2016年11月30日水曜日

30日 水曜日、赤口












+ RHSA-2016:2825 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-2825.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

+ CESA-2016:2824 Moderate CentOS 6 expat Security Update
https://lwn.net/Alerts/707574/

+ CESA-2016:2820 Important CentOS 6 memcached Security Update
https://lwn.net/Alerts/707575/

+ Linux kernel 3.12.68 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.68

+ SA73965 Linux Kernel "big_key_crypto_init()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/73965/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9313

+ JVNVU#96435227 ソニー製の複数のネットワークカメラ製品に脆弱性
http://jvn.jp/vu/JVNVU96435227/

+ Mozilla Firefox HTTP Redirect Bug Lets Remote Users Bypass Cross-Origin Restrictions on the Target System
http://www.securitytracker.com/id/1037353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9078

+ NTP 4.2.8p3 Denial Of Service Exploit
https://cxsecurity.com/issue/WLB-2016110239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855

+ Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
https://cxsecurity.com/issue/WLB-2016110238

EUデータ保護規則、知っておくべき3つの事実
EUデータ保護規則の壁、なぜ国産クラウドが欧州に進出できないのか
http://itpro.nikkeibp.co.jp/atcl/column/16/112400268/112800003/?ST=security&itp_list_theme

米国発! Appleニュースの読み解き方
「iCloudカレンダーの招待状」という新手のスパム
http://itpro.nikkeibp.co.jp/atcl/column/16/082600184/112800022/?ST=security&itp_list_theme

6つのポイントを徹底図解「脆弱性 解体新書」
脆弱性はどう悪用されるのか、代表的な手口を完全図解
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800002/?ST=security&itp_list_theme

オススメ書籍 ウェブ立ち読み
Mobageが攻撃を受けた日
http://itpro.nikkeibp.co.jp/atcl/column/16/102400240/112800007/?ST=security&itp_list_theme

「信憑性について多数のご意見」、DeNAがヘルスケア情報サイト「WELQ」全記事を非公開に
http://itpro.nikkeibp.co.jp/atcl/news/16/112903548/?ST=security&itp_list_theme

アズジェント、IoT機器に組み込むホワイトリスト型セキュリティソフトを販売
http://itpro.nikkeibp.co.jp/atcl/news/16/112903546/?ST=security&itp_list_theme

2016年11月29日火曜日

29日 火曜日、大安









+ RHSA-2016:2824 Moderate: expat security update
https://rhn.redhat.com/errata/RHSA-2016-2824.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

+ Mozilla Firefox 50.0.1 released
https://www.mozilla.org/en-US/firefox/50.0.1/releasenotes/

+ MFSA 2016-91 Security vulnerabilities fixed in Firefox 50.0.1
https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9078

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd

+ SA73911 phpMyAdmin Multiple Vulnerabilities
https://secunia.com/advisories/73911/

+ UPDATE: JVNVU#92250735 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92250735/index.html

+ UPDATE: JVNTA#94087669 細工された PDF による情報詐取について
http://jvn.jp/ta/JVNTA94087669/index.html

+ Linux ntpd 4.2.8 derive_nonce Stack Overflow
https://cxsecurity.com/issue/WLB-2016110224

+ Linux Kernel CVE-2016-9313 Null Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9313

+ Linux Kernel CVE-2016-9644 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/94545
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9644

JVNDB-2016-000231 Android アプリ「kintone mobile for Android」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000231.html

引っぱりだこの「セキュリティ職人」
「セキュリティ対策にハッカーを使う」、その意味と効果は
http://itpro.nikkeibp.co.jp/atcl/column/16/112500275/112500003/?ST=security&itp_list_theme

6つのポイントを徹底図解「脆弱性 解体新書」
ソフトウエアのセキュリティ脆弱性を突かれると、どのような被害に遭うのか
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800001/?ST=security&itp_list_theme

ニュース解説
ヒト・モノ・カネの動きから金融犯罪やテロを見抜く、エストニアの技術が上陸
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112800717/?ST=security&itp_list_theme

実践、セキュリティ事故対応
[最終回]現場からの感謝がCSIRTの原動力 経営層の信頼は事故対応で勝ち取る
http://itpro.nikkeibp.co.jp/atcl/column/15/110900259/112500020/?ST=security&itp_list_theme

自社サイトが改ざんされた!最初の一手は?
DB利用のWebサイト、改ざん指摘時は「SQLインジェクション」も疑う
http://itpro.nikkeibp.co.jp/atcl/column/16/112500273/112500003/?ST=security&itp_list_theme

