+ PDFCreator 2.3.1 released
http://www.pdfforge.org/blog/pdfcreator-231-released
+ Cisco Firepower System Software Static Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1394
+ Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1416
+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Authentication Bypass API Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-piauthbypass
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1289
+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Authenticated Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-pi-epnm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1408
+ SA70949 Linux Kernel "tipc_nl_compat_link_dump()" Information Disclosure Vulnerability
https://secunia.com/advisories/70949/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5243
+ SA71371 LibreOffice STL Iterator Use-After-Free Vulnerability
https://secunia.com/advisories/71371/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4324
+ SA71340 Symantec Multiple Products Decomposer Engine Multiple Vulnerabilities
https://secunia.com/advisories/71340/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3646
+ SA71321 Linux Kernel "key_reject_and_link()" Vulnerability
https://secunia.com/advisories/71321/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
+ UPDATE: JVNVU#97236594 glibc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU97236594/index.html
JVNDB-2016-000122 スマートフォンアプリ「スシロー」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000122.html
チェックしておきたい脆弱性情報<2016.6.30>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000119/?ST=security
品川区がWebアクセス用にVDIの統合システムを導入、NECが発表
http://itpro.nikkeibp.co.jp/atcl/news/16/062901915/?ST=security
「日本が強ければルール変更」はもう終わりに、多摩大がルール形成戦略研究所
http://itpro.nikkeibp.co.jp/atcl/news/16/062901912/?ST=security
2016年6月30日木曜日
2016年6月29日水曜日
29日 水曜日、大安
+ Mozilla Firefox 47.0.1 released
https://www.mozilla.org/en-US/firefox/47.0.1/releasenotes/
+ UPDATE: Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa
https://www.mozilla.org/en-US/firefox/47.0.1/releasenotes/
+ UPDATE: Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa
2016年6月28日火曜日
28日 火曜日、仏滅
+ Google Chrome 51.0.2704.106 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_23.html
+ Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160627-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1440
+ SA71294 Linux Kernel setsockopt Vulnerabilities
https://secunia.com/advisories/71294/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
+ SA71286 Linux Kernel NFS ACL Security Bypass Vulnerability
https://secunia.com/advisories/71286/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
JVNDB-2016-000120 DMM.comラボ製の動画再生用スマートフォンアプリにおける SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000120.html
JVNDB-2016-000106 複数のひかり電話ルータおよびひかり電話対応機器におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000106.html
JVNDB-2016-000105 複数のひかり電話ルータおよびひかり電話対応機器における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000105.html
JVNDB-2016-000119 QNAP QTS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000119.html
UPDATE: JVNVU#94303845 NETGEAR D6000 および D3600 に複数の脆弱性
http://jvn.jp/vu/JVNVU94303845/index.html
CSIRTメモ
チェックしておきたい脆弱性情報<2016.6.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000118/?ST=security
佐賀県の学校システムに不正アクセス、成績・生徒指導含む15万ファイル漏洩
http://itpro.nikkeibp.co.jp/atcl/news/16/062701870/?ST=security
一つのIDで複数サイト決済、BASEがID決済サービス「PAY ID」を開始
http://itpro.nikkeibp.co.jp/atcl/news/16/062701867/?ST=security
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_23.html
+ Cisco Web Security Appliance Native FTP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160627-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1440
+ SA71294 Linux Kernel setsockopt Vulnerabilities
https://secunia.com/advisories/71294/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
+ SA71286 Linux Kernel NFS ACL Security Bypass Vulnerability
https://secunia.com/advisories/71286/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
JVNDB-2016-000120 DMM.comラボ製の動画再生用スマートフォンアプリにおける SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000120.html
JVNDB-2016-000106 複数のひかり電話ルータおよびひかり電話対応機器におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000106.html
JVNDB-2016-000105 複数のひかり電話ルータおよびひかり電話対応機器における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000105.html
JVNDB-2016-000119 QNAP QTS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000119.html
UPDATE: JVNVU#94303845 NETGEAR D6000 および D3600 に複数の脆弱性
http://jvn.jp/vu/JVNVU94303845/index.html
CSIRTメモ
チェックしておきたい脆弱性情報<2016.6.28>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000118/?ST=security
佐賀県の学校システムに不正アクセス、成績・生徒指導含む15万ファイル漏洩
http://itpro.nikkeibp.co.jp/atcl/news/16/062701870/?ST=security
一つのIDで複数サイト決済、BASEがID決済サービス「PAY ID」を開始
http://itpro.nikkeibp.co.jp/atcl/news/16/062701867/?ST=security
2016年6月27日月曜日
27日 月曜日、先負
+ CESA-2016:1293 Important CentOS 7 setroubleshoot Security Update
http://lwn.net/Alerts/692621/
+ CESA-2016:1293 Important CentOS 7 setroubleshoot-plugins Security Update
http://lwn.net/Alerts/692622/
+ CESA-2016:1292 Important CentOS 7 libxml2 Security Update
http://lwn.net/Alerts/692619/
+ CESA-2016:1296 Moderate CentOS 7 ocaml Security Update
http://lwn.net/Alerts/692620/
+ CESA-2016:1277 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/692617/
+ CESA-2016:1292 Important CentOS 6 libxml2 Security Update
http://lwn.net/Alerts/692618/
+ Linux kernel 4.6.3, 4.4.14, 3.14.73 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.73
+ SA71258 phpMyAdmin Multiple Vulnerabilities
https://secunia.com/advisories/71258/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
+ Sysstat 11.2.5 released
http://sebastien.godard.pagesperso-orange.fr/
+ JVNVU#95927790 OS X 向け Alertus Desktop Notification に不適切な権限設定の問題
http://jvn.jp/vu/JVNVU95927790/
+ Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1036171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
+ Linux nfsd any user can set a file's ACL over NFS and grant access to it
https://cxsecurity.com/issue/WLB-2016060195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
JVNDB-2016-000118 WordPress 用プラグイン「Welcart e-Commerce」におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000118.html
JVNDB-2016-000117 WordPress 用プラグイン「Welcart e-Commerce」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000117.html
JVNDB-2016-000116 WordPress 用プラグイン「Welcart e-Commerce」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000116.html
JVNDB-2016-000115 WordPress 用プラグイン「Welcart e-Commerce」における PHP オブジェクトインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000115.html
一般消費者向けIoT製品のセキュリティガイドをJNSAが公表
http://itpro.nikkeibp.co.jp/atcl/news/16/062401851/?ST=security
http://lwn.net/Alerts/692621/
+ CESA-2016:1293 Important CentOS 7 setroubleshoot-plugins Security Update
http://lwn.net/Alerts/692622/
+ CESA-2016:1292 Important CentOS 7 libxml2 Security Update
http://lwn.net/Alerts/692619/
+ CESA-2016:1296 Moderate CentOS 7 ocaml Security Update
http://lwn.net/Alerts/692620/
+ CESA-2016:1277 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/692617/
+ CESA-2016:1292 Important CentOS 6 libxml2 Security Update
http://lwn.net/Alerts/692618/
+ Linux kernel 4.6.3, 4.4.14, 3.14.73 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.73
+ SA71258 phpMyAdmin Multiple Vulnerabilities
https://secunia.com/advisories/71258/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
+ Sysstat 11.2.5 released
http://sebastien.godard.pagesperso-orange.fr/
+ JVNVU#95927790 OS X 向け Alertus Desktop Notification に不適切な権限設定の問題
http://jvn.jp/vu/JVNVU95927790/
+ Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1036171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
+ Linux nfsd any user can set a file's ACL over NFS and grant access to it
https://cxsecurity.com/issue/WLB-2016060195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1237
JVNDB-2016-000118 WordPress 用プラグイン「Welcart e-Commerce」におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000118.html
JVNDB-2016-000117 WordPress 用プラグイン「Welcart e-Commerce」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000117.html
JVNDB-2016-000116 WordPress 用プラグイン「Welcart e-Commerce」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000116.html
JVNDB-2016-000115 WordPress 用プラグイン「Welcart e-Commerce」における PHP オブジェクトインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000115.html
一般消費者向けIoT製品のセキュリティガイドをJNSAが公表
http://itpro.nikkeibp.co.jp/atcl/news/16/062401851/?ST=security
2016年6月24日金曜日
24日 金曜日、赤口
+ RHSA-2016:1292 Important: libxml2 security update
https://rhn.redhat.com/errata/RHSA-2016-1292.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
+ RHSA-2016:1293 Important: setroubleshoot and setroubleshoot-plugins security update
https://rhn.redhat.com/errata/RHSA-2016-1293.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4989
