30日 月曜日、仏滅

+ CESA-2015:2519 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/665964/

+ CESA-2015:2519 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/665965/

+ Linux kernel 3.12.51, 3.2.74 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.74

+ ProFTPd 1.3.5a Heap Overflow
https://cxsecurity.com/issue/WLB-2015110233

+ Google Translate Cross Site Scripting
https://cxsecurity.com/issue/WLB-2015110221

JVNDB-2015-000187 Apache Cordova におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000187.html

JVNDB-2015-000186 ManageEngine Firewall Analyzer におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000186.html

JVNDB-2015-000185 ManageEngine Firewall Analyzer におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html

チェックしておきたい脆弱性情報＜2015.11.30＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/112600087/?ST=security

27日 金曜日、先勝

+ RHSA-2015:2519 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2015-2519.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200

+ Mozilla Thunderbird 38.4.0 released
https://www.mozilla.org/en-US/thunderbird/38.4.0/releasenotes/

+ UPDATE: Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

+ PHP 5.6.16 is available
http://www.php.net/ChangeLog-5.php#5.6.16

JVNVU#99824449 Dell System Detect (DSD) がルート証明書と秘密鍵 (DSDTestProvider) をインストールする問題
http://jvn.jp/vu/JVNVU99824449/

JVNVU#91791008 Dell Foundation Services (DFS) がルート証明書と秘密鍵 (eDellRoot) をインストールする問題
http://jvn.jp/vu/JVNVU91791008/

UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html

UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/index.html

UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html

UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/index.html

UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/index.html

JVNVU#96100360 組込み機器に固有でない X.509 証明書および SSH ホスト鍵を使用している問題
http://jvn.jp/vu/JVNVU96100360/index.html

Google、「忘れられる権利」対策で累計44万リンクを削除
http://itpro.nikkeibp.co.jp/atcl/news/15/112603862/?ST=security

26日 木曜日、赤口

+ Gpg4win 2.3.0 released
https://www.gpg4win.org/change-history.html

+ Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6358

+ UPDATE: Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070328-CVE-2007-1834

+ UPDATE: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install

+ Cisco ASR 5000 Series Telnetd Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-asr5000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6382

+ Apache Tomcat 8.0.29 Released
http://ftp.kddilabs.jp/infosystems/apache/tomcat/tomcat-8/v8.0.29/README.html

+ VU#566724 Embedded devices use non-unique X.509 certificates and SSH host keys
http://www.kb.cert.org/vuls/id/566724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8251

+ Cisco ASA Management Interface XML Parsing Flaw Lets Remote Authenticated Users Cause the Target System to Become Unstable or Crash
http://www.securitytracker.com/id/1034251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6379

+ Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts
http://www.securitytracker.com/id/1034243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242

The introduction of stateful HA, Active/Active DPI, Active/Active Clustering and Active/Active DPI Clustering (181553)
https://support.software.dell.com/ja-jp/sonicwall-tz-series/kb/181553?kblang=en-US

［イノベーターズサミット］「ペンタゴンの次にサイバー攻撃されている」、日本MSの平野社長
http://itpro.nikkeibp.co.jp/atcl/news/15/112503858/?ST=security

ラッコの眼 ～サイバーセキュリティ最前線～
情報漏洩起こす中国発のiOSアプリ、日本で感染広がる
モバイル端末管理体制の再点検が急務に
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/112400007/?ST=security

25日 水曜日、大安

+ PuTTY 0.66 released
http://www.chiark.greenend.org.uk/~sgtatham/putty/

+ Ubuntu 15.10 released
https://wiki.ubuntu.com/WilyWerewolf/ReleaseNotes

+ UPDATE: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-smart-install

+ Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20070328-CVE-2007-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1834

+ UPDATE: Cisco Prime Central for HCS Multiple Cross-Site Request Forgery Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150520-CVE-2015-0741

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

+ Cisco ASA Management Interface XML Parser Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6379

+ OpenLDAP Cipherstring Parsing Bug Lets Remote Users Downgrade the Encryption Cipher
http://www.securitytracker.com/id/1034221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276

+ VU#925497 Dell System Detect installs root certificate and private key (DSDTestProvider)
http://www.kb.cert.org/vuls/id/925497

+ VU#870761 Dell Foundation Services installs root certificate and private key (eDellRoot)
http://www.kb.cert.org/vuls/id/870761

