+ RHSA-2016:2124 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2124.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ About the security content of iTunes 12.5.2 for Windows
https://support.apple.com/ja-jp/HT207274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7578
+ Windows 用 iCloud 6.0.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT207273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7578
+ About the security content of Xcode 8.1
https://support.apple.com/ja-jp/HT207268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6764
+ VMware Workstation 12 Player Version 12.5.1 released
http://pubs.vmware.com/Release_Notes/en/workstation/12player/player-1251-release-notes.html
+ UPDATE: Cisco Email and Web Security Appliance Malformed MIME Header Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
+ Linux kernel 4.8.5, 4.4.28 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.28
+ SA73290 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73290/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6797
+ GNU tar 1.29 Extract Pathname Bypass
https://cxsecurity.com/issue/WLB-2016100254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6321
サイバー攻撃された、さあどうしよう!?
最新サイバー攻撃の恐るべき手口
http://itpro.nikkeibp.co.jp/atcl/column/16/102500243/102500001/?ST=security&itp_list_theme
NSSOLの2017年3月期上期決算は減収増益、下期はITインフラ成長に期待
http://itpro.nikkeibp.co.jp/atcl/news/16/102803182/?ST=security&itp_list_theme
JVNVU#95366887 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU95366887/
2016年10月31日月曜日
2016年10月28日金曜日
28日 金曜日、赤口
+ PostgreSQL 9.6.1, 9.5.5, 9.4.10, 9.3.15, 9.2.19 and 9.1.24 Released!
https://www.postgresql.org/about/news/1712/
https://www.postgresql.org/docs/9.6/static/release-9-6-1.html
https://www.postgresql.org/docs/9.5/static/release-9-5-5.html
https://www.postgresql.org/docs/9.4/static/release-9-4-10.html
https://www.postgresql.org/docs/9.3/static/release-9-3-15.html
https://www.postgresql.org/docs/9.2/static/release-9-2-19.html
+ Dovecot 2.2.26 released
http://www.dovecot.org/list/dovecot-news/2016-October/000328.html
+ Apache OpenOffice 4.1.2 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Linux Kernel Vfio Driver CVE-2016-9084 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/93930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084
記者の眼
セキュリティの現場が報われないのは半分自分たちの責任
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/102500705/?ST=security&itp_list_theme
優良住宅ローンが顧客情報など3万7247人分を漏えいか、外部からの金銭要求も
http://itpro.nikkeibp.co.jp/atcl/news/16/102703141/?ST=security&itp_list_theme
JVN#63012325 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN63012325/
https://www.postgresql.org/about/news/1712/
https://www.postgresql.org/docs/9.6/static/release-9-6-1.html
https://www.postgresql.org/docs/9.5/static/release-9-5-5.html
https://www.postgresql.org/docs/9.4/static/release-9-4-10.html
https://www.postgresql.org/docs/9.3/static/release-9-3-15.html
https://www.postgresql.org/docs/9.2/static/release-9-2-19.html
+ Dovecot 2.2.26 released
http://www.dovecot.org/list/dovecot-news/2016-October/000328.html
+ Apache OpenOffice 4.1.2 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Linux Kernel Vfio Driver CVE-2016-9084 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/93930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084
記者の眼
セキュリティの現場が報われないのは半分自分たちの責任
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/102500705/?ST=security&itp_list_theme
優良住宅ローンが顧客情報など3万7247人分を漏えいか、外部からの金銭要求も
http://itpro.nikkeibp.co.jp/atcl/news/16/102703141/?ST=security&itp_list_theme
JVN#63012325 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN63012325/
2016年10月27日木曜日
27日 木曜日、大安
+ APSB16-36 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
+ CESA-2016:2105 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/704660/
+ CESA-2016:2098 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/704565/
+ UPDATE: Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
+ Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6451
+ Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6430
+ Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6429
+ Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6397
+ Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6454
+ Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6360
+ Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6372
+ Cisco Email and Web Security Appliance Malformed MIME Header Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1480
+ Cisco Email Security Appliance FTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6358
+ Cisco Email Security Appliance Drop Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6357
+ Cisco Email Security Appliance Quarantine Email Rendering Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1423
+ Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6356
+ Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1486
+ Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1481
+ Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ Cisco Identity Services Engine SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6453
+ FreeBSD-SA-16:32.bhyve bhyve - privilege escalation vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc
+ FreeBSD-SA-16:15.sysarch Incorrect argument validation in sysarch(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885
+ Linux kernel 3.4.113 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.113
+ Samba 4.5.1, 4.4.7 Available for Download
https://www.samba.org/samba/history/samba-4.5.1.html
https://www.samba.org/samba/history/samba-4.4.7.html
+ UPDATE: Oracle Critical Patch Update Advisory - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ VMSA-2016-0017 VMware product updates address multiple information disclosure issues
http://www.vmware.com/security/advisories/VMSA-2016-0017.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5329
+ JVNDB-2016-000211 7-Zip for Windows のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7804
+ Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
+ VMware Fusion Information Disclosure Bug Lets Local Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1037103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5329
+ VMware Tools on Mac OS X Virtual Machines Information Disclosure Bug Lets Local Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1037102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5328
+ FreeBSD bhyve Hypervisor Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1037098
Database .NET 19.8 released
https://www.postgresql.org/about/news/1709/
辻伸弘の裏読みセキュリティ事件簿
意外とできていない五つの基本 被害拡大を防ぐ効果は大きい
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/101700037/?ST=security&itp_list_theme
TISとシングテルが戦略提携、Trustwaveのセキュリティ監視サービスを日本で提供
http://itpro.nikkeibp.co.jp/atcl/news/16/102603128/?ST=security&itp_list_theme
JVNVU#97645703 TrackR Bravo に複数の脆弱性
http://jvn.jp/vu/JVNVU97645703/
JVNVU#99751633 Zizai Tech Nut に複数の脆弱性
http://jvn.jp/vu/JVNVU99751633/
JVNVU#99779077 iTrack Easy に複数の脆弱性
http://jvn.jp/vu/JVNVU99779077/
JVN#70739377 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN70739377/
JVN#85336306 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/jp/JVN85336306/
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
+ CESA-2016:2105 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/704660/
+ CESA-2016:2098 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/704565/
+ UPDATE: Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
+ Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6451
+ Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6430
+ Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6429
+ Cisco IP Interoperability and Collaboration System Universal Media Services Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6397
+ Cisco Hosted Collaboration Mediation Fulfillment Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6454
+ Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6360
+ Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6372
+ Cisco Email and Web Security Appliance Malformed MIME Header Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1480
+ Cisco Email Security Appliance FTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6358
+ Cisco Email Security Appliance Drop Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6357
+ Cisco Email Security Appliance Quarantine Email Rendering Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1423
+ Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6356
+ Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1486
+ Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1481
+ Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ Cisco Identity Services Engine SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6453
+ FreeBSD-SA-16:32.bhyve bhyve - privilege escalation vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc
+ FreeBSD-SA-16:15.sysarch Incorrect argument validation in sysarch(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:15.sysarch.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1885
+ Linux kernel 3.4.113 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.113
+ Samba 4.5.1, 4.4.7 Available for Download
https://www.samba.org/samba/history/samba-4.5.1.html
https://www.samba.org/samba/history/samba-4.4.7.html
+ UPDATE: Oracle Critical Patch Update Advisory - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ VMSA-2016-0017 VMware product updates address multiple information disclosure issues
http://www.vmware.com/security/advisories/VMSA-2016-0017.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5329
+ JVNDB-2016-000211 7-Zip for Windows のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000211.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7804
+ Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
+ VMware Fusion Information Disclosure Bug Lets Local Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1037103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5329
+ VMware Tools on Mac OS X Virtual Machines Information Disclosure Bug Lets Local Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1037102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5328
+ FreeBSD bhyve Hypervisor Lets Local Users on a Guest System Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1037098
Database .NET 19.8 released
https://www.postgresql.org/about/news/1709/
辻伸弘の裏読みセキュリティ事件簿
意外とできていない五つの基本 被害拡大を防ぐ効果は大きい
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/101700037/?ST=security&itp_list_theme
TISとシングテルが戦略提携、Trustwaveのセキュリティ監視サービスを日本で提供
http://itpro.nikkeibp.co.jp/atcl/news/16/102603128/?ST=security&itp_list_theme
JVNVU#97645703 TrackR Bravo に複数の脆弱性
http://jvn.jp/vu/JVNVU97645703/
JVNVU#99751633 Zizai Tech Nut に複数の脆弱性
http://jvn.jp/vu/JVNVU99751633/
JVNVU#99779077 iTrack Easy に複数の脆弱性
http://jvn.jp/vu/JVNVU99779077/
JVN#70739377 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN70739377/
JVN#85336306 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/jp/JVN85336306/
2016年10月26日水曜日
26日 水曜日、仏滅
+ RHSA-2016:2105 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-2105.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ About the security content of watchOS 3.1
https://support.apple.com/ja-jp/HT207269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
+ About the security content of tvOS 10.0.1
https://support.apple.com/ja-jp/HT207270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ About the security content of Safari 10.0.1
https://support.apple.com/ja-jp/HT207272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ About the security content of macOS Sierra 10.12.1
https://support.apple.com/ja-jp/HT207275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
+ About the security content of iOS 10.1
https://support.apple.com/ja-jp/HT207271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ UPDATE: Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
+ UPDATE: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player
+ JVNVU#90743185 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90743185/index.html
VU#974055 iTrack Easy contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/974055
VU#402847 Zizai Tech Nut contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/402847
VU#617567 TrackR Bravo contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/617567
辻伸弘の裏読みセキュリティ事件簿
JTBの不正アクセス事件に注目 攻撃者は3連休を狙った可能性
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/091400031/?ST=security&itp_list_theme
日本HPがセキュリティへの取り組みを説明、BIOS自動修復機能をアピール
http://itpro.nikkeibp.co.jp/atcl/news/16/102503111/?ST=security&itp_list_theme
iPhone 7のSuicaサービス開始の影響で、モバイルSuicaなどに障害が発生
http://itpro.nikkeibp.co.jp/atcl/news/16/102503104/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2016-2105.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ About the security content of watchOS 3.1
https://support.apple.com/ja-jp/HT207269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
+ About the security content of tvOS 10.0.1
https://support.apple.com/ja-jp/HT207270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ About the security content of Safari 10.0.1
https://support.apple.com/ja-jp/HT207272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ About the security content of macOS Sierra 10.12.1
https://support.apple.com/ja-jp/HT207275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
+ About the security content of iOS 10.1
https://support.apple.com/ja-jp/HT207271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7579
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4677
+ UPDATE: Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
+ UPDATE: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player
+ JVNVU#90743185 複数の Apple 製品の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90743185/index.html
VU#974055 iTrack Easy contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/974055
VU#402847 Zizai Tech Nut contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/402847
VU#617567 TrackR Bravo contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/617567
辻伸弘の裏読みセキュリティ事件簿
JTBの不正アクセス事件に注目 攻撃者は3連休を狙った可能性
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/091400031/?ST=security&itp_list_theme
日本HPがセキュリティへの取り組みを説明、BIOS自動修復機能をアピール
http://itpro.nikkeibp.co.jp/atcl/news/16/102503111/?ST=security&itp_list_theme
iPhone 7のSuicaサービス開始の影響で、モバイルSuicaなどに障害が発生
http://itpro.nikkeibp.co.jp/atcl/news/16/102503104/?ST=security&itp_list_theme
2016年10月25日火曜日
25日 火曜日、先負
+ RHSA-2016:2098 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-2098.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ CESA-2016:2094 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/704424/
+ CESA-2016:2093 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/704422/
+ CESA-2016:2093 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/704423/
+ Linux kernel 4.1.35, 3.18.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.35
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.44
+ JVNVU#91983575 Linux カーネルのメモリサブシステムに実装されている copy-on-write 機構に競合状態が発生する脆弱性
http://jvn.jp/vu/JVNVU91983575/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ OpenSSL SSL3_AL_WARNING Alert Processing Flaw Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1037084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
+ Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
https://cxsecurity.com/issue/WLB-2016100213
辻伸弘の裏読みセキュリティ事件簿
本当に危ない脆弱性はこれだ 評価手法を用いて影響度をチェック
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/091200017/?ST=security&itp_list_theme
日立、スマホで撮るだけで指静脈認証を可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/102403093/?ST=security&itp_list_theme
IPAがセキュリティ新資格の取得方法を発表、維持費は3年で15万円
http://itpro.nikkeibp.co.jp/atcl/news/16/102403087/?ST=security&itp_list_theme
米企業のシステム侵入でロシア人逮捕 LinkedInの大量データ流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/102403085/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2016-2098.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ CESA-2016:2094 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/704424/
+ CESA-2016:2093 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/704422/
+ CESA-2016:2093 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/704423/
+ Linux kernel 4.1.35, 3.18.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.35
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.44
+ JVNVU#91983575 Linux カーネルのメモリサブシステムに実装されている copy-on-write 機構に競合状態が発生する脆弱性
http://jvn.jp/vu/JVNVU91983575/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ OpenSSL SSL3_AL_WARNING Alert Processing Flaw Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1037084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610
+ Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
https://cxsecurity.com/issue/WLB-2016100213
辻伸弘の裏読みセキュリティ事件簿
本当に危ない脆弱性はこれだ 評価手法を用いて影響度をチェック
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/091200017/?ST=security&itp_list_theme
日立、スマホで撮るだけで指静脈認証を可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/102403093/?ST=security&itp_list_theme
IPAがセキュリティ新資格の取得方法を発表、維持費は3年で15万円
http://itpro.nikkeibp.co.jp/atcl/news/16/102403087/?ST=security&itp_list_theme
米企業のシステム侵入でロシア人逮捕 LinkedInの大量データ流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/102403085/?ST=security&itp_list_theme
2016年10月24日月曜日
24日 月曜日、友引
+ UPDATE: APSB16-33 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
+ UPDATE: Cisco WebEx Meetings Player Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-meetings-player
+ VU#243144 Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
https://www.kb.cert.org/vuls/id/243144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
+ Linux kernel 4.8.4, 4.7.10, 4.4.27, 3.16.38, 3.12.66, 3.10.104, 3.2.83 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.27
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.38
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.66
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.104
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.83
+ SA73071 Linux Kernel GRO Recursion Denial of Service Vulnerability
https://secunia.com/advisories/73071/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8666
+ Apache Struts 2.5.5 released
http://struts.apache.org/announce.html#a20161021
+ libpng 1.6.26 released
http://www.libpng.org/pub/png/src/libpng-1.6.26-README.txt
+ JVNVU#95603997 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU95603997/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ Linux Kernel Copy-on-Write Memory Management Race Condition Lets Local Users Obtain Elevated Privileges
http://www.securitytracker.com/id/1037078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195
Mozilla Firefox Use-After Free Memory Error in nsTArray_base::SwapArrayElements Lets Remote Users Execute Arbitrary Code and Web Cache Bug Lets Remote Users View Potentially Sensitive Information
http://www.securitytracker.com/id/1037077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5288
+ BIND DNS Packet Options Processing Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1037073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ TrendMicro InterScan Web Security Virtual Appliance Shellshock
https://cxsecurity.com/issue/WLB-2016100215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
+ Apple macOS 10.12/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
https://cxsecurity.com/issue/WLB-2016100213
辻伸弘の裏読みセキュリティ事件簿
恐怖をあおる新種ランサムウエア チャートを使って慌てず対応
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/090200016/?ST=security&itp_list_theme
DNSサービスの「Dyn」に大規模DDoS攻撃、Twitterなどが影響受けダウン
http://itpro.nikkeibp.co.jp/atcl/news/16/102203079/?ST=security&itp_list_theme
ITpro EXPO 2016速報
サイバー攻撃の避難訓練、中心にはCSIRT――日経コンピュータ副編集長が語る
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102100129/?ST=security&itp_list_theme
JVNVU#93774715 Synology 製の複数の NAS サーバに機器共通の認証情報が設定されている問題
http://jvn.jp/vu/JVNVU93774715/
JVNVU#99656851 Green Packet DX-350 に機器共通の認証情報が設定されている問題
http://jvn.jp/vu/JVNVU99656851/
JVNVU#91832696 Intellian Satellite TV および Satellite Communications に機器共通の認証情報が設定されている問題
http://jvn.jp/vu/JVNVU91832696/
JVNVU#97115817 NUUO Titan NVR NT-4040 に機器共通の認証情報が設定されている問題
http://jvn.jp/vu/JVNVU97115817/
2016年10月21日金曜日
21日 金曜日、大安
+ RHSA-2016:2094 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2016-2094.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ RHSA-2016:2093 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2093.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ Google Chorme 54.0.2840.71 released
https://googlechromereleases.blogspot.jp/2016/10/stable-channel-update-for-desktop_20.html
+ Mozilla Firefox 49.0.2 released
https://www.mozilla.org/en-US/firefox/49.0.2/releasenotes/
+ MFSA-2016-87 Security vulnerabilities fixed in Firefox 49.0.2
https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5288
+ CESA-2016:2079 Critical CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/704100/
+ CESA-2016:2079 Critical CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/704099/
+ Wireshark 2.2.1, 2.0.7, 1.12.13 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.7.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html
+ CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 and in packages derived from releases prior to that date.
https://kb.isc.org/article/AA-01433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ Linux kernel 4.8.3, 4.7.9, 4.4.26 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
+ SA73178 Linux Kernel Memory Management Subsystem Race Condition Privilege Escalation Vulnerability
https://secunia.com/advisories/73178/
+ JVNDB-2016-000210 WordPress 用プラグイン WP-OliveCart におけるSQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000210.html
+ JVNDB-2016-000209 WordPress 用プラグイン WP-OliveCart におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000209.html
+ JVNDB-2016-000208 WordPress 用プラグイン WP-OliveCart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000208.html
VU#404187 Synology NAS servers contain insecure default credentials
https://www.kb.cert.org/vuls/id/404187
VU#970379 Green Packet DX-350 contains insecure default credentials
https://www.kb.cert.org/vuls/id/970379
VU#200907 Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials
https://www.kb.cert.org/vuls/id/200907
VU#326395 Nuuo NT-4040 firmware contains insecure default credentials
https://www.kb.cert.org/vuls/id/326395
PostgresDAC 3.2.0 with PostgreSQL 9.6 and Android support is out
https://www.postgresql.org/about/news/1708/
ヤフーがサイバー防御演習「Hardening」、顧客・マスコミ対応力も競う
http://itpro.nikkeibp.co.jp/atcl/news/16/102003067/?ST=security&itp_list_theme
ITpro EXPO 2016速報
日本ネットワークセキュリティ協会、「消費者向けIoT機器は攻撃対象になりやすい」
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000119/?ST=security&itp_list_theme
ITpro EXPO 2016速報
トレンドマイクロが「一般オフィスと違う工場のセキュリティ対策」を紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000117/?ST=security&itp_list_theme
ITpro EXPO 2016速報
シーティーシー・エスピーが標的型対策ソリューションを展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000107/?ST=security&itp_list_theme
ジュニパー、ネットワークを境界ではなく“面”で守る「Software-Defined Secure Networks」(SDSN)を発表
http://itpro.nikkeibp.co.jp/atcl/news/16/102003060/?ST=security&itp_list_theme
ITpro EXPO 2016速報
Wi-Fi接続700超えのEXPO会場で不正Wi-Fiの強制遮断デモ、レンジャーシステムズ
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000083/?ST=security&itp_list_theme
ITpro EXPO 2016速報
制御システム向けセキュリティ対策製品、アルチザネットワークスが出展
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000079/?ST=security&itp_list_theme
JVN#14567604 WordPress 用プラグイン WP-OliveCart における複数の脆弱性
http://jvn.jp/jp/JVN14567604/
https://rhn.redhat.com/errata/RHSA-2016-2094.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ RHSA-2016:2093 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2093.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ Google Chorme 54.0.2840.71 released
https://googlechromereleases.blogspot.jp/2016/10/stable-channel-update-for-desktop_20.html
+ Mozilla Firefox 49.0.2 released
https://www.mozilla.org/en-US/firefox/49.0.2/releasenotes/
+ MFSA-2016-87 Security vulnerabilities fixed in Firefox 49.0.2
https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5288
+ CESA-2016:2079 Critical CentOS 7 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/704100/
+ CESA-2016:2079 Critical CentOS 6 java-1.8.0-openjdk Security Update
http://lwn.net/Alerts/704099/
+ Wireshark 2.2.1, 2.0.7, 1.12.13 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.7.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html
+ CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 and in packages derived from releases prior to that date.
https://kb.isc.org/article/AA-01433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848
+ Linux kernel 4.8.3, 4.7.9, 4.4.26 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.26
+ SA73178 Linux Kernel Memory Management Subsystem Race Condition Privilege Escalation Vulnerability
https://secunia.com/advisories/73178/
+ JVNDB-2016-000210 WordPress 用プラグイン WP-OliveCart におけるSQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000210.html
+ JVNDB-2016-000209 WordPress 用プラグイン WP-OliveCart におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000209.html
+ JVNDB-2016-000208 WordPress 用プラグイン WP-OliveCart におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000208.html
VU#404187 Synology NAS servers contain insecure default credentials
https://www.kb.cert.org/vuls/id/404187
VU#970379 Green Packet DX-350 contains insecure default credentials
https://www.kb.cert.org/vuls/id/970379
VU#200907 Intellian Satellite TV t-Series and v-Series firmware contains insecure default credentials
https://www.kb.cert.org/vuls/id/200907
VU#326395 Nuuo NT-4040 firmware contains insecure default credentials
https://www.kb.cert.org/vuls/id/326395
PostgresDAC 3.2.0 with PostgreSQL 9.6 and Android support is out
https://www.postgresql.org/about/news/1708/
ヤフーがサイバー防御演習「Hardening」、顧客・マスコミ対応力も競う
http://itpro.nikkeibp.co.jp/atcl/news/16/102003067/?ST=security&itp_list_theme
ITpro EXPO 2016速報
日本ネットワークセキュリティ協会、「消費者向けIoT機器は攻撃対象になりやすい」
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000119/?ST=security&itp_list_theme
ITpro EXPO 2016速報
トレンドマイクロが「一般オフィスと違う工場のセキュリティ対策」を紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000117/?ST=security&itp_list_theme
ITpro EXPO 2016速報
シーティーシー・エスピーが標的型対策ソリューションを展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000107/?ST=security&itp_list_theme
ジュニパー、ネットワークを境界ではなく“面”で守る「Software-Defined Secure Networks」(SDSN)を発表
http://itpro.nikkeibp.co.jp/atcl/news/16/102003060/?ST=security&itp_list_theme
ITpro EXPO 2016速報
Wi-Fi接続700超えのEXPO会場で不正Wi-Fiの強制遮断デモ、レンジャーシステムズ
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000083/?ST=security&itp_list_theme
ITpro EXPO 2016速報
制御システム向けセキュリティ対策製品、アルチザネットワークスが出展
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/102000079/?ST=security&itp_list_theme
JVN#14567604 WordPress 用プラグイン WP-OliveCart における複数の脆弱性
http://jvn.jp/jp/JVN14567604/
2016年10月20日木曜日
20日 木曜日、仏滅
+ RHSA-2016:2079 Critical: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-2079.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw
+ Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6439
+ Cisco Meeting Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6446
+ Cisco Meeting Server Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6444
+ Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6431
+ UPDATE: Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
+ Linux kernel 3.12.65 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.65
+ SA73204 OpenSSH "kex_input_kexinit()" Denial of Service Vulnerability
https://secunia.com/advisories/73204/
+ OpenSSH Key Exchange Initialization Bug in kex_input_kexinit() Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1037057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858
+ Windows x86 afd.sys Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1249
JVNDB-2016-000206 Evernote for Windows のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000206.html
JVNDB-2016-000207 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000207.html
ITpro EXPO 2016速報
バラクーダ、主要クラウドに対応した次世代ファイアウオールやWAFを紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900072/?ST=security&itp_list_theme
ITpro EXPO 2016速報
カスペルスキー、25問で脆弱性・ウイルス対策を評価する「セキュリティ診断」を実施
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900062/?ST=security&itp_list_theme
ITpro EXPO 2016速報
OSSを使ったアプリの脆弱性を検査、ブラック・ダック・ソフトウェアが展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900052/?ST=security&itp_list_theme
ITpro EXPO 2016速報
SCSKが六つの最新セキュリティサービスを紹介、社員の勝手なクラウドアプリ使用を監視・制御など
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900051/?ST=security&itp_list_theme
ITpro EXPO 2016速報
ジランソフト、ふるまい検知型のランサムウエア対策ソフトを参考出品
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900043/?ST=security&itp_list_theme
ITpro EXPO 2016速報
NTTネオメイト、サイバー攻撃防ぐ多様なクラウドサービスを紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900041/?ST=security&itp_list_theme
ITpro EXPO 2016速報
インフォコムがSSOとアクセス管理のクラウドサービスを展示、4500超のサービスに対応
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900040/?ST=security&itp_list_theme
ITpro EXPO 2016速報
標的型攻撃のタイプを見極めて対策を──日経NETWORK 齊藤副編集長が講演