+ RHSA-2016:1296 Moderate: ocaml security update
https://rhn.redhat.com/errata/RHSA-2016-1296.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869
+ RHSA-2016:1277 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1277.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
+ phpMyAdmin 4.0.10.16, 4.4.15.7, 4.6.3 are released
https://www.phpmyadmin.net/news/2016/6/23/phpmyadmin-401016-44157-and-463-are-released/
+ PMASA-2016-17 BBCode injection vulnerability
https://www.phpmyadmin.net/security/PMASA-2016-17/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
+ PMASA-2016-18 Cookie attribute injection attack
https://www.phpmyadmin.net/security/PMASA-2016-18/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5702
+ PMASA-2016-19 SQL injection attack
https://www.phpmyadmin.net/security/PMASA-2016-19/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703
+ PMASA-2016-20 XSS on table structure page
https://www.phpmyadmin.net/security/PMASA-2016-20/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5704
+ PMASA-2016-21 Multiple XSS vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-21/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
+ PMASA-2016-22 DOS attack
https://www.phpmyadmin.net/security/PMASA-2016-22/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
+ PMASA-2016-23 Multiple full path disclosure vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-23/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5730
+ PMASA-2016-24 XSS through FPD
https://www.phpmyadmin.net/security/PMASA-2016-24/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
+ PMASA-2016-25 XSS in partition range functionality
https://www.phpmyadmin.net/security/PMASA-2016-25/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5732
+ PMASA-2016-26 Multiple XSS vulnerabilities
https://www.phpmyadmin.net/security/PMASA-2016-26/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
+ PMASA-2016-27 Unsafe handling of preg_replace parameters
https://www.phpmyadmin.net/security/PMASA-2016-27/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5734
+ PMASA-2016-28 Referrer leak in transformations
https://www.phpmyadmin.net/security/PMASA-2016-28/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
+ UPDATE: Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios
+ Linux kernel 4.1.27, 3.18.36 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.27
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.36
+ PHP 7.0.8, 5.6.23, 5.5.37 released
http://www.php.net/ChangeLog-7.php#7.0.8
http://www.php.net/ChangeLog-5.php#5.6.23
http://www.php.net/ChangeLog-5.php#5.5.37
+ UPDATE: JVN#45093481 Apache Struts における複数の脆弱性
http://jvn.jp/jp/JVN45093481/index.html
+ UPDATE: JVN#07710476 Apache Struts において任意のコードを実行可能な脆弱性
http://jvn.jp/jp/JVN07710476/index.html
VU#302544 Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files
https://www.kb.cert.org/vuls/id/302544
記者の眼
JTBの情報漏洩事故報告は遅すぎだ! ではいつだったら良かったのか?
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/062100600/?ST=security
2016年6月23日木曜日
23日 木曜日、大安
+ CESA-2016:1267 Important CentOS 6 setroubleshoot Security Update
http://lwn.net/Alerts/692357/
+ CESA-2016:1267 Important CentOS 6 setroubleshoot-plugins Security Update
http://lwn.net/Alerts/692356/
+ SA71292 Apache Tomcat Commons Fileupload Denial of Service Vulnerability
https://secunia.com/advisories/71292/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
+ SA71273 GIMP Multiple Vulnerabilities
https://secunia.com/advisories/71273/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
+ UPDATE: Cisco WebEx Meeting Center Improved Logging Capabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc
+ UPDATE: Cisco Prime Collaboration Deployment SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd
+ Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1438
+ Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1439
+ JVNVU#92564194 Apple AirPort Base Station にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU92564194/index.html
+ Linux ecryptfs and /proc/$pid/environ Privilege Escalation
https://cxsecurity.com/issue/WLB-2016060173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
JVNDB-2016-000109 CG-WLR300GNV シリーズにおいて認証試行回数が制限されていない脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000109.html
JVNDB-2016-000108 CG-WLBARAGM におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000108.html
JVNDB-2016-000107 CG-WLBARGL におけるコマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000107.html
JVNVU#97008560 mDNSResponder に複数の脆弱性
http://jvn.jp/vu/JVNVU97008560/index.html
記者の眼
JTBにはがっかりした、社長の謝罪会見で記者が感じた違和感
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/062000597/?ST=security
CSIRTメモ
チェックしておきたい脆弱性情報<2016.6.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000117/?ST=security
http://lwn.net/Alerts/692357/
+ CESA-2016:1267 Important CentOS 6 setroubleshoot-plugins Security Update
http://lwn.net/Alerts/692356/
+ SA71292 Apache Tomcat Commons Fileupload Denial of Service Vulnerability
https://secunia.com/advisories/71292/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
+ SA71273 GIMP Multiple Vulnerabilities
https://secunia.com/advisories/71273/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
+ UPDATE: Cisco WebEx Meeting Center Improved Logging Capabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc
+ UPDATE: Cisco Prime Collaboration Deployment SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd
+ Cisco Email Security Appliance .zip File Scanning Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1438
+ Cisco Unified Contact Center Enterprise Web-Based Management Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160622-ucce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1439
+ JVNVU#92564194 Apple AirPort Base Station にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU92564194/index.html
+ Linux ecryptfs and /proc/$pid/environ Privilege Escalation
https://cxsecurity.com/issue/WLB-2016060173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
JVNDB-2016-000109 CG-WLR300GNV シリーズにおいて認証試行回数が制限されていない脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000109.html
JVNDB-2016-000108 CG-WLBARAGM におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000108.html
JVNDB-2016-000107 CG-WLBARGL におけるコマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000107.html
JVNVU#97008560 mDNSResponder に複数の脆弱性
http://jvn.jp/vu/JVNVU97008560/index.html
記者の眼
JTBにはがっかりした、社長の謝罪会見で記者が感じた違和感
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/062000597/?ST=security
CSIRTメモ
チェックしておきたい脆弱性情報<2016.6.23>
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/062000117/?ST=security
2016年6月22日水曜日
22日 水曜日、仏滅
+ RHSA-2016:1267 Important: setroubleshoot and setroubleshoot-plugins security update
https://rhn.redhat.com/errata/RHSA-2016-1267.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4989
+ About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7
https://support.apple.com/ja-jp/HT206849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7029
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
+ Cisco Prime Collaboration Deployment SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1437
+ Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1436
+ SA71281 PHP Multiple Vulnerabilities
https://secunia.com/advisories/71281/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4473
+ Apache Tomcat 7.0.70 released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ UPDATE: JVNVU#91383623 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU91383623/
+ UPDATE: JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/
+ UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/
+ UPDATE: JVNVU#93531657 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93531657/
+ UPDATE: JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
+ Apple AirPort DNS Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7029
UPDATE: JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/
UPDATE: JVN#49154900 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN49154900/index.html
News & Trend
Watsonでサイバー攻撃を分析、新種の防御サービス続々
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061700552/?ST=security
統計&調査
[データは語る]2015年度の国内のEDR市場は10億5000万円、2020年度には52億円に―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/062100651/?ST=security
GMOメイクショップが情報漏洩事故を再調査、2年前の調査を大幅に上回る規模と判明
http://itpro.nikkeibp.co.jp/atcl/news/16/062101802/?ST=security
「企業自ら攻撃に気づいたのは12%だけ」、SecureWorksが標的型攻撃の痕跡を見つけるサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/062101803/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-1267.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4989
+ About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7
https://support.apple.com/ja-jp/HT206849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7029
