:: IT Security Neophyte Investigator's MEMO ::: 5月 2016

2016年5月31日火曜日

31日火曜日、仏滅

+ Mozilla Thunderbird 45.1.1 released
https://www.mozilla.org/en-US/thunderbird/45.1.1/releasenotes/

+ SA70546 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/70546/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807

+ MySQL 5.5.45 - procedure analyse Function Denial of Service
https://cxsecurity.com/issue/WLB-2016050142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4870

JVNDB-2016-000085 サイボウズガルーンにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000085.html

JVNDB-2016-000084 サイボウズガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000084.html

JVNDB-2016-000083 サイボウズガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000083.html

JVNDB-2016-000082 サイボウズガルーンにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000082.html

JVNDB-2016-000081 サイボウズガルーンにおけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000081.html

JVNDB-2016-000080 サイボウズガルーンにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000080.html

JVNDB-2016-000079 サイボウズガルーンにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000079.html

JVNDB-2016-000095 サイボウズガルーンのログ出力機能におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000095.html

UPDATE: JVN#21025396 サイボウズガルーンにおいて任意の PHP コードが実行される複数の脆弱性
http://jvn.jp/jp/JVN21025396/index.html

記者の眼
なんと88％！？新試験「情報セキュリティマネジメント」の合格率
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/051900568/?ST=security

2016年5月30日月曜日

30日月曜日、先負

+ UPDATE: Cisco Firepower Management Center Web Interface Code Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160527-fmc

+ SA70839 PHP Multiple Vulnerabilities
https://secunia.com/advisories/70839/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5096

+ Apache log4j 2.6 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.6

JVNDB-2016-000090 「平成27年1月以前の旧地理院地図のソース」におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000090.html

JVNDB-2016-000092 DMM.com証券製の複数の Android アプリにおける SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000092.html

JVNDB-2016-000091 H2O における解放済みメモリ使用 (use-after-free) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000091.html

JVNDB-2016-000076 Japan Connected-free Wi-Fi における任意の API が実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000076.html

JVNDB-2016-000087 バッファロー製の複数の無線 LAN ルータにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000087.html

JVNDB-2016-000086 バッファロー製の複数の無線 LAN ルータにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000086.html

JVNDB-2016-000072 WebARENA フォームメールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000072.html

10の疑問を試して解明セキュリティ大実験室
セキュリティワイヤーは頑丈か？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300005/?ST=security

富士通、米Menlo SecurityのWebサイト無害化サービスを6月から提供
http://itpro.nikkeibp.co.jp/atcl/news/16/052701534/?ST=security

2016年5月27日金曜日

27日金曜日、赤口

+ phpMyAdmin 4.6.2, 4.4.15.6 released
https://www.phpmyadmin.net/news/2016/5/26/phpmyadmin-462-released/
https://www.phpmyadmin.net/news/2016/5/26/phpmyadmin-security-notifications-and-44156-released/

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1410

+ PHP 7.0.7, 5.6.22, 5.5.36 Released
http://www.php.net/ChangeLog-7.php#7.0.7
http://www.php.net/ChangeLog-5.php#5.6.22
http://www.php.net/ChangeLog-5.php#5.5.36

VU#482135 MEDHOST Perioperative Information Management System contains hard-coded database credentials
https://www.kb.cert.org/vuls/id/482135

JVNDB-2016-000075 NetCommons における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000075.html

今から始める境界防御、ファイアウオール徹底理解
ファイアウオール設定法、対象ごとに処理を決定「原則通さない」が設定の基本
http://itpro.nikkeibp.co.jp/atcl/column/16/052300114/052300005/?ST=security

10の疑問を試して解明セキュリティ大実験室
無線LANのSSIDを隠すのは効果ある？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300004/?ST=security

ユニアデックス、二要素認証ソフト強化で情報の持ち出しを制御可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/052601520/?ST=security

UPDATE: JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/

2016年5月26日木曜日

26日木曜日、大安

+ Google Chrome 51.0.2704.63 released
http://googlechromereleases.blogspot.jp/2016/05/stable-channel-update_25.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1672
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1695

+ PMASA-2016-16 Self XSS
https://www.phpmyadmin.net/security/PMASA-2016-16/

+ PMASA-2016-15 File Traversal Protection Bypass on Error Reporting
https://www.phpmyadmin.net/security/PMASA-2016-15/

+ PMASA-2016-14 Sensitive Data in URL GET Query Parameters
https://www.phpmyadmin.net/security/PMASA-2016-14/

+ BIND 9.10.4-P1, 9.9.9-P1 released
ftp://ftp.isc.org/isc/bind9/9.10.4-P1/RELEASE-NOTES-bind-9.10.4-P1.html
ftp://ftp.isc.org/isc/bind9/9.9.9-P1/RELEASE-NOTES-bind-9.9.9-P1.html

+ Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1409

+ CentOS 6.8 released
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.8

+ VMSA-2016-0006 VMware vCenter Server updates address an important cross-site scripting issue
http://www.vmware.com/security/advisories/VMSA-2016-0006.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2078

JVNDB-2016-000089 ウイルスバスターにおけるHTTP ヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000089.html

JVNDB-2016-000074 ウイルスバスターにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000074.html

JVNDB-2016-000088 ウイルスバスタークラウドにおける任意のスクリプト実行の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000088.html

JVNDB-2016-000073 ウイルスバスタークラウドにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000073.html

JVNDB-2016-000071 WordPress 用プラグイン Markdown on Save Improved におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000071.html

10の疑問を試して解明セキュリティ大実験室
Excelのパスワード保護は有効か？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300003/?ST=security

今から始める境界防御、ファイアウオール徹底理解
境界防御、ジャンル別製品ガイド　環境に合う性能で選ぶ
複合製品は利用する機能を確認
http://itpro.nikkeibp.co.jp/atcl/column/16/052300114/052300004/?ST=security

チェックしておきたい脆弱性情報＜2016.05.26＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051700114/?ST=security

カスペルスキー、産業用制御システムを狙ったサイバー攻撃を検出する製品を販売
http://itpro.nikkeibp.co.jp/atcl/news/16/052501500/?ST=security

デロイトトーマツが横浜にサイバー拠点、日本における情報収集活動を強化
http://itpro.nikkeibp.co.jp/atcl/news/16/052401485/?ST=security

2016年5月25日水曜日

25日水曜日、仏滅

+ Cisco UCS Invicta Software Default GPG Key Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160524-ucs-inv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1404

+ SA70752 Linux Kernel "atl2_probe()" Information Disclosure Vulnerability
https://secunia.com/advisories/70752/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2117

JVNDB-2016-000067 iOS アプリ「ジェットスター」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000067.html

JVNDB-2016-000070 php-contact-form におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000070.html

JVNDB-2016-000068 HumHub におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000068.html

JVNTA#91048063 WPAD と名前衝突の問題
http://jvn.jp/ta/JVNTA91048063/index.html

10の疑問を試して解明セキュリティ大実験室
圧縮や暗号化されたウイルスを検知可能？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300002/?ST=security

今から始める境界防御、ファイアウオール徹底理解
境界防御を実現する機能、異なる角度から脅威を分析
機能名が同じでも仕組みに差
http://itpro.nikkeibp.co.jp/atcl/column/16/052300114/052300003/?ST=security

ITpro Report
Windowsのセキュリティ情報はここで調べる（後編）
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/052000158/?ST=security

2016年5月24日火曜日

24日火曜日、先負

+ APSB16-17 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb16-17.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4118

+ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1406

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

+ Linux kernel 4.1.25, 3.18.34, 3.12.60 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.25
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.34
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.60

+ SA70747 Linux Kernel APICv State Update MSR Access Vulnerability
https://secunia.com/advisories/70747/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4440

+ SA70709 Linux Kernel "tipc_nl_publ_dump()" NULL Pointer Dereference Denial of Service Vulnerability
https://secunia.com/advisories/70709/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4951

Barman 1.6.1 released
http://www.postgresql.org/about/news/1671/

今から始める境界防御、ファイアウオール徹底理解
境界防御の全体像、多様化するサイバー攻撃に対応する
http://itpro.nikkeibp.co.jp/atcl/column/16/052300114/052300001/?ST=security

10の疑問を試して解明セキュリティ大実験室
ウイルス対策ソフトは無料でも十分か？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300001/?ST=security

ITpro Report
Windowsのセキュリティ情報はここで調べる（前編）
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/052000157/?ST=security

2016年5月23日月曜日

23日月曜日、友引

+ make 4.2 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D

+ UPDATE: Cisco IOS XR LPTS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160519-ios-xr

+ SA70714 Symantec Anti-Virus Engine 2015 PE Header Parsing Kernel Memory Corruption Vulnerability
https://secunia.com/advisories/70714/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

+ Trend Micro OfficeScan Lets Remote Users Traverse the Directory to View Files on the Target System in Certain Cases
http://www.securitytracker.com/id/1035935

JVNDB-2016-000069 MP Form Mail CGI Professional 版におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000069.html

チェックしておきたい脆弱性情報＜2016.05.23＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051700113/?ST=security

2016年5月20日金曜日

20日金曜日、大安

+ Zabbix 3.0.3, 2.2.13, 2.0.18 released
http://www.zabbix.com/rn3.0.3.php
http://www.zabbix.com/rn2.2.13.php
http://www.zabbix.com/rn2.0.18.php

