2016年1月28日木曜日

28日 木曜日、赤口










+ RHSA-2016:0071 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-0071.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935

+ RHSA-2016:0073 Moderate: bind security update
https://rhn.redhat.com/errata/RHSA-2016-0073.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704

+ RHSA-2016:0074 Moderate: bind97 security update
https://rhn.redhat.com/errata/RHSA-2016-0074.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704

+ UPDATE: RHSA-2015:2623 Moderate: grub2 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2015-2623.html

+ Google Chrome 48.0.2564.97 released
http://googlechromereleases.blogspot.jp/2016/01/stable-channel-update_27.html

+ Mozilla Firefox 44.0 released
https://www.mozilla.org/en-US/firefox/44.0/releasenotes/

+ MFSA 2016-12 Lightweight themes on Firefox for Android do not verify a secure connection
https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948

+ MFSA 2016-11 Application Reputation service disabled in Firefox 43
https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
VE-2016-1947

+ MFSA 2016-10 Unsafe memory manipulation found through code inspection
https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946

+ MFSA 2016-09 Addressbar spoofing attacks
https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942

+ MFSA 2016-08 Delay following click events in file download dialog too short on OS X
https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941

+ MFSA 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938

+ MFSA 2016-06 Missing delay following user click events in protocol handler dialog
https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937

+ MFSA 2016-05 Addressbar spoofing through stored data url shortcuts on Firefox for Android
https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940

+ MFSA 2016-04 Firefox allows for control characters to be set in cookie names
https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7208

+ MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation
https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935

+ MFSA 2016-02 Out of Memory crash when parsing GIF format images
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933

+ MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931

+ nginx 1.9.10, 1.8.1 released
http://nginx.org/

+ [nginx-announce] nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.157656890.1084684068.1410134581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747

+ CESA-2016:0071 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/673743/

+ CESA-2016:0071 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/673745/

+ CESA-2016:0074 Moderate CentOS 5 bind97 Security Update
http://lwn.net/Alerts/673742/

+ CESA-2016:0073 Moderate CentOS 6 bind Security Update
http://lwn.net/Alerts/673740/

+ CESA-2016:0071 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/673744/

+ CESA-2016:0073 Moderate CentOS 7 bind Security Update
http://lwn.net/Alerts/673741/

+ CESA-2016:0073 Moderate CentOS 5 bind Security Update
http://lwn.net/Alerts/673739/

+ CESA-2016:0064 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/673565/

+ CESA-2016:0067 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673563/

+ CESA-2016:0067 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673564/

+ CESA-2016:0067 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/673562/

+ Linux kernel 3.12.53 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.53

+ curl 7.47.0 released
http://curl.haxx.se/changes.html#7_47_0

+ FreeBSD-SA-16:10.linux Linux compatibility layer issetugid(2) system call vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1883

+ FreeBSD-SA-16:09.ntp Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:09.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8158

+ FreeBSD-SA-16:08.bind BIND remote denial of service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704

+ ntp Debian/Ubuntu Cron Job Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1034808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0727

+ Linux Kernel prima WLAN Driver Heap Overflow
https://cxsecurity.com/issue/WLB-2016010177

JVNDB-2016-000012 HOME SPOT CUBE における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000012.html

JVNDB-2016-000011 HOME SPOT CUBE におけるクリックジャッキングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000011.html

JVNDB-2016-000010 HOME SPOT CUBE におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000010.html

JVNDB-2016-000009 HOME SPOT CUBE における HTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000009.html

JVNDB-2016-000008 HOME SPOT CUBE におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000008.html

JVNDB-2016-000007 HOME SPOT CUBE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000007.html

NEC、サイバー攻撃対策を支援する専門拠点を日本に次いでシンガポールに開設
http://itpro.nikkeibp.co.jp/atcl/news/16/012700275/?ST=security

ビジネスマン向けサイバーセキュリティ講座、アスタリスクリサーチが2月から開始
http://itpro.nikkeibp.co.jp/atcl/news/16/012700268/?ST=security

マルウエア感染端末を検知するダンバラ、F/W連携で外部通信をブロック
http://itpro.nikkeibp.co.jp/atcl/news/16/012600258/?ST=security

[データは語る]標的型攻撃メールと思われる不審メールの情報提供は2015年第3四半期に723件と急増―IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/012600484/?ST=security

リクルートと大東建託が不動産業向けスマートキーの実証実験、鍵の数に上限なし
http://itpro.nikkeibp.co.jp/atcl/news/16/012600256/?ST=security

0 件のコメント:

コメントを投稿