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900039/?ST=security&itp_list_theme
ITpro EXPO 2016速報
NISC副センター長とJC3理事が討論、「セキュリティは経営課題、現場と経営層で情報共有を」
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900035/?ST=security&itp_list_theme
ITpro EXPO 2016速報
Skyがクライアント管理ソフトの新機能を紹介、プロンプトのコマンド操作まで記録
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900033/?ST=security&itp_list_theme
ITpro EXPO 2016速報
ソフォスがランサムウエアを含むマルウエア対策製品を展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900026/?ST=security&itp_list_theme
ITpro EXPO 2016速報
PCカメラだけで簡単に顔認証しPCセキュリティ強化、ジャパンシステム
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900015/?ST=security&itp_list_theme
ITpro EXPO 2016速報
創朋がHDD破壊装置を出展、磁気・油圧・V字折りで完全破壊
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900013/?ST=security&itp_list_theme
CSC、クラウド連動型WAFに1000万円のサイバー保険を自動付帯
http://itpro.nikkeibp.co.jp/atcl/news/16/101803035/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2016-2079.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco ASA Software Identity Firewall Feature Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-idfw
+ Cisco Firepower Detection Engine HTTP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-fpsnort
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6439
+ Cisco Meeting Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6446
+ Cisco Meeting Server Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-cms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6444
+ Cisco ASA Software Local Certificate Authority Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161019-asa-ca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6431
+ UPDATE: Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
+ Linux kernel 3.12.65 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.65
+ SA73204 OpenSSH "kex_input_kexinit()" Denial of Service Vulnerability
https://secunia.com/advisories/73204/
+ OpenSSH Key Exchange Initialization Bug in kex_input_kexinit() Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1037057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858
+ Windows x86 afd.sys Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1249
JVNDB-2016-000206 Evernote for Windows のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000206.html
JVNDB-2016-000207 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000207.html
ITpro EXPO 2016速報
バラクーダ、主要クラウドに対応した次世代ファイアウオールやWAFを紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900072/?ST=security&itp_list_theme
ITpro EXPO 2016速報
カスペルスキー、25問で脆弱性・ウイルス対策を評価する「セキュリティ診断」を実施
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900062/?ST=security&itp_list_theme
ITpro EXPO 2016速報
OSSを使ったアプリの脆弱性を検査、ブラック・ダック・ソフトウェアが展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900052/?ST=security&itp_list_theme
ITpro EXPO 2016速報
SCSKが六つの最新セキュリティサービスを紹介、社員の勝手なクラウドアプリ使用を監視・制御など
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900051/?ST=security&itp_list_theme
ITpro EXPO 2016速報
ジランソフト、ふるまい検知型のランサムウエア対策ソフトを参考出品
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900043/?ST=security&itp_list_theme
ITpro EXPO 2016速報
NTTネオメイト、サイバー攻撃防ぐ多様なクラウドサービスを紹介
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900041/?ST=security&itp_list_theme
ITpro EXPO 2016速報
インフォコムがSSOとアクセス管理のクラウドサービスを展示、4500超のサービスに対応
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900040/?ST=security&itp_list_theme
ITpro EXPO 2016速報
標的型攻撃のタイプを見極めて対策を──日経NETWORK 齊藤副編集長が講演
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900039/?ST=security&itp_list_theme
ITpro EXPO 2016速報
NISC副センター長とJC3理事が討論、「セキュリティは経営課題、現場と経営層で情報共有を」
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900035/?ST=security&itp_list_theme
ITpro EXPO 2016速報
Skyがクライアント管理ソフトの新機能を紹介、プロンプトのコマンド操作まで記録
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900033/?ST=security&itp_list_theme
ITpro EXPO 2016速報
ソフォスがランサムウエアを含むマルウエア対策製品を展示
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900026/?ST=security&itp_list_theme
ITpro EXPO 2016速報
PCカメラだけで簡単に顔認証しPCセキュリティ強化、ジャパンシステム
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900015/?ST=security&itp_list_theme
ITpro EXPO 2016速報
創朋がHDD破壊装置を出展、磁気・油圧・V字折りで完全破壊
http://itpro.nikkeibp.co.jp/atcl/news/16/101803031/101900013/?ST=security&itp_list_theme
CSC、クラウド連動型WAFに1000万円のサイバー保険を自動付帯
http://itpro.nikkeibp.co.jp/atcl/news/16/101803035/?ST=security&itp_list_theme
2016年10月19日水曜日
19日 水曜日、先負
+ Selenium Standalone Server 3.0.1 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.0.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ About the security content of iOS 10.0.3
https://support.apple.com/ja-jp/HT207263
+ Oracle Critical Patch Update Advisory - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ SA72160 Ghostscript Multiple Vulnerabilities
https://secunia.com/advisories/72160/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ S2-042 Possible path traversal in the Convention plugin
http://struts.apache.org/docs/s2-042.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6795
+ S2-043 Using the Config Browser plugin in production
http://struts.apache.org/docs/s2-043.html
+ Apache Struts 2.3.31 released
http://struts.apache.org/docs/version-notes-2331.html
+ Java SE 8u111 and 8u112 Released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
+ PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037033
+ PHP 5.6.26 and 7.0.11 Use After Free in unserialize()
https://cxsecurity.com/issue/WLB-2016100148
恐怖!IoTマルウエア大量感染
国内外研究機関と連携しIoT機器観測網を拡大、おとりにネットワークカメラも採用
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200003/?ST=security&itp_list_theme
シスコが企業の安全なクラウド利用に向けた三つのセキュリティサービスを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/101803036/?ST=security&itp_list_theme
JVN#63012325 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN63012325/index.html
JVNVU#96741452 ASUS RP-AC52 に複数の脆弱性
http://jvn.jp/vu/JVNVU96741452/index.html
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.0.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ About the security content of iOS 10.0.3
https://support.apple.com/ja-jp/HT207263
+ Oracle Critical Patch Update Advisory - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ SA72160 Ghostscript Multiple Vulnerabilities
https://secunia.com/advisories/72160/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ S2-042 Possible path traversal in the Convention plugin
http://struts.apache.org/docs/s2-042.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6795
+ S2-043 Using the Config Browser plugin in production
http://struts.apache.org/docs/s2-043.html
+ Apache Struts 2.3.31 released
http://struts.apache.org/docs/version-notes-2331.html
+ Java SE 8u111 and 8u112 Released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
+ PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037033
+ PHP 5.6.26 and 7.0.11 Use After Free in unserialize()
https://cxsecurity.com/issue/WLB-2016100148
恐怖!IoTマルウエア大量感染
国内外研究機関と連携しIoT機器観測網を拡大、おとりにネットワークカメラも採用
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200003/?ST=security&itp_list_theme
シスコが企業の安全なクラウド利用に向けた三つのセキュリティサービスを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/101803036/?ST=security&itp_list_theme
JVN#63012325 e-Taxソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN63012325/index.html
JVNVU#96741452 ASUS RP-AC52 に複数の脆弱性
http://jvn.jp/vu/JVNVU96741452/index.html
2016年10月18日火曜日
18日 火曜日、友引
+ Apache Tomcat 6.0.47 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
VU#763843 ASUS RP-AC52 contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/763843
恐怖!IoTマルウエア大量感染
感染IoT機器は60種類以上、ビデオレコーダーの感染が多数
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200002/?ST=security&itp_list_theme
IIJ、なりすましメール防ぐ「DMARC」の普及遅れに警鐘
http://itpro.nikkeibp.co.jp/atcl/news/16/101703021/?ST=security&itp_list_theme
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
VU#763843 ASUS RP-AC52 contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/763843
恐怖!IoTマルウエア大量感染