+ UPDATE: APSB16-15 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html

+ Cisco IOS XR LPTS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160519-ios-xr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1407

+ Linux kernel 4.6, 4.5.5, 4.4.11, 3.14.70 released
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=refs/tags/v4.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.11
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.70

+ UPDATE: Oracle Linux Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

+ SA70711 cURL / libcURL Hostname Certificate Validation Vulnerability
https://secunia.com/advisories/70711/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739

+ SA70520 Linux Kernel Channels Netns Use-After-Free Vulnerability
https://secunia.com/advisories/70520/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4805

+ OpenBSD uvideo(4) IOCTL Handling Flaw Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1035925

VU#204232 Up.time agent for Linux does not authenticate a user before allowing read access to the file system
https://www.kb.cert.org/vuls/id/204232

JVNDB-2016-000066 Web Mailing List におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000066.html

IoTデバイスのセキュリティ対策を提示、IPAが手引きを公表
http://itpro.nikkeibp.co.jp/atcl/news/16/051901432/?ST=security

2016年5月19日木曜日

19日木曜日、仏滅

+ CESA-2016:1086 Moderate CentOS 7 libndp Security Update
http://lwn.net/Alerts/687828/

+ UPDATE: Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs

+ Cisco Web Security Appliance HTTP POST Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1380

+ Cisco Web Security Appliance Cached Range Request Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1381

+ Cisco Web Security Appliance Connection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1383

+ Cisco Web Security Appliance HTTP Length Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160518-wsa3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1382

+ UPDATE: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

+ SA70594 Linux kernel KVM MTRR Vulnerability
https://secunia.com/advisories/70594/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3713

+ cURL mbedTLS/PolarSSL Function Usage Error Lets Remote Users Bypass Certificate Validation
http://www.securitytracker.com/id/1035907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739

+ 7-Zip Code Execution
https://cxsecurity.com/issue/WLB-2016050086

+ Microsoft Visual C++ DLL Hijacking
https://cxsecurity.com/issue/WLB-2016050084

Call for Papers - PostgreSQL Conference Europe 2016
http://www.postgresql.org/about/news/1670/

APACHE JMETER 3.0 RELEASED
http://mail-archives.us.apache.org/mod_mbox/www-announce/201605.mbox/%3c573B7909.7040901@apache.org%3e

JVNDB-2016-000065 スマートフォンアプリ「百五銀行」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000065.html

JVNVU#90579091 Chef Manage に Cookie のデシリアライズ処理に関する脆弱性
http://jvn.jp/vu/JVNVU90579091/index.html

チェックしておきたい脆弱性情報＜2016.05.19＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/051700112/?ST=security

News ＆ Trend
東京都足立区がハイパーコンバージド採用、サーバー集約で運用負荷削減
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/051800531/?ST=security

「チャットワーク」がクラウドのセキュリティ認証ISO27018取得、国内2例目
http://itpro.nikkeibp.co.jp/atcl/news/16/051801416/?ST=security

2016年5月18日水曜日

18日水曜日、先負

+ RHSA-2016:1086 Moderate: libndp security update
https://rhn.redhat.com/errata/RHSA-2016-1086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3698

+ Cisco Unified Computing System Central Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ucs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1401

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ Cisco Adaptive Security Appliance VPN Memory Block Exhaustion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-vpn
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1379

+ Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1402

+ Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-asa-xml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1385

+ SA70631 Apache HTTP Server mod_http2 Denial of Service Vulnerability
https://secunia.com/advisories/70631/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1546

+ SA70648 VMware Workstation / Player Privilege Escalation Vulnerability
https://secunia.com/advisories/70648/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ VMSA-2016-0005 VMware product updates address critical and important security issues
http://www.vmware.com/security/advisories/VMSA-2016-0005.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ VMware Workstation Player 7.1.4 released
https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_player/7_0|PLAYER-714|product_downloads

+ Apache Tomcat 8.0.35 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.35_(markt)

+ FreeBSD-SA-16:19.sendmsg Incorrect argument handling in sendmsg(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:19.sendmsg.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1887

+ FreeBSD-SA-16:18.atkbd Buffer overflow in keyboard driver
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1886

+ JVNVU#91632741 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91632741/index.html

+ Symantec Anti Virus Engine Heap Overflow in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2208

+ VMware Workstation and Player for Windows Lets Local Users on a Host System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1035900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2077

+ PHP 5.6.7 Missing null byte checks for paths in various extensions
https://cxsecurity.com/issue/WLB-2016050083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3412

VU#586503 Chef Manage deserializes cookie data insecurely
https://www.kb.cert.org/vuls/id/586503

統計＆調査
［データは語る］特権ID管理市場は2015年度に前年度比12.9％増の38億5000万円―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/051700614/?ST=security