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
+ Cisco Prime Collaboration Deployment SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1437
+ Cisco ASR 5000 Series Packet Data Network Gateway Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1436
+ SA71281 PHP Multiple Vulnerabilities
https://secunia.com/advisories/71281/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4473
+ Apache Tomcat 7.0.70 released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html
+ UPDATE: JVNVU#91383623 ISC BIND 9 に複数の脆弱性
http://jvn.jp/vu/JVNVU91383623/
+ UPDATE: JVNVU#97216921 ISC BIND 9 に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97216921/
+ UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/
+ UPDATE: JVNVU#93531657 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93531657/
+ UPDATE: JVNVU#99160787 OpenSSL に証明書チェーンの検証不備の脆弱性
http://jvn.jp/vu/JVNVU99160787/index.html
+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html
+ Apple AirPort DNS Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7029
UPDATE: JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/
UPDATE: JVN#49154900 Spring Framework におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN49154900/index.html
News & Trend
Watsonでサイバー攻撃を分析、新種の防御サービス続々
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061700552/?ST=security
統計&調査
[データは語る]2015年度の国内のEDR市場は10億5000万円、2020年度には52億円に―ITR
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/062100651/?ST=security
GMOメイクショップが情報漏洩事故を再調査、2年前の調査を大幅に上回る規模と判明
http://itpro.nikkeibp.co.jp/atcl/news/16/062101802/?ST=security
「企業自ら攻撃に気づいたのは12%だけ」、SecureWorksが標的型攻撃の痕跡を見つけるサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/062101803/?ST=security
2016年6月21日火曜日
21日 火曜日、先負
+ Cisco Integrated Services Routers OpenSSH TCP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6289
+ Cisco IOS XE Software SNMP Subsystem Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-iosxe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1428
+ Cisco 8800 Series IP Phone Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1434
+ Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1435
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Linux kernel 3.12.61 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.61
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
+ SA71257 Apache Struts Multiple Vulnerabilities
https://secunia.com/advisories/71257/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465
+ JVNDB-2016-000110 Apache Struts において任意のコードを実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000110.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
+ JVNDB-2016-000114 Apache Struts におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000114.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465
+ JVNDB-2016-000113 Apache Strutsにおける入力値検証の回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000113.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4431
+ JVNDB-2016-000112 Apache Strutsの Getter メソッドにおける検証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000112.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4433
+ JVNDB-2016-000111 Apache Strutsにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000111.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4430
VU#143335 mDNSResponder contains multiple memory-based vulnerabilities
https://www.kb.cert.org/vuls/id/143335
UPDATE: JVN#75813272 バッファロー製の複数の無線 LAN ルータにおける情報漏えいの脆弱性
http://jvn.jp/jp/JVN75813272/index.html
UPDATE: JVN#81698369 バッファロー製の複数の無線 LAN ルータにおけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN81698369/index.html
2016年6月20日月曜日
20日 月曜日、友引
+ MS16-083 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3167685)
https://technet.microsoft.com/ja-jp/library/security/ms16-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ psqlodbc 09.05.0300 released
https://www.postgresql.org/ftp/odbc/versions/msi/
+ CESA-2016:1237 Important CentOS 6 ImageMagick Security Update
http://lwn.net/Alerts/691792/
+ CESA-2016:1237 Important CentOS 7 ImageMagick Security Update
http://lwn.net/Alerts/691793/
+ CESA-2016:1217 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/691791/
+ CESA-2016:1217 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/691789/
+ CESA-2016:1217 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/691790/
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1424
+ Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-cbr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1432
+ Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1431
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1425
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1425
+ Samba 4.2.13 Available for Download
https://www.samba.org/samba/history/samba-4.2.13.html
+ Apache Struts 2.5.1, 2.3.29 released
http://struts.apache.org/announce.html#a20160618
http://struts.apache.org/announce.html#a20160617
+ S2-035 Action name clean up is error prone
http://struts.apache.org/docs/s2-035.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4436
+ S2-036 Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
http://struts.apache.org/docs/s2-036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0785
+ S2-037 Remote Code Execution can be performed when using REST Plugin.
http://struts.apache.org/docs/s2-037.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
+ S2-038 It is possible to bypass token validation and perform a CSRF attack
http://struts.apache.org/docs/s2-038.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4430
+ S2-039 Getter as action method leads to security bypass
http://struts.apache.org/docs/s2-039.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4433
+ S2-040 Input validation bypass using existing default action method.
http://struts.apache.org/docs/s2-040.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4431
+ S2-041 Possible DoS attack when using URLValidator
http://struts.apache.org/docs/s2-041.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465
+ UPDATE: JVNVU#99609116 Adobe Flash Player にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU99609116/index.html
+ Microsoft Edge/Internet Explorer Certificate Error Url Spoofing (MS16-009/MS16-011)
https://cxsecurity.com/issue/WLB-2016060116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0077
+ Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion
https://cxsecurity.com/issue/WLB-2016060139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199
https://technet.microsoft.com/ja-jp/library/security/ms16-083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ psqlodbc 09.05.0300 released
https://www.postgresql.org/ftp/odbc/versions/msi/
+ CESA-2016:1237 Important CentOS 6 ImageMagick Security Update
http://lwn.net/Alerts/691792/
+ CESA-2016:1237 Important CentOS 7 ImageMagick Security Update
http://lwn.net/Alerts/691793/
+ CESA-2016:1217 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/691791/
+ CESA-2016:1217 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/691789/
+ CESA-2016:1217 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/691790/
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1424
+ Cisco cBR-8 Series Converged Broadband Router SNMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-cbr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1432
+ Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160617-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1431
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1425
+ Cisco IOS Software Link Layer Discovery Protocol Processing Code Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-ios1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1425
+ Samba 4.2.13 Available for Download
https://www.samba.org/samba/history/samba-4.2.13.html
+ Apache Struts 2.5.1, 2.3.29 released
http://struts.apache.org/announce.html#a20160618
http://struts.apache.org/announce.html#a20160617
+ S2-035 Action name clean up is error prone
http://struts.apache.org/docs/s2-035.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4436
+ S2-036 Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (similar to S2-029)
http://struts.apache.org/docs/s2-036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0785
+ S2-037 Remote Code Execution can be performed when using REST Plugin.
http://struts.apache.org/docs/s2-037.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
+ S2-038 It is possible to bypass token validation and perform a CSRF attack
http://struts.apache.org/docs/s2-038.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4430
+ S2-039 Getter as action method leads to security bypass
http://struts.apache.org/docs/s2-039.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4433
+ S2-040 Input validation bypass using existing default action method.
