:: IT Security Neophyte Investigator's MEMO ::: 8月 2016

2016年8月31日水曜日

31日水曜日、大安

+ APSB16-30 Security Update: Hotfixes available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4264

+ UPDATE: Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130226-CVE-2013-1138

+ Kaspersky Internet Security Driver Bugs Let Local Users Obtain System Memory Contents and Deny Service
http://www.securitytracker.com/id/1036703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4307

+ Kaspersky Anti-Virus Driver Bugs Let Local Users Obtain System Memory Contents and Deny Service
http://www.securitytracker.com/id/1036702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4307

+ Multiple Kaspersky Products Out of Bounds Read Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/92657

+ Linux Kernel Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/91709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6198

サイバーインテリジェンスの探し方
サイバーインテリジェンスには紙の情報が役に立つ
http://itpro.nikkeibp.co.jp/atcl/column/16/081200173/082500007/?ST=security

百社百様、我が社のCSIRT
［JCB］外部専門家と連携し、世間を揺るがす脆弱性に早期対処
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/082500008/?ST=security

プロバイダー経由でSSL証明書提供、シマンテックが「Encryption Everywhere」
http://itpro.nikkeibp.co.jp/atcl/news/16/083002520/?ST=security

セキュアソフト、コンテナ型セキュアインターネットの管理機能をクラウド化
http://itpro.nikkeibp.co.jp/atcl/news/16/083002515/?ST=security

EMCジャパン、標準型サイバー攻撃対策スイート
http://itpro.nikkeibp.co.jp/atcl/news/16/083002514/?ST=security

百社百様、我が社のCSIRT
［JFE HD］システム基盤のセキュリティも高め、技術情報を守る
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/082500007/?ST=security

SSLはもう古い　TLSがおもしろい
TLSはWeb専用なの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100007/?ST=security

防ぎきれない攻撃への切り札「EDR」とは
今問題なのは侵入されたあとにどう対処できるかだ
http://itpro.nikkeibp.co.jp/atcl/column/16/081000170/081100002/?ST=security

百社百様、我が社のCSIRT
［東京電力HD］複数の専門家からのサイバーインテリジェンスで防御
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/081100003/?ST=security

2016年8月30日火曜日

30日火曜日、仏滅

+ UPDATE: Cisco Adaptive Security Appliance Xlates Table Exhaustion Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130226-CVE-2013-1138

+ Linux Kernel Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/92659

［JFE HD］システム基盤のセキュリティも高め、技術情報を守る
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/082500007/?ST=security

サイバーインテリジェンスの探し方
サイバーインテリジェンスのために公式文書をネットで拾う
http://itpro.nikkeibp.co.jp/atcl/column/16/081200173/082500006/?ST=security

JVNVU#97606905 Accellion kiteworks に複数の脆弱性
http://jvn.jp/vu/JVNVU97606905/

2016年8月29日月曜日

29日月曜日、先負

+ RHSA-2016:1776 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-1776.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606

+ About the security content of iOS 9.3.5
https://support.apple.com/ja-jp/HT207107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

+ UPDATE: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

+ UPDATE: Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms

+ Linux kernel 3.10.103 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.103

+ SA72201 Apple iOS WebKit Memory Corruption Vulnerability
https://secunia.com/advisories/72201/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

+ Postfix 3.1 Patchlevel 2, 3.0 Patchlevel 6 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.6.HISTORY

+ JVNVU#99497792 Apple iOS に複数の脆弱性
http://jvn.jp/vu/JVNVU99497792/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

+ OpenSSL 3DES Cipher Block Collision Weakness Lets Remote Users Decrypt Data in Certain Cases
http://www.securitytracker.com/id/1036696

+ Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2
https://cxsecurity.com/issue/WLB-2016080232

+ Apple iOS CVE-2016-4656 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/92652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4656

+ Apple iOS CVE-2016-4655 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/92651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4655

+ WebKit CVE-2016-4657 Unspecified Memory Corruption Vulnerability
http://www.securityfocus.com/bid/92653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

+ Apple Mac OS X/watchOS/iOS/tvOS Incomplete Fix Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/92663

VU#305607 Accellion Kiteworks contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/305607

百社百様、我が社のCSIRT
［明治安田生命］専任者無し、手さぐりでCSIRTを発足
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/082500006/?ST=security

サイバーインテリジェンスの探し方
サイバーインテリジェンスの情報源はネット、図書館、そして…
http://itpro.nikkeibp.co.jp/atcl/column/16/081200173/082500005/?ST=security

