2015年11月6日金曜日

6日 金曜日、先負











+ RHSA-2015:1980 Critical: nss and nspr security update
https://rhn.redhat.com/errata/RHSA-2015-1980.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183

+ RHSA-2015:1982 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2015-1982.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200

+ RHSA-2015:1981 Critical: nss, nss-util, and nspr security update
https://rhn.redhat.com/errata/RHSA-2015-1981.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183

+ RHSA-2015:1979 Moderate: libreswan security and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-1979.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3240

+ RHSA-2015:1978 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2015-1978.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156

+ Mozilla Firefox 42.0 released
https://www.mozilla.org/en-US/firefox/42.0/releasenotes/

+ MFSA 2015-133 NSS and NSPR memory corruption issues
https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/

+ MFSA 2015-132 Mixed content WebSocket policy bypass through workers
https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/

+ MFSA 2015-131 Vulnerabilities found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/

+ MFSA 2015-130 JavaScript garbage collection crash with Java applet
https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/

+ MFSA 2015-129 Certain escaped characters in host of Location-header are being treated as non-escaped
https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/

+ MFSA 2015-128 Memory corruption in libjar through zip files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/

+ MFSA 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received
https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/

+ MFSA 2015-126 Crash when accessing HTML tables with accessibility tools on OS X
https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/

+ MFSA 2015-125 XSS attack through intents on Firefox for Android
https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/

+ MFSA 2015-124 Android intents can be used on Firefox for Android to open privileged files
https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/

+ MFSA 2015-123 Buffer overflow during image interactions in canvas
https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/

+ MFSA 2015-122 Trailing whitespace in IP address hostnames can bypass same-origin policy
https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/

+ MFSA 2015-121 Disabling scripts in Add-on SDK panels has no effect
https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/

+ MFSA 2015-120 Reading sensitive profile files through local HTML file on Android
https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/

+ MFSA 2015-119 Firefox for Android addressbar can be removed after fullscreen mode
https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/

+ MFSA 2015-118 CSP bypass due to permissive Reader mode whitelist
https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/

+ MFSA 2015-117 Information disclosure through NTLM authentication
https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/

+ MFSA 2015-116 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/

+ CESA-2015:1980 Critical CentOS 5 nspr Security Update
http://lwn.net/Alerts/663227/

+ CESA-2015:1981 Critical CentOS 7 nspr Security Update
http://lwn.net/Alerts/663229/

+ CESA-2015:1981 Critical CentOS 6 nspr Security Update
http://lwn.net/Alerts/663233/

+ CESA-2015:1981 Critical CentOS 6 nss Security Update
http://lwn.net/Alerts/663234/

+ CESA-2015:1981 Critical CentOS 7 nss Security Update
http://lwn.net/Alerts/663231/

+ CESA-2015:1980 Critical CentOS 5 nss Security Update
http://lwn.net/Alerts/663228/

+ CESA-2015:1981 Critical CentOS 6 nss-util Security Update
http://lwn.net/Alerts/663232/

+ CESA-2015:1981 Critical CentOS 7 nss-util Security Update
http://lwn.net/Alerts/663230/

+ CESA-2015:1978 Moderate CentOS 7 kernel Security Update
http://lwn.net/Alerts/663037/

+ CESA-2015:1982 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/663224/

+ CESA-2015:1982 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/663225/

+ CESA-2015:1982 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/663226/

+ CESA-2015:1979 Moderate CentOS 7 libreswan Security Update
http://lwn.net/Alerts/663038/

+ Linux kernel 3.18.24, 3.12.50 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.24
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.50

+ PHP 5.6.15 is available
http://www.php.net/ChangeLog-5.php#5.6.15

+ Sudo 1.8.15 released
http://www.sudo.ws/stable.html#1.8.15

+ Linux Kernel VFS Deadlock Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1034051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559

+ Linux Kernel Buffer Oveflow in virtio-net GRO Fragmentation Processing Lets Remote Users Cause the Target System to Crash or Potentially Execute Arbitrary Code
http://www.securitytracker.com/id/1034045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156

BDR version 0.9.3 released
http://www.postgresql.org/about/news/1623/

VU#391604 ZTE ZXHN H108N R1A routers contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/391604

VU#866432 Commvault Edge Server deserializes cookie data insecurely
http://www.kb.cert.org/vuls/id/866432

VU#316888 MobaXterm server may allow arbitrary command injection due to missing X11 authentication
http://www.kb.cert.org/vuls/id/316888

0 件のコメント:

コメントを投稿