2016年3月2日水曜日

2日 水曜日、赤口

+ RHSA-2016:0302 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0302.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

+ RHSA-2016:0301 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0301.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

+ CESA-2016:0301 Important CentOS 6 openssl Security Update
http://lwn.net/Alerts/678124/

+ PDFCreator 2.3 released
http://www.pdfforge.org/blog/pdfcreator-230-released

+ UPDATE: Vulnerability in GNU glibc Affecting Cisco Products: February 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160218-glibc

+ OpenSSL 1.0.2g, 1.0.1s released
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html

+ OpenSSL Security Advisory [1st March 2016]
https://www.openssl.org/news/secadv/20160301.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704

+ OpenSSL Flaws Let Remote Users Deny Service and Decrypt TLS Sessions in Certain Cases
http://www.securitytracker.com/id/1035133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

+ McAfee VirusScan Enterprise Access Control Flaw Lets Local Users Bypass Self-Protection Security Restrictions
http://www.securitytracker.com/id/1035130

+ Microsoft PowerPointViewer Code Execution
https://cxsecurity.com/issue/WLB-2016030011

VU#583776 Network traffic encrypted using RSA-based SSL certificates over SSLv2 may be decrypted by the DROWN attack
https://www.kb.cert.org/vuls/id/583776

Barman 1.6.0 released
http://www.postgresql.org/about/news/1650/

辻伸弘の裏読みセキュリティ事件簿
DDoS攻撃に加担させない すぐに試せる悪用防止テクニック
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/022500003/?ST=security

1分で理解するプロの知恵[セキュリティ編]
CSIRTの仕事はまず早期警戒から
http://itpro.nikkeibp.co.jp/atcl/column/16/022200041/022200003/?ST=security

UPDATE: JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/index.html

JVNVU#94080110 コンテンツデリバリネットワーク (CDN) に対するサービス運用妨害 (DoS) の問題 (Forwarding Loop 攻撃)
http://jvn.jp/vu/JVNVU94080110/index.html

0 件のコメント:

コメントを投稿