2016年8月26日金曜日

26日金曜日、赤口

+ gawk 4.1.4 released
http://ftp.gnu.org/gnu/gawk/?C=M;O=D

+ UPDATE: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

+ UPDATE: Cisco Catalyst Switches Network Mobility Services Protocol Port Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160413-nms

+ OpenSSL 1.1.0 is now available
https://www.openssl.org/

+ UPDATE: JVN#45093481 Apache Struts における複数の脆弱性
http://jvn.jp/jp/JVN45093481/

+ Apple iOS WebKit Flaws Let Remote Users Execute Arbitrary Code and Applications Obtain Kernel Memory Contents and Gain Elevated Privileges
http://www.securitytracker.com/id/1036694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4657

+ OpenBSD SMTP Processing Bug in rfc2822_parser_init() May Let Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1036691

+ OpenSSL DTLS Replace Protection Sequence Number Processing Errors Let Remote Users Deny Service
http://www.securitytracker.com/id/1036690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181

+ OpenSSL DTLS Fragment Processing Error Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1036689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179

+ OpenSSL Out-of-Bounds Write Error in BN_bn2dec() Lets Remote Users Cause the Target Application to Crash
http://www.securitytracker.com/id/1036688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182

+ UPDATE: Linux Kernel 'ovl_copy_up_locked()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/92611

+ Linux Kernel Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/92575

JVNDB-2016-000153 LINE PC版（Windows版）におけるダウンロードファイル検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000153.html

SSLはもう古い　TLSがおもしろい
暗号と数学はどういう関係があるの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100009/?ST=security

防ぎきれない攻撃への切り札「EDR」とは
EDR機能で記録したログを解析すれば侵入経路をたどれる
http://itpro.nikkeibp.co.jp/atcl/column/16/081000170/081100003/?ST=security

百社百様、我が社のCSIRT
［大成建設］迷わずインシデント通報できるよう、組織と規定にメス
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/081100005/?ST=security

アイ・オー・データ機器、時限消去機能付きセキュリティUSBメモリー
http://itpro.nikkeibp.co.jp/atcl/news/16/082502461/?ST=security

2016年8月25日木曜日

25日木曜日、大安

+ RHSA-2016:1664 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1664.html

+ Mozilla Firefox 48.0.2 released
https://www.mozilla.org/en-US/firefox/48.0.2/releasenotes/

+ CESA-2016:1664 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/698116/

+ UPDATE: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

+ UPDATE: Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise

+ Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6369

+ UPDATE: Cisco Connected Streaming Analytics Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-csa

+ UPDATE: Cisco Firepower Management Center Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc

+ Linux kernel 3.16.37, 3.2.82 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.37
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.82

+ UPDATE: Oracle Solaris Third Party Bulletin - July 2016
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

+ VMSA-2016-0013 VMware Identity Manager and vRealize Automation updates address multiple security issues
http://www.vmware.com/security/advisories/VMSA-2016-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5336

+ Linux Kernel 'ovl_copy_up_locked()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/92611

+ PHP 'php_url_encode()' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/92589

+ PHP 'php_quot_print_encode()' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/92588

JVNDB-2016-000151 夜フクロウにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000151.html

JVNDB-2016-000152 シンプルチャットにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000152.html

UPDATE: JVNVU#91475438 Internet Key Exchange (IKEv1, IKEv2) が DoS 攻撃の踏み台として使用される問題
http://jvn.jp/vu/JVNVU91475438/index.html

SSLはもう古い　TLSがおもしろい
SSLを使えなくしたいけど、どうすればいいの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100008/?ST=security

防ぎきれない攻撃への切り札「EDR」とは
標的型攻撃を想定するならエンドポイントの全てを記録すべし
http://itpro.nikkeibp.co.jp/atcl/column/16/081000170/081100004/?ST=security

百社百様、我が社のCSIRT
［伊藤忠商事］外部から即戦力を引っ張り、全員をセキュリティのエキスパートに
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/081100004/?ST=security

カスペルスキー、仮想マシン環境向けウイルス対策の新製品を販売
http://itpro.nikkeibp.co.jp/atcl/news/16/082402450/?ST=security

機械学習を使ったマルウエア対策の米サイランスが日本法人「Cylance Japan」を設立
http://itpro.nikkeibp.co.jp/atcl/news/16/082402446/?ST=security

アズジェント、ネットワーク迷宮化ソフト「illusive」がランサムウエアに対応
http://itpro.nikkeibp.co.jp/atcl/news/16/082302433/?ST=security

