+ RHSA-2016:0082 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-0082.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714
+ RHSA-2016:0083 Important: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-0083.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1714
+ Selenium Standalone Server 2.50.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 2.50.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ Selenium IE Driver Server 2.49.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ phpMyAdmin 4.5.4, 4.4.15.3, 4.0.10.13 released
https://www.phpmyadmin.net/files/4.5.4/
https://www.phpmyadmin.net/files/4.4.15.3/
https://www.phpmyadmin.net/files/4.0.10.13/
+ PMASA-2016-9 XSS vulnerability in SQL editor.
https://www.phpmyadmin.net/security/PMASA-2016-9/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2045
+ PMASA-2016-8 Full path disclosure vulnerability in SQL parser.
https://www.phpmyadmin.net/security/PMASA-2016-8/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2044
+ PMASA-2016-7 XSS vulnerability in normalization page.
https://www.phpmyadmin.net/security/PMASA-2016-7/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2043
+ PMASA-2016-6 Multiple full path disclosure vulnerabilities.
https://www.phpmyadmin.net/security/PMASA-2016-6/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2042
+ PMASA-2016-5 Unsafe comparison of XSRF/CSRF token.
https://www.phpmyadmin.net/security/PMASA-2016-5/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2041
+ PMASA-2016-4 Insecure password generation in JavaScript.
https://www.phpmyadmin.net/security/PMASA-2016-4/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1927
+ PMASA-2016-3 Multiple XSS vulnerabilities.
https://www.phpmyadmin.net/security/PMASA-2016-3/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2040
+ PMASA-2016-2 Unsafe generation of XSRF/CSRF token.
https://www.phpmyadmin.net/security/PMASA-2016-2/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2039
+ PMASA-2016-1 Multiple full path disclosure vulnerabilities.
https://www.phpmyadmin.net/security/PMASA-2016-1/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2038
+ Cisco Unity Connection User Search Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-uc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1304
+ Cisco Small Business 500 Series Switches Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1303
+ VU#257823 OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocol
https://www.kb.cert.org/vuls/id/257823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3197
+ OpenSSL 1.0.2f, 1.0.1r released
https://www.openssl.org/news/changelog.html#x1
https://www.openssl.org/news/cl101.txt
+ OpenSSL Security Advisory [28th Jan 2016]
https://www.openssl.org/news/secadv/20160128.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
+ OpenSSL Flaws Let Remote Users Recover DH Keys in Certain Cases and Let Remote Users Negotiate Disabled Ciphers
http://www.securitytracker.com/id/1034849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701
News & Trend
トヨタやソニーら異業種43社がセキュリティ人材育成を共同推進
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012700425/?ST=security
セールスフォースが「Heroku」に新機能、企業専用環境でセキュリティ向上
http://itpro.nikkeibp.co.jp/atcl/news/16/012800294/?ST=security
2016年1月29日金曜日
2016年1月28日木曜日
28日 木曜日、赤口
+ RHSA-2016:0071 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-0071.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
+ RHSA-2016:0073 Moderate: bind security update
https://rhn.redhat.com/errata/RHSA-2016-0073.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ RHSA-2016:0074 Moderate: bind97 security update
https://rhn.redhat.com/errata/RHSA-2016-0074.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ UPDATE: RHSA-2015:2623 Moderate: grub2 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2623.html
+ Google Chrome 48.0.2564.97 released
http://googlechromereleases.blogspot.jp/2016/01/stable-channel-update_27.html
+ Mozilla Firefox 44.0 released
https://www.mozilla.org/en-US/firefox/44.0/releasenotes/
+ MFSA 2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948
+ MFSA 2016-11 Application Reputation service disabled in Firefox 43
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
VE-2016-1947
+ MFSA 2016-10 Unsafe memory manipulation found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946
+ MFSA 2016-09 Addressbar spoofing attacks
https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
+ MFSA 2016-08 Delay following click events in file download dialog too short on OS X
https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
+ MFSA 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
+ MFSA 2016-06 Missing delay following user click events in protocol handler dialog
https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
+ MFSA 2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940
+ MFSA 2016-04 Firefox allows for control characters to be set in cookie names
https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208
+ MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
+ MFSA 2016-02 Out of Memory crash when parsing GIF format images
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
+ MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931
+ nginx 1.9.10, 1.8.1 released
http://nginx.org/
+ [nginx-announce] nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.157656890.1084684068.1410134581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747
+ CESA-2016:0071 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/673743/
+ CESA-2016:0071 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/673745/
+ CESA-2016:0074 Moderate CentOS 5 bind97 Security Update
http://lwn.net/Alerts/673742/
+ CESA-2016:0073 Moderate CentOS 6 bind Security Update
http://lwn.net/Alerts/673740/
+ CESA-2016:0071 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/673744/
+ CESA-2016:0073 Moderate CentOS 7 bind Security Update
http://lwn.net/Alerts/673741/
+ CESA-2016:0073 Moderate CentOS 5 bind Security Update
http://lwn.net/Alerts/673739/
+ CESA-2016:0064 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/673565/
+ CESA-2016:0067 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673563/
+ CESA-2016:0067 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673564/
+ CESA-2016:0067 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673562/
+ Linux kernel 3.12.53 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.53
+ curl 7.47.0 released
http://curl.haxx.se/changes.html#7_47_0
+ FreeBSD-SA-16:10.linux Linux compatibility layer issetugid(2) system call vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883
+ FreeBSD-SA-16:09.ntp Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:09.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
+ FreeBSD-SA-16:08.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ ntp Debian/Ubuntu Cron Job Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1034808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0727
+ Linux Kernel prima WLAN Driver Heap Overflow
https://cxsecurity.com/issue/WLB-2016010177
JVNDB-2016-000012 HOME SPOT CUBE における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000012.html
JVNDB-2016-000011 HOME SPOT CUBE におけるクリックジャッキングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000011.html
JVNDB-2016-000010 HOME SPOT CUBE におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000010.html
JVNDB-2016-000009 HOME SPOT CUBE における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000009.html
JVNDB-2016-000008 HOME SPOT CUBE におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000008.html
JVNDB-2016-000007 HOME SPOT CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000007.html
NEC、サイバー攻撃対策を支援する専門拠点を日本に次いでシンガポールに開設
http://itpro.nikkeibp.co.jp/atcl/news/16/012700275/?ST=security
ビジネスマン向けサイバーセキュリティ講座、アスタリスクリサーチが2月から開始
http://itpro.nikkeibp.co.jp/atcl/news/16/012700268/?ST=security
マルウエア感染端末を検知するダンバラ、F/W連携で外部通信をブロック
http://itpro.nikkeibp.co.jp/atcl/news/16/012600258/?ST=security
[データは語る]標的型攻撃メールと思われる不審メールの情報提供は2015年第3四半期に723件と急増―IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012600484/?ST=security
リクルートと大東建託が不動産業向けスマートキーの実証実験、鍵の数に上限なし
http://itpro.nikkeibp.co.jp/atcl/news/16/012600256/?ST=security
2016年1月26日火曜日
26日 火曜日、仏滅
+ Android-x86 4.4-r4 (KitKat-x86) released
http://www.android-x86.org/releases/releasenote-4-4-r4
+ RHSA-2016:0063 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2016-0063.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
+ RHSA-2016:0064 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-0064.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
+ About the security content of tvOS 9.1.1
https://support.apple.com/ja-jp/HT205729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