2016年5月17日火曜日

About the security content of iOS 9.3.2

About the security content of iOS 9.3.2
https://support.apple.com/ja-jp/HT206568

上記 URL の iOS のセキュリティアップデートの翻訳

1) Accessibility

　改良されたサイズ検証にバッファオーバーフローの欠陥が存在することが原因で、アプリケーションがカーネルのメモリレイアウトを決定できる脆弱性。(CVE-2016-1790)

2) CFNetwork Proxies

　HTTP 及び HTTPS 要求の取り扱いに情報漏洩が存在することが原因で、ネットワークの特権を持つ攻撃者がユーザの情報を漏洩できる脆弱性。(CVE-2016-1801)

3) CommonCrypto

　CCCrypt に戻り値の取り扱いに問題が存在することが原因で、悪意のあるアプリケーションがユーザの情報を漏洩できる脆弱性。(CVE-2016-1802)

4) CorCapture

　改良された検証に NULL ポインタ逆参照の欠陥が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1803)

5) Disk Images

　改良されたロック処理に競合状態の欠陥が存在することが原因で、ローカルの攻撃者がカーネルメモリを読める脆弱性。(CVE-2016-1807)

6) Disk Images

　ディスクイメージの解析処理にメモリ破壊が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1808)

7) ImageIO

　改良された検証に NULL ポインタ逆参照の欠陥が存在することが原因で、細工されたイメージを処理することでサービス拒否を引き起こせる脆弱性。(CVE-2016-1811)

8) IOAcceleratorFamily

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、アプリケーションがサービス拒否を引き起こす脆弱性。(CVE-2016-1817, CVE-2016-1818, CVE-2016-1819)

9) IOAcceleratorFamily

　改良されたロック処理に NULL ポインタ逆参照の欠陥が存在することが原因で、アプリケーションがサービス拒否を引き起こす脆弱性。(CVE-2016-1814)

10) IOAcceleratorFamily

　改良された検証に NULL ポインタ逆参照の欠陥が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1813)

11) IOHIDFamily

　改良されたメモリの取り扱いにメモリ破壊が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1823, CVE-2016-1824)

12) Kernel

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831)

13) libc

　改良された入力検証にメモリ破壊が存在することが原因で、ローカルの攻撃者がアプリケーションを異常終了させたり、任意のコードを実行できる脆弱性。(CVE-2016-1832)

14) libxml2

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、細工された XML を処理することでアプリケーションを異常終了させたり、任意のコードを実行できる脆弱性。(CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840)

15) libxslt

　改良されたメモリの取り扱いにメモリ破壊が存在することが原因で、細工された Web サイトを閲覧することで任意のコードを実行できる脆弱性。(CVE-2016-1841)

16) MapKit

　共有リンクが HTTPS よりはむしろ HTTP で送信されることが原因で、ネットワークの特権を持つ攻撃者がユーザ情報を漏洩できる脆弱性。(CVE-2016-1842)

17) OpenGL

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、細工された Web コンテンツを処理することで任意のコードを実行される脆弱性。(CVE-2016-1847)

18) Safari

　"履歴とWebサイトデータの削除" が履歴を削除しないことが原因で、ユーザが閲覧履歴を完全に削除できない脆弱性。(CVE-2016-1849)

19) Siri

　ロック画面から起動された Siri を利用したときに状態管理の問題が存在することが原因で、iOS 装置に物理的に利用できる人が Siri を使うことでロック画面から連絡先や写真にアクセスできる脆弱性。(CVE-2016-1852)

20) WebKit

　svg イメージの処理に不適当に汚染された痕跡の問題が存在することが原因で、悪意のある Web サイトを閲覧することで他の Web サイトからデータを開示する脆弱性。(CVE-2016-1858)

21) WebKit

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857)

22) WebKit Canvas

　改良されたメモリの取り扱いに複数のメモリ破壊が存在することが原因で、悪意のある Web サイトを閲覧することで任意のコードを実行される脆弱性。(CVE-20216-1859)

17日火曜日、友引

+ About the security content of iTunes 12.4
https://support.apple.com/ja-jp/HT206379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1742

+ About the security content of Safari 9.1.1
https://support.apple.com/ja-jp/HT206565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1859

+ About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003
https://support.apple.com/ja-jp/HT206567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1806
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1815
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1853

+ About the security content of watchOS 2.2.1
https://support.apple.com/ja-jp/HT206566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847

+ About the security content of iOS 9.3.2
https://support.apple.com/ja-jp/HT206568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1831
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1859

+ About the security content of tvOS 9.2.1
https://support.apple.com/ja-jp/HT206564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1827
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1832
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1859

+ CESA-2016:1041 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/687559/

+ Cisco Video Communication Server Session Initiation Protocol Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160516-vcs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1400