EUデータ保護規則、知っておくべき3つの事実
EUデータ保護規則、日本企業はどう対応するべきか
http://itpro.nikkeibp.co.jp/atcl/column/16/112400268/112600002/?ST=security&itp_list_theme

ニュース解説
「防衛省へのサイバー攻撃」報道、有識者はこう見る
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112800718/?ST=security&itp_list_theme

シリコンバレーNextレポート
セキュリティ担当者は「従業員の生産性」を最優先せよ
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/112800097/?ST=security&itp_list_theme

NECがSI子会社2社を統合、AIやIoTへ要員を集結
http://itpro.nikkeibp.co.jp/atcl/news/16/112803523/?ST=security&itp_list_theme

サイバー攻撃で陸自の内部情報が流出か、防衛省は全面否定
http://itpro.nikkeibp.co.jp/atcl/news/16/112803519/?ST=security&itp_list_theme

SNS上の画像で感染、新手口でランサムウエアが大規模拡散
http://itpro.nikkeibp.co.jp/atcl/news/16/112803518/?ST=security&itp_list_theme

2016年11月28日月曜日

28日 月曜日、友引

+ MantisBT 1.3.4 Released
https://www.mantisbt.org/bugs/changelog_page.php?version_id=259

+ phpMyAdmin 4.6.5.1 is released
https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/

+ phpMyAdmin 4.0.10.18, 4.4.15.9, and 4.6.5 are released
https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/

+ Linux kernel 4.8.11, 4.4.35 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.35

+ FOSDEM PGDay 2017 & FOSDEM Devroom Call for Papers
https://www.postgresql.org/about/news/1721/

+ GNU Wget < 1.18 - Access List Bypass / Race Condition
https://cxsecurity.com/issue/WLB-2016110207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098

+ Linux Kernel CVE-2016-8650 Null Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8650

JVNDB-2016-000232 シンプル携帯チャットにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000232.html

引っぱりだこの「セキュリティ職人」
不足するセキュリティエンジニアの育成に王道はあるか
http://itpro.nikkeibp.co.jp/atcl/column/16/112500275/112500002/?ST=security&itp_list_theme

ニュース解説
ランサムウエアの身代金支払いに「違法性なし」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112500716/?ST=security&itp_list_theme

ブロックチェーンは本当に世界を変えるのか
ビットコインは本当に安全なのか、理論研究が示す意外な落とし穴
http://itpro.nikkeibp.co.jp/atcl/column/16/062400138/112400011/?ST=security&itp_list_theme

編集長の眼
CISOとCIO、どっちが偉い?
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/112600010/?ST=security&itp_list_theme

EUデータ保護規則、知っておくべき3つの事実
EUデータ保護規則、なぜ日本企業が対応を迫られるのか
http://itpro.nikkeibp.co.jp/atcl/column/16/112400268/112400001/?ST=security&itp_list_theme

ニュース解説
1万人超の個人情報漏洩から得た教訓、佐賀県教委が不正アクセス対策を公表
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112400712/?ST=security&itp_list_theme

自社サイトが改ざんされた!最初の一手は?
「Webサイトが改ざんされてます」、実はサービス停止を狙った虚偽の指摘かもしれない
http://itpro.nikkeibp.co.jp/atcl/column/16/112500273/112500002/?ST=security&itp_list_theme

シリコンバレーNextレポート
社外の力でセキュリティ強化、メーカーや金融に広がる「バグ報奨金制度」
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/112700096/?ST=security&itp_list_theme

ネットワーク・ホットトピックス
Android 7.0のセキュリティ強化点、ライブラリー配置順序のランダム化
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/112500052/?ST=security&itp_list_theme

「シェアリングエコノミーの原動力は2枚の写真で分かる」、第一人者が語る
http://itpro.nikkeibp.co.jp/atcl/news/16/112503506/?ST=security&itp_list_theme

米海軍で13万人超の個人情報流出、HPE社員のパソコンから侵入
http://itpro.nikkeibp.co.jp/atcl/news/16/112503504/?ST=security&itp_list_theme

引っぱりだこの「セキュリティ職人」
なぜ「セキュリティ人材不足」が叫ばれるのか
http://itpro.nikkeibp.co.jp/atcl/column/16/112500275/112500001/?ST=security&itp_list_theme

塩田紳二のモバイルトレンド
モバイルパソコンを買ったら必ずやること
http://itpro.nikