2016年5月2日月曜日

2日 月曜日、仏滅

+ Google Chrome 50.0.2661.94 released
http://googlechromereleases.blogspot.jp/2016/04/stable-channel-update_28.html

+ CESA-2016:0695 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/685392/

+ CESA-2016:0695 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/685391/

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd

+ Cisco Information Server XML Parser Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis

+ Cisco WebEx Meetings Server Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms

+ Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic

+ Linux kernel 4.1.23, 3.2.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.23
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.80

+ SA70271 Google Chrome Multiple Vulnerabilities
https://secunia.com/advisories/70271/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1666

+ SA70199 Apache Subversion Security Bypass and Denial of Service Vulnerabilities
https://secunia.com/advisories/70199/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168

+ BIND 9.10.4, 9.9.9 released
ftp://ftp.isc.org/isc/bind9/9.10.4/RELEASE-NOTES-bind-9.10.4.html
ftp://ftp.isc.org/isc/bind9/9.9.9/RELEASE-NOTES-bind-9.9.9.html

+ JVNVU#91176422 NTP daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU91176422/index.html

+ Apache Subversion Null Pointer Dereference in mod_authz_svn Lets Remote Authenticated Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1035707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168

+ Apache Subversion svnserve Flaw Lets Remote Authenticated Users Access Other Realms on the Target System
http://www.securitytracker.com/id/1035706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167

+ ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service
http://www.securitytracker.com/id/1035705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2516
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2519

+ PHP Heap Overflow in ZipArchive in Reading zip Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1035701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3078

+ Mozilla Firefox / Thunderbird DLL Hijacking
https://cxsecurity.com/issue/WLB-2016040188

+ Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
https://cxsecurity.com/issue/WLB-2016040187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081

+ PHP 7.x ZIP Heap Overflow
https://cxsecurity.com/issue/WLB-2016040179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3078

+ Trend Micro Email Spoofing
https://cxsecurity.com/issue/WLB-2016040175

VU#505560 Accellion File Transfer Appliance (FTA) contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/505560

情報セキュリティスペシャリスト合格者は「情報処理安全確保支援士」試験免除へ
http://itpro.nikkeibp.co.jp/atcl/news/16/042801290/?ST=security

統計&調査
[データは語る]2016年第1四半期の脆弱性届出件数は185件―JPCERT/CC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/042800595/?ST=security

ITpro Report
PC/スマホ10億台のBIOSに埋め込まれた「ある機能」とは
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/042800146/?ST=security

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)