感染IoT機器は60種類以上、ビデオレコーダーの感染が多数
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200002/?ST=security&itp_list_theme
IIJ、なりすましメール防ぐ「DMARC」の普及遅れに警鐘
http://itpro.nikkeibp.co.jp/atcl/news/16/101703021/?ST=security&itp_list_theme
2016年10月17日月曜日
17日 月曜日、先勝
+ Collabtive 3.0 released
http://collabtive.o-dyn.de/
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.8.2, 4.7.8, 4.4.25 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.25
+ SA73117 MySQL OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/73117/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
+ SA73030 Apache Struts Convention Plugin Security Bypass Vulnerability
https://secunia.com/advisories/73030/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6795
+ PHP 5.6.27 Released
http://php.net/archive/2016.php#id2016-10-14-1
+ Apache OpenOffice DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Apache OpenOffice Unquoted Search Path on Windows Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6803
+ Microsoft SQL Server Unquoted Service Path Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100140
+ PHP 'password_verify()' Function Out-of-Bounds Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/93578
+ PHP 'unserialize()' Function Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/93577
+ Linux Kernel CVE-2016-8666 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8666
+ Linux Kernel CVE-2016-7042 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/93544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
ハニーポットでIoT機器への攻撃を観測、最大の感染理由はTelnetサービスの稼働
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200001/?ST=security&itp_list_theme
インタビュー&トーク
ランサムウエア被害の広がりでデータだけでなくシステムバックアップの意識も高まる
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/101600285/?ST=security&itp_list_theme
Infoblox、専任担当を置いて金融機関のDNSセキュリティ市場に注力
http://itpro.nikkeibp.co.jp/atcl/news/16/101402998/?ST=security&itp_list_theme
Cylance Japan、機械学習型マルウエア対策が日本にリサーチ部隊を組織
http://itpro.nikkeibp.co.jp/atcl/news/16/101402996/?ST=security&itp_list_theme
VerizonによるYahoo!買収計画が見直しか、大量データ流出の影響で
http://itpro.nikkeibp.co.jp/atcl/news/16/101402992/?ST=security&itp_list_theme
UPDATE: JVN#70739377 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN70739377/
UPDATE: JVN#85336306 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/jp/JVN85336306/
http://collabtive.o-dyn.de/
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.8.2, 4.7.8, 4.4.25 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.25
+ SA73117 MySQL OpenSSL Multiple Vulnerabilities
https://secunia.com/advisories/73117/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
+ SA73030 Apache Struts Convention Plugin Security Bypass Vulnerability
https://secunia.com/advisories/73030/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6795
+ PHP 5.6.27 Released
http://php.net/archive/2016.php#id2016-10-14-1
+ Apache OpenOffice DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Apache OpenOffice Unquoted Search Path on Windows Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6803
+ Microsoft SQL Server Unquoted Service Path Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100140
+ PHP 'password_verify()' Function Out-of-Bounds Read Denial of Service Vulnerability
http://www.securityfocus.com/bid/93578
+ PHP 'unserialize()' Function Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/93577
+ Linux Kernel CVE-2016-8666 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8666
+ Linux Kernel CVE-2016-7042 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/93544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
ハニーポットでIoT機器への攻撃を観測、最大の感染理由はTelnetサービスの稼働
http://itpro.nikkeibp.co.jp/atcl/column/16/101200222/101200001/?ST=security&itp_list_theme
インタビュー&トーク
ランサムウエア被害の広がりでデータだけでなくシステムバックアップの意識も高まる
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/101600285/?ST=security&itp_list_theme
Infoblox、専任担当を置いて金融機関のDNSセキュリティ市場に注力
http://itpro.nikkeibp.co.jp/atcl/news/16/101402998/?ST=security&itp_list_theme
Cylance Japan、機械学習型マルウエア対策が日本にリサーチ部隊を組織
http://itpro.nikkeibp.co.jp/atcl/news/16/101402996/?ST=security&itp_list_theme
VerizonによるYahoo!買収計画が見直しか、大量データ流出の影響で
http://itpro.nikkeibp.co.jp/atcl/news/16/101402992/?ST=security&itp_list_theme
UPDATE: JVN#70739377 複数製品で使用されている International Components for Unicode (ICU) にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN70739377/
UPDATE: JVN#85336306 複数製品で使用されている International Components for Unicode (ICU) に解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/jp/JVN85336306/
2016年10月14日金曜日
14日 金曜日、仏滅
+ Selenium Standalone Server 3.0.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.0.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ Google Chrome 54.0.2840.59 released
https://googlechromereleases.blogspot.jp/2016/10/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5194
+ ISC DHCP 4.3.5, 4.1-ESV-R14 released
https://kb.isc.org/article/AA-01430/82/DHCP-4.3.5-Release-Notes.html
https://kb.isc.org/article/AA-01431/82/DHCP-4.1-ESV-R14-Release-Notes.html
+ sudo 1.8.18p1 released
https://www.sudo.ws/stable.html#1.8.18p1
+ Oracle Critical Patch Update Pre-Release Announcement - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ PHP 7.0.12 Released
http://www.php.net/ChangeLog-7.php#7.0.12
+ UPDATE: JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/vu/JVNVU707943/
+ Subversion 1.6.6 / 1.6.12 Code Execution
https://cxsecurity.com/issue/WLB-2016100123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088
+ Linux Kernel CVE-2016-7042 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/93544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
JVNDB-2007-000226 BASP21 におけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000226.html
データは語る
国内ITサービス市場、低空飛行での成長続く
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/101300012/?ST=security&itp_list_theme
日本IBMがセキュリティ5社と「エコシステム」立ち上げ、SIEM拡販狙う
http://itpro.nikkeibp.co.jp/atcl/news/16/101302980/?ST=security&itp_list_theme
マウス、Windows Hello対応の顔認証カメラと指紋認証リーダー
http://itpro.nikkeibp.co.jp/atcl/news/16/100602917/?ST=security&itp_list_theme
NSA契約社員、機密情報窃盗の疑いで逮捕 ハッキングツール流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/100602915/?ST=security&itp_list_theme
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.0.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ Google Chrome 54.0.2840.59 released
https://googlechromereleases.blogspot.jp/2016/10/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5194
+ ISC DHCP 4.3.5, 4.1-ESV-R14 released
https://kb.isc.org/article/AA-01430/82/DHCP-4.3.5-Release-Notes.html
https://kb.isc.org/article/AA-01431/82/DHCP-4.1-ESV-R14-Release-Notes.html
+ sudo 1.8.18p1 released
https://www.sudo.ws/stable.html#1.8.18p1
+ Oracle Critical Patch Update Pre-Release Announcement - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
+ PHP 7.0.12 Released
http://www.php.net/ChangeLog-7.php#7.0.12
+ UPDATE: JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/vu/JVNVU707943/
+ Subversion 1.6.6 / 1.6.12 Code Execution
https://cxsecurity.com/issue/WLB-2016100123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088
+ Linux Kernel CVE-2016-7042 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/93544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
JVNDB-2007-000226 BASP21 におけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000226.html
データは語る
国内ITサービス市場、低空飛行での成長続く
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/101300012/?ST=security&itp_list_theme
日本IBMがセキュリティ5社と「エコシステム」立ち上げ、SIEM拡販狙う
http://itpro.nikkeibp.co.jp/atcl/news/16/101302980/?ST=security&itp_list_theme
マウス、Windows Hello対応の顔認証カメラと指紋認証リーダー
http://itpro.nikkeibp.co.jp/atcl/news/16/100602917/?ST=security&itp_list_theme
NSA契約社員、機密情報窃盗の疑いで逮捕 ハッキングツール流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/100602915/?ST=security&itp_list_theme
2016年10月13日木曜日
13日 木曜日、先負
+ Apache OpenOffice 4.1.3 is released!