+ CESA-2016:0063 Important CentOS 7 ntp Security Update
http://lwn.net/Alerts/673413/
+ CESA-2016:0063 Important CentOS 6 ntp Security Update
http://lwn.net/Alerts/673412/
+ UPDATE: Cisco Residential Gateway Devices Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway
+ UPDATE: Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
+ Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6337
+ Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1298
+ Linux kernel 3.18.26 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.26
+ FreeBSD SCTP ICMPv6 Denial Of Service
https://cxsecurity.com/issue/WLB-2016010172
+ Buffalo NAS Remote Shutdown
https://cxsecurity.com/issue/WLB-2016010171
+ PHP 7.0.1 Memory Read via gdImageRotateInterpolated
https://cxsecurity.com/issue/WLB-2016010159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903
+ PHP 7.0.0 - Format String Vulnerability
https://cxsecurity.com/issue/WLB-2015120271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8617
OpenSSL 1.0.2f and 1.0.1r security releases due 28th Jan 2016
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html
記者の眼
ある判決、要件にないことで責任を負わされたシステム開発会社の悲劇
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/012100467/?ST=security
統計&調査
[データは語る]2015年第4四半期の不正プログラム検出数は前四半期比105.5%増、12万件突破──IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012500481/?ST=security
ソースネクスト、CATV各局にスマホ向けセキュリティソフトを提供
http://itpro.nikkeibp.co.jp/atcl/news/16/012500238/?ST=security
UPDATE: JVNVU#99819594 Harman AMX 製品がハードコードされたパスワードを使用する問題
http://jvn.jp/vu/JVNVU99819594/
http://www.android-x86.org/releases/releasenote-4-4-r4
+ RHSA-2016:0063 Important: ntp security update
https://rhn.redhat.com/errata/RHSA-2016-0063.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
+ RHSA-2016:0064 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-0064.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
+ About the security content of tvOS 9.1.1
https://support.apple.com/ja-jp/HT205729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
+ CESA-2016:0063 Important CentOS 7 ntp Security Update
http://lwn.net/Alerts/673413/
+ CESA-2016:0063 Important CentOS 6 ntp Security Update
http://lwn.net/Alerts/673412/
+ UPDATE: Cisco Residential Gateway Devices Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-gateway
+ UPDATE: Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway
+ Cisco Application Policy Infrastructure Controller Enterprise Module SNMP Hostname Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-api
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6337
+ Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160125-ucce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1298
+ Linux kernel 3.18.26 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.26
+ FreeBSD SCTP ICMPv6 Denial Of Service
https://cxsecurity.com/issue/WLB-2016010172
+ Buffalo NAS Remote Shutdown
https://cxsecurity.com/issue/WLB-2016010171
+ PHP 7.0.1 Memory Read via gdImageRotateInterpolated
https://cxsecurity.com/issue/WLB-2016010159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903
+ PHP 7.0.0 - Format String Vulnerability
https://cxsecurity.com/issue/WLB-2015120271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8617
OpenSSL 1.0.2f and 1.0.1r security releases due 28th Jan 2016
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html
記者の眼
ある判決、要件にないことで責任を負わされたシステム開発会社の悲劇
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/012100467/?ST=security
統計&調査
[データは語る]2015年第4四半期の不正プログラム検出数は前四半期比105.5%増、12万件突破──IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012500481/?ST=security
ソースネクスト、CATV各局にスマホ向けセキュリティソフトを提供
http://itpro.nikkeibp.co.jp/atcl/news/16/012500238/?ST=security
UPDATE: JVNVU#99819594 Harman AMX 製品がハードコードされたパスワードを使用する問題
http://jvn.jp/vu/JVNVU99819594/
2016年1月25日月曜日
25日 月曜日、先負
+ CESA-2016:0053 Critical CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/672969/
+ CESA-2016:0054 Important CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/672971/
+ CESA-2016:0049 Critical CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/672972/
+ CESA-2016:0050 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/672973/
+ CESA-2016:0054 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/672970/
+ UPDATE: Cisco Adaptive Security Appliance Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ Linux kernel 4.3.4, 4.1.16, 3.14.59, 3.10.95, 3.2.76 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.16
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.59
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.95
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.76
+ HS16-002 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-002/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1829
+ HS16-001 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-001/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ HS16-002 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-002/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1829
+ HS16-001 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-001/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Google Chrome Multiple Bugs Let Remote Users Obtain Information, Bypass Security Restrictions, Spoof URLs, and Execute Arbitrary Code
http://www.securitytracker.com/id/1034801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1620
+ Rsync Symlink Path Validation Flaw Lets Remote Users Write Files on the Target System
http://www.securitytracker.com/id/1034786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512
+ ntp Multiple Flaws Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, and Deny Service
http://www.securitytracker.com/id/1034782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
+ PHP 5.6.10 Buffer overflow and stack smashing error in phar_fix_filepath
https://cxsecurity.com/issue/WLB-2016010158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5590
JVNDB-2016-000006 バッファロー製の複数のネットワーク機器におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000006.html
JVNDB-2016-000005 バッファロー製の複数のネットワーク機器におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000005.html
JVNVU#992624 Harman AMX 製品がハードコードされたパスワードを使用する問題
http://jvn.jp/vu/JVNVU992624/
トレンドマイクロ、「auスマートパス」でパスワード管理アプリを提供
http://itpro.nikkeibp.co.jp/atcl/news/16/012200220/?ST=security
政府が「サイバーセキュリティ月間」の概要発表、『攻殻機動隊』とタイアップ
http://itpro.nikkeibp.co.jp/atcl/news/16/012200215/?ST=security
http://lwn.net/Alerts/672969/
+ CESA-2016:0054 Important CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/672971/
+ CESA-2016:0049 Critical CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/672972/
+ CESA-2016:0050 Important CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/672973/
+ CESA-2016:0054 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/672970/
+ UPDATE: Cisco Adaptive Security Appliance Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ Linux kernel 4.3.4, 4.1.16, 3.14.59, 3.10.95, 3.2.76 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.16
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.59
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.95
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.76
+ HS16-002 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-002/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1829
+ HS16-001 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-001/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ HS16-002 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-002/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1829
+ HS16-001 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-001/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808
+ Google Chrome Multiple Bugs Let Remote Users Obtain Information, Bypass Security Restrictions, Spoof URLs, and Execute Arbitrary Code
http://www.securitytracker.com/id/1034801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1620
+ Rsync Symlink Path Validation Flaw Lets Remote Users Write Files on the Target System
http://www.securitytracker.com/id/1034786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512
+ ntp Multiple Flaws Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, and Deny Service
http://www.securitytracker.com/id/1034782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158
+ PHP 5.6.10 Buffer overflow and stack smashing error in phar_fix_filepath
https://cxsecurity.com/issue/WLB-2016010158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5590
JVNDB-2016-000006 バッファロー製の複数のネットワーク機器におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000006.html
JVNDB-2016-000005 バッファロー製の複数のネットワーク機器におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000005.html
JVNVU#992624 Harman AMX 製品がハードコードされたパスワードを使用する問題