http://struts.apache.org/docs/s2-040.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4431
+ S2-041 Possible DoS attack when using URLValidator
http://struts.apache.org/docs/s2-041.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4465
+ UPDATE: JVNVU#99609116 Adobe Flash Player にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU99609116/index.html
+ Microsoft Edge/Internet Explorer Certificate Error Url Spoofing (MS16-009/MS16-011)
https://cxsecurity.com/issue/WLB-2016060116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0077
+ Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion
https://cxsecurity.com/issue/WLB-2016060139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199
2016年6月17日金曜日
17日 金曜日、大安
+ RHSA-2016:1237 Important: ImageMagick security update
https://rhn.redhat.com/errata/RHSA-2016-1237.html
+ Google Chrome 51.0.2704.103 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
+ APSB16-23 Security update available for Adobe AIR
https://helpx.adobe.com/security/products/air/apsb16-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4126
+ APSB16-18 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1427
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Linux kernel 3.16.36, 3.2.81 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.36
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.81
+ ActivePerl 5.24.0.2400, 5.22.2.2202 released
http://www.activestate.com/activeperl/downloads
+ JVNVU#99609116 Adobe Flash Player に脆弱性
http://jvn.jp/vu/JVNVU99609116/
+ Microsoft Edge/Internet Explorer Certificate Error Url Spoofing (MS16-009/MS16-011)
https://cxsecurity.com/issue/WLB-2016060116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0077
+ Mozilla Firefox DLL Hijacking
https://cxsecurity.com/issue/WLB-2016060108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520
JVNDB-2016-000103 Deep Discovery Inspector において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000103.html
乗っ取り防止にはパスワード管理
管理アプリが設定済みパスワードの安全度までチェックする
トレンドマイクロ「パスワードマネージャー」
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900005/?ST=security
データ漏えいによる企業の損害額は平均400万ドル、米調査
http://itpro.nikkeibp.co.jp/atcl/news/16/061601753/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-1237.html
+ Google Chrome 51.0.2704.103 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_16.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
+ APSB16-23 Security update available for Adobe AIR
https://helpx.adobe.com/security/products/air/apsb16-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4126
+ APSB16-18 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1427
+ UPDATE: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Linux kernel 3.16.36, 3.2.81 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.36
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.81
+ ActivePerl 5.24.0.2400, 5.22.2.2202 released
http://www.activestate.com/activeperl/downloads
+ JVNVU#99609116 Adobe Flash Player に脆弱性
http://jvn.jp/vu/JVNVU99609116/
+ Microsoft Edge/Internet Explorer Certificate Error Url Spoofing (MS16-009/MS16-011)
https://cxsecurity.com/issue/WLB-2016060116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0077
+ Mozilla Firefox DLL Hijacking
https://cxsecurity.com/issue/WLB-2016060108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1520
JVNDB-2016-000103 Deep Discovery Inspector において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000103.html
乗っ取り防止にはパスワード管理
管理アプリが設定済みパスワードの安全度までチェックする
トレンドマイクロ「パスワードマネージャー」
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900005/?ST=security
データ漏えいによる企業の損害額は平均400万ドル、米調査
http://itpro.nikkeibp.co.jp/atcl/news/16/061601753/?ST=security
2016年6月16日木曜日
16日 木曜日、仏滅
+ Cisco RV110W, RV130W, and RV215W Routers Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1396
+ Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1398
+ Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1397
+ Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1395
+ VU#748992 Adobe Flash vulnerability
https://www.kb.cert.org/vuls/id/748992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ Samba 4.3.10 Available for Download
https://www.samba.org/samba/history/samba-4.3.10.html
+ SA71178 McAfee Email Gateway Multiple Vulnerabilities
https://secunia.com/advisories/71178/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
+ SA70989 McAfee Multiple Products OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/70989/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
+ SA71179 McAfee Web Gateway OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/71179/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
乗っ取り防止にはパスワード管理
「顔パス」でパスワードを取り出せる、使い勝手に優れた管理アプリ
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900004/?ST=security
News & Trend
[詳報]JTBを襲った標的型攻撃
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061500549/?ST=security
松山市元職員が約14万人分の保健データ持ち出し、USB書き出し制限かいくぐる
http://itpro.nikkeibp.co.jp/atcl/news/16/061501739/?ST=security
「流出事実ないがお客様にお詫びする」、793万人の情報流出可能性でJTBの高橋社長が謝罪
http://itpro.nikkeibp.co.jp/atcl/news/16/061401730/?ST=security
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1396
+ Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1398
+ Cisco RV110W, RV130W, and RV215W Routers HTTP Request Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1397
+ Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1395
+ VU#748992 Adobe Flash vulnerability
https://www.kb.cert.org/vuls/id/748992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ Samba 4.3.10 Available for Download
https://www.samba.org/samba/history/samba-4.3.10.html
+ SA71178 McAfee Email Gateway Multiple Vulnerabilities
https://secunia.com/advisories/71178/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
+ SA70989 McAfee Multiple Products OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/70989/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
+ SA71179 McAfee Web Gateway OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/71179/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
乗っ取り防止にはパスワード管理
「顔パス」でパスワードを取り出せる、使い勝手に優れた管理アプリ
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900004/?ST=security
News & Trend
[詳報]JTBを襲った標的型攻撃
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061500549/?ST=security
松山市元職員が約14万人分の保健データ持ち出し、USB書き出し制限かいくぐる
http://itpro.nikkeibp.co.jp/atcl/news/16/061501739/?ST=security
「流出事実ないがお客様にお詫びする」、793万人の情報流出可能性でJTBの高橋社長が謝罪
http://itpro.nikkeibp.co.jp/atcl/news/16/061401730/?ST=security
2016年6月15日水曜日
15日 水曜日、先負
+ 2016 年 6 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-jun
+ MS16-063 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3163649)
https://technet.microsoft.com/library/security/MS16-063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3213
+ MS16-068 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3163656)
https://technet.microsoft.com/library/security/MS16-068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3203
+ MS16-069 - 緊急 JScript および VBScript 用の累積的なセキュリティ更新プログラム (3163640)
https://technet.microsoft.com/library/security/MS16-069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3207
+ MS16-070 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3163610)
https://technet.microsoft.com/library/security/MS16-070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3235
+ MS16-071 - 緊急 Microsoft Windows DNS Server のセキュリティ更新プログラム (3164065)
https://technet.microsoft.com/library/security/MS16-071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3227
+ MS16-072 - 重要 グループ ポリシーのセキュリティ更新プログラム (3163622)
https://technet.microsoft.com/library/security/MS16-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3223
+ MS16-073 - 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3164028)
https://technet.microsoft.com/library/security/MS16-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3232
+ MS16-074 - 重要 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3164036)
https://technet.microsoft.com/library/security/MS16-074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3220
+ MS16-075 - 重要 Windows SMB サーバー用のセキュリティ更新プログラム (3164038)
https://technet.microsoft.com/library/security/MS16-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3225
+ MS16-076 - 重要 Netlogon 用のセキュリティ更新プログラム (3167691)
https://technet.microsoft.com/library/security/MS16-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3228
+ MS16-077 - 重要 WPAD 用のセキュリティ更新プログラム (3165191)
https://technet.microsoft.com/library/security/MS16-077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3213
+ MS16-078 - 重要 Windows 診断ハブ用のセキュリティ更新プログラム (3165479)
https://technet.microsoft.com/library/security/MS16-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3231
+ MS16-079 - 重要 Microsoft Exchange Server 用のセキュリティ更新プログラム (3160339)
https://technet.microsoft.com/library/security/MS16-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0028
+ MS16-080- 重要 Microsoft Windows PDF 用のセキュリティ更新プログラム (3164302)
https://technet.microsoft.com/library/security/MS16-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3203
+ MS16-081 - 重要 Active Directory 用のセキュリティ更新プログラム (3160352)
https://technet.microsoft.com/library/security/MS16-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3226
+ MS16-082- 重要 Microsoft Windows Search コンポーネント用のセキュリティ更新プログラム (3165270)
https://technet.microsoft.com/library/security/MS16-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3230
+ APSA16-03 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ APSB16-19 Security update available for the Adobe DNG Software Development Kit (SDK)
https://helpx.adobe.com/security/products/dng-sdk/apsb16-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4167