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.3+Release+Notes
+ CESA-2016:2047 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/703299/
+ CESA-2016:2046 Important CentOS 7 tomcat Security Update
http://lwn.net/Alerts/703300/
+ CESA-2016:2045 Important CentOS 6 tomcat6 Security Update
http://lwn.net/Alerts/703301/
+ Memory Corruption Vulnerability (Impress Presentations)
http://www.openoffice.org/security/cves/CVE-2016-1513.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1513
+ Windows Installer Can Enable Privileged Trojan Execution
http://www.openoffice.org/security/cves/CVE-2016-6803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6803
+ Windows Installer Execution of Arbitrary Code with Elevated Privileges
http://www.openoffice.org/security/cves/CVE-2016-6804.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6437
+ Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6440
+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6443
+ Cisco Meeting Server Client Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6445
+ Cisco Finesse Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6442
+ Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6438
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.1.34, 3.18.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.34
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.43
+ MySQL 5.7.16, 5.6.34, 5.5.53 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
+ Linux kernel 4.7.7/4.8.1 broadcom Wifi Driver brcmf_cfg80211_start_ap Buffer Overflow
https://cxsecurity.com/issue/WLB-2016100108
+ OpenSSL 1.1.0b double-free and invalid free vulnerabilities in X509 parsing
https://cxsecurity.com/issue/WLB-2016100106
+ Apache Tomcat JK ISAPI Connector 1.2.41 Buffer Overflow
https://cxsecurity.com/issue/WLB-2016100102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6808
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
ALSI、クラウド型セキュリティゲートウエイを発表、4つの対策を多層的に構成
http://itpro.nikkeibp.co.jp/atcl/news/16/101202974/?ST=security&itp_list_theme
シマンテック、個人向けウイルス対策ソフトの新版で非シグネチャー機能を強化
http://itpro.nikkeibp.co.jp/atcl/news/16/101202956/?ST=security&itp_list_theme
JVNVU#95749024 MatrixSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95749024/
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.3+Release+Notes
+ CESA-2016:2047 Important CentOS 7 kernel Security Update
http://lwn.net/Alerts/703299/
+ CESA-2016:2046 Important CentOS 7 tomcat Security Update
http://lwn.net/Alerts/703300/
+ CESA-2016:2045 Important CentOS 6 tomcat6 Security Update
http://lwn.net/Alerts/703301/
+ Memory Corruption Vulnerability (Impress Presentations)
http://www.openoffice.org/security/cves/CVE-2016-1513.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1513
+ Windows Installer Can Enable Privileged Trojan Execution
http://www.openoffice.org/security/cves/CVE-2016-6803.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6803
+ Windows Installer Execution of Arbitrary Code with Elevated Privileges
http://www.openoffice.org/security/cves/CVE-2016-6804.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6804
+ Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-waas
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6437
+ Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6440
+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6443
+ Cisco Meeting Server Client Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-msc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6445
+ Cisco Finesse Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-fin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6442
+ Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-cbr-8
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6438
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.1.34, 3.18.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.34
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.43
+ MySQL 5.7.16, 5.6.34, 5.5.53 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-16.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-34.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
+ Linux kernel 4.7.7/4.8.1 broadcom Wifi Driver brcmf_cfg80211_start_ap Buffer Overflow
https://cxsecurity.com/issue/WLB-2016100108
+ OpenSSL 1.1.0b double-free and invalid free vulnerabilities in X509 parsing
https://cxsecurity.com/issue/WLB-2016100106
+ Apache Tomcat JK ISAPI Connector 1.2.41 Buffer Overflow
https://cxsecurity.com/issue/WLB-2016100102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6808
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
ALSI、クラウド型セキュリティゲートウエイを発表、4つの対策を多層的に構成
http://itpro.nikkeibp.co.jp/atcl/news/16/101202974/?ST=security&itp_list_theme
シマンテック、個人向けウイルス対策ソフトの新版で非シグネチャー機能を強化
http://itpro.nikkeibp.co.jp/atcl/news/16/101202956/?ST=security&itp_list_theme
JVNVU#95749024 MatrixSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95749024/
2016年10月12日水曜日
12日 水曜日、友引
+ 2016 年 10 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-oct
+ MS16-118 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3192887)
https://technet.microsoft.com/library/security/MS16-118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3298
+ MS16-119 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3192890)
https://technet.microsoft.com/library/security/MS16-119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3392
+ MS16-120 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3192884)
https://technet.microsoft.com/library/security/MS16-120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3270
+ MS16-121 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3194063)
https://technet.microsoft.com/library/security/MS16-121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7193
+ MS16-122 - 緊急 Microsoft ビデオ コントロール用のセキュリティ更新プログラム (3195360)
https://technet.microsoft.com/library/security/MS16-122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0142
+ MS16-123- 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3192892)
https://technet.microsoft.com/library/security/MS16-123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7191
+ MS16-124 - 重要 Windows レジストリ用のセキュリティ更新プログラム (3193227)
https://technet.microsoft.com/library/security/MS16-124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0079
+ MS16-125 - 重要 診断ハブ用のセキュリティ更新プログラム (3193229)
https://technet.microsoft.com/library/security/MS16-125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7188
+ MS16-126 - 警告 Microsoft Internet Messaging API 用のセキュリティ更新プログラム (3196067)
https://technet.microsoft.com/library/security/MS16-126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3298
+ MS16-127 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3194343)
https://technet.microsoft.com/library/security/MS16-127
+ UPDATE: MS16-101 - 重要 Windows 認証方式用のセキュリティ更新プログラム (3178465)
https://technet.microsoft.com/ja-jp/library/security/ms16-101
+ APSB16-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6992
+ APSB16-33 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7019
+ APSB16-34 Security update available for the Creative Cloud Desktop Application
https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6935
+ SA72212 Linux Kernel GRO Recursion Denial of Service Vulnerabilities
https://secunia.com/advisories/72212/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ Apache Tomcat 8.5.6, 8.0.38 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.6_(markt)
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.38_(markt)
+ Apache Tomcat Weak Configuration File Permissions on Red Hat-based Systems Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1036979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
+ Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
https://cxsecurity.com/issue/WLB-2016100099
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
VU#396440 MatrixSSL contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/396440
ニュース解説
アララのブロックチェーン報告書から、RDBMSと比べた利点・欠点を読み解く
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/101100657/?ST=security&itp_list_theme
NECフィールディング、インシデント発生時に現地に出向いて調査するサービスを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/101102943/?ST=security&itp_list_theme
木村岳史の極言暴論!
「セキュリティが最重要」って騒ぎすぎ、そんなわけないでしょ!
http://itpro.nikkeibp.co.jp/atcl/column/14/463805/100600108/?ST=security&itp_list_theme
JVNVU#91754464 iOS 版「U by BB&T」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU91754464/
UPDATE: JVN#39619137 FlashAir におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN39619137/index.html
https://technet.microsoft.com/ja-jp/library/security/ms16-oct
+ MS16-118 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3192887)
https://technet.microsoft.com/library/security/MS16-118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3298
+ MS16-119 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3192890)
https://technet.microsoft.com/library/security/MS16-119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3392
+ MS16-120 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3192884)
https://technet.microsoft.com/library/security/MS16-120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3270
+ MS16-121 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3194063)
https://technet.microsoft.com/library/security/MS16-121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7193
+ MS16-122 - 緊急 Microsoft ビデオ コントロール用のセキュリティ更新プログラム (3195360)
https://technet.microsoft.com/library/security/MS16-122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0142
+ MS16-123- 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3192892)
https://technet.microsoft.com/library/security/MS16-123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7191
+ MS16-124 - 重要 Windows レジストリ用のセキュリティ更新プログラム (3193227)
https://technet.microsoft.com/library/security/MS16-124
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0079
+ MS16-125 - 重要 診断ハブ用のセキュリティ更新プログラム (3193229)
https://technet.microsoft.com/library/security/MS16-125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7188
+ MS16-126 - 警告 Microsoft Internet Messaging API 用のセキュリティ更新プログラム (3196067)
https://technet.microsoft.com/library/security/MS16-126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3298
+ MS16-127 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3194343)
https://technet.microsoft.com/library/security/MS16-127
+ UPDATE: MS16-101 - 重要 Windows 認証方式用のセキュリティ更新プログラム (3178465)
https://technet.microsoft.com/ja-jp/library/security/ms16-101
+ APSB16-32 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-32.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6992
+ APSB16-33 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6967
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6968
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6971
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6975
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7019
+ APSB16-34 Security update available for the Creative Cloud Desktop Application
https://helpx.adobe.com/security/products/creative-cloud/apsb16-34.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6935
+ SA72212 Linux Kernel GRO Recursion Denial of Service Vulnerabilities
https://secunia.com/advisories/72212/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ Apache Tomcat 8.5.6, 8.0.38 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.6_(markt)
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.38_(markt)
+ Apache Tomcat Weak Configuration File Permissions on Red Hat-based Systems Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1036979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
+ Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
https://cxsecurity.com/issue/WLB-2016100099
+ Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/93476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
VU#396440 MatrixSSL contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/396440
ニュース解説
アララのブロックチェーン報告書から、RDBMSと比べた利点・欠点を読み解く
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/101100657/?ST=security&itp_list_theme
NECフィールディング、インシデント発生時に現地に出向いて調査するサービスを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/101102943/?ST=security&itp_list_theme
木村岳史の極言暴論!