+ HS16-015 Multiple Vulnerabilities in Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-015/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

+ HS16-014 Cross-site Scripting Vulnerability in Hitachi Tuning Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-014/index.html

+ HS16-013 Information Disclosure Vulnerability in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-013/index.html

+ HS16-015 Hitachi Web Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-015/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800

+ HS16-014 Hitachi Tuning Managerにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-014/index.html

+ HS16-013 Hitachi Command Suite製品における情報漏えいに関する問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-013/index.html

+ Postfix 3.1.1, 3.0.5, 2.11.8, 2.10.10 released
http://www.postfix.org/announcements/postfix-3.1.1.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.1.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.10.HISTORY

UPDATE: JVNDB-2016-000060 スマートフォンアプリ「サイボウズ KUNAI」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000060.html

JVNDB-2016-000047 a-blog cms におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000047.html

JVNDB-2016-000046 a-blog cms におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000046.html

UPDATE: JVN#44657371 WordPress 用プラグイン「Ninja Forms」における PHP オブジェクトインジェクションの脆弱性
http://jvn.jp/jp/JVN44657371/

2016年5月16日月曜日

16日月曜日、先勝

+ CESA-2016:1041 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/687376/

+ Cisco Industrial Ethernet 4000 and Ethernet 5000 Series Switches ICMP IPv4 Packet Corruption Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160513-ies
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1399

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ SA70561 Symantec Messaging Gateway OpenSSL Heartbeat Two Information Disclosure Vulnerabilities
https://secunia.com/advisories/70561/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ SA70593 McAfee ePolicy Orchestrator Oracle Java Multiple Vulnerabilities
https://secunia.com/advisories/70593/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427

+ PostgreSQL 9.5.3, 9.4.8, 9.3.13, 9.2.17, 9.1.22 Released!
http://www.postgresql.org/about/news/1669/
http://www.postgresql.org/docs/9.5/static/release-9-5-3.html
http://www.postgresql.org/docs/9.4/static/release-9-4-8.html
http://www.postgresql.org/docs/9.3/static/release-9-3-13.html
http://www.postgresql.org/docs/9.2/static/release-9-2-17.html
http://www.postgresql.org/docs/9.1/static/release-9-1-22.html

+ Sysstat 11.2.4 released (stable version)
http://sebastien.godard.pagesperso-orange.fr/

+ Linux Kernel bpf related UAF
https://cxsecurity.com/issue/WLB-2016050055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794

VU#785823 Lantronix xPrintServer contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/785823

JVNDB-2016-000064 WordPress 用プラグイン「Ninja Forms」における PHP オブジェクトインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000064.html

JVNDB-2016-000063 FileMaker Server において PHP ソースコードが閲覧可能な問題
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000063.html

ITpro Report
FBI vs アップルは他人事ではない！日本の捜査機関はどこまでスマホを覗けるか、全貌に迫る
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/051300151/?ST=security

富士通、セキュリティ対策の計画策定を支援するサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/16/051301368/?ST=security

2016年5月13日金曜日

13日金曜日、仏滅

+ RHSA-2016:1041 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-1041.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807

+ RHSA-2016:1033 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1033.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0758

+ APSB16-15 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4117

+ SA70556 Linux Kernel "asn1_find_indefinite_length()" Memory Corruption Vulnerability
https://secunia.com/advisories/70556/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0758

+ PostgreSQL 9.6 Beta 1 Released
http://www.postgresql.org/about/news/1668/

+ 7-Zip Buffer Overflow and Memory Read Error in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2335

+ TrendMicro - Multiple HTTP Problems with CoreServiceShell.exe
https://cxsecurity.com/issue/WLB-2016050051

JVNDB-2016-000062 WN-G300R シリーズにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000062.html

JVNDB-2016-000061 WN-GDN/R3 シリーズにおいて認証試行回数が制限されていない脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000061.html

パイプドビッツが標的型メールの訓練サービス、内容をカスタマイズ可能
http://itpro.nikkeibp.co.jp/atcl/news/16/051201356/?ST=security

JVNTA#91951276 SAP 製品に対する攻撃
http://jvn.jp/ta/JVNTA91951276/

2016年5月12日木曜日

12日木曜日、先負

+ RHSA-2016:1025 Important: pcre security update
https://rhn.redhat.com/errata/RHSA-2016-1025.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191

+ Google Chrome 50.0.2661.102 released
http://googlechromereleases.blogspot.jp/2016/05/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1671

+ Mozilla Thunderbird 45.1.0 released
https://www.mozilla.org/en-US/thunderbird/45.1.0/releasenotes/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ Linux kernel 4.5.4, 4.4.10, 4.1.24, 3.18.33, 3.14.69 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.24
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.33
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.69

+ SA70517 Linux Kernel ALSA Multiple Information Disclosure Vulnerabilities
https://secunia.com/advisories/70517/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4569

+ SA70515 Linux Kernel "x25_negotiate_facilities()" Information Disclosure Vulnerability
https://secunia.com/advisories/70515/

+ SA70535 McAfee Agent Multiple Vulnerabilities
https://secunia.com/advisories/70535/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0755

+ Apache Struts 2.5 released
http://struts.apache.org/announce.html#a20160509

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html

+ Adobe Reader DC 15.010.20060 - Memory Corruption
https://cxsecurity.com/issue/WLB-2016050042

+ Windows Media Player MediaInfo v0.7.61 - Buffer Overflow Exploit
https://cxsecurity.com/issue/WLB-2016050041

JVNDB-2016-000059 Apache Cordova において任意のプラグインが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000059.html

JVNDB-2016-000058 Apache Cordova におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000058.html

2016年5月11日水曜日

11日水曜日、友引

+ 2016 年 5 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-may

+ MS16-051 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3155533)
https://technet.microsoft.com/library/security/MS16-051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0194

+ MS16-052 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3155538)
https://technet.microsoft.com/library/security/MS16-052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0193

+ MS16-053 - 緊急 JScript および VBScript 用の累積的なセキュリティ更新プログラム (3156764)
https://technet.microsoft.com/library/security/MS16-053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189

+ MS16-054 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3155544)
https://technet.microsoft.com/library/security/MS16-054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0183

+ MS16-055 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3156754)
https://technet.microsoft.com/library/security/MS16-055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0195

+ MS16-056 - 緊急 Windows Journal 用のセキュリティ更新プログラム (3156761)
https://technet.microsoft.com/library/security/MS16-056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0182

+ MS16-057 - 緊急 Windows Shell 用のセキュリティ更新プログラム (3156987)
https://technet.microsoft.com/library/security/MS16-057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0179

+ MS16-058 - 重要 Windows IIS 用のセキュリティ更新プログラム (3141083)
https://technet.microsoft.com/library/security/MS16-058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0152

+ MS16-059 - 重要 Windows Media Center 用のセキュリティ更新プログラム (3150220)
https://technet.microsoft.com/library/security/MS16-059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0185

+ MS16-060 - 重要 Windows カーネル用のセキュリティ更新プログラム (3154846)
https://technet.microsoft.com/library/security/MS16-060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0180

+ MS16-061 - 重要 Microsoft RPC 用のセキュリティ更新プログラム (3155520)
https://technet.microsoft.com/library/security/MS16-061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0178

+ MS16-062 - 重要 Windows カーネルモードドライバー用のセキュリティ更新プログラム (3158222)
https://technet.microsoft.com/library/security/MS16-062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0196

+ MS16-064 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3157993)
https://technet.microsoft.com/library/security/MS16-064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4116

+ MS16-065 - 重要 .NET Framework 用のセキュリティ更新プログラム (3156757)
https://technet.microsoft.com/library/security/MS16-065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0149

+ MS16-066 - 重要仮想保護モード用のセキュリティ更新プログラム (3155451)
https://technet.microsoft.com/library/security/MS16-066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0181

+ MS16-067 - 重要ボリュームマネージャードライバー用のセキュリティ更新プログラム (3155784)
https://technet.microsoft.com/library/security/MS16-067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0190

+ マイクロソフトセキュリティアドバイザリ 3155527 FalseStart の暗号スイートの更新プログラム
https://technet.microsoft.com/ja-jp/library/security/3155527

+ UPDATE: MS16-035 - 重要セキュリティ機能のバイパスに対処する .NET Framework 用のセキュリティ更新プログラム (3141780)
https://technet.microsoft.com/ja-jp/library/security/ms16-035

+ RHSA-2016:0997 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-0997.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710

+ RHSA-2016:0760 Moderate: file security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0760.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653

+ RHSA-2016:0855 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0855.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8543

+ RHSA-2016:0741 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0741.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1908

+ RHSA-2016:0778 Moderate: icedtea-web security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0778.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5235

+ RHSA-2016:0996 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0996.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842

+ RHSA-2016:0780 Moderate: ntp security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-0780.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7978

+ Red Hat Enterprise Linux 6.8 released
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.8_Release_Notes/index.html

+ APSA16-02 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4117

+ APSB16-16 Security Update: Hotfixes available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1115

+ UPDATE: APSB16-14 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html

+ CESA-2016:0723 Critical CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/686829/

+ CESA-2016:0723 Critical CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/686831/

+ CESA-2016:0724 Important CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/686832/

+ CESA-2016:0726 Important CentOS 6 ImageMagick Security Update
http://lwn.net/Alerts/686827/