http://jvn.jp/vu/JVNVU992624/
トレンドマイクロ、「auスマートパス」でパスワード管理アプリを提供
http://itpro.nikkeibp.co.jp/atcl/news/16/012200220/?ST=security
政府が「サイバーセキュリティ月間」の概要発表、『攻殻機動隊』とタイアップ
http://itpro.nikkeibp.co.jp/atcl/news/16/012200215/?ST=security
2016年1月22日金曜日
22日 金曜日、赤口
+ RHSA-2016:0054 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0054.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
+ RHSA-2016:0053 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0053.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
+ UPDATE: Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ Check Point Response to CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk109752&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
+ UPDATE: JVNVU#96264182 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU96264182/index.html
狙われるネットワークインフラ
[第5回]可視化ツール:思わぬインターネット接続口が潜む、デバイスの設定ミスを“見える化”
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800005/?ST=security
なぜ「プライバシー」は保護されるのか
誰もボールを持たなかった日本
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400005/?ST=security
Facebook、Android端末で匿名通信システムTor経由のアクセスを可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/012100177/?ST=security
2016年1月21日木曜日
21日 木曜日、大安
+ RHSA-2016:0050 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0050.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
+ RHSA-2016:0049 Critical: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0049.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
+ Google Chrome 48.0.2564.82 released
http://googlechromereleases.blogspot.jp/2016/01/stable-channel-update_20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1619
+ CESA-2016:0045 Important CentOS 5 kernel Security Update
http://lwn.net/Alerts/672528/
+ Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6412
+ Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6435
+ UPDATE: Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa
+ New Release JDK 8u71 and JDK 8u72
https://blogs.oracle.com/java/entry/new_release_jdk_8u71_and
+ NTP 4.2.8p6 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ ISC BIND 9 サービス運用妨害の脆弱性 (CVE-2015-8704) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160006.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ JVNVU#90405245 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90405245/index.html
+ JVNVU#96264182 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU96264182/index.html
+ Linux kernel REFCOUNT overflow/Use-After-Free in keyrings
https://cxsecurity.com/issue/WLB-2016010128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
+ FreeBSD bsnmpd Information Disclosure
https://cxsecurity.com/issue/WLB-2016010120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5677
Call for Papers, PostgreSQL and PostGIS, Session #8, April, 6th
http://www.postgresql.org/about/news/1642/
狙われるネットワークインフラ
[第4回]セキュリティ機器:IDSやプロキシも攻撃の対象に、対策の無効化は何としても避ける
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800004/?ST=security
なぜ「プライバシー」は保護されるのか
個人情報保護法、ついに成立
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400004/?ST=security
統計&調査
[データは語る]2015年の国内セキュリティソフト市場は前年比5.8%増の2284億円―IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012000474/?ST=security
セキュリティ企業アークンの顧客情報漏洩、なりすましログインが原因か
http://itpro.nikkeibp.co.jp/atcl/news/16/012000168/?ST=security
2016年1月20日水曜日
About the security content of iOS 9.2.1
About the security content of iOS 9.2.1
https://support.apple.com/ja-jp/HT205732
上記 URL の iOS のセキュリティアップデートの翻訳
1) Disk Images
ディスクイメージの解析処理においてメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1717)
2) IOHIDFamily
IOHIDFamily API においてメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1719)
3) IOKit
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1720)
4) Kernel
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1721)
5) libxslt
libxslt にタイプ混同問題が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2015-7995)
6) syslog
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1722)
7) WebKit
WebKit に複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727)
8) WebKit CSS
"a:visited button" CSS セレクタが要素の高さを評価する処理においてプライバシー問題が存在することが原因で、ユーザが与えられたリンクを閲覧することで Web サイトを知ることができる脆弱性。(CVE-2016-1728)
9) WebSheet
あるキャプティブ ポータルに cookies を読み書きすることを許す問題が存在することが原因で、悪意のあるキャプティブ ポータルがユーザの cookies 情報にアクセスできる脆弱性。(CVE-2016-1730)
https://support.apple.com/ja-jp/HT205732
上記 URL の iOS のセキュリティアップデートの翻訳
1) Disk Images
ディスクイメージの解析処理においてメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1717)
2) IOHIDFamily
IOHIDFamily API においてメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1719)
3) IOKit
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1720)
4) Kernel
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1721)
5) libxslt
libxslt にタイプ混同問題が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2015-7995)
6) syslog
拡張メモリの取り扱いにメモリ破壊が存在することが原因で、ローカルユーザがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1722)
7) WebKit
WebKit に複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727)
8) WebKit CSS
"a:visited button" CSS セレクタが要素の高さを評価する処理においてプライバシー問題が存在することが原因で、ユーザが与えられたリンクを閲覧することで Web サイトを知ることができる脆弱性。(CVE-2016-1728)
9) WebSheet
あるキャプティブ ポータルに cookies を読み書きすることを許す問題が存在することが原因で、悪意のあるキャプティブ ポータルがユーザの cookies 情報にアクセスできる脆弱性。(CVE-2016-1730)
20日 水曜日、仏滅
+ RHSA-2016:0045 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-0045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
+ About the security content of Safari 9.0.3
https://support.apple.com/ja-jp/HT205730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1728
+ About the security content of OS X El Capitan 10.11.3 and Security Update 2016-001
https://support.apple.com/ja-jp/HT205731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
+ About the security content of iOS 9.2.1
https://support.apple.com/ja-jp/HT205732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1730
+ BIND 9.10.3-P3, 9.9.8-P3 released
ftp://ftp.isc.org/isc/bind9/9.10.3-P3/RELEASE-NOTES.bind-9.10.3-P3.html
ftp://ftp.isc.org/isc/bind9/9.9.8-P3/RELEASE-NOTES.bind-9.9.8-P3.html
+ CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c
https://kb.isc.org/article/AA-01335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.
https://kb.isc.org/article/AA-01336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
+ UPDATE: Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
+ Cisco Web Security Appliance Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
+ Oracle Solaris Third Party Bulletin - January 2016
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
+ Oracle Critical Patch Update Advisory - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
+ Java SE 8u71 / 8u72 released
http://www.oracle.com/technetwork/java/javase/8u72-relnotes-2775802.html
http://www.oracle.com/technetwork/java/javase/8u71-relnotes-2773756.html
+ UPDATE: JVNVU#95595627 OpenSSH のクライアントに複数の脆弱性
http://jvn.jp/vu/JVNVU95595627/
+ Oracle Database Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
http://www.securitytracker.com/id/1034709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0499
+ MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1034708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0616
+ Linux Kernel Session Keyring Reference Count Overflow Bug Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1034701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
BIGLOBEがクラウド型のDDoS攻撃対策サービス、中小向けに月額課金で
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011900420/?ST=security
IoTデバイスにも、サーバーやPCと同レベルのセキュリティ対策を
トレンドマイクロ エバ・チェン社長兼CEO(最高経営責任者)
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/011900047/?ST=security
なぜ「プライバシー」は保護されるのか
プライバシーをめぐる日本の歴史
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400003/?ST=security
狙われるネットワークインフラ
[第3回]ルーター/スイッチ:ネットワーク全体をセンサーに、振る舞いを分析して攻撃検知
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800003/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-0045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
+ About the security content of Safari 9.0.3
https://support.apple.com/ja-jp/HT205730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1728
+ About the security content of OS X El Capitan 10.11.3 and Security Update 2016-001
https://support.apple.com/ja-jp/HT205731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
+ About the security content of iOS 9.2.1
https://support.apple.com/ja-jp/HT205732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1730
+ BIND 9.10.3-P3, 9.9.8-P3 released
ftp://ftp.isc.org/isc/bind9/9.10.3-P3/RELEASE-NOTES.bind-9.10.3-P3.html
ftp://ftp.isc.org/isc/bind9/9.9.8-P3/RELEASE-NOTES.bind-9.9.8-P3.html
+ CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c
https://kb.isc.org/article/AA-01335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
+ CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.