「セキュリティが最重要」って騒ぎすぎ、そんなわけないでしょ!
http://itpro.nikkeibp.co.jp/atcl/column/14/463805/100600108/?ST=security&itp_list_theme
JVNVU#91754464 iOS 版「U by BB&T」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU91754464/
UPDATE: JVN#39619137 FlashAir におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN39619137/index.html
2016年10月11日火曜日
11日 火曜日、先勝
+ RHSA-2016:2045 Important: tomcat6 security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ RHSA-2016:2047 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-2047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ RHSA-2016:2046 Important: tomcat security update
https://rhn.redhat.com/errata/RHSA-2016-2046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ CESA-2016:2006 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/702606/
+ squid 3.5.22 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22-RELEASENOTES.html
+ Wireshark 2.2.1, 2.0.7, 1.12.13 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.7.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6427
+ Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6426
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6425
+ Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1453
+ Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0721
+ Cisco Nexus 9000 Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1455
+ Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6428
+ Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6423
+ Cisco Firepower Management Center Console Local File Inclusion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6435
+ Cisco Firepower Management Center Console Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6434
+ Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6433
+ Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6393
+ Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6392
+ Cisco Host Scan Package Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6436
+ Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6422
+ Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1454
+ Cisco ASA Software DHCP Relay Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6424
+ UPDATE: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
+ Linux kernel 4.8.1, 4.7.7, 4.4.24 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.24
+ Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/72873/
+ VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Log4j 2.7 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.7
+ FreeBSD libarchive Symlink/Hardlink Processing Bug Lets Local Users Overwrite Files or Modify Directory Permissions to Gain Elevated Privileges
http://www.securitytracker.com/id/1036978
+ FreeBSD bspatch Buffer Overflow in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036977
+ FreeBSD portsnap File Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036976
+ Symantec Web Gateway Bug Lets Remote Authenticated Users Modify the Whitelist Configuration
http://www.securitytracker.com/id/1036973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5313
+ VMware Horizon View Connection Server Lets Remote Users Traverse the Directory to View Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1036972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Google Chrome Use-After-Free Memory Error and Other Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5178
+ Apache Tomcat JK ISAPI Connector Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6808
+ Wireshark Bluetooth L2CAP and NCP Dissector Bugs Let Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036944
+ Apache Tomcat 8 / 7 / 6 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
+ Linux Kernel net unbounded recursion in the vlan GRO processing
https://cxsecurity.com/issue/WLB-2016100096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
+ BIND 9 DNS Server Denial Of Service
https://cxsecurity.com/issue/WLB-2016100037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
repmgr 3.2 released
https://www.postgresql.org/about/news/1707/
pglogical 1.2 Now Available
https://www.postgresql.org/about/news/1706/
JVNDB-2016-000202 Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000202.html
JVNDB-2016-000201 SetucoCMS におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000201.html
JVNDB-2016-000200 SetucoCMS におけるコードインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000200.html
JVNDB-2016-000199 SetucoCMS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000199.html
JVNDB-2016-000198 SetucoCMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000198.html
JVNDB-2016-000197 SetucoCMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000197.html
JVNDB-2016-000196 SetucoCMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000196.html
JVNDB-2016-000195 Cryptography API: Next Generation (CNG) におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000195.html
木村岳史の極言暴論!
「セキュリティが最重要」って騒ぎすぎ、そんなわけないでしょ!
http://itpro.nikkeibp.co.jp/atcl/column/14/463805/100600108/?ST=security?itp_list_theme
マウス、Windows Hello対応の顔認証カメラと指紋認証リーダー
http://itpro.nikkeibp.co.jp/atcl/news/16/100602917/?ST=security?itp_list_theme
元NSA契約社員、機密情報窃盗の疑いで逮捕 ハッキングツール流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/100602915/?ST=security?itp_list_theme
米Yahoo!がメール利用者の全受信メッセージを監視か、「違憲」と非難の声
http://itpro.nikkeibp.co.jp/atcl/news/16/100502898/?ST=security?itp_list_theme
https://rhn.redhat.com/errata/RHSA-2016-2045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ RHSA-2016:2047 Important: kernel security update
https://rhn.redhat.com/errata/RHSA-2016-2047.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ RHSA-2016:2046 Important: tomcat security update
https://rhn.redhat.com/errata/RHSA-2016-2046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6325
+ CESA-2016:2006 Important CentOS 6 kernel Security Update
http://lwn.net/Alerts/702606/
+ squid 3.5.22 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.22-RELEASENOTES.html
+ Wireshark 2.2.1, 2.0.7, 1.12.13 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.7.html
https://www.wireshark.org/docs/relnotes/wireshark-1.12.13.html
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco IOS and IOS XE Software Crafted Network Time Protocol Packets Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6427
+ Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6426
+ Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6425
+ Cisco Nexus 7000 and 7700 Series Switches Overlay Transport Virtualization Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-otv
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1453
+ Cisco NX-OS Software-Based Products Authentication, Authorization, and Accounting Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-nxaaa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0721
+ Cisco Nexus 9000 Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-n9kinfo
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1455
+ Cisco IOS XR Software Command-Line Interface Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6428
+ Cisco IOS and IOS XE IKEv2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ios-ikev
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6423
+ Cisco Firepower Management Center Console Local File Inclusion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6435
+ Cisco Firepower Management Center Console Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6434
+ Cisco Firepower Threat Management Console Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ftmc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6433
+ Cisco NX-OS Software Malformed DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6393
+ Cisco NX-OS Software Crafted DHCPv4 Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-dhcp1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6392
+ Cisco Host Scan Package Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-chs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6436
+ Cisco IOS Software for Cisco Catalyst 6500 Series Switches and 7600 Series Routers ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-catalyst
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6422
+ Cisco NX-OS Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-bgp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1454
+ Cisco ASA Software DHCP Relay Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-asa-dhcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6424
+ UPDATE: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
+ Linux kernel 4.8.1, 4.7.7, 4.4.24 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.24
+ Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/72873/
+ VMSA-2016-0015 VMware Horizon View updates address directory traversal vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Log4j 2.7 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.7
+ FreeBSD libarchive Symlink/Hardlink Processing Bug Lets Local Users Overwrite Files or Modify Directory Permissions to Gain Elevated Privileges
http://www.securitytracker.com/id/1036978
+ FreeBSD bspatch Buffer Overflow in Processing Files Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036977
+ FreeBSD portsnap File Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1036976
+ Symantec Web Gateway Bug Lets Remote Authenticated Users Modify the Whitelist Configuration
http://www.securitytracker.com/id/1036973
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5313
+ VMware Horizon View Connection Server Lets Remote Users Traverse the Directory to View Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1036972
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7087
+ Google Chrome Use-After-Free Memory Error and Other Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5178
+ Apache Tomcat JK ISAPI Connector Buffer Overflow May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1036969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6808
+ Wireshark Bluetooth L2CAP and NCP Dissector Bugs Let Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1036944
+ Apache Tomcat 8 / 7 / 6 Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5425
+ Linux Kernel net unbounded recursion in the vlan GRO processing
https://cxsecurity.com/issue/WLB-2016100096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7039
+ Linux Kernel 3.13.1 Recvmmsg Privilege Escalation
https://cxsecurity.com/issue/WLB-2016100094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0038
+ BIND 9 DNS Server Denial Of Service
https://cxsecurity.com/issue/WLB-2016100037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
repmgr 3.2 released
https://www.postgresql.org/about/news/1707/
pglogical 1.2 Now Available
https://www.postgresql.org/about/news/1706/
JVNDB-2016-000202 Usermin におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000202.html
JVNDB-2016-000201 SetucoCMS におけるセッション管理不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000201.html
JVNDB-2016-000200 SetucoCMS におけるコードインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000200.html
JVNDB-2016-000199 SetucoCMS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000199.html
JVNDB-2016-000198 SetucoCMS における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000198.html
JVNDB-2016-000197 SetucoCMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000197.html
JVNDB-2016-000196 SetucoCMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000196.html
JVNDB-2016-000195 Cryptography API: Next Generation (CNG) におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000195.html
木村岳史の極言暴論!