+ APSB16-20 Security update available for Adobe Brackets
https://helpx.adobe.com/security/products/brackets/apsb16-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4165
+ APSB16-21 Security update available for the Creative Cloud Desktop Application
https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4158
+ APSB16-22 Security Update: Hotfixes available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4159
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Apache Tomcat 8.5.3, 8.0.36 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.3_(markt)
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
JVNDB-2016-000101 ETX-R におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000101.html
JVNDB-2016-000100 ETX-R におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000100.html
乗っ取り防止にはパスワード管理
Windows発の管理アプリ、スマホでもワンタッチでパスワードを入力
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900003/?ST=security
統計&調査
[データは語る]2015年のセキュリティサービス市場規模は前年比5.5%増の6811億円、2020年には8757億円に―IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/061400642/?ST=security
Symantec、企業向けWebセキュリティのBlue Coatを46億5000万ドルで買収へ
http://itpro.nikkeibp.co.jp/atcl/news/16/061401716/?ST=security
政府がサイバーセキュリティ「年次報告」、2015年度は前年度比1.5倍の脅威を認知
http://itpro.nikkeibp.co.jp/atcl/news/16/061301713/?ST=security
https://technet.microsoft.com/ja-jp/library/security/ms16-jun
+ MS16-063 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3163649)
https://technet.microsoft.com/library/security/MS16-063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3213
+ MS16-068 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3163656)
https://technet.microsoft.com/library/security/MS16-068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3203
+ MS16-069 - 緊急 JScript および VBScript 用の累積的なセキュリティ更新プログラム (3163640)
https://technet.microsoft.com/library/security/MS16-069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3207
+ MS16-070 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3163610)
https://technet.microsoft.com/library/security/MS16-070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3235
+ MS16-071 - 緊急 Microsoft Windows DNS Server のセキュリティ更新プログラム (3164065)
https://technet.microsoft.com/library/security/MS16-071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3227
+ MS16-072 - 重要 グループ ポリシーのセキュリティ更新プログラム (3163622)
https://technet.microsoft.com/library/security/MS16-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3223
+ MS16-073 - 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3164028)
https://technet.microsoft.com/library/security/MS16-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3232
+ MS16-074 - 重要 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3164036)
https://technet.microsoft.com/library/security/MS16-074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3220
+ MS16-075 - 重要 Windows SMB サーバー用のセキュリティ更新プログラム (3164038)
https://technet.microsoft.com/library/security/MS16-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3225
+ MS16-076 - 重要 Netlogon 用のセキュリティ更新プログラム (3167691)
https://technet.microsoft.com/library/security/MS16-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3228
+ MS16-077 - 重要 WPAD 用のセキュリティ更新プログラム (3165191)
https://technet.microsoft.com/library/security/MS16-077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3213
+ MS16-078 - 重要 Windows 診断ハブ用のセキュリティ更新プログラム (3165479)
https://technet.microsoft.com/library/security/MS16-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3231
+ MS16-079 - 重要 Microsoft Exchange Server 用のセキュリティ更新プログラム (3160339)
https://technet.microsoft.com/library/security/MS16-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0028
+ MS16-080- 重要 Microsoft Windows PDF 用のセキュリティ更新プログラム (3164302)
https://technet.microsoft.com/library/security/MS16-080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3203
+ MS16-081 - 重要 Active Directory 用のセキュリティ更新プログラム (3160352)
https://technet.microsoft.com/library/security/MS16-081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3226
+ MS16-082- 重要 Microsoft Windows Search コンポーネント用のセキュリティ更新プログラム (3165270)
https://technet.microsoft.com/library/security/MS16-082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3230
+ APSA16-03 Security Advisory for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4171
+ APSB16-19 Security update available for the Adobe DNG Software Development Kit (SDK)
https://helpx.adobe.com/security/products/dng-sdk/apsb16-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4167
+ APSB16-20 Security update available for Adobe Brackets
https://helpx.adobe.com/security/products/brackets/apsb16-20.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4165
+ APSB16-21 Security update available for the Creative Cloud Desktop Application
https://helpx.adobe.com/security/products/creative-cloud/apsb16-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4158
+ APSB16-22 Security Update: Hotfixes available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb16-22.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4159
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Apache Tomcat 8.5.3, 8.0.36 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.3_(markt)
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)
JVNDB-2016-000101 ETX-R におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000101.html
JVNDB-2016-000100 ETX-R におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000100.html
乗っ取り防止にはパスワード管理
Windows発の管理アプリ、スマホでもワンタッチでパスワードを入力
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900003/?ST=security
統計&調査
[データは語る]2015年のセキュリティサービス市場規模は前年比5.5%増の6811億円、2020年には8757億円に―IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/061400642/?ST=security
Symantec、企業向けWebセキュリティのBlue Coatを46億5000万ドルで買収へ
http://itpro.nikkeibp.co.jp/atcl/news/16/061401716/?ST=security
政府がサイバーセキュリティ「年次報告」、2015年度は前年度比1.5倍の脅威を認知
http://itpro.nikkeibp.co.jp/atcl/news/16/061301713/?ST=security
2016年6月14日火曜日
14日 火曜日、友引
+ Linux kernel 3.10.102 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.102
JVNVU#94303845 NETGEAR D6000 および D3600 に複数の脆弱性
http://jvn.jp/vu/JVNVU94303845/index.html
乗っ取り防止にはパスワード管理
無料でも十分使えるパスワード管理アプリの代表格
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900002/?ST=security
2016年6月13日月曜日
13日 月曜日、先勝
+ make 4.2.1 released
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
+ SA71057 GNU wget HTTP Server Redirect Security Bypass Vulnerability
https://secunia.com/advisories/71057/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
+ GNU wget 1.18 released
http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
+ VMSA-2016-0008 VMware vRealize Log Insight addresses important and moderate security issues.
http://www.vmware.com/security/advisories/VMSA-2016-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2082
+ VMSA-2016-0007 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2079
+ libpng 1.6.23 released
http://www.libpng.org/pub/png/src/libpng-1.6.23-README.txt
+ UPDATE: JVN#03188560 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvn.jp/jp/JVN03188560/index.html
+ MacOSX 10.11.4 UAF Racing getProperty on IOHDIXController
https://cxsecurity.com/issue/WLB-2016060074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
+ MacOSX 10.11.4 Stack Buffer Overflow in GeForce GPU Driver
https://cxsecurity.com/issue/WLB-2016060073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1861
+ MacOSX 10.11.4 Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
https://cxsecurity.com/issue/WLB-2016060072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in IOAudioEngine
https://cxsecurity.com/issue/WLB-2016060071
+ MacOSX 10.11.4 OOB Read of Object Pointer Due to Insufficient Checks
https://cxsecurity.com/issue/WLB-2016060070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in AppleMuxControl.kext
https://cxsecurity.com/issue/WLB-2016060069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1794
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in AppleGraphicsDeviceContro
https://cxsecurity.com/issue/WLB-2016060068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1793
+ MacOSX 10.11.4 Exploitable NULL Dereference in IOAccelSharedUserClient2
https://cxsecurity.com/issue/WLB-2016060067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
+ MacOSX 10.11.4 Exploitable NULL Dereference in CoreCaptureResponder
https://cxsecurity.com/issue/WLB-2016060066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in nvCommandQueue
https://cxsecurity.com/issue/WLB-2016060065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1846
+ Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
https://cxsecurity.com/issue/WLB-2016060061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
+ OpenSSL undefined pointer arithmetic
https://cxsecurity.com/issue/WLB-2016060056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
+ JPEG Standard DoS CPU Resource Exhaustion
https://cxsecurity.com/issue/WLB-2016060055
VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass
https://www.kb.cert.org/vuls/id/778696
乗っ取り防止にはパスワード管理
結局パスワード管理アプリに行き着くのはなぜか
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900001/?ST=security
http://ftp.gnu.org/pub/gnu/make/?C=M;O=D
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
+ SA71057 GNU wget HTTP Server Redirect Security Bypass Vulnerability
https://secunia.com/advisories/71057/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971
+ GNU wget 1.18 released
http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
+ VMSA-2016-0008 VMware vRealize Log Insight addresses important and moderate security issues.