https://kb.isc.org/article/AA-01336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
+ UPDATE: Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
+ Cisco Web Security Appliance Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160119-wsa
+ Oracle Solaris Third Party Bulletin - January 2016
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
+ Oracle Critical Patch Update Advisory - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
+ Java SE 8u71 / 8u72 released
http://www.oracle.com/technetwork/java/javase/8u72-relnotes-2775802.html
http://www.oracle.com/technetwork/java/javase/8u71-relnotes-2773756.html
+ UPDATE: JVNVU#95595627 OpenSSH のクライアントに複数の脆弱性
http://jvn.jp/vu/JVNVU95595627/
+ Oracle Database Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Deny Service, and Gain Elevated Privileges
http://www.securitytracker.com/id/1034709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0472
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0499
+ MySQL Multiple Bugs Let Remote Users Access Data and Deny Service, Remote Authenticated Users Modify Data, and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1034708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0616
+ Linux Kernel Session Keyring Reference Count Overflow Bug Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1034701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
BIGLOBEがクラウド型のDDoS攻撃対策サービス、中小向けに月額課金で
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011900420/?ST=security
IoTデバイスにも、サーバーやPCと同レベルのセキュリティ対策を
トレンドマイクロ エバ・チェン社長兼CEO(最高経営責任者)
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/011900047/?ST=security
なぜ「プライバシー」は保護されるのか
プライバシーをめぐる日本の歴史
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400003/?ST=security
狙われるネットワークインフラ
[第3回]ルーター/スイッチ:ネットワーク全体をセンサーに、振る舞いを分析して攻撃検知
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800003/?ST=security
2016年1月19日火曜日
19日 火曜日、先負
+ UPDATE: Cisco Jabber STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
+ Check Point Response to OpenSSH Client vulnerabilities: CVE-2016-0777 and CVE-2016-0778
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk109636&src=securityAlerts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
+ JVNDB-2016-000004 iOS アプリ「ショッぷらっと」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000004.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1132
なぜ「プライバシー」は保護されるのか
あなたのプライバシー観をチェック
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400002/?ST=security
狙われるネットワークインフラ
[第2回]サーバー:インターネットのエッジサーバーが盾、WebサイトをDDoS攻撃から守る
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800002/?ST=security
チェックしておきたい脆弱性情報<2016.01.19>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011100096/?ST=security
金融庁のWebサイトにDDoS攻撃、「アノニマス」の犯行声明も
http://itpro.nikkeibp.co.jp/atcl/news/16/011800135/?ST=security
インサイトテクノロジー、Oracleを列単位で暗号化する「PISO EO」を発売
http://itpro.nikkeibp.co.jp/atcl/news/16/011800134/?ST=security
「アンダーズ東京」などハイアット国内4施設でカード決済情報漏洩の疑い
http://itpro.nikkeibp.co.jp/atcl/news/16/011800127/?ST=security
2016年1月18日月曜日
18日 月曜日、友引
+ CESA-2016:0043 Moderate CentOS 7 openssh Security Update
http://lwn.net/Alerts/672044/
+ Cisco Adaptive Security Appliance Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1295
+ Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1294
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1293
+ libpng 1.6.21 released
http://www.libpng.org/pub/png/src/libpng-1.6.21-README.txt
+ JVNVU#95595627 OpenSSH のクライアントに複数の脆弱性
http://jvn.jp/vu/JVNVU95595627/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
+ UPDATE: JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/index.html
JVNDB-2016-000003 H2O における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000003.html
JVNDB-2016-000002 acmailer における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000002.html
記者の眼
政府予算はサイバーセキュリティ分野が急伸
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011400462/?ST=security
狙われるネットワークインフラ
[第1回]総論:“氷山の一角”が続々と、ネットワーク機器も武装せよ
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800001/?ST=security
なぜ「プライバシー」は保護されるのか
法改正に大きな影響を与えた二つの“事件”
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400001/?ST=security
http://lwn.net/Alerts/672044/
+ Cisco Adaptive Security Appliance Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1295
+ Cisco FireSIGHT Management Center DOM-Based Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-fmc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1294
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco FireSIGHT Management Center Stored Cross-Site Scripting Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-FireSIGHT
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1293
+ libpng 1.6.21 released
http://www.libpng.org/pub/png/src/libpng-1.6.21-README.txt
+ JVNVU#95595627 OpenSSH のクライアントに複数の脆弱性
http://jvn.jp/vu/JVNVU95595627/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
+ UPDATE: JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/index.html
JVNDB-2016-000003 H2O における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000003.html
JVNDB-2016-000002 acmailer における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000002.html
記者の眼
政府予算はサイバーセキュリティ分野が急伸
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011400462/?ST=security
狙われるネットワークインフラ
[第1回]総論:“氷山の一角”が続々と、ネットワーク機器も武装せよ
http://itpro.nikkeibp.co.jp/atcl/column/16/010800006/010800001/?ST=security
なぜ「プライバシー」は保護されるのか
法改正に大きな影響を与えた二つの“事件”
http://itpro.nikkeibp.co.jp/atcl/column/16/011400008/011400001/?ST=security
2016年1月15日金曜日
15日 金曜日、大安
+ RHSA-2016:0043 Moderate: openssh security update
https://rhn.redhat.com/errata/RHSA-2016-0043.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
+ UPDATE: Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
+ UPDATE: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs
+ UPDATE: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge
+ UPDATE: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
+ UPDATE: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
+ UPDATE: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
+ UPDATE: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
+ UPDATE: Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
+ Oracle Critical Patch Update Pre-Release Announcement - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
+ FreeBSD-SA-16:06.bsnmpd Insecure default snmpd.config permissions
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5677
+ FreeBSD-SA-16:05.tcp TCP MD5 signature denial of service
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:05.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1882
+ FreeBSD-SA-16:04.linux Linux compatibility layer setgroups(2) system call vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1881
+ FreeBSD-SA-16:03.linux Linux compatibility layer incorrect futex handling
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1880
+ FreeBSD-SA-16:02.ntp ntp panic threshold bypass vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
+ FreeBSD-SA-16:01.sctp SCTP ICMPv6 error message vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1879
+ OpenSSH 7.1p2 released
http://www.openssh.com/
+ OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
http://www.securitytracker.com/id/1034671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
PipelineDB Enterprise Now Available
http://www.postgresql.org/about/news/1641/
UPDATE: JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/
チェックしておきたい脆弱性情報<2016.01.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011100095/?ST=security
統計&調査
[データは語る]2015年4Qのインシデントは前年同期比45%減―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/011400467/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-0043.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
+ UPDATE: Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
+ UPDATE: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs
+ UPDATE: Cisco IOS Software Virtual Routing and Forwarding ICMP Queue Wedge Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-wedge
+ UPDATE: Cisco IOS Software and IOS XE Software TCP Packet Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
+ UPDATE: Cisco IOS Software and IOS XE Software mDNS Gateway Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-mdns
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
+ UPDATE: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
+ UPDATE: Cisco IOS and IOS XE Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
+ UPDATE: Oracle Solaris Third Party Bulletin - October 2015
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
+ Oracle Critical Patch Update Pre-Release Announcement - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
+ FreeBSD-SA-16:06.bsnmpd Insecure default snmpd.config permissions
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5677
+ FreeBSD-SA-16:05.tcp TCP MD5 signature denial of service
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:05.tcp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1882
+ FreeBSD-SA-16:04.linux Linux compatibility layer setgroups(2) system call vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1881
+ FreeBSD-SA-16:03.linux Linux compatibility layer incorrect futex handling
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1880
+ FreeBSD-SA-16:02.ntp ntp panic threshold bypass vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:02.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300
+ FreeBSD-SA-16:01.sctp SCTP ICMPv6 error message vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1879
+ OpenSSH 7.1p2 released
http://www.openssh.com/
+ OpenSSH Flaws Let Remote Authenticated Users Obtain Potentially Sensitive Information From Client Memory
http://www.securitytracker.com/id/1034671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778
PipelineDB Enterprise Now Available
http://www.postgresql.org/about/news/1641/
UPDATE: JVNVU#98704210 ISC Kea DHCP サーバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU98704210/
チェックしておきたい脆弱性情報<2016.01.15>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011100095/?ST=security
統計&調査
[データは語る]2015年4Qのインシデントは前年同期比45%減―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/011400467/?ST=security
2016年1月14日木曜日
14日 木曜日、仏滅
+ Google Chrome 47.0.2526.111 released
http://googlechromereleases.blogspot.jp/2016/01/stable-channel-update.html
+ ISC DHCP 4.3.3-P1, 4.1-ESV-R12-P1 released
https://kb.isc.org/article/AA-01329
https://kb.isc.org/article/AA-01330
+ CVE-2015-8605: UDP payload length not properly checked
https://kb.isc.org/article/AA-01334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605
+ UPDATE: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6323
+ Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6336
+ Cisco Wireless LAN Controller Unauthorized Access Vulnerabilit
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6314
+ Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6317
+ 2016年1月 Microsoft セキュリティ情報 (緊急 6件含) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160004.html
+ Adobe Reader および Acrobat の脆弱性 (APSB16-02) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160003.html
+ JVNVU#99390211 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU99390211/
+ JVNVU#97593732 Samsung 製ネットワークビデオレコーダーに複数の脆弱性
http://jvn.jp/vu/JVNVU97593732/
+ Fortinet FortiGate/FortiOS Undocumented SSH Access Lets Remote Users Access the Target System
http://www.securitytracker.com/id/1034663
+ DHCP UDP Length Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1034657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605
+ Linux Kernel overlayfs - Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2016010075
+ FortiGate OS 5.0.7 SSH Backdoor
https://cxsecurity.com/issue/WLB-2016010072
Navicat for PostgreSQL version 11.2 - introducing Navicat Cloud Collaboration & support PostgreSQL 9.5
http://www.postgresql.org/about/news/1640/
セキュリティ対策製品のアークンに不正アクセスで、顧客情報3859社分漏洩
http://itpro.nikkeibp.co.jp/atcl/news/16/011300091/?ST=security
日産グループのサイトがDDoSで全面停止、「アノニマス」のサイバー攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/16/011300089/?ST=security
http://googlechromereleases.blogspot.jp/2016/01/stable-channel-update.html
+ ISC DHCP 4.3.3-P1, 4.1-ESV-R12-P1 released
https://kb.isc.org/article/AA-01329
https://kb.isc.org/article/AA-01330
+ CVE-2015-8605: UDP payload length not properly checked
https://kb.isc.org/article/AA-01334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605
+ UPDATE: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2
+ UPDATE: Multiple Vulnerabilities in Cisco IOS Software Common Industrial Protocol
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-cip
+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl
+ Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6323
+ Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6336
+ Cisco Wireless LAN Controller Unauthorized Access Vulnerabilit
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6314
+ Cisco Identity Services Engine Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6317
+ 2016年1月 Microsoft セキュリティ情報 (緊急 6件含) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160004.html
+ Adobe Reader および Acrobat の脆弱性 (APSB16-02) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160003.html
+ JVNVU#99390211 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU99390211/
+ JVNVU#97593732 Samsung 製ネットワークビデオレコーダーに複数の脆弱性
http://jvn.jp/vu/JVNVU97593732/
+ Fortinet FortiGate/FortiOS Undocumented SSH Access Lets Remote Users Access the Target System
http://www.securitytracker.com/id/1034663
+ DHCP UDP Length Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1034657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605
+ Linux Kernel overlayfs - Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2016010075
+ FortiGate OS 5.0.7 SSH Backdoor
https://cxsecurity.com/issue/WLB-2016010072
Navicat for PostgreSQL version 11.2 - introducing Navicat Cloud Collaboration & support PostgreSQL 9.5
http://www.postgresql.org/about/news/1640/
セキュリティ対策製品のアークンに不正アクセスで、顧客情報3859社分漏洩
http://itpro.nikkeibp.co.jp/atcl/news/16/011300091/?ST=security
日産グループのサイトがDDoSで全面停止、「アノニマス」のサイバー攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/16/011300089/?ST=security
2016年1月13日水曜日
13日 水曜日、先負
+ 2016 年 1 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-jan
+ MS16-001 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3124903)
https://technet.microsoft.com/library/security/MS16-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0005
+ MS16-002 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3124904)
https://technet.microsoft.com/library/security/MS16-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0024
+ MS16-003 - 緊急 リモートでのコード実行に対処する JScript および VBScript 用の累積的なセキュリティ更新プログラム (3125540)
https://technet.microsoft.com/library/security/MS16-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0002
+ MS16-004 - 緊急 リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3124585)
https://technet.microsoft.com/library/security/MS16-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0035
+ MS16-005 - 緊急 リモートでのコード実行に対処する Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3124584)