「セキュリティが最重要」って騒ぎすぎ、そんなわけないでしょ!
http://itpro.nikkeibp.co.jp/atcl/column/14/463805/100600108/?ST=security?itp_list_theme
マウス、Windows Hello対応の顔認証カメラと指紋認証リーダー
http://itpro.nikkeibp.co.jp/atcl/news/16/100602917/?ST=security?itp_list_theme
元NSA契約社員、機密情報窃盗の疑いで逮捕 ハッキングツール流出に関与か
http://itpro.nikkeibp.co.jp/atcl/news/16/100602915/?ST=security?itp_list_theme
米Yahoo!がメール利用者の全受信メッセージを監視か、「違憲」と非難の声
http://itpro.nikkeibp.co.jp/atcl/news/16/100502898/?ST=security?itp_list_theme
2016年10月5日水曜日
5日 水曜日、先勝
+ RHSA-2016:2006 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2006.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
+ CESA-2016:1985 Important CentOS 6 thunderbird Security Update
http://lwn.net/Alerts/702531/
+ CESA-2016:1985 Important CentOS 5 thunderbird Security Update
http://lwn.net/Alerts/702530/
+ CESA-2016:1985 Important CentOS 7 thunderbird Security Update
http://lwn.net/Alerts/702532/
+ CESA-2016:1978 Important CentOS 6 python-twisted-web Security Update
http://lwn.net/Alerts/702294/
+ CESA-2016:1978 Important CentOS 7 python-twisted-web Security Update
http://lwn.net/Alerts/702293/
+ Mozilla Thunderbird 45.4.0 released
https://www.mozilla.org/en-US/thunderbird/45.4.0/releasenotes/
+ UPDATE: Cisco Email Security Appliance Internal Testing Interface Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160922-esa
+ OpenSSH SSH2_MSG_NEWKEYS Null Pointer Dereference Lets Remote Users Deny Service
http://www.securitytracker.com/id/1036937
+ Linux Kernel Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/93327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3935
+ Linux Kernel Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/93328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6676
+ Linux Kernel Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/93322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3934
+ Linux Kernel CVE-2015-8950 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/93318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8950
+ Linux Kernel CVE-2015-8951 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/93317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8951
+ Linux Kernel CVE-2016-3931 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/93313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3931
+ Linux Kernel CVE-2015-8955 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/93314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8955
+ Linux Kernel CVE-2015-0572 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/93312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0572
+ Linux Kernel Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/93309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6681
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6682
+ Linux Kernel Multiple Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/93322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3934
+ Linux Kernel CVE-2016-3860 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/93320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3860
+ Linux Kernel CVE-2015-8950 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/93318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8950
+ Linux Kernel CVE-2015-8951 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/93317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8951
+ Linux Kernel CVE-2016-3931 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/93313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3931
+ Linux Kernel CVE-2015-8955 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/93314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8955
+ Linux Kernel CVE-2015-0572 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/93312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0572
VU#884840 Animas OneTouch Ping insulin pump contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/884840
2016年10月4日火曜日
4日 火曜日、赤口
+ MantisBT 1.3.2 Released
https://www.mantisbt.org/bugs/changelog_page.php?version=1.3.2
+ RHSA-2016:1990 Low: Red Hat Enterprise Linux 5 Six-Month Retirement Notice
https://rhn.redhat.com/errata/RHSA-2016-1990.html
+ RHSA-2016:1985 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-1985.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5257
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ UPDATE: Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-isr
+ Linux kernel 3.12.64 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.64
JVNDB-2016-000194 L-04D におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000194.html
JVNDB-2016-000193 サイボウズ Office における意図しないファイルをダウンロードさせられる脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000193.html
JVNDB-2016-000192 サイボウズ Office におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000192.html
JVNDB-2016-000191 サイボウズ Office における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000191.html
JVNDB-2016-000190 サイボウズ Office におけるメールヘッダインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000190.html
JVNDB-2016-000189 サイボウズ Office のプロジェクト機能における操作制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000189.html
JVNDB-2016-000188 サイボウズ Office のパンくずリストにおける閲覧制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000188.html
JVNDB-2016-000187 サイボウズ Office のプロジェクト機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000187.html
東急ハンズの通販サイトに不正アクセス、カード情報など861人分流出か
http://itpro.nikkeibp.co.jp/atcl/news/16/100302878/?ST=security?itp_list_theme
「公務員が情報セキュリティ対策を怠れば懲戒処分」、人事院が初めて明記
http://itpro.nikkeibp.co.jp/atcl/news/16/100302877/?ST=security?itp_list_theme
NECプラットフォームズ、実効スループット1428Mbpsの無線LANルーター
http://itpro.nikkeibp.co.jp/atcl/news/16/100302872/?ST=security?itp_list_theme
キヤノンITS、事業者向けメールフィルタリングソフトの管理GUIを刷新
http://itpro.nikkeibp.co.jp/atcl/news/16/092902844/?ST=security?itp_list_theme
2016年10月3日月曜日
3日 月曜日、大安
+ Zabbix 3.2.1, 3.0.5, 2.2.15, 2.0.19 released
http://www.zabbix.com/rn3.2.1.php
http://www.zabbix.com/rn3.0.5.php
http://www.zabbix.com/rn2.2.15.php
http://www.zabbix.com/rn2.0.19.php
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.7.6, 4.4.23 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.23
+ Postfix 3.1.3, 3.0.7 released
http://www.postfix.org/announcements/postfix-3.1.3.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.7.HISTORY
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/
+ UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/
+ UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
VU#338624 U by BB&T iOS banking application fails to properly validate SSL certificates
https://www.kb.cert.org/vuls/id/338624
ppc64el packages now available on apt.postgresql.org
https://www.postgresql.org/about/news/1705/
pgAdmin 4 v1.0 Released!
https://www.postgresql.org/about/news/1704/
ギデオン、IPv6国別対応したサイバー攻撃対策機器「Cyber Cleaner ST」
http://itpro.nikkeibp.co.jp/atcl/news/16/093002860/?ST=security?itp_list_theme
UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/
http://www.zabbix.com/rn3.2.1.php
http://www.zabbix.com/rn3.0.5.php
http://www.zabbix.com/rn2.2.15.php
http://www.zabbix.com/rn2.0.19.php
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 4.7.6, 4.4.23 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.23
+ Postfix 3.1.3, 3.0.7 released
http://www.postfix.org/announcements/postfix-3.1.3.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.3.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.7.HISTORY
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/
+ UPDATE: JVNVU#99234709 glibc ライブラリにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99234709/
+ UPDATE: JVNVU#98283300 SSLv3 プロトコルに暗号化データを解読される脆弱性(POODLE 攻撃)
http://jvn.jp/vu/JVNVU98283300/
VU#338624 U by BB&T iOS banking application fails to properly validate SSL certificates
https://www.kb.cert.org/vuls/id/338624
ppc64el packages now available on apt.postgresql.org
https://www.postgresql.org/about/news/1705/
pgAdmin 4 v1.0 Released!
https://www.postgresql.org/about/news/1704/
ギデオン、IPv6国別対応したサイバー攻撃対策機器「Cyber Cleaner ST」
http://itpro.nikkeibp.co.jp/atcl/news/16/093002860/?ST=security?itp_list_theme
UPDATE: JVNVU#99125992 SSL/TLS の実装が輸出グレードの RSA 鍵を受け入れる問題 (FREAK 攻撃)
http://jvn.jp/vu/JVNVU99125992/
登録:
投稿 (Atom)