2016年8月23日火曜日

23日火曜日、先負

+ CESA-2016:1633 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/697920/

+ UPDATE: Cisco Firepower Management Center Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc

+ Linux kernel 4.1.31, 3.18.40 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.31
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.40

+ SA72189 Linux Kernel KVM H_CEDE Hypercall Denial of Service Vulnerability
https://secunia.com/advisories/72189/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5412

+ GCC 6.2 released
https://gcc.gnu.org/gcc-6/changes.html

+ UPDATE: JVNVU#90754453 プロキシサーバを使った通信を行うアプリケーションに中間者攻撃 (MITM) が可能な脆弱性
http://jvn.jp/vu/JVNVU90754453/index.html

+ PHP 'zend_virtual_cwd()' Function NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/92582

+ Linux Kernel Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/92575

JVNDB-2016-000149 サイボウズガルーンにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000149.html

JVNDB-2016-000148 サイボウズガルーンにおける認証回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000148.html

JVNDB-2016-000147 サイボウズガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000147.html

JVNDB-2016-000146 サイボウズガルーンの空き時間確認画面に関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000146.html

JVNDB-2016-000145 サイボウズガルーンの予定の登録機能に関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000145.html

JVNDB-2016-000144 サイボウズガルーンのユーザ詳細画面に関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000144.html

JVNDB-2016-000143 サイボウズガルーンの出欠確認機能に関するクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000143.html

JVNDB-2016-000142 サイボウズガルーンにおけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000142.html

SSLはもう古い　TLSがおもしろい
サーバー証明書は本当に安全？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100006/?ST=security

百社百様、我が社のCSIRT
［ANAシステムズ］13種のセキュリティ人材を育成して守り切る
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/081100002/?ST=security

2016年8月22日月曜日

22日月曜日、友引

+ CESA-2016:1626 Moderate CentOS 6 python Security Update
http://lwn.net/Alerts/697696/

+ CESA-2016:1626 Moderate CentOS 7 python Security Update
http://lwn.net/Alerts/697695/

+ phpMyAdmin 4.0.10.17, 4.4.15.8, 4.6.4 released
https://www.phpmyadmin.net/news/2016/8/16/phpmyadmin-401017-44158-and-464-are-released/

+ UPDATE: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic

+ Cisco Connected Streaming Analytics Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-csa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1477

+ UPDATE: Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli

+ UPDATE: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

+ UPDATE: Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr

+ Linux kernel 4.7.2, 4.4.19, 3.14.77 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.19
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.77

+ SA72109 Linux Kernel infiniband ABORT_TASK Denial of Service Vulnerability
https://secunia.com/advisories/72109/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6327

+ UPDATE: JVNVU#93163809 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU93163809/

+ UPDATE: JVNVU#92232364 Microsoft Windows および Samba の認証機能に脆弱性 ("Badlock")
http://jvn.jp/vu/JVNVU92232364/

+ UPDATE: JVNVU#95402108 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95402108/

+ UPDATE: JVNVU#97236594 glibc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU97236594/

+ UPDATE: JVN#48135658 複数のルータ製品におけるクリックジャッキングの脆弱性
http://jvn.jp/jp/JVN48135658/index.html

+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/index.html

+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html

+ PHP Multiple Flaws Let Remote and Local Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
http://www.securitytracker.com/id/1036680

+ Linux Kernel CVE-2016-6327 Null Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/92549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6327

JVNDB-2016-000150 Geeklog IVYWE版におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000150.html

SSLはもう古い　TLSがおもしろい
TLSの安全性は何で決まる？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100005/?ST=security

百社百様、我が社のCSIRT
［ジャパンネット銀行］詐欺サイトを徹底的にテイクダウン
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/080500001/?ST=security

UPDATE: JVN#51565015 LINE PC版（Windows版）における DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN51565015/

JVN#09836883 Geeklog IVYWE版におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN09836883/index.html

2016年8月19日金曜日

19日金曜日、大安

+ Gpg4win 2.3.3 released
https://www.gpg4win.org/change-history.html

+ RHSA-2016:1626 Moderate: python security update
https://rhn.redhat.com/errata/RHSA-2016-1626.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110

+ Mozilla Firefox 48.0.1 released
https://www.mozilla.org/en-US/firefox/48.0.1/releasenotes/

+ UPDATE: Cisco Adaptive Security Appliance CLI Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-cli

+ UPDATE: Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp

+ UPDATE: Cisco IOS and Cisco IOS XE Software OpenSSH TCP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr

+ UPDATE: Cisco Firepower Management Center Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-fmc

