+ RHSA-2016:0715 Moderate: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-0715.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767
+ RHSA-2016:0706 Important: mercurial security update
https://rhn.redhat.com/errata/RHSA-2016-0706.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3069
+ TortoiseSVN 1.9.4 released
https://tortoisesvn.net/Changelog.txt
https://tortoisesvn.net/tsvn_1.9_releasenotes.html
+ About the security content of Xcode 7.3.1
https://support.apple.com/ja-jp/HT206338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2315
+ Mozilla Firefox 46.0.1 released
https://www.mozilla.org/en-US/firefox/46.0.1/releasenotes/
+ Opera 37 released
http://www.opera.com/docs/changelogs/unified/3700/
+ APSB16-14 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
+ CESA-2016:0715 Moderate CentOS 6 kernel Security Update
http://lwn.net/Alerts/686257/
+ CESA-2016:0706 Important CentOS 7 mercurial Security Update
http://lwn.net/Alerts/685833/
+ phpMyAdmin 4.6.1 is released
https://www.phpmyadmin.net/news/2016/5/2/phpmyadmin-461-released/
+ squid 3.5.18 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.18-RELEASENOTES.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
+ Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1373
+ Cisco FirePOWER System Software Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1368
+ Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1387
+ Cisco Adaptive Security Appliance with FirePOWER Services Kernel Logging Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1369
+ Cisco Prime Collaboration Assurance Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1392
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-openssl
+ Linux kernel 4.5.3, 4.4.9, 3.14.68 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.9
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.68
+ Samba 4.4.3, 4.3.9, 4.2.12 Available for Download
https://www.samba.org/samba/history/samba-4.4.3.html
https://www.samba.org/samba/history/samba-4.3.9.html
http://samba.org/samba/history/samba-4.2.12.html
+ FreeBSD-SA-16:17.openssl Multiple OpenSSL vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:17.openssl.asc
+ PHP 7.0.6, 5.6.21, 5.5.35 released
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35
+ OpenSSL Security Advisory [3rd May 2016]
https://www.openssl.org/news/secadv/20160503.txt
+ OpenSSL 1.0.2h, OpenSSL 1.0.1t released
https://www.openssl.org/news/openssl-1.0.2-notes.html
https://www.openssl.org/news/openssl-1.0.1-notes.html
+ JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
+ Squid HTTP caching proxy Multiple Vulns
https://cxsecurity.com/issue/WLB-2016050024
+ PHP 5.5.34 out of bounds heap read access in exif header processing
https://cxsecurity.com/issue/WLB-2016050022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4544
+ PHP 5.5.34 Out-of-bounds reads in zif_grapheme_stripos with negative offset
https://cxsecurity.com/issue/WLB-2016050021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4540
+ PHP 5.5.34 bcpowmod accepts negative scale and corrupts _one_ definition
https://cxsecurity.com/issue/WLB-2016050019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4538
+ PHP 5.5.34 xml_parse_into_struct segmentation fault
https://cxsecurity.com/issue/WLB-2016050020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4539
+ OpenSSL Padding Oracle in AES-NI CBC MAC Check
https://cxsecurity.com/issue/WLB-2016050016
+ Zabbix Agent 3.0.1 mysql.size Shell Command Injection
https://cxsecurity.com/issue/WLB-2016050009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4338
VU#250519 ImageMagick does not properly validate input before processing images using a delegate
https://www.kb.cert.org/vuls/id/250519
VU#369800 Little CMS 2 DefaultICCintents double-free vulnerability
https://www.kb.cert.org/vuls/id/369800
VU#862384 libarchive contains a heap-based buffer overflow due to improper input validation
https://www.kb.cert.org/vuls/id/862384
Announcing the release of pglogical 1.1
http://www.postgresql.org/about/news/1666/
News & Trend
PCI DSS 3.2公開、脆弱性抱えたWinXPやVistaでのカード決済も2018年までは認める
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042200515/?ST=security
JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/index.html
JVNVU#92923836 Little CMS 2 の DefaultICCintents 関数に double-free の脆弱性
http://jvn.jp/vu/JVNVU92923836/index.html
JVNVU#93657776 libarchive の入力値検証不備に起因するバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU93657776/index.html
JVN#78482127 EC-CUBE 用プラグイン「ソーシャルボタン設置プラグイン -プレミアム-」および「ソーシャルボタン設置プラグイン」におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN78482127/index.html
JVNVU#92314939 Accellion File Transfer Appliance (FTA) に複数の脆弱性
http://jvn.jp/vu/JVNVU92314939/index.html
0 件のコメント:
コメントを投稿