https://technet.microsoft.com/library/security/MS16-005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0009
+ MS16-006 - 緊急 リモートでのコード実行に対処する Silverlight 用のセキュリティ更新プログラム (3126036)
https://technet.microsoft.com/library/security/MS16-006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0034
+ MS16-007 - 重要 リモートでのコード実行に対処する Microsoft Windows 用のセキュリティ更新プログラム (3124901)
https://technet.microsoft.com/library/security/MS16-007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0019
+ MS16-008 - 重要 特権の昇格に対処する Windows カーネル用のセキュリティ更新プログラム (3124605)
https://technet.microsoft.com/library/security/MS16-008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0007
+ MS16-010 - 重要 なりすましに対処する Microsoft Exchange Server 用のセキュリティ更新プログラム (3124557)
https://technet.microsoft.com/library/security/MS16-010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0032
+ マイクロソフト セキュリティ アドバイザリ 3109853 TLS セッション再開の相互運用性を改善する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3109853
+ ActiveX の Kill Bit 更新プログラム 3118753
https://technet.microsoft.com/ja-jp/library/security/3118753
+ マイクロソフト セキュリティ アドバイザリ 3123479 マイクロソフト ルート証明書プログラムでの SHA-1 ハッシュ アルゴリズムの廃止
https://technet.microsoft.com/ja-jp/library/security/3123479
+ APSB16-02 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0947
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Samba 4.3.4 Available for Download
https://www.samba.org/samba/history/samba-4.3.4.html
+ ActivePerl 5.22.1.2201, 5.20.3.2003 released
http://www.activestate.com/activeperl/downloads
+ Apache Tomcat Native 1.2.4 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
+ DNS ゾーン転送の設定不備による情報流出の危険性に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160002.html
+ TrendMicro node.js HTTP server listening on localhost can execute commands
https://cxsecurity.com/issue/WLB-2016010071
ネットワーク・ホットトピックス
バイドゥが配布した開発キットに危険なバックドアが見つかる
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/122500042/?ST=security
CSIRTメモ
チェックしておきたい脆弱性情報<2016.01.13>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011100094/?ST=security
News & Trend
経産省、経営者向けにサイバー攻撃対策の最低ラインを提示
順守すれば保険割引や裁判での免責も
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011100414/?ST=security
サイバーソリューションズのメール製品がマイナンバーを検出/ブロック可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/011200078/?ST=security
https://technet.microsoft.com/ja-jp/library/security/ms16-jan
+ MS16-001 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3124903)
https://technet.microsoft.com/library/security/MS16-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0005
+ MS16-002 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3124904)
https://technet.microsoft.com/library/security/MS16-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0024
+ MS16-003 - 緊急 リモートでのコード実行に対処する JScript および VBScript 用の累積的なセキュリティ更新プログラム (3125540)
https://technet.microsoft.com/library/security/MS16-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0002
+ MS16-004 - 緊急 リモートでのコード実行に対処する Microsoft Office 用のセキュリティ更新プログラム (3124585)
https://technet.microsoft.com/library/security/MS16-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0035
+ MS16-005 - 緊急 リモートでのコード実行に対処する Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3124584)
https://technet.microsoft.com/library/security/MS16-005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0009
+ MS16-006 - 緊急 リモートでのコード実行に対処する Silverlight 用のセキュリティ更新プログラム (3126036)
https://technet.microsoft.com/library/security/MS16-006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0034
+ MS16-007 - 重要 リモートでのコード実行に対処する Microsoft Windows 用のセキュリティ更新プログラム (3124901)
https://technet.microsoft.com/library/security/MS16-007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0019
+ MS16-008 - 重要 特権の昇格に対処する Windows カーネル用のセキュリティ更新プログラム (3124605)
https://technet.microsoft.com/library/security/MS16-008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0007
+ MS16-010 - 重要 なりすましに対処する Microsoft Exchange Server 用のセキュリティ更新プログラム (3124557)
https://technet.microsoft.com/library/security/MS16-010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0032
+ マイクロソフト セキュリティ アドバイザリ 3109853 TLS セッション再開の相互運用性を改善する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3109853
+ ActiveX の Kill Bit 更新プログラム 3118753
https://technet.microsoft.com/ja-jp/library/security/3118753
+ マイクロソフト セキュリティ アドバイザリ 3123479 マイクロソフト ルート証明書プログラムでの SHA-1 ハッシュ アルゴリズムの廃止
https://technet.microsoft.com/ja-jp/library/security/3123479
+ APSB16-02 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0947
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ Samba 4.3.4 Available for Download
https://www.samba.org/samba/history/samba-4.3.4.html
+ ActivePerl 5.22.1.2201, 5.20.3.2003 released
http://www.activestate.com/activeperl/downloads
+ Apache Tomcat Native 1.2.4 Released
http://tomcat.apache.org/native-doc/miscellaneous/changelog.html
+ DNS ゾーン転送の設定不備による情報流出の危険性に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160002.html
+ TrendMicro node.js HTTP server listening on localhost can execute commands
https://cxsecurity.com/issue/WLB-2016010071
ネットワーク・ホットトピックス
バイドゥが配布した開発キットに危険なバックドアが見つかる
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/122500042/?ST=security
CSIRTメモ
チェックしておきたい脆弱性情報<2016.01.13>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011100094/?ST=security
News & Trend
経産省、経営者向けにサイバー攻撃対策の最低ラインを提示
順守すれば保険割引や裁判での免責も
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011100414/?ST=security
サイバーソリューションズのメール製品がマイナンバーを検出/ブロック可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/011200078/?ST=security
2016年1月12日火曜日
12日 火曜日、友引
+ PostgreSQL ODBC Driver 09_05_0100 released
http://www.postgresql.org/ftp/odbc/versions/msi/
+ CESA-2016:0008 Moderate CentOS 6 openssl Security Update
http://lwn.net/Alerts/671026/
+ CESA-2016:0009 Moderate CentOS 7 libldb Security Update
http://lwn.net/Alerts/671023/
+ CESA-2016:0005 Moderate CentOS 6 rpcbind Security Update
http://lwn.net/Alerts/671028/
+ CESA-2016:0010 Moderate CentOS 6 samba4 Security Update
http://lwn.net/Alerts/671032/
+ CESA-2016:0005 Moderate CentOS 7 rpcbind Security Update
http://lwn.net/Alerts/671029/
+ CESA-2016:0007 Moderate CentOS 6 nss Security Update
http://lwn.net/Alerts/671024/
+ CESA-2016:0012 Moderate CentOS 7 gnutls Security Update
http://lwn.net/Alerts/671021/
+ CESA-2016:0011 Moderate CentOS 6 samba Security Update
http://lwn.net/Alerts/671030/
+ CESA-2016:0008 Moderate CentOS 7 openssl Security Update
http://lwn.net/Alerts/671027/
+ CESA-2016:0006 Moderate CentOS 7 samba Security Update
http://lwn.net/Alerts/671031/
+ CESA-2016:0012 Moderate CentOS 6 gnutls Security Update
http://lwn.net/Alerts/671020/
+ CESA-2016:0007 Moderate CentOS 7 nss Security Update
http://lwn.net/Alerts/671025/
+ CESA-2016:0009 Moderate CentOS 6 libldb Security Update
http://lwn.net/Alerts/671022/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ Cisco Adaptive Security Appliance Non-DCERPC Traffic Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160111-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6423
+ Linux kernel 3.12.52 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.52
+ NTP 4.2.8p5 released
http://archive.ntp.org/ntp4/ChangeLog-stable
+ Mozilla Firefox 44.0b2 Local Cross-site Scripting Vulnerability
https://cxsecurity.com/issue/WLB-2016010055
+ Symantec Endpoint Protection 12.1.4013 Denial Of Service
https://cxsecurity.com/issue/WLB-2016010045
dbMigration .NET 2.3 released
http://www.postgresql.org/about/news/1639/
Windows build of PostgreSQL 9.5.0 prepared by Postgres Pro
http://www.postgresql.org/about/news/1638/
2UDA 9.5 Released
