10日 火曜日、先勝

+ RHSA-2016:0723 Critical: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-0723.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427

+ RHSA-2016:0726 Important: ImageMagick security update
https://rhn.redhat.com/errata/RHSA-2016-0726.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3718

+ RHSA-2016:0722 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-0722.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2842

+ RHSA-2016:0724 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-0724.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3710

+ CESA-2016:0722 Important CentOS 7 openssl Security Update
http://lwn.net/Alerts/686711/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ UPDATE: Cisco IOS and IOS XE and Cisco Unified Communications Manager Software Session Initiation Protocol Memory Leak Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip

+ SA70383 Squid Multiple Vulnerabilities
https://secunia.com/advisories/70383/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556

+ SA70378 Linux Kernel "write()" Interface Memory Corruption Vulnerabilities
https://secunia.com/advisories/70378/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565

+ SA70379 Linux Kernel VIDIOC_DQBUF IOCTL Buffer Dequeueing Memory Corruption Vulnerability
https://secunia.com/advisories/70379/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4568

+ SA70436 Trend Micro Email Encryption Gateway SQL Injection Vulnerability
https://secunia.com/advisories/70436/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4351

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html

News ＆ Trend
サイバー新国家資格「情報処理安全確保支援士」の全容、講習義務化で能力維持
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/050900524/?ST=security

標的型攻撃メールの疑いを警告、キヤノンITSがクラウドサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/050901302/?ST=security

UPDATE: JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/index.html

UPDATE: JVNVU#92923836 Little CMS 2 の DefaultICCintents 関数に double-free の脆弱性
http://jvn.jp/vu/JVNVU92923836/index.html

UPDATE: JVNVU#93657776 libarchive の入力値検証不備に起因するバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU93657776/index.html