2日 木曜日、赤口

+ Google Chrome 51.0.2704.79 released
http://googlechromereleases.blogspot.jp/2016/06/stable-channel-update.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1696
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1703

+ Cisco Prime Network Analysis Module Authenticated Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1391

+ Cisco Prime Network Analysis Module Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1390

+ Cisco Prime Network Analysis Module Unauthenticated Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1388

+ Cisco Prime Network Analysis Module IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1370

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2105

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ Linux kernel 4.6.1, 4.5.6, 4.4.12, 3.14.71 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.12
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.71

+ SA70911 nginx NULL Pointer Dereference Denial of Service Vulnerability
https://secunia.com/advisories/70911/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450

+ libpng 1.6.22 released
http://www.libpng.org/pub/png/src/libpng-1.6.22-README.txt

+ MySQL 5.6.31, 5.5.50 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/

+ cURL DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4802

VU#754056 Fonality contains a hard-coded password and embedded SSL private key
https://www.kb.cert.org/vuls/id/754056

10の疑問を試して解明 セキュリティ大実験室
SSLでURLフィルタリングは機能するか？
http://itpro.nikkeibp.co.jp/atcl/column/16/052300113/052300008/?ST=security