+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-wms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1484

+ Cisco Unified Communications Manager Information Disclosure Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6364

+ Cisco Smart Call Home Transport Gateway Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-sch
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6359

+ Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1485

+ Cisco IP Phone 8800 Series Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1479

+ Cisco Firepower Management Center Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepowermc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6365

+ Cisco Firepower Management Center Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-firepower
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1458

+ Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1365

+ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms 802.11 Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6363

+ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6362

+ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms AMPDU Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6361

+ SA72120 phpMyAdmin Multiple Vulnerabilities
https://secunia.com/advisories/72120/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6630

+ SA72156 MantisBT "view_type" Cross-Site Scripting Vulnerability
https://secunia.com/advisories/72156/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6837

+ SA72078 Linux Kernel "sys_oabi_epoll_wait()" and "sys_oabi_semtimedop()" Privilege Escalation Vulnerabilities
https://secunia.com/advisories/72078/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3857

+ PHP 7.0.10, 5.6.25 released
http://www.php.net/ChangeLog-7.php#7.0.10
http://www.php.net/ChangeLog-5.php#5.6.25

+ MantisBT Input Validation Flaw in Filter API Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1036655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6837

+ Juniper Junos IPv6 Packet Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1409

+ Fortinet FortiGate/FortiOS Buffer Overflow in Cookie Parser Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036643

+ GNU glibc CVE-2016-6323 Infinite Loop Denial of Service Vulnerability
http://www.securityfocus.com/bid/92532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6323

+ GNU GCC CVE-2016-4973 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/92530
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4973

+ Fortinet FortiGate Cookie Parser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/92523

+ MantisBT CVE-2016-6837 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/92522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6837

JVNDB-2016-000141 OSSEC Web UI におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000141.html

JVNDB-2016-000140 ClipBucket におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000140.html

JVNDB-2016-000139 PhishWall クライアント Internet Explorer版における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000139.html

JVNVU#98959217 ReadyDesk に複数の脆弱性
http://jvn.jp/vu/JVNVU98959217/

優勝賞金2億円のCTFにアダルトグッズのハッキングも、「DEF CON 24」現地リポート
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/081700611/?ST=security

2016年8月17日水曜日

17日水曜日、先負

+ Vim 8.0 released
https://github.com/vim/vim/blob/master/runtime/doc/version8.txt

+ Linux kernel 4.7.1, 4.6.7, 4.4.18, 3.14.76 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.18
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.76

+ JVNVU#90754453 プロキシサーバを使った通信を行うアプリケーションに中間者攻撃 (MITM) が可能な脆弱性
http://jvn.jp/vu/JVNVU90754453/index.html

+ VMware Photon OS Default SSH Public Key Lets Remote Users Access the Target System
http://www.securitytracker.com/id/1036628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5333

VU#294272 ReadyDesk contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/294272

JVNDB-2016-000138 サイボウズメールワイズの一斉配信機能におけるクリックジャッキングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000138.html

JVNDB-2016-000137 サイボウズメールワイズにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000137.html

JVNDB-2016-000136 サイボウズメールワイズにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000136.html

JVNDB-2016-000135 サイボウズメールワイズにおけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000135.html

2016年8月16日火曜日

16日火曜日、友引

+ VU#905344 HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
https://www.kb.cert.org/vuls/id/905344

+ Sysstat 11.4.0, 1.2.6 released
http://sebastien.godard.pagesperso-orange.fr/

+ Linux Kernel 'tcp_xmit_retransmit_queue()' Function Use After Free Denial of Service Vulnerability
http://www.securityfocus.com/bid/92452

JVNVU#97004768 Zmodo 製のネットワークビデオレコーダ (NVR) およびネットワークカメラに複数の脆弱性
http://jvn.jp/vu/JVNVU97004768/index.html

2016年8月15日月曜日

15日月曜日、先勝

+ CESA-2016:1613 Moderate CentOS 7 php Security Update
http://lwn.net/Alerts/697107/

+ CESA-2016:1606 Moderate CentOS 7 qemu-kvm Security Update
http://lwn.net/Alerts/697109/

+ CESA-2016:1602 Important CentOS 7 mariadb Security Update
http://lwn.net/Alerts/697106/

+ CESA-2016:1609 Moderate CentOS 6 php Security Update
http://lwn.net/Alerts/697108/

+ UPDATE: Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms ARP Request Handling Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet

+ VMSA-2016-0011 vRealize Log Insight update addresses directory traversal vulnerability.
http://www.vmware.com/security/advisories/VMSA-2016-0011.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5332

+ UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/index.html

+ PostgreSQL Bugs Let Remote Authenticated Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1036617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424

+ 2016-08-11 Security Update Release
https://www.postgresql.org/about/news/1688/
https://www.postgresql.org/docs/9.5/static/release-9-5-4.html
https://www.postgresql.org/docs/9.4/static/release-9-4-9.html
https://www.postgresql.org/docs/9.3/static/release-9-3-14.html
https://www.postgresql.org/docs/9.2/static/release-9-2-18.html
https://www.postgresql.org/docs/9.1/static/release-9-1-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424

VU#301735 ZModo ZP-NE14-S DVR and ZP-IBH-13W cameras contain hard-coded credentials
https://www.kb.cert.org/vuls/id/301735

JVNVU#99625371 Objective Systems ASN1C で生成したソースコードにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99625371/index.html

JVNVU#94906777 複数の D-Link 製ルータにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU94906777/index.html

2016年8月12日金曜日

12日金曜日、仏滅

+ RHSA-2016:1609 Moderate: php security update
https://rhn.redhat.com/errata/RHSA-2016-1609.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385

+ RHSA-2016:1606 Moderate: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-1606.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5403

+ RHSA-2016:1613 Moderate: php security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1613.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385

+ RHSA-2016:1602 Important: mariadb security update
https://rhn.redhat.com/errata/RHSA-2016-1602.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5444

+ CESA-2016:1585 Moderate CentOS 6 qemu-kvm Security Update
http://lwn.net/Alerts/696907/

+ UPDATE: Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-iosxr

+ Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1476

+ Cisco Connected Streaming Analytics Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-csa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1477

+ VU#332115 D-Link routers contain buffer overflow vulnerability
https://www.kb.cert.org/vuls/id/332115

+ Linux kernel 4.6.6, 4.4.17, 3.14.75 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.17
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.75

+ Microsoft Office Word 2007-2016 Out-of-Bounds Read Remote Code Execution
https://cxsecurity.com/issue/WLB-2016080104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3313

+ LINE Instant Messenger Pre-June 2016 SSRF / Authorization Bypass
https://cxsecurity.com/issue/WLB-2016080099

+ Microsoft Windows 7 Group Policy Privilege Escalation
https://cxsecurity.com/issue/WLB-2016080098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3223

SSLはもう古い　TLSがおもしろい
TLS通信はどういう手順で行われるの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100004/?ST=security

JTBや札幌通運、情報漏洩事案が相次ぐ旅行業界を観光庁がテコ入れへ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/081000608/?ST=security

佐賀県立学校不正アクセス事件、個人情報1万4355人分、成績808人分の流出が確定
http://itpro.nikkeibp.co.jp/atcl/news/16/081002397/?ST=security

2016年8月11日木曜日

11日木曜日、先負

2016年8月10日水曜日

10日水曜日、友引

+ 2016 年 8 月のマイクロソフトセキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-aug

+ MS16-095 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3177356)
https://technet.microsoft.com/library/security/MS16-095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3327

+ MS16-096 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3177358)
https://technet.microsoft.com/library/security/MS16-096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3329

+ MS16-097 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3177393)
https://technet.microsoft.com/library/security/MS16-097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3304

+ MS16-098 - 重要 Windows カーネルモードドライバー用のセキュリティ更新プログラム (3178466)
https://technet.microsoft.com/library/security/MS16-098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3311

+ MS16-099 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3177451)
https://technet.microsoft.com/library/security/MS16-099
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3318

+ MS16-100 - 重要セキュアブート用のセキュリティ更新プログラム (3179577)
https://technet.microsoft.com/library/security/MS16-100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3320

+ MS16-101 - 重要 Windows 認証方式用のセキュリティ更新プログラム（3178465）
https://technet.microsoft.com/library/security/MS16-101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3237

+ MS16-102 - 緊急 Microsoft Windows PDF ライブラリ用のセキュリティ更新プログラム (3182248)
https://technet.microsoft.com/library/security/MS16-102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3319

+ MS16-103 - 重要 ActiveSyncProvider 用のセキュリティ更新プログラム (3182332)
https://technet.microsoft.com/library/security/MS16-103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3312

+ マイクロソフトセキュリティアドバイザリ 3179528 カーネルモードのブラックリスト用の更新プログラム
https://technet.microsoft.com/library/security/3179528

+ RHSA-2016:1585 Moderate: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2016-1585.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5403

+ APSB16-27 Security hotfixes available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4253