http://www.vmware.com/security/advisories/VMSA-2016-0008.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2082
+ VMSA-2016-0007 VMware NSX and vCNS product updates address a critical information disclosure vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0007.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2079
+ libpng 1.6.23 released
http://www.libpng.org/pub/png/src/libpng-1.6.23-README.txt
+ UPDATE: JVN#03188560 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvn.jp/jp/JVN03188560/index.html
+ MacOSX 10.11.4 UAF Racing getProperty on IOHDIXController
https://cxsecurity.com/issue/WLB-2016060074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1807
+ MacOSX 10.11.4 Stack Buffer Overflow in GeForce GPU Driver
https://cxsecurity.com/issue/WLB-2016060073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1861
+ MacOSX 10.11.4 Use-After-Free Due to Bad Locking in IOAcceleratorFamily2
https://cxsecurity.com/issue/WLB-2016060072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1819
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in IOAudioEngine
https://cxsecurity.com/issue/WLB-2016060071
+ MacOSX 10.11.4 OOB Read of Object Pointer Due to Insufficient Checks
https://cxsecurity.com/issue/WLB-2016060070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in AppleMuxControl.kext
https://cxsecurity.com/issue/WLB-2016060069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1794
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in AppleGraphicsDeviceContro
https://cxsecurity.com/issue/WLB-2016060068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1793
+ MacOSX 10.11.4 Exploitable NULL Dereference in IOAccelSharedUserClient2
https://cxsecurity.com/issue/WLB-2016060067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1813
+ MacOSX 10.11.4 Exploitable NULL Dereference in CoreCaptureResponder
https://cxsecurity.com/issue/WLB-2016060066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1803
+ MacOSX 10.11.4 Exploitable NULL Pointer Dereference in nvCommandQueue
https://cxsecurity.com/issue/WLB-2016060065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1846
+ Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
https://cxsecurity.com/issue/WLB-2016060061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
+ OpenSSL undefined pointer arithmetic
https://cxsecurity.com/issue/WLB-2016060056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
+ JPEG Standard DoS CPU Resource Exhaustion
https://cxsecurity.com/issue/WLB-2016060055
VU#778696 Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass
https://www.kb.cert.org/vuls/id/778696
乗っ取り防止にはパスワード管理
結局パスワード管理アプリに行き着くのはなぜか
http://itpro.nikkeibp.co.jp/atcl/column/16/060800125/060900001/?ST=security
2016年6月10日金曜日
10日 金曜日、仏滅
+ UPDATE: Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1419
+ Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1421
+ Apache Log4j 2.6.1 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.6.1
+ OpenSSL undefined pointer arithmetic
https://cxsecurity.com/issue/WLB-2016060056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
+ JPEG Standard DoS CPU Resource Exhaustion
https://cxsecurity.com/issue/WLB-2016060055
実践、セキュリティ事故対応
[第13回]悪質化するフィッシングと偽サイト サイト利用者の保護が最優先
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800013/?ST=security
統計&調査
[データは語る]2015年度のDDoS攻撃対策市場は前年度比42.2%増―IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/060900636/?ST=security
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Cisco Aironet 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1419
+ Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1421
+ Apache Log4j 2.6.1 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.6.1
+ OpenSSL undefined pointer arithmetic
https://cxsecurity.com/issue/WLB-2016060056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
+ JPEG Standard DoS CPU Resource Exhaustion
https://cxsecurity.com/issue/WLB-2016060055
実践、セキュリティ事故対応
[第13回]悪質化するフィッシングと偽サイト サイト利用者の保護が最優先
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800013/?ST=security
統計&調査
[データは語る]2015年度のDDoS攻撃対策市場は前年度比42.2%増―IDC
http://itpro.nikkeibp.co.jp/atcl/news/14/110601779/060900636/?ST=security
2016年6月9日木曜日
9日 木曜日、先負
+ RHSA-2016:1217 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-1217.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831
+ CESA-2016:1205 Important CentOS 7 spice Security Update
http://lwn.net/Alerts/690376/
+ CESA-2016:1204 Important CentOS 6 spice-server Security Update
http://lwn.net/Alerts/690377/
+ Wireshark 1.12.12 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ UPDATE: Cisco IOS XR Software LPTS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160519-ios-xr
+ Linux kernel 4.6.2, 4.5.7, 4.4.13, 4.1.26, 3.18.35, 3.14.72 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.26
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.35
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.72
+ SA70968 Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/70968/
+ Apache Struts ActionForm and Validator Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
http://www.securitytracker.com/id/1036056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
+ Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1036055
JVNDB-2016-000099 DXライブラリにおいて任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000099.html
UPDATE: JVN#74659077 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvn.jp/jp/JVN74659077/
UPDATE: JVN#65044642 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvn.jp/jp/JVN65044642/
UPDATE: JVN#03188560 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvn.jp/jp/JVN03188560/
実践、セキュリティ事故対応
[第12回]全てのWebサーバーが狙われている 攻撃の監視は厳しめに
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800012/?ST=security
2016年6月8日水曜日
8日 水曜日、友引
+ Selenium IE Driver Server 2.53.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Mozilla Firefox 47.0 released
https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
+ MFSA 2016-61 Network Security Services (NSS) vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
+ MFSA 2016-60 Java applets bypass CSP protections
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833
+ MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2832
+ MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831
+ MFSA 2016-57 Incorrect icon displayed on permissions notifications
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2829
+ MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
+ MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2826
+ MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2825
+ MFSA 2016-53 Out-of-bounds write with WebGL shader
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2824
+ MFSA 2016-52 Addressbar spoofing though the SELECT element
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
+ MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
+ MFSA 2016-50 Buffer overflow parsing HTML5 fragments
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
+ MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2815
+ Wireshark 2.0.4 released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Samba 4.4.4 Available for Download
https://www.samba.org/samba/history/samba-4.4.4.html
+ SA70997 Android Multiple Vulnerabilities
https://secunia.com/advisories/70997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496
+ SA70962 Fujitsu Interstage Products Apache Struts Vulnerabilities
https://secunia.com/advisories/70962/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html
JVNDB-2016-000098 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000098.html
JVNDB-2016-000097 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000097.html
JVNDB-2016-000096 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000096.html
実践、セキュリティ事故対応日経コンピュータ
[第11回]Web改ざん攻撃はCMSに要注意 早期発見は六つの事前対策で
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800011/?ST=security
Zuckerberg氏のSNSアカウントがハッキング被害に?TwitterやPinterestなど
http://itpro.nikkeibp.co.jp/atcl/news/16/060701642/?ST=security
JVN#74659077 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvn.jp/jp/JVN74659077/index.html
UPDATE: JVN#49476817 DXライブラリにおけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN49476817/index.html
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Mozilla Firefox 47.0 released
https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
+ MFSA 2016-61 Network Security Services (NSS) vulnerabilities
https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
+ MFSA 2016-60 Java applets bypass CSP protections
https://www.mozilla.org/en-US/security/advisories/mfsa2016-60/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2833
+ MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-59/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2832
+ MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission
https://www.mozilla.org/en-US/security/advisories/mfsa2016-58/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831
+ MFSA 2016-57 Incorrect icon displayed on permissions notifications
https://www.mozilla.org/en-US/security/advisories/mfsa2016-57/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2829
+ MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction
https://www.mozilla.org/en-US/security/advisories/mfsa2016-56/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
+ MFSA 2016-55 File overwrite and privilege escalation through Mozilla Windows updater
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2826
+ MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI
https://www.mozilla.org/en-US/security/advisories/mfsa2016-54/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2825
+ MFSA 2016-53 Out-of-bounds write with WebGL shader
https://www.mozilla.org/en-US/security/advisories/mfsa2016-53/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2824
+ MFSA 2016-52 Addressbar spoofing though the SELECT element
https://www.mozilla.org/en-US/security/advisories/mfsa2016-52/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
+ MFSA 2016-51 Use-after-free deleting tables from a contenteditable document
https://www.mozilla.org/en-US/security/advisories/mfsa2016-51/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
+ MFSA 2016-50 Buffer overflow parsing HTML5 fragments
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
+ MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-49/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2815
+ Wireshark 2.0.4 released
https://www.wireshark.org/docs/relnotes/wireshark-2.0.4.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ Samba 4.4.4 Available for Download
https://www.samba.org/samba/history/samba-4.4.4.html
+ SA70997 Android Multiple Vulnerabilities
https://secunia.com/advisories/70997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2496
+ SA70962 Fujitsu Interstage Products Apache Struts Vulnerabilities
https://secunia.com/advisories/70962/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182
+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html
JVNDB-2016-000098 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000098.html
JVNDB-2016-000097 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000097.html
JVNDB-2016-000096 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000096.html
実践、セキュリティ事故対応日経コンピュータ
[第11回]Web改ざん攻撃はCMSに要注意 早期発見は六つの事前対策で
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800011/?ST=security
Zuckerberg氏のSNSアカウントがハッキング被害に?TwitterやPinterestなど
http://itpro.nikkeibp.co.jp/atcl/news/16/060701642/?ST=security
JVN#74659077 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvn.jp/jp/JVN74659077/index.html
UPDATE: JVN#49476817 DXライブラリにおけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN49476817/index.html
2016年6月7日火曜日
7日 火曜日、先勝
+ RHSA-2016:1204 Important: spice-server security update
https://rhn.redhat.com/errata/RHSA-2016-1204.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2150
+ RHSA-2016:1205 Important: spice security update
https://rhn.redhat.com/errata/RHSA-2016-1205.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2150
+ Google Chrome 51.0.2704.84 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_6.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1418
+ SA70961 Juniper Junos OS IPv6 Neighbor Discovery Denial of Service Vulnerability
https://secunia.com/advisories/70961/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1409
+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/
+ ntp Multiple Bugs Let Remote Users Modify Parameters and Deny Service
http://www.securitytracker.com/id/1036037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
実践、セキュリティ事故対応
[第10回]自社Webサイトが攻撃を受けたら… 対策製品を過信せずにログを分析
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800010/?ST=security
趙 章恩「Korea on the Web」
データを人質にする事件多発、韓国警察がサイバーテロ型犯罪取り締まり強化
http://itpro.nikkeibp.co.jp/atcl/column/14/549762/060300092/?ST=security
日立システムズ、金融機関のWebサイトを攻撃から守る統合サービスを販売
http://itpro.nikkeibp.co.jp/atcl/news/16/060601637/?ST=security
UPDATE: JVN#69278491 サイボウズ Office におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN69278491/
https://rhn.redhat.com/errata/RHSA-2016-1204.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2150
+ RHSA-2016:1205 Important: spice security update
https://rhn.redhat.com/errata/RHSA-2016-1205.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2150
+ Google Chrome 51.0.2704.84 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update_6.html
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco Aironet Access Points Command-Line Interpreter Linux Shell Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1418
+ SA70961 Juniper Junos OS IPv6 Neighbor Discovery Denial of Service Vulnerability
https://secunia.com/advisories/70961/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1409
+ UPDATE: JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/
+ ntp Multiple Bugs Let Remote Users Modify Parameters and Deny Service
http://www.securitytracker.com/id/1036037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
実践、セキュリティ事故対応
[第10回]自社Webサイトが攻撃を受けたら… 対策製品を過信せずにログを分析
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800010/?ST=security
趙 章恩「Korea on the Web」
データを人質にする事件多発、韓国警察がサイバーテロ型犯罪取り締まり強化
http://itpro.nikkeibp.co.jp/atcl/column/14/549762/060300092/?ST=security
日立システムズ、金融機関のWebサイトを攻撃から守る統合サービスを販売
http://itpro.nikkeibp.co.jp/atcl/news/16/060601637/?ST=security
UPDATE: JVN#69278491 サイボウズ Office におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN69278491/
2016年6月6日月曜日
6日 月曜日、赤口
+ UPDATE: APSB16-17 Security update available for the Adobe Connect Add-In for Windows
https://helpx.adobe.com/security/products/connect/apsb16-17.html
+ UPDATE: APSB16-15 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
+ UPDATE: Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc
+ UPDATE: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode
+ Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1403
+ SA70991 Trend Micro OfficeScan Dirctory Traversal Vulnerability
https://secunia.com/advisories/70991/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223
+ SA70966 Trend Micro Worry-Free Business Security Directory Traversal and HTTP Header Injection Vulnerabilities
https://secunia.com/advisories/70966/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1224
+ SA70920 NTP Security Bypass and Denial of Service Multiple Vulnerabilities
https://secunia.com/advisories/70920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ FreeBSD-SA-16:24.ntp Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:24.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
+ GCC 5.4 released
https://gcc.gnu.org/gcc-5/changes.html
+ JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
+ Windows 7 firewall bypass PoC
https://cxsecurity.com/issue/WLB-2016060024
10の疑問を試して解明 セキュリティ大実験室
脆弱性を悪用するのは簡単か?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300010/?ST=security
実践、セキュリティ事故対応
[第9回]内部不正の調査は被疑者の目線で 痕跡を探し本人にもヒアリング
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800009/?ST=security
https://helpx.adobe.com/security/products/connect/apsb16-17.html
+ UPDATE: APSB16-15 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
+ UPDATE: Cisco WebEx Meeting Center Site Access Control User Account Enumeration Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160526-wmc
+ UPDATE: Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-remcode
+ Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1403
+ SA70991 Trend Micro OfficeScan Dirctory Traversal Vulnerability
https://secunia.com/advisories/70991/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223
+ SA70966 Trend Micro Worry-Free Business Security Directory Traversal and HTTP Header Injection Vulnerabilities
https://secunia.com/advisories/70966/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1224
+ SA70920 NTP Security Bypass and Denial of Service Multiple Vulnerabilities
https://secunia.com/advisories/70920/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ FreeBSD-SA-16:24.ntp Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:24.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
+ GCC 5.4 released
https://gcc.gnu.org/gcc-5/changes.html
+ JVNVU#94410990 NTP.org の ntpd にサービス運用妨害 (DoS) など複数の脆弱性
http://jvn.jp/vu/JVNVU94410990/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
+ Windows 7 firewall bypass PoC
https://cxsecurity.com/issue/WLB-2016060024
10の疑問を試して解明 セキュリティ大実験室
脆弱性を悪用するのは簡単か?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300010/?ST=security
実践、セキュリティ事故対応
[第9回]内部不正の調査は被疑者の目線で 痕跡を探し本人にもヒアリング
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800009/?ST=security
