2016年6月9日木曜日

9日 木曜日、先負










+ RHSA-2016:1217 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-1217.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2818
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2831

+ CESA-2016:1205 Important CentOS 7 spice Security Update
http://lwn.net/Alerts/690376/

+ CESA-2016:1204 Important CentOS 6 spice-server Security Update
http://lwn.net/Alerts/690377/

+ Wireshark 1.12.12 released
https://www.wireshark.org/docs/relnotes/wireshark-1.12.12.html

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ UPDATE: Cisco IOS XR Software LPTS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160519-ios-xr

+ Linux kernel 4.6.2, 4.5.7, 4.4.13, 4.1.26, 3.18.35, 3.14.72 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.26
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.35
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.72

+ SA70968 Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/70968/

+ Apache Struts ActionForm and Validator Bugs Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code
http://www.securitytracker.com/id/1036056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1182

+ Wireshark Multiple Dissector/Parser Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1036055

JVNDB-2016-000099 DXライブラリにおいて任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000099.html

UPDATE: JVN#74659077 TERASOLUNA Server Framework for Java(WEB) の拡張子直接アクセス禁止機能における制限回避の脆弱性
http://jvn.jp/jp/JVN74659077/

UPDATE: JVN#65044642 Apache Struts 1 における入力値検証機能に関する脆弱性
http://jvn.jp/jp/JVN65044642/

UPDATE: JVN#03188560 Apache Struts 1 におけるメモリ上にあるコンポーネントを操作可能な脆弱性
http://jvn.jp/jp/JVN03188560/

実践、セキュリティ事故対応
[第12回]全てのWebサーバーが狙われている 攻撃の監視は厳しめに
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/031800012/?ST=security

0 件のコメント:

コメントを投稿