JVNVU#94334814 CSL DualCom GPRS CS2300-R に複数の脆弱性
http://jvn.jp/vu/JVNVU94334814/

JVNVU#90662356 ARRIS 製ケーブルモデムに複数の脆弱性
http://jvn.jp/vu/JVNVU90662356/

シェラトンやウェスティンなど50軒以上の北米ホテルで顧客データ流出
http://itpro.nikkeibp.co.jp/atcl/news/15/112403819/?ST=security

認証標準化団体が「FIDO 2.0」のWeb API仕様をW3Cに提案、パスワードレス普及へ一歩
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112300385/?ST=security

24日 火曜日、仏滅

+ RHSA-2015:2504 Moderate: libreport security update
https://rhn.redhat.com/errata/RHSA-2015-2504.html
CVE-2015-5302

+ RHSA-2015:2505 Moderate: abrt and libreport security update
https://rhn.redhat.com/errata/RHSA-2015-2505.html
CVE-2015-5273
CVE-2015-5287
CVE-2015-5302

+ phpMyAdmin 4.5.2 released
https://www.phpmyadmin.net/files/4.5.2/

+ Squid 3.5.11 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.11-RELEASENOTES.html

+ Wireshark 2.0.0 Released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.0.html

+ Cisco Virtual Topology System TCP Connection Functionality Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-vts
CVE-2015-6377

+ Cisco Firepower 9000 Operating System Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-fire
CVE-2015-6380

+ Adobe ColdFusion Input Validation Flaws Lets Remote Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1034211
CVE-2015-8052
CVE-2015-8053

+ Adobe LiveCycle XML Document Processing Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1034210
CVE-2015-5255

+ Red Hat Enterprise Linux Grub2 Bug Lets Local Users Bypass Secure Boot
http://www.securitytracker.com/id/1034198
CVE-2015-5281

JVNDB-2015-005909 ArcSight Management Center および ArcSight Logger におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005909.html

JVNDB-2015-000184 Void におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000184.html

武蔵野銀、個人と法人向けにトランザクション認証機能付きワンタイムパスワードを導入
http://itpro.nikkeibp.co.jp/atcl/news/15/112003809/?ST=security

UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/

JVN#51046809 ArcSight Management Center および ArcSight Logger におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN51046809/

JVN#20649799 Void におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN20649799/

VU#428280 CSL DualCom GPRS CS2300-R alarm signalling boards contain multiple vulnerabilties
http://www.kb.cert.org/vuls/id/428280

VU#419568 ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities
http://www.kb.cert.org/vuls/id/419568

20日 金曜日、赤口

+ RED HAT ENTERPRISE LINUX 7.2 released
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/

+ RHSA-2015:2355 Low: sssd security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2355.html

+ RHSA-2015:2315 Moderate: NetworkManager security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2315.html

+ RHSA-2015:2369 Low: openhpi security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2369.html

+ RHSA-2015:2151 Low: xfsprogs security, bug fix and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2151.html

+ RHSA-2015:2184 Moderate: realmd security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2184.html

+ RHSA-2015:2108 Moderate: cpio security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2108.html

+ RHSA-2015:2231 Moderate: ntp security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2231.html

+ RHSA-2015:2241 Moderate: chrony security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2241.html

+ RHSA-2015:2152 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2152.html

+ RHSA-2015:2088 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2088.html

+ RHSA-2015:2155 Moderate: file security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2155.html

+ RHSA-2015:2378 Moderate: squid security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2378.html

+ RHSA-2015:2345 Moderate: net-snmp security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2345.html

+ RHSA-2015:2154 Moderate: krb5 security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2154.html

+ RHSA-2015:2393 Moderate: wireshark security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2393.html

+ RHSA-2015:2248 Moderate: netcf security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2248.html

+ RHSA-2015:2237 Low: rest security update
https://rhn.redhat.com/errata/RHSA-2015-2237.html

+ RHSA-2015:2131 Moderate: openldap security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2131.html

+ RHSA-2015:2417 Moderate: autofs security, bug fix and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2417.html

+ RHSA-2015:2455 Low: unbound security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2455.html

+ RHSA-2015:2111 Low: grep security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2111.html

+ RHSA-2015:2233 Moderate: tigervnc security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2233.html

+ RHSA-2015:2172 Important: glibc security update
https://rhn.redhat.com/errata/RHSA-2015-2172.html

+ RHSA-2015:2140 Low: libssh2 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2140.html

+ RHSA-2015:2401 Low: grub2 security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2401.html

+ RHSA-2015:2199 Moderate: glibc security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2199.html

