2016年9月26日月曜日

26日 月曜日、先負

+ RHSA-2016:1912 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-1912.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5284

+ About the security content of iOS 10.0.2
https://support.apple.com/ja-jp/HT207199

+ About the security content of iCloud for Windows 6.0
https://support.apple.com/ja-jp/HT207147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4762

+ About the security content of macOS Server 5.2
https://support.apple.com/ja-jp/HT207171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4694
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4754

+ About the security content of Safari 10
https://support.apple.com/ja-jp/HT207157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4751
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4759
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4762
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4763

+ CESA-2016:1912 Critical CentOS 5 firefox Security Update
http://lwn.net/Alerts/701617/

+ CESA-2016:1912 Critical CentOS 6 firefox Security Update
http://lwn.net/Alerts/701613/

+ CESA-2016:1912 Critical CentOS 7 firefox Security Update
http://lwn.net/Alerts/701614/

+ Cisco Email Security Appliance Internal Testing Interface Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6406

+ UPDATE: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl

+ Cisco IOS and IOS XE iox Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-iox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6414

+ Cisco Firepower Management Center and FireSIGHT System Software SSLIinspection Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-fmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6411

+ Cisco IOS and IOS XE Software Data in Motion Component Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-dmo
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6414

+ Cisco Cloud Services Platform 2100 Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6374

+ Cisco Cloud Services Platform 2100 Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6373

+ Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6408

+ Cisco Application-Hosting Framework HTTP Header Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6412

+ Cisco IOS and IOS XE Software Application-Hosting Framework Unauthorized File Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-caf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6410

+ Cisco Application Policy Infrastructure Controller Binary Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6413

+ Linux kernel 4.7.5, 4.4.22 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.22

+ OpenSSL 1.1.0a, 1.0.2i, 1.0.1u released
https://www.openssl.org/news/changelog.html#x1
https://www.openssl.org/news/cl102.txt
https://www.openssl.org/news/cl101.txt

+ OpenSSL Security Advisory [22 Sep 2016]
https://www.openssl.org/news/secadv/20160922.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6307

+ Samba 4.4.6 Available for Download
https://www.samba.org/samba/history/samba-4.4.6.html

+ SA72712 OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/72712/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6305

+ Apache POI 3.15 released
http://poi.apache.org/changes.html

+ Sysstat 11.4.1, 11.2.7 released
http://sebastien.godard.pagesperso-orange.fr/

+ JVNVU#98667810 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98667810/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6308

+ JVNVU#90950877 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90950877/

+ OpenSSL 1.1.0 OCSP DoS resource exhaustion
https://cxsecurity.com/issue/WLB-201609017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304

+ Microsoft Internet Explorer 11 CORS Disrespect
https://cxsecurity.com/issue/WLB-2016090165

+ Microsoft Office PowerPoint 2010 - Invalid Pointer Reference
https://cxsecurity.com/issue/WLB-2016090158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3357

+ RSA Identity Management and Governance Flaw Lets Remote Authenticated Users Obtain Information About Other User Accounts
http://www.securitytracker.com/id/1036896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0918

Announcement: Amazon RDS for PostgreSQL Enhancements: Support for new minor versions, Logical Replication, and Amazon RDS PostgreSQL as a source for AWS DMS
https://www.postgresql.org/about/news/1700/

JVNDB-2016-000167 Geeklog IVYWE版の複数のプラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000167.html

UPATE: JVNVU#92998929 ImageMagick に入力値検証不備の脆弱性
http://jvn.jp/vu/JVNVU92998929/

JVN#46087986 Geeklog IVYWE版の複数のプラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN46087986/

速報
NEC、ソニー損保にサイバー攻撃対策の多層防御システムを構築
http://itpro.nikkeibp.co.jp/atcl/news/16/092302770/?ST=security?itp_list_theme

速報
5億人以上の個人情報流出、Yahoo!に国家が関与するサイバー攻撃か
http://itpro.nikkeibp.co.jp/atcl/news/16/092302766/?ST=security?itp_list_theme

0 件のコメント:

コメントを投稿