2016年9月8日木曜日

8日 木曜日、先負

+ Google Chrome 53.0.2785.101 released
https://googlechromereleases.blogspot.jp/2016/09/stable-channel-update-for-desktop.html

+ CESA-2016:1809 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/699655/

+ CESA-2016:1809 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/699653/

+ CESA-2016:1809 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/699654/

+ CESA-2016:1797 Moderate CentOS 7 ipa Security Update
http://lwn.net/Alerts/699652/

+ CESA-2016:1797 Moderate CentOS 6 ipa Security Update
http://lwn.net/Alerts/699651/

+ CESA-2016:1776 Important CentOS 7 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/698324/

+ CESA-2016:1776 Important CentOS 6 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/698323/

+ CESA-2016:1776 Important CentOS 5 java-1.6.0-openjdk Security Update
http://lwn.net/Alerts/698322/

+ Wireshark 2.2.0, 2.0.5 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html

+ Cisco Firepower Management Center and FireSIGHT System Software Malware Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6396

+ Cisco Firepower Management Center and FireSIGHT System Software Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6395

+ Cisco Firepower Management Center and FireSIGHT System Software Session Fixation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6394

+ UPDATE: Cisco Wireless LAN Controller TSM SNMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-1

+ UPDATE: Cisco Wireless LAN Controller wIPS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-wlc-2

+ Linux kernel 4.7.3, 4.4.20, 3.14.78, 3.12.63 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.20
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.78
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.63

+ Samba 4.5.0 Available for Download
https://www.samba.org/samba/history/samba-4.5.0.html

+ SA72413 Google Nexus Multiple Vulnerabilities
https://secunia.com/advisories/72413/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3899

+ SA72372 cURL / libcURL TLS Client Certificate Reuse Security Bypass Vulnerability
https://secunia.com/advisories/72372/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141

+ Apache Tomcat 8.5.5, 8.0.37 released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.5_(markt)
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.36_(markt)

+ UPDATE: JVNVU#92267426 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92267426/

+ glibc getaddrinfo Stack Buffer Overflow
https://cxsecurity.com/issue/WLB-2016090038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547

+ Android 6.0.0 MDA89E / 6.0.1 MMB29V OEM Panic
https://cxsecurity.com/issue/WLB-2016090037

+ MySQL 5.5.45 (64bit) - Local Credentials Disclosure
https://cxsecurity.com/issue/WLB-2016090026

+ cURL/libcurl Certificate Reuse Bug Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1036739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141

+ cURL/libcURL CVE-2016-7141 Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/92754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141

VU#282991 DEXIS Imaging Suite 10 contains hard-coded credentials
https://www.kb.cert.org/vuls/id/282991

VU#548399 Dentsply Sirona CDR DICOM contains multiple hard-coded credentials
https://www.kb.cert.org/vuls/id/548399

VU#619767 Open Dental installs with default database credentials
https://www.kb.cert.org/vuls/id/619767

VU#724487 Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/724487

JVNDB-2016-000156 ADOdb におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000156.html

JVNVU#94423160 Dentsply Sirona CDR DICOM に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU94423160/index.html

JVNVU#94993132 Open Dental に認証情報がハードコードされている問題
http://jvn.jp/vu/JVNVU94993132/index.html

JVNVU#97260486 Fortinet FortiWAN ロードバランサアプライアンスに複数の脆弱性
http://jvn.jp/vu/JVNVU97260486/index.html

辻伸弘の裏読みセキュリティ事件簿
なぜ情報が少ない!? 大学を狙った攻撃を調査
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/090200015/?ST=security?itp_list_theme

携帯キャリア各社、10月からスパム送信者の情報を相互提供
http://itpro.nikkeibp.co.jp/atcl/news/16/090702609/?ST=security?itp_list_theme

「セキュリティ意識が低いCEOはあり得ない」、AWSのベンチャー向けイベントで議論
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/090500624/?ST=security?itp_list_theme

辻伸弘の裏読みセキュリティ事件簿
被害タレントに専門家が指南 安全なパスワード管理法はこれだ!
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/042000013/?ST=security?itp_list_theme

仏ジェムアルト、自動車メーカーや製造業向けIoTセキュリティ製品戦略を発表
http://itpro.nikkeibp.co.jp/atcl/news/16/090602596/?ST=security?itp_list_theme

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)