+ RHSA-2015:2360 Moderate: cups-filters security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2360.html

+ RHSA-2015:2101 Moderate: python security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2101.html

+ RHSA-2015:2180 Moderate: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2180.html

+ RHSA-2015:2159 Moderate: curl security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2159.html

+ RHSA-2015:2079 Moderate: binutils security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-2079.html

+ CESA-2015:2086 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/665006/

+ CESA-2015:2086 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/665007/

+ CESA-2015:2086 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/665008/

+ CESA-2015:2081 Moderate CentOS 6 postgresql Security Update
http://lwn.net/Alerts/665009/

+ CESA-2015:2078 Moderate CentOS 7 postgresql Security Update
http://lwn.net/Alerts/665010/

+ CESA-2015:2065 Important CentOS 5 xen Security Update
http://lwn.net/Alerts/664735/

+ Cisco Mobility Services Engine Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse

+ Cisco Mobility Services Engine Static Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred

+ VMSA-2015-0008 VMware product updates address information disclosure issue.
http://www.vmware.com/security/advisories/VMSA-2015-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3269

Apache Tomcat 9.0.0.M1 (alpha) Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.0.M1_(markt)

実践、セキュリティ事故対応
［第4回］1日でマルウエアを丸裸にする　賢い2次対応で信頼されるCSIRTに
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/110900004/?ST=security

【マイナンバーのセキュリティを急げ！】
視察：IT農業の最前線「秋田アグリクラウド」
http://itpro.nikkeibp.co.jp/atcl/column/15/102800253/102800004/?ST=security

19日 木曜日、大安

+ RHSA-2015:2086 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-2086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

+ RHSA-2015:2081 Moderate: postgresql security update
https://rhn.redhat.com/errata/RHSA-2015-2081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288

+ RHSA-2015:2078 Moderate: postgresql security update
https://rhn.redhat.com/errata/RHSA-2015-2078.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5289

+ Java SE Development Kit 7, Update 91 released
http://www.oracle.com/technetwork/java/javase/7u91-relnotes-2687180.html

+ UPDATE: Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150818-CVE-2015-6255

+ UPDATE: JVNVU#94276522 Apache Commons Collections ライブラリのデシリアライズ処理に脆弱性
http://jvn.jp/vu/JVNVU94276522/index.html

実践、セキュリティ事故対応
［第4回］1日でマルウエアを丸裸にする　賢い2次対応で信頼されるCSIRTに
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/110900004/?ST=security

【マイナンバーのセキュリティを急げ！】
視察：IT農業の最前線「秋田アグリクラウド」
http://itpro.nikkeibp.co.jp/atcl/column/15/102800253/102800004/?ST=security

Microsoft、企業のセキュリティ対策支援に向けた2組織を新設
http://itpro.nikkeibp.co.jp/atcl/news/15/111803784/?ST=security

18日 水曜日、仏滅

+ nginx 1.9.7 released
http://nginx.org/

+ Zabbix 2.4.7 released
http://www.zabbix.com/rn2.4.7.php

+ APSB15-31 Security update available for Adobe Premiere Clip
https://helpx.adobe.com/security/products/premiereclip/apsb15-31.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8051

+ APSB15-30 Security Update Available for LiveCycle Data Services
https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5255

+ APSB15-29 Security Update: Hotfix available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5255

+ Cisco Firepower 9000 Series Switch Clickjacking Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6374

+ Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6373

+ UPDATE: Cisco FireSIGHT Management Center Certificate Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc

+ Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6369

+ Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fire1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6370

+ Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6371

+ Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerabilit
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6372

+ Linux kernel 3.2.73 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.73

+ Apache CXF SAML SSO Module Lets Remote Users Conduct XML Wrapping Attacks to Bypass Authentication on the Target System
http://www.securitytracker.com/id/1034162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5253

JVN#34780384 Kirby における任意のファイルを作成される脆弱性
http://jvn.jp/jp/JVN34780384/

JVN#29141986 iOS アプリ「ぐるなび」における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN29141986/

JVN#64625488 アプリカンにおけるスクリプトインジェクションの脆弱性
http://jvn.jp/jp/JVN64625488/

JVN#71088919 アプリカンにおけるスクリプトインジェクションの脆弱性
http://jvn.jp/jp/JVN71088919/

【実践、セキュリティ事故対応】
［第3回］猛威振るう「マルウエア」　インシデント対応の王道
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/110900003/?ST=security