2016年6月3日金曜日
3日 金曜日、先勝
+ VU#321640 NTP.org ntpd is vulnerable to denial of service and other vulnerabilities
https://www.kb.cert.org/vuls/id/321640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ MySQL 5.7.13 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html
+ nginx Null Pointer Dereference in ngx_chain_to_iovec() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450
+ Apache Struts OGNL Caching Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3093
+ Apache Struts REST Plugin Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
+ TCPDump 4.5.1 Crash Proof Of Concept
https://cxsecurity.com/issue/WLB-2016060009
10の疑問を試して解明 セキュリティ大実験室
パスワードの別送に意味はある?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300009/?ST=security
UPDATE: JVN#38369032 サイボウズ ガルーンにおける LDAP インジェクションの脆弱性
http://jvn.jp/jp/JVN38369032/index.html
JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/index.html
JVNVU#99203738 Fonality (旧称 trixbox Pro) に複数の脆弱性
http://jvn.jp/vu/JVNVU99203738/index.html
JVN#48847535 企業向けウイルスバスター製品における複数の脆弱性
http://jvn.jp/jp/JVN48847535/index.html
https://www.kb.cert.org/vuls/id/321640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957
+ MySQL 5.7.13 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html
+ nginx Null Pointer Dereference in ngx_chain_to_iovec() Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450
+ Apache Struts OGNL Caching Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3093
+ Apache Struts REST Plugin Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
+ TCPDump 4.5.1 Crash Proof Of Concept
https://cxsecurity.com/issue/WLB-2016060009
10の疑問を試して解明 セキュリティ大実験室
パスワードの別送に意味はある?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300009/?ST=security
UPDATE: JVN#38369032 サイボウズ ガルーンにおける LDAP インジェクションの脆弱性
http://jvn.jp/jp/JVN38369032/index.html
JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/index.html
JVNVU#99203738 Fonality (旧称 trixbox Pro) に複数の脆弱性
http://jvn.jp/vu/JVNVU99203738/index.html
JVN#48847535 企業向けウイルスバスター製品における複数の脆弱性
http://jvn.jp/jp/JVN48847535/index.html
2016年6月2日木曜日
2日 木曜日、赤口
+ Google Chrome 51.0.2704.79 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1703
+ Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1391
+ Cisco Prime Network Analysis Module Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1390
+ Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1388
+ Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1370
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Linux kernel 4.6.1, 4.5.6, 4.4.12, 3.14.71 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.12
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.71
+ SA70911 nginx NULL Pointer Dereference Denial of Service Vulnerability
https://secunia.com/advisories/70911/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450
+ libpng 1.6.22 released
http://www.libpng.org/pub/png/src/libpng-1.6.22-README.txt
+ MySQL 5.6.31, 5.5.50 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/
+ cURL DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4802
VU#754056 Fonality contains a hard-coded password and embedded SSL private key
https://www.kb.cert.org/vuls/id/754056
10の疑問を試して解明 セキュリティ大実験室
SSLでURLフィルタリングは機能するか?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300008/?ST=security
2016年6月1日水曜日
1日 水曜日、大安
+ RHSA-2016:1137 Important: openssl security update
https://rhn.redhat.com/errata/RHSA-2016-1137.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
+ RHSA-2016:1140 Moderate: squid34 security update
https://rhn.redhat.com/errata/RHSA-2016-1140.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ RHSA-2016:1138 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2016-1138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ RHSA-2016:1141 Moderate: ntp security update
https://rhn.redhat.com/errata/RHSA-2016-1141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
+ RHSA-2016:1139 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2016-1139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ CESA-2016:1138 Moderate CentOS 6 squid Security Update
http://lwn.net/Alerts/689192/
+ CESA-2016:1141 Moderate CentOS 6 ntp Security Update
http://lwn.net/Alerts/689189/
+ CESA-2016:1139 Moderate CentOS 7 squid Security Update
http://lwn.net/Alerts/689193/
+ CESA-2016:1137 Important CentOS 5 openssl Security Update
http://lwn.net/Alerts/689191/
+ CESA-2016:1141 Moderate CentOS 7 ntp Security Update
http://lwn.net/Alerts/689190/
+ CESA-2016:1140 Moderate CentOS 6 squid34 Security Update
http://lwn.net/Alerts/689194/
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1405
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
+ HS16-016 XML External Entity (XXE) Vulnerability in Cominexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-016/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254
+ HS16-016 CosminexusにおけるXXEに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-016/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254
+ FreeBSD-SA-16:23.libarchive Buffer overflow in libarchive(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211
+ FreeBSD-SA-16:22.libarchive Directory traversal in cpio(1)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304
+ FreeBSD-SA-16:21.43bsd Kernel stack disclosure in 4.3BSD compatibility layer
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:21.43bsd.asc
+ FreeBSD-SA-16:20.linux Kernel stack disclosure in Linux compatibility layer
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:20.linux.asc
10の疑問を試して解明 セキュリティ大実験室
スマホの顔認証は正確か?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300007/?ST=security
ラッコの眼 ~サイバーセキュリティ最前線~
情報漏洩の温床、「匿名FTPサーバー」の再点検を
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/053000010/?ST=security
ログ解析とF/Wで情報漏えいを防止、日立ソリューションズとBBSecが提供
http://itpro.nikkeibp.co.jp/atcl/news/16/053101563/?ST=security
10の疑問を試して解明 セキュリティ大実験室
パターンロックを見抜けるか?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300006/?ST=security
https://rhn.redhat.com/errata/RHSA-2016-1137.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108
+ RHSA-2016:1140 Moderate: squid34 security update
https://rhn.redhat.com/errata/RHSA-2016-1140.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ RHSA-2016:1138 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2016-1138.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ RHSA-2016:1141 Moderate: ntp security update
https://rhn.redhat.com/errata/RHSA-2016-1141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2518
+ RHSA-2016:1139 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2016-1139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4556
+ CESA-2016:1138 Moderate CentOS 6 squid Security Update
http://lwn.net/Alerts/689192/
+ CESA-2016:1141 Moderate CentOS 6 ntp Security Update
http://lwn.net/Alerts/689189/
+ CESA-2016:1139 Moderate CentOS 7 squid Security Update
http://lwn.net/Alerts/689193/
+ CESA-2016:1137 Important CentOS 5 openssl Security Update
http://lwn.net/Alerts/689191/
+ CESA-2016:1141 Moderate CentOS 7 ntp Security Update
http://lwn.net/Alerts/689190/
+ CESA-2016:1140 Moderate CentOS 6 squid34 Security Update
http://lwn.net/Alerts/689194/
+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
+ Cisco ESA and WSA AMP ClamAV Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1405
+ UPDATE: Oracle Solaris Third Party Bulletin - April 2016
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
+ HS16-016 XML External Entity (XXE) Vulnerability in Cominexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-016/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254
+ HS16-016 CosminexusにおけるXXEに関する脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-016/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254
+ FreeBSD-SA-16:23.libarchive Buffer overflow in libarchive(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0211
+ FreeBSD-SA-16:22.libarchive Directory traversal in cpio(1)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:22.libarchive.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304
+ FreeBSD-SA-16:21.43bsd Kernel stack disclosure in 4.3BSD compatibility layer
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:21.43bsd.asc
+ FreeBSD-SA-16:20.linux Kernel stack disclosure in Linux compatibility layer
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:20.linux.asc
10の疑問を試して解明 セキュリティ大実験室
スマホの顔認証は正確か?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300007/?ST=security
ラッコの眼 ~サイバーセキュリティ最前線~
情報漏洩の温床、「匿名FTPサーバー」の再点検を
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/053000010/?ST=security
ログ解析とF/Wで情報漏えいを防止、日立ソリューションズとBBSecが提供
http://itpro.nikkeibp.co.jp/atcl/news/16/053101563/?ST=security
10の疑問を試して解明 セキュリティ大実験室
パターンロックを見抜けるか?
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300006/?ST=security
登録:
投稿 (Atom)