+ UPDATE: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6

+ UPDATE: Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge

+ Linux kernel 4.1.30, 3.18.39 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.30
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.39

+ SA71963 Linux Kernel IPv6 Options Data Vulnerabilities
https://secunia.com/advisories/71963/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3841

+ UPDATE: JVNVU#97741939 UltraVNC repeater の初期設定において接続先 IP アドレスやポートの制限が行われない問題
http://jvn.jp/vu/JVNVU97741939/index.html

+ Linux Kernel CVE-2016-2064 Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/92375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2064

SSLはもう古い　TLSがおもしろい
なぜTLSで安全が守れるの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100003/?ST=security

続々とハックされるIoT、「Black Hat 2016」現地レポート
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/080800603/?ST=security

ラッコの眼～サイバーセキュリティ最前線～
12時間働くセキュリティアナリストの“武器”
http://itpro.nikkeibp.co.jp/atcl/column/15/071200172/072700011/?ST=security

ワークスがISO 27017の認証取得、クラウド型ERPのセキュリティ信頼性を訴求
http://itpro.nikkeibp.co.jp/atcl/news/16/080902385/?ST=security

2016年8月9日火曜日

About the security content of iOS 9.3.4

About the security content of iOS 9.3.4
https://support.apple.com/ja-jp/HT207026

上記 URL の iOS のセキュリティアップデートの翻訳

1) IOMobileFrameBuffer

　拡張されたメモリの取り扱いにメモリ破壊の欠陥が存在することが原因で、アプリケーションがカーネル権限で任意のコードを実行できる脆弱性。(CVE-2016-4654)

9日火曜日、先勝

+ VU#735416 UltraVNC repeater does not restrict IP addresses or ports by default
https://www.kb.cert.org/vuls/id/735416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5673

+ SA71975 Hitachi Multiple Products Security Bypass Vulnerability
https://secunia.com/advisories/71975/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ HS16-020 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-020/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ HS16-020 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-020/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387

+ libpng 1.6.24 released
http://www.libpng.org/pub/png/src/libpng-1.6.24-README.txt

+ PHP 7.0.6 imagescale out-of-bounds read
https://cxsecurity.com/issue/WLB-2016080080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7456

JVNVU#97220922 NUUO および Netgear の Network Video Recorder (NVR) 製品のウェブインターフェースに複数の脆弱性
http://jvn.jp/vu/JVNVU97220922/

JVN#35062083 アイ・オー・データ製の複数のレコーディングハードディスクにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN35062083/

SSLはもう古い　TLSがおもしろい
TLSが必要なのは大事な通信だけ？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100002/?ST=security

日本を標的にした攻撃が増加、2016年上半期のマルウエア動向
http://itpro.nikkeibp.co.jp/atcl/news/16/080802371/?ST=security

日立、岡山市からマイナンバー業務向けに指静脈認証を使った二要素認証システムを受注
http://itpro.nikkeibp.co.jp/atcl/news/16/080802363/?ST=security

2016年8月8日月曜日

8日月曜日、赤口

+ UPDATE: Cisco Meeting Server Persistent Cross-Site Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160714-ms

+ UPDATE: Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm

+ Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1478

+ SA71966 VMware Multiple Products vmhgfs.dll Insecure Library Loading Vulnerability
https://secunia.com/advisories/71966/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5330

+ VMware vCenter Server / ESXi HTTP Header Injection Vulnerability
https://secunia.com/advisories/71956/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5331

+ VMSA-2016-0010 VMware product updates address multiple important security issues
http://www.vmware.com/security/advisories/VMSA-2016-0010.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5331

+ glibc 2.24 released
https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5417

+ JVNVU#90289707 プロキシ自動設定ファイル (proxy.pac) から完全な形の HTTPS URL へアクセスできる問題
http://jvn.jp/vu/JVNVU90289707/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1801

+ JVNVU#99702250 Apple iOS にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU99702250/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4654

+ JVN#09470233 Android ブラウザにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN09470233/

+ Docker Unspecified Flaw Lets Remote Authenticated Users Deny Service on the Target Swarm Cluster
http://www.securitytracker.com/id/1036548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6595

+ Internet Explorer 11 VBScript Engine Memory Corruption
https://cxsecurity.com/issue/WLB-2016080061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0189

+ TLS session resumption client cert bypass
https://curl.haxx.se/docs/adv_20160803A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

+ Re-using connections with wrong client cert
https://curl.haxx.se/docs/adv_20160803B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

+ use of connection struct after free
https://curl.haxx.se/docs/adv_20160803C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