http://www.postgresql.org/about/news/1637/
ラッコの眼 ~サイバーセキュリティ最前線~
無差別化するDDoS攻撃、どう対峙すべきかを考える
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/121800008/?ST=security
CTC、危険なIPアドレスリストの配信サービスをパロアルトとSplunk向けに提供
http://itpro.nikkeibp.co.jp/atcl/news/16/010800058/?ST=security
JVNVU#90674343 Ipswitch WhatsUp Gold の XML オブジェクトのデシリアライズ処理に脆弱性
http://jvn.jp/vu/JVNVU90674343/index.html
UPDATE: JVNVU#94212028 Ipswitch WhatsUp Gold に SQL インジェクションおよび複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU94212028/index.html
2016年1月8日金曜日
8日 金曜日、先負
+ RHSA-2016:0008 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0010 Moderate: samba4 security update
https://rhn.redhat.com/errata/RHSA-2016-0010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
+ RHSA-2016:0009 Moderate: libldb security update
https://rhn.redhat.com/errata/RHSA-2016-0009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
+ RHSA-2016:0007 Moderate: nss security update
https://rhn.redhat.com/errata/RHSA-2016-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0012 Moderate: gnutls security update
https://rhn.redhat.com/errata/RHSA-2016-0012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0005 Moderate: rpcbind security update
https://rhn.redhat.com/errata/RHSA-2016-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7236
+ RHSA-2016:0011 Moderate: samba security update
https://rhn.redhat.com/errata/RHSA-2016-0011.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
+ About the security content of QuickTime 7.7.9
https://support.apple.com/ja-jp/HT205638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7117
+ APSB16-02 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/reader/apsb16-02.html
+ CESA-2016:0001 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/670770/
+ CESA-2016:0001 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/670769/
+ CESA-2016:0001 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/670768/
+ squid 3.5.13 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.13-RELEASENOTES.html
+ VMSA-2016-0001 VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
+ PHP 7.0.2, 5.6.17, 5.5.31 released
http://www.php.net/ChangeLog-7.php#7.0.2
http://www.php.net/ChangeLog-5.php#5.6.17
http://www.php.net/ChangeLog-5.php#5.5.31
+ PostgreSQL 9.5.0 released
http://www.postgresql.org/docs/9.5/static/release-9-5.html
+ PHP Bugs May Let Remote Users Obtain Potentially Sensitive Information, Gain Elevated Privileges, or Execute Arbitrary Code
http://www.securitytracker.com/id/1034608
+ VMware Workstation, Player, and Fusion VMware Tools Shared Folders Lets Local Users on a Windows-Based Guest System Gain Elevated Privileges on the Guest System
http://www.securitytracker.com/id/1034604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
+ VMware ESXi VMware Tools Shared Folders Lets Local Users on a Windows-Based Guest System Gain Elevated Privileges on the Guest System
http://www.securitytracker.com/id/1034603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
PostgreSQL 9.5: UPSERT, Row Level Security, and Big Data
http://www.postgresql.org/about/news/1636/
FinTechの旗手たち
「人工知能で株取引を、トレーダーの脳を再現」、AlpacaDBの横川CEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000010/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0010 Moderate: samba4 security update
https://rhn.redhat.com/errata/RHSA-2016-0010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7540
+ RHSA-2016:0009 Moderate: libldb security update
https://rhn.redhat.com/errata/RHSA-2016-0009.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5330
+ RHSA-2016:0007 Moderate: nss security update
https://rhn.redhat.com/errata/RHSA-2016-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0012 Moderate: gnutls security update
https://rhn.redhat.com/errata/RHSA-2016-0012.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ RHSA-2016:0005 Moderate: rpcbind security update
https://rhn.redhat.com/errata/RHSA-2016-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7236
+ RHSA-2016:0011 Moderate: samba security update
https://rhn.redhat.com/errata/RHSA-2016-0011.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5299
+ About the security content of QuickTime 7.7.9
https://support.apple.com/ja-jp/HT205638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7117
+ APSB16-02 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/reader/apsb16-02.html
+ CESA-2016:0001 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/670770/
+ CESA-2016:0001 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/670769/
+ CESA-2016:0001 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/670768/
+ squid 3.5.13 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.13-RELEASENOTES.html
+ VMSA-2016-0001 VMware ESXi, Fusion, Player, and Workstation updates address important guest privilege escalation vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
+ PHP 7.0.2, 5.6.17, 5.5.31 released
http://www.php.net/ChangeLog-7.php#7.0.2
http://www.php.net/ChangeLog-5.php#5.6.17
http://www.php.net/ChangeLog-5.php#5.5.31
+ PostgreSQL 9.5.0 released
http://www.postgresql.org/docs/9.5/static/release-9-5.html
+ PHP Bugs May Let Remote Users Obtain Potentially Sensitive Information, Gain Elevated Privileges, or Execute Arbitrary Code
http://www.securitytracker.com/id/1034608
+ VMware Workstation, Player, and Fusion VMware Tools Shared Folders Lets Local Users on a Windows-Based Guest System Gain Elevated Privileges on the Guest System
http://www.securitytracker.com/id/1034604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
+ VMware ESXi VMware Tools Shared Folders Lets Local Users on a Windows-Based Guest System Gain Elevated Privileges on the Guest System
http://www.securitytracker.com/id/1034603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6933
PostgreSQL 9.5: UPSERT, Row Level Security, and Big Data
http://www.postgresql.org/about/news/1636/
FinTechの旗手たち
「人工知能で株取引を、トレーダーの脳を再現」、AlpacaDBの横川CEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000010/?ST=security
2016年1月7日木曜日
7日 木曜日、友引
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ Mozilla Firefox 43.0.4 released
https://www.mozilla.org/en-US/firefox/43.0.4/releasenotes/
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ UPDATE: Adobe Flash Player の脆弱性 (APSB16-01) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160001.html
+ Linux Kernel NFS Null Pointer Dereference Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1034594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8746
+ Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Applications Gain Elevated Privileges
http://www.securitytracker.com/id/1034592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
+ Kaspersky Labs DLL Hijacking
https://cxsecurity.com/issue/WLB-2016010022
FinTechの旗手たち
「オンラインなのになぜか非効率な決済、個人の与信枠を僕たちが設定したい」、BASEの鶴岡代表取締役CEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000008/?ST=security
記者の眼
スマホは双子を見分けられるか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122200451/?ST=security
JVNVU#94556181 Comcast XFINITY Home Security の無線接続が切断されたときの処理に問題
http://jvn.jp/vu/JVNVU94556181/
https://technet.microsoft.com/ja-jp/library/security/2755801
+ Mozilla Firefox 43.0.4 released
https://www.mozilla.org/en-US/firefox/43.0.4/releasenotes/
+ UPDATE: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
+ UPDATE: Adobe Flash Player の脆弱性 (APSB16-01) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160001.html
+ Linux Kernel NFS Null Pointer Dereference Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1034594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8746
+ Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Applications Gain Elevated Privileges
http://www.securitytracker.com/id/1034592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
+ Kaspersky Labs DLL Hijacking
https://cxsecurity.com/issue/WLB-2016010022
FinTechの旗手たち
「オンラインなのになぜか非効率な決済、個人の与信枠を僕たちが設定したい」、BASEの鶴岡代表取締役CEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000008/?ST=security
記者の眼
スマホは双子を見分けられるか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122200451/?ST=security
JVNVU#94556181 Comcast XFINITY Home Security の無線接続が切断されたときの処理に問題
http://jvn.jp/vu/JVNVU94556181/
2016年1月6日水曜日
6日 水曜日、先勝
+ RHSA-2016:0001 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
+ UPDATE: Cisco Jabber STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
+ Cisco Unified Communications Manager SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6433
+ UPDATE: Cisco ASA Management Interface XML Parser Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
+ Cisco Prime Infrastructure Frame Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6434
JVNDB-2016-000001 DXライブラリにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000001.html
Networkキーワード
2要素認証とは
http://itpro.nikkeibp.co.jp/atcl/keyword/14/260922/010400045/?ST=security
FinTechの旗手たち
「バズワード化を危惧、本当に消費者第一か?」、Zaimの閑歳社長が語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000007/?ST=security
統計&調査
[データは語る]身代金を要求するランサムウエアの相談件数が再び増加、2015年12月には16件に―IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/010500450/?ST=security
JVNVU#98928449 古野電気製 Voyage Data Recorder (VDR) にユーザ入力値を適切に検証しない脆弱性
http://jvn.jp/vu/JVNVU98928449/
https://rhn.redhat.com/errata/RHSA-2016-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7214
+ UPDATE: Cisco Jabber STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
+ UPDATE: Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
+ UPDATE: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
+ Cisco Unified Communications Manager SQL Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6433
+ UPDATE: Cisco ASA Management Interface XML Parser Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151123-asa
+ Cisco Prime Infrastructure Frame Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6434
JVNDB-2016-000001 DXライブラリにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000001.html
Networkキーワード
2要素認証とは
http://itpro.nikkeibp.co.jp/atcl/keyword/14/260922/010400045/?ST=security
FinTechの旗手たち
「バズワード化を危惧、本当に消費者第一か?」、Zaimの閑歳社長が語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000007/?ST=security
統計&調査
[データは語る]身代金を要求するランサムウエアの相談件数が再び増加、2015年12月には16件に―IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/010500450/?ST=security
JVNVU#98928449 古野電気製 Voyage Data Recorder (VDR) にユーザ入力値を適切に検証しない脆弱性
http://jvn.jp/vu/JVNVU98928449/
2016年1月5日火曜日
5日 火曜日、赤口
+ UPDATE: Cisco Jabber STARTTLS Downgrade Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6432
+ Adobe Flash Player の脆弱性 (APSB16-01) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160001.html
FinTechの旗手たち
「金融業そのものがFinTechに変わる」、米ペイパルのシュールマンCEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000009/?ST=security
オウケイウェイヴ、ブロックチェーンをログイン認証や知財販売に応用へ
http://itpro.nikkeibp.co.jp/atcl/news/15/010304207/?ST=security
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
+ UPDATE: Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl
+ Cisco IOS XR Software OSPF Link State Advertisement PCE Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160104-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6432
+ Adobe Flash Player の脆弱性 (APSB16-01) に関する注意喚起
http://www.jpcert.or.jp/at/2016/at160001.html
FinTechの旗手たち
「金融業そのものがFinTechに変わる」、米ペイパルのシュールマンCEOが語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000009/?ST=security
オウケイウェイヴ、ブロックチェーンをログイン認証や知財販売に応用へ
http://itpro.nikkeibp.co.jp/atcl/news/15/010304207/?ST=security
2016年1月4日月曜日
4日 月曜日、大安
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ Mozilla Firefox 43.0.3 released
https://www.mozilla.org/en-US/firefox/43.0.3/releasenotes/
+ APSB16-01 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8651
+ Wireshark 2.0.1, 1.12.9 released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.9.html
+ Linux kernel 3.2.75 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.75
+ Sysstat 11.2.0 released
http://sebastien.godard.pagesperso-orange.fr/
+ Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1034551
+ Linux Kernel pptp_bind() and pptp_connect() Validation Flaw Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1034549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
+ Linux Kernel Overlayfs Security Permissions Flaw Lets Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1034548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8660
+ PHP Class Name Format String Flaw Lets Remote Users Execute Arbitrary C ode
http://www.securitytracker.com/id/1034543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8617
+ Mozilla Firefox MD5 Signature Support in TLS ServerKeyExchange Messages Exposes Users to Hash Collision Forgery Attacks
http://www.securitytracker.com/id/1034541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ Trend Micro DLL hijacking
https://cxsecurity.com/issue/WLB-2016010003
+ IE11 EdUtil::GetCommonAncestorElement Remote Crash
https://cxsecurity.com/issue/WLB-2016010001
+ DeleGate v9.9.13 Local root vulnerability
https://cxsecurity.com/issue/WLB-2015120314
pglogical announced
http://www.postgresql.org/about/news/1634/
MicroOLAP Database Designer meets PostgreSQL 9.5
http://www.postgresql.org/about/news/1635/
FinTechの旗手たち
「ブロックチェーンの未来に僕はわくわくしている」、MITメディアラボ伊藤所長が語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000001/?ST=security
https://technet.microsoft.com/ja-jp/library/security/2755801
+ Mozilla Firefox 43.0.3 released
https://www.mozilla.org/en-US/firefox/43.0.3/releasenotes/
+ APSB16-01 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8651
+ Wireshark 2.0.1, 1.12.9 released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.1.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.9.html
+ Linux kernel 3.2.75 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.75
+ Sysstat 11.2.0 released
http://sebastien.godard.pagesperso-orange.fr/
+ Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1034551
+ Linux Kernel pptp_bind() and pptp_connect() Validation Flaw Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1034549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
+ Linux Kernel Overlayfs Security Permissions Flaw Lets Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1034548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8660
+ PHP Class Name Format String Flaw Lets Remote Users Execute Arbitrary C ode
http://www.securitytracker.com/id/1034543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8617
+ Mozilla Firefox MD5 Signature Support in TLS ServerKeyExchange Messages Exposes Users to Hash Collision Forgery Attacks
http://www.securitytracker.com/id/1034541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
+ Trend Micro DLL hijacking
https://cxsecurity.com/issue/WLB-2016010003
+ IE11 EdUtil::GetCommonAncestorElement Remote Crash
https://cxsecurity.com/issue/WLB-2016010001
+ DeleGate v9.9.13 Local root vulnerability
https://cxsecurity.com/issue/WLB-2015120314
pglogical announced
http://www.postgresql.org/about/news/1634/
MicroOLAP Database Designer meets PostgreSQL 9.5
http://www.postgresql.org/about/news/1635/
FinTechの旗手たち
「ブロックチェーンの未来に僕はわくわくしている」、MITメディアラボ伊藤所長が語る
http://itpro.nikkeibp.co.jp/atcl/column/15/121000283/121000001/?ST=security
登録:
投稿 (Atom)