【マイナンバーのセキュリティを急げ！
ディスカッション3 フリーアドレス、テレワークに取り組む
http://itpro.nikkeibp.co.jp/atcl/column/15/102800253/102800003/?ST=security

ID連携からパーソナルデータ連携へ
生体認証からエピソード記憶まで、パスワードを覚えずに済む世界は来るのか
http://itpro.nikkeibp.co.jp/atcl/column/15/111200263/111200003/?ST=security

アプリを入れるだけで公衆Wi-FiでVPN接続、トレンドマイクロが提供開始
http://itpro.nikkeibp.co.jp/atcl/news/15/111703779/?ST=security

「GOM Player」の韓国グレテックが日本でのソフト事業終了、2014年にウイルス問題
http://itpro.nikkeibp.co.jp/atcl/news/15/111703772/?ST=security

幅広いJavaソフトのデータ処理に脆弱性、警察庁は探索目的のアクセスを観測
http://itpro.nikkeibp.co.jp/atcl/news/15/111703766/?ST=security

17日 火曜日、先負

+ RHSA-2015:2065 Important: xen security update
https://rhn.redhat.com/errata/RHSA-2015-2065.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5279

+ VMware Player 7.1.3 released
http://pubs.vmware.com/Release_Notes/en/player/7/player-713-release-notes.html

+ UPDATE: Cisco AsyncOS TCP Flood Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-aos

+ UPDATE: Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-esa

+ UPDATE: Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-esa2

+ UPDATE: Cisco FireSIGHT Management Center Certificate Validation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-fmc

+ Cisco Mobility Services Engine Static Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6316

+ Cisco Mobility Services Engine Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-privmse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4282

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

+ Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-pca1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6330

+ Cisco Firepower 9000 Unauthenticated File Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151116-firepower
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6368

+ UPDATE: Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Barman 1.5.1 released
http://www.postgresql.org/about/news/1626/

Database .NET v17 released
http://www.postgresql.org/about/news/1627/

実践、セキュリティ事故対応
［第2回］巧妙なマルウエアから組織を守れ　防御の弱点を知り抜け道を塞ぐ
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/110900002/?ST=security

【マイナンバーのセキュリティを急げ！】
ディスカッション2 マイナンバー控えセキュリティ再点検
http://itpro.nikkeibp.co.jp/atcl/column/15/102800253/102800002/?ST=security

JVNVU#94276522 Apache Commons Collections ライブラリのデシリアライズ処理に脆弱性
http://jvn.jp/vu/JVNVU94276522/index.html

16日 月曜日、友引

+ CESA-2015:2019 Low CentOS 6 sssd Security Update
http://lwn.net/Alerts/664023/

+ UPDATE: Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

+ Cisco IOS Software Virtual PPP Interfaces Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6365

+ Cisco Videoscape Distribution Suite Service Manager Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-vds
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6364

+ Cisco Aironet 1800 Series Access Point SSHv2 Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151113-aironet
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6367

+ UPDATE: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dhcp1

+ UPDATE: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-ike

+ UPDATE: Cisco ASA Software DNS Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns2

+ UPDATE: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150115-asa-dhcp

+ UPDATE: Cisco ASA Software DNS Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-asa-dns1

+ Cisco IOS Software Tunnel Interfaces Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151112-ios2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6366

+ Cisco FireSight Management Center Web Framework Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151111-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6363

+ UPDATE: Oracle Security Alert for CVE-2015-4852
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html

+ CTX202482 Citrix NetScaler Service Delivery Appliance Multiple Security Updates
http://support.citrix.com/article/CTX202482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7998

+ CTX202583 Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104
http://support.citrix.com/article/CTX202583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104

+ libpng 1.6.19 released
http://www.libpng.org/pub/png/src/libpng-1.6.19-README.txt

+ VU#576313 Apache Commons Collections Java library insecurely deserializes data
http://www.kb.cert.org/vuls/id/576313

+ Google Chrome for Android JavaScript Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1034155

+ OpenBSD net-snmp Information Disclosure
https://cxsecurity.com/issue/WLB-2015110106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8100

+ Microsoft C++11 'regex_match' function stack exhaustion
https://cxsecurity.com/issue/WLB-2015110105

PostgreSQL 9.5 Beta 2 Released
http://www.postgresql.org/about/news/1625/

Devart Released New SSIS Components for PostgreSQL
http://www.postgresql.org/about/news/1624/

JVNDB-2015-000180 pWebManager における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000180.html

JVNDB-2015-000177 OS X におけるスリープモードからの復帰時の認証に関する問題
http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000177.html