+ curl 7.50.1 released
https://curl.haxx.se/changes.html#7_50_1

JVNDB-2016-000134 アイ・オー・データ製の複数のレコーディングハードディスクにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000134.html

瀧口範子のシリコンバレー通信
創設者が私物化する「WikiLeaks」にがっかり
http://itpro.nikkeibp.co.jp/atcl/column/15/060200138/080500063/?ST=security

SSLはもう古い　TLSがおもしろい
SSLはなぜ「もう古い」なの？
http://itpro.nikkeibp.co.jp/atcl/column/16/072100153/072100001/?ST=security

2016年8月5日金曜日

5日金曜日、先負

+ RHSA-2016:1573 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2016-1573.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5408

+ About the security content of iOS 9.3.4
https://support.apple.com/ja-jp/HT207026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4654

+ CESA-2016:1573 Moderate CentOS 6 squid Security Update
http://lwn.net/Alerts/696386/

+ CESA-2016:1551 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/696385/

+ Cisco IOS Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1478

+ glibc 2.24 released
http://ftp.gnu.org/gnu/glibc/?C=M;O=A

+ JVNDB-2016-000127 Android ブラウザにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000127.html

+ UPDATE: JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/index.html

+ cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1036538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419

+ cURL/libcurl TLS Connection Reuse Bug Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1036537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420

+ libcurl Use-After-Free Connection Flaw May Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

VU#877625 Proxy auto-config (PAC) files have access to full HTTPS URLs
https://www.kb.cert.org/vuls/id/877625

VU#856152 NUUO and Netgear Network Video Recorder (NVR) products web interfaces contain multiple vulnerabilities
https://www.kb.cert.org/vuls/id/856152

JVNDB-2016-000133 スマートフォンアプリ「Coordinate Plus」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000133.html

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/

富士通、個人情報保護業務を支援するコンサルティングサービスをメニュー化して提供
http://itpro.nikkeibp.co.jp/atcl/news/16/080402334/?ST=security

2016年8月4日木曜日

4日木曜日、友引

+ RHSA-2016:1551 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-1551.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265

+ Google Chrome 52.0.2743.116 released
http://googlechromereleases.blogspot.jp/2016/08/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5146

+ CESA-2016:1551 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/696182/

+ CESA-2016:1551 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/696183/

+ CESA-2016:1539 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/696185/

+ CESA-2016:1546 Important CentOS 7 libtiff Security Update
http://lwn.net/Alerts/696186/

+ CESA-2016:1547 Important CentOS 6 libtiff Security Update
http://lwn.net/Alerts/696187/

+ CESA-2016:1538 Moderate CentOS 7 golang Security Update
http://lwn.net/Alerts/696184/

+ CESA-2016:1504 Important CentOS 6 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/695530/

+ CESA-2016:1504 Important CentOS 7 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/695531/

+ CESA-2016:1504 Important CentOS 5 java-1.7.0-openjdk Security Update
http://lwn.net/Alerts/695529/

+ CESA-2016:1487 Moderate CentOS 6 samba4 Security Update
http://lwn.net/Alerts/695534/

+ CESA-2016:1486 Moderate CentOS 7 samba Security Update
http://lwn.net/Alerts/695533/

+ Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1466

+ Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1429

+ Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6396

+ Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6397

+ Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-cpi
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1474

+ Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-vcse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1468

+ Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1430

+ SA71917 Android Multiple Vulnerabilities
https://secunia.com/advisories/71917/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3819
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3822
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3840

+ SA71943 McAfee Web Gateway OpenSSH and NTP Multiple Vulnerabilities
https://secunia.com/advisories/71943/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115

+ SA71946 cURL / libcURL Multiple Vulnerabilities
https://secunia.com/advisories/71946/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421

+ GCC 4.9.4 release
https://gcc.gnu.org/gcc-4.9/
https://gcc.gnu.org/gcc-4.9/changes.html

+ Windows 7/x86 localhost Port Scanner Shellcode
https://cxsecurity.com/issue/WLB-2016080021

+ OpenBSD Integer Overflow in uvm_map_isavail() Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1036493

+ OpenBSD Missing Null Check in vfs_sysctl() Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1036492

2016年8月3日水曜日

3日水曜日、先勝

+ RHSA-2016:1547 Important: libtiff security update
https://rhn.redhat.com/errata/RHSA-2016-1547.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5320

+ RHSA-2016:1538 Moderate: golang security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-1538.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5386

+ RHSA-2016:1546 Important: libtiff security update
https://rhn.redhat.com/errata/RHSA-2016-1546.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8683
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5320