+ CESA-2016:0726 Important CentOS 7 ImageMagick Security Update
http://lwn.net/Alerts/686828/

+ CESA-2016:0723 Critical CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/686830/

+ UPDATE: Multiple Cisco Products libSRTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ UPDATE: Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap

+ SA70479 Linux Kernel "trace_writeback_dirty_page()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/70479/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3070

+ Microsoft WebDAV Elevation of Privilege Vulnerability (MS16)-2
https://cxsecurity.com/issue/WLB-2016050039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0051

統計＆調査
［データは語る］社内CSIRTが「期待したレベルを満たしている」日本企業は14％、欧米は約半数が満足──IPA
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/051000601/?ST=security

東工大とNRIがサイバーセキュリティで連携、共同研究と講師派遣
http://itpro.nikkeibp.co.jp/atcl/news/16/051001318/?ST=security

通信の脅威度をスコア化して攻撃を早期検知、EMCが「RSA SA」に新機能
http://itpro.nikkeibp.co.jp/atcl/news/16/051001317/?ST=security

日本関連は24社、パナマ文書に含まれる21万社を公表
http://itpro.nikkeibp.co.jp/atcl/news/16/051001307/?ST=security

2016年5月10日火曜日

10日火曜日、先勝

+ RHSA-2016:0723 Critical: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0723.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427

+ RHSA-2016:0726 Important: ImageMagick security update
https://rhn.redhat.com/errata/RHSA-2016-0726.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718

+ RHSA-2016:0722 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0722.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842

+ RHSA-2016:0724 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-0724.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710

+ CESA-2016:0722 Important CentOS 7 openssl Security Update
http://lwn.net/Alerts/686711/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ UPDATE: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip

+ SA70383 Squid Multiple Vulnerabilities
https://secunia.com/advisories/70383/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556

+ SA70378 Linux Kernel "write()" Interface Memory Corruption Vulnerabilities
https://secunia.com/advisories/70378/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565

+ SA70379 Linux Kernel VIDIOC_DQBUF IOCTL Buffer Dequeueing Memory Corruption Vulnerability
https://secunia.com/advisories/70379/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4568

+ SA70436 Trend Micro Email Encryption Gateway SQL Injection Vulnerability
https://secunia.com/advisories/70436/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4351

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html

News ＆ Trend
サイバー新国家資格「情報処理安全確保支援士」の全容、講習義務化で能力維持
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/050900524/?ST=security

標的型攻撃メールの疑いを警告、キヤノンITSがクラウドサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/050901302/?ST=security

UPDATE: JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/index.html

UPDATE: JVNVU#92923836 Little CMS 2 の DefaultICCintents 関数に double-free の脆弱性
http://jvn.jp/vu/JVNVU92923836/index.html

UPDATE: JVNVU#93657776 libarchive の入力値検証不備に起因するバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU93657776/index.html

2016年5月9日月曜日

9日月曜日、赤口

+ RHSA-2016:0715 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0715.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767

+ RHSA-2016:0706 Important: mercurial security update
https://rhn.redhat.com/errata/RHSA-2016-0706.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069

+ TortoiseSVN 1.9.4 released
https://tortoisesvn.net/Changelog.txt
https://tortoisesvn.net/tsvn_1.9_releasenotes.html

+ About the security content of Xcode 7.3.1
https://support.apple.com/ja-jp/HT206338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315

+ Mozilla Firefox 46.0.1 released
https://www.mozilla.org/en-US/firefox/46.0.1/releasenotes/

+ Opera 37 released
http://www.opera.com/docs/changelogs/unified/3700/

+ APSB16-14 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html

+ CESA-2016:0715 Moderate CentOS 6 kernel Security Update
http://lwn.net/Alerts/686257/

+ CESA-2016:0706 Important CentOS 7 mercurial Security Update
http://lwn.net/Alerts/685833/

+ phpMyAdmin 4.6.1 is released
https://www.phpmyadmin.net/news/2016/5/2/phpmyadmin-461-released/

+ squid 3.5.18 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.18-RELEASENOTES.html

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1373

+ Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1368

+ Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1387

+ Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1369

+ Cisco Prime Collaboration Assurance Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1392

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl

+ Linux kernel 4.5.3, 4.4.9, 3.14.68 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.9
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.68

+ Samba 4.4.3, 4.3.9, 4.2.12 Available for Download
https://www.samba.org/samba/history/samba-4.4.3.html
https://www.samba.org/samba/history/samba-4.3.9.html
http://samba.org/samba/history/samba-4.2.12.html

+ FreeBSD-SA-16:17.openssl Multiple OpenSSL vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc

+ PHP 7.0.6, 5.6.21, 5.5.35 released
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35

+ OpenSSL Security Advisory [3rd May 2016]
https://www.openssl.org/news/secadv/20160503.txt

