/100603275/?ST=security

新たなiOSマルウエア「YiSpecter」、非脱獄デバイスも攻撃
http://itpro.nikkeibp.co.jp/atcl/news/15/100603271/?ST=security

チェックしておきたい脆弱性情報＜2015.10.06＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/100400080/?ST=security

［ITpro EXPO 2015］Jiransoft、10月1日発売の情報漏洩対策ソリューションを展示
http://itpro.nikkeibp.co.jp/atcl/news/15/100203215/?ST=security

BIGLOBE、迷惑電話を自動的に着信拒否するAndroidアプリ
http://itpro.nikkeibp.co.jp/atcl/news/15/100103204/?ST=security

記者の眼
サイバー攻撃を多層で迎撃、大企業にも普及するUTMの今どきの実力
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092400378/?ST=security

VU#693036 Datalex airline booking software allowed authorization bypass for arbitrary users
http://www.kb.cert.org/vuls/id/693036

:: IT Security Neophyte Investigator's MEMO ::

2015年10月8日木曜日

8日木曜日、先負

0 件のコメント:

コメントを投稿

2015年10月8日木曜日

8日 木曜日、先負

0 件のコメント:

コメントを投稿

8日木曜日、先負