+ RHSA-2016:1539 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-1539.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470

+ Mozilla Firefox 48.0 released
https://www.mozilla.org/en-US/firefox/48.0/releasenotes/

+ MFSA 2016-84 Information disclosure through Resource Timing API during page navigation
https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250

+ MFSA 2016-83 Spoofing attack through text injection into internal error pages
https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5268)

+ MFSA 2016-82 Addressbar spoofing with right-to-left characters on Firefox for Android
https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5267

+ MFSA 2016-81 Information disclosure and local file manipulation through drag and drop
https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5266

+ MFSA 2016-80 Same-origin policy violation using local HTML file and saved shortcut file
https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5265

+ MFSA 2016-79 Use-after-free when applying SVG effects
https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5264

+ MFSA 2016-78 Type confusion in display transformation
https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5263

+ MFSA 2016-77 Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback
https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2837

+ MFSA 2016-76 Scripts on marquee tag can execute in sandboxed iframes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5262

+ MFSA 2016-75 Integer overflow in WebSockets during data buffering
https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261

+ MFSA 2016-74 Form input type change from password to text can store plain text password in session restore file
https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5260

+ MFSA 2016-73 Use-after-free in service workers with nested sync events
https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5259

+ MFSA 2016-72 Use-after-free in DTLS during WebRTC session shutdown
https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5258

+ MFSA 2016-71 Crash in incremental garbage collection in JavaScript
https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5255

+ MFSA 2016-70 Use-after-free when using alt key and toplevel menus
https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5254

+ MFSA 2016-69 Arbitrary file manipulation by local user through Mozilla updater and callback application path parameter
https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5253

+ MFSA 2016-68 Out-of-bounds read during XML parsing in Expat library
https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

+ MFSA 2016-67 Stack underflow during 2D graphics rendering
https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5252

+ MFSA 2016-66 Location bar spoofing via data URLs with malformed/invalid mediatypes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5251

+ MFSA 2016-65 Cairo rendering crash due to memory allocation issue with FFmpeg 0.10
https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2839

+ MFSA 2016-64 Buffer overflow rendering SVG with bidirectional content
https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2838

+ MFSA 2016-63 Favicon network connection can persist when page is closed
https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830

+ MFSA 2016-62 Miscellaneous memory safety hazards (rv:48.0 / rv:45.3)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2835

JVNVU#97169528 Crestron Electronics AirMedia Presentation Gateway AM-100 に複数の脆弱性
http://jvn.jp/vu/JVNVU97169528/index.html

JVNVU#93291811 Crestron Electronics DM-TXRX-100-STR に複数の脆弱性
http://jvn.jp/vu/JVNVU93291811/index.html

2016年8月2日火曜日

2日火曜日、大安

+ SA71891 Linux Kernel "ioctl_file_dedupe_range()" Double Fetch Vulnerability
https://secunia.com/advisories/71891/

+ OpenSSH 7.3 released
http://www.openssh.com/txt/release-7.3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325

+ OpenSSH Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Timing Information and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1036487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325

+ Linux >= 4.5 double fetch leading to heap overflow
https://cxsecurity.com/issue/WLB-2016080002

+ opensshでユーザの存在を確認できる脆弱性(CVE-2016-6210)
http://boscono.hatenablog.com/entry/2016/07/18/134138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6210

VU#603047 Crestron AirMedia AM-100 contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/603047

VU#974424 Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/974424

JVNVU#93087310 Intel Crosswalk Project に SSL サーバ証明書の検証が行われなくなる脆弱性
http://jvn.jp/vu/JVNVU93087310/

2016年8月1日月曜日

1日月曜日、仏滅

+ psqlodbc_09_05_0400 released
https://www.postgresql.org/ftp/odbc/versions/msi/

+ Linux kernel 4.1.29, 3.18.38 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.29
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.38

+ SA71832 Yamaha RT Series Routers OpenSSL ASN.1 Memory Corruption Vulnerability
https://secunia.com/advisories/71832/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2108

+ HS16-019 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-019/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508

+ HS16-019 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-019/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3508

+ MySQL 5.6.32 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-32.html

+ Kaspersky Safe Browser Man-In-The-Middle
https://cxsecurity.com/issue/WLB-2016070234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6231

+ Wireshark Dissector/Parser Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1036480

VU#217871 Intel CrossWalk project does not validate SSL certificates after first acceptance
https://www.kb.cert.org/vuls/id/217871

「ポケモンGO」は日本公開前に偽アプリ43個、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/16/072902287/?ST=security

登録: 投稿 (Atom)