+ OpenSSL 1.0.2h, OpenSSL 1.0.1t released
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html

+ JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176

+ Squid HTTP caching proxy Multiple Vulns
https://cxsecurity.com/issue/WLB-2016050024

+ PHP 5.5.34 out of bounds heap read access in exif header processing
https://cxsecurity.com/issue/WLB-2016050022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544

+ PHP 5.5.34 Out-of-bounds reads in zif_grapheme_stripos with negative offset
https://cxsecurity.com/issue/WLB-2016050021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540

+ PHP 5.5.34 bcpowmod accepts negative scale and corrupts _one_ definition
https://cxsecurity.com/issue/WLB-2016050019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538

+ PHP 5.5.34 xml_parse_into_struct segmentation fault
https://cxsecurity.com/issue/WLB-2016050020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539

+ OpenSSL Padding Oracle in AES-NI CBC MAC Check
https://cxsecurity.com/issue/WLB-2016050016

+ Zabbix Agent 3.0.1 mysql.size Shell Command Injection
https://cxsecurity.com/issue/WLB-2016050009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4338

VU#250519 ImageMagick does not properly validate input before processing images using a delegate
https://www.kb.cert.org/vuls/id/250519

VU#369800 Little CMS 2 DefaultICCintents double-free vulnerability
https://www.kb.cert.org/vuls/id/369800

VU#862384 libarchive contains a heap-based buffer overflow due to improper input validation
https://www.kb.cert.org/vuls/id/862384

Announcing the release of pglogical 1.1
http://www.postgresql.org/about/news/1666/

News ＆ Trend
PCI DSS 3.2公開、脆弱性抱えたWinXPやVistaでのカード決済も2018年までは認める
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042200515/?ST=security

JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/index.html

JVNVU#92923836 Little CMS 2 の DefaultICCintents 関数に double-free の脆弱性
http://jvn.jp/vu/JVNVU92923836/index.html

JVNVU#93657776 libarchive の入力値検証不備に起因するバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU93657776/index.html

JVN#78482127 EC-CUBE 用プラグイン「ソーシャルボタン設置プラグイン -プレミアム-」および「ソーシャルボタン設置プラグイン」におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN78482127/index.html

JVNVU#92314939 Accellion File Transfer Appliance (FTA) に複数の脆弱性
http://jvn.jp/vu/JVNVU92314939/index.html

2016年5月2日月曜日

2日月曜日、仏滅

+ Google Chrome 50.0.2661.94 released
http://googlechromereleases.blogspot.jp/2016/04/stable-channel-update_28.html

+ CESA-2016:0695 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/685392/

+ CESA-2016:0695 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/685391/

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ Cisco Information Server XML Parser Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

+ Cisco WebEx Meetings Server Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms

+ Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic

+ Linux kernel 4.1.23, 3.2.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80

+ SA70271 Google Chrome Multiple Vulnerabilities
https://secunia.com/advisories/70271/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1666

+ SA70199 Apache Subversion Security Bypass and Denial of Service Vulnerabilities
https://secunia.com/advisories/70199/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168

+ BIND 9.10.4, 9.9.9 released
ftp://ftp.isc.org/isc/bind9/9.10.4/RELEASE-NOTES-bind-9.10.4.html
ftp://ftp.isc.org/isc/bind9/9.9.9/RELEASE-NOTES-bind-9.9.9.html

+ JVNVU#91176422 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU91176422/index.html

+ Apache Subversion Null Pointer Dereference in mod_authz_svn Lets Remote Authenticated Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1035707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168

+ Apache Subversion svnserve Flaw Lets Remote Authenticated Users Access Other Realms on the Target System
http://www.securitytracker.com/id/1035706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167

+ ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
http://www.securitytracker.com/id/1035705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519

+ PHP Heap Overflow in ZipArchive in Reading zip Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3078

+ Mozilla Firefox / Thunderbird DLL Hijacking
https://cxsecurity.com/issue/WLB-2016040188

+ Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
https://cxsecurity.com/issue/WLB-2016040187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081

+ PHP 7.x ZIP Heap Overflow
https://cxsecurity.com/issue/WLB-2016040179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3078

+ Trend Micro Email Spoofing
https://cxsecurity.com/issue/WLB-2016040175

VU#505560 Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/505560

情報セキュリティスペシャリスト合格者は「情報処理安全確保支援士」試験免除へ
http://itpro.nikkeibp.co.jp/atcl/news/16/042801290/?ST=security

統計＆調査
［データは語る］2016年第1四半期の脆弱性届出件数は185件―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/042800595/?ST=security

ITpro Report
PC／スマホ10億台のBIOSに埋め込まれた「ある機能」とは
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/042800146/?ST=security

登録: 投稿 (Atom)