実践、セキュリティ事故対応
［第1回］何よりまずはCSIRTを立ち上げる　セキュリティ人材不足にも先手を
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/110900001/?ST=security

【マイナンバーのセキュリティを急げ！】
ディスカッション1 地方創生でCIOに何ができるか
http://itpro.nikkeibp.co.jp/atcl/column/15/102800253/102800001/?ST=security

チェックしておきたい脆弱性情報＜2015.11.16＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/110700086/?ST=security

国家組織による執拗なサイバー攻撃にも対応、ファイア・アイがツールの新版
http://itpro.nikkeibp.co.jp/atcl/news/15/111303727/?ST=security

チェックしておきたい脆弱性情報＜2015.11.13＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/110700085/?ST=security

11日 水曜日、友引

+ 2015 年 11 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-JP/library/security/ms15-nov.aspx

+ MS15-112 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3104517)
https://technet.microsoft.com/library/security/MS15-112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6088

+ MS15-113 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3104519)
https://technet.microsoft.com/library/security/MS15-113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6088

+ MS15-114 - 緊急 リモートでのコード実行に対処する Windows Journal 用のセキュリティ更新プログラム (3100213)
https://technet.microsoft.com/library/security/MS15-114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6097

+ MS15-115 - 緊急 リモートでのコード実行に対処する Microsoft Windows 用のセキュリティ更新プログラム (3105864)
https://technet.microsoft.com/library/security/MS15-115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6113

+ MS15-116 - 重要 リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3104540)
https://technet.microsoft.com/library/security/MS15-116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6123

+ MS15-117 - 重要 特権の昇格に対処する NDIS 用のセキュリティ更新プログラム (3101722)
https://technet.microsoft.com/library/security/MS15-117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6098

+ MS15-118 - 重要 特権の昇格に対処する .NET Framework 用のセキュリティ更新プログラム (3104507)
https://technet.microsoft.com/library/security/MS15-118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6115

+ MS15-119 - 重要 特権の昇格に対処する Winsock 用のセキュリティ更新プログラム (3104521)
https://technet.microsoft.com/library/security/MS15-119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2478

+ MS15-120 - 重要 サービス拒否に対処する IPSec 用のセキュリティ更新プログラム (3102939)
https://technet.microsoft.com/library/security/MS15-120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6111

+ MS15-121 - 重要 なりすましに対処する Schannel 用のセキュリティ更新プログラム (3081320)
https://technet.microsoft.com/library/security/MS15-121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6112

+ MS15-122 - 重要 セキュリティ機能のバイパスに対処する Kerberos 用のセキュリティ更新プログラム (3105256)
https://technet.microsoft.com/library/security/MS15-122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6095

+ MS15-123 - 重要 情報漏えいに対処する Skype for Business および Microsoft Lync 用のセキュリティ更新プログラム (3105872)
https://technet.microsoft.com/library/security/MS15-123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6061

+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801

+ マイクロソフト セキュリティ アドバイザリ 3108638 CPU の弱点に対処する Windows Hyper-V 用の更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3108638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104

+ RHSA-2015:2019 Low: sssd security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2019.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5292

+ Google Chrome 46.0.2490.86 released
http://googlechromereleases.blogspot.jp/2015/11/stable-channel-update.html

+ APSB15-28 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb15-28.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8046

+ Oracle Security Alert for CVE-2015-4852
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852

+ Tomcat Native 1.2.2 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html

Dell SecureWorks、契約企業に対してサイバー攻撃を実際に実行するサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/15/111103687/?ST=security

10日 火曜日、先勝

+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

+ Cisco Connected Grid Network Management System Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6362

+ Linux kernel 4.2.6, 4.1.13, 3.14.57, 3.10.93 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.13
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.57
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.93

+ SYM15-011 Security Advisories Relating to Symantec Products - Symantec Endpoint Protection Elevation of Privilege Issues
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00

+ PowerDNS Authoritative Server Packet Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1034098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311

+ Apache Commons Components Deserialization in InvokerTransformer Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1034097

+ Dell SonicWALL TZ 100 Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1034092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7770

+ Apache OpenOffice Bugs Let Remote Users Obtain Files and Execute Arbitrary Code
http://www.securitytracker.com/id/1034091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214

チェックしておきたい脆弱性情報＜2015.11.10＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/110500084/?ST=security

新会社「PwCサイバーサービス」が発足、サイバー攻撃の回復支援を専門に
http://itpro.nikkeibp.co.jp/atcl/news/15/110903658/?ST=security

8省庁がサポート切れソフトに13億円支出、会計検査院が指摘
http://itpro.nikkeibp.co.jp/atcl/news/15/110903657/?ST=security

「セキュリティ人材不足は世界共通の課題」、シマンテック渉外担当
http://itpro.nikkeibp.co.jp/atcl/news/15/110903655/?ST=security

中国バイドゥのAndroid用SDKに外部操作可能なバックドア、約1億人に影響
http://itpro.nikkeibp.co.jp/atcl/news/15/110903653/?ST=security

JVNVU#94520968 Huawei HG532 シリーズルータにディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU94520968/

6日 金曜日、先負

+ RHSA-2015:1980 Critical: nss and nspr security update
https://rhn.redhat.com/errata/RHSA-2015-1980.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183

+ RHSA-2015:1982 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-1982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200

+ RHSA-2015:1981 Critical: nss, nss-util, and nspr security update
https://rhn.redhat.com/errata/RHSA-2015-1981.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183

+ RHSA-2015:1979 Moderate: libreswan security and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-1979.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3240

+ RHSA-2015:1978 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-1978.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156

+ Mozilla Firefox 42.0 released
https://www.mozilla.org/en-US/firefox/42.0/releasenotes/

+ MFSA 2015-133 NSS and NSPR memory corruption issues
https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/

+ MFSA 2015-132 Mixed content WebSocket policy bypass through workers
https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/

+ MFSA 2015-131 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/

+ MFSA 2015-130 JavaScript garbage collection crash with Java applet
https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/

+ MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/

+ MFSA 2015-128 Memory corruption in libjar through zip files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/

+ MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/

+ MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X
https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/

+ MFSA 2015-125 XSS attack through intents on Firefox for Android
https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/

+ MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/

+ MFSA 2015-123 Buffer overflow during image interactions in canvas
https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/

+ MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/

+ MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect
https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/

+ MFSA 2015-120 Reading sensitive profile files through local HTML file on Android
https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/

+ MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode
https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/

+ MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist
https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/

+ MFSA 2015-117 Information disclosure through NTLM authentication
https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/

+ MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/

+ CESA-2015:1980 Critical CentOS 5 nspr Security Update
http://lwn.net/Alerts/663227/

+ CESA-2015:1981 Critical CentOS 7 nspr Security Update
http://lwn.net/Alerts/663229/

+ CESA-2015:1981 Critical CentOS 6 nspr Security Update
http://lwn.net/Alerts/663233/

+ CESA-2015:1981 Critical CentOS 6 nss Security Update
http://lwn.net/Alerts/663234/

+ CESA-2015:1981 Critical CentOS 7 nss Security Update
http://lwn.net/Alerts/663231/

+ CESA-2015:1980 Critical CentOS 5 nss Security Update
http://lwn.net/Alerts/663228/

+ CESA-2015:1981 Critical CentOS 6 nss-util Security Update
http://lwn.net/Alerts/663232/

+ CESA-2015:1981 Critical CentOS 7 nss-util Security Update
http://lwn.net/Alerts/663230/

+ CESA-2015:1978 Moderate CentOS 7 kernel Security Update
http://lwn.net/Alerts/663037/

+ CESA-2015:1982 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/663224/

+ CESA-2015:1982 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/663225/

+ CESA-2015:1982 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/663226/

+ CESA-2015:1979 Moderate CentOS 7 libreswan Security Update
http://lwn.net/Alerts/663038/

+ Linux kernel 3.18.24, 3.12.50 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.50

+ PHP 5.6.15 is available
http://www.php.net/ChangeLog-5.php#5.6.15

+ Sudo 1.8.15 released
http://www.sudo.ws/stable.html#1.8.15

+ Linux Kernel VFS Deadlock Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1034051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559

+ Linux Kernel Buffer Oveflow in virtio-net GRO Fragmentation Processing Lets Remote Users Cause the Target System to Crash or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1034045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156

BDR version 0.9.3 released
http://www.postgresql.org/about/news/1623/

VU#391604 ZTE ZXHN H108N R1A routers contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/391604

VU#866432 Commvault Edge Server deserializes cookie data insecurely
http://www.kb.cert.org/vuls/id/866432

VU#316888 MobaXterm server may allow arbitrary command injection due to missing X11 authentication
http://www.kb.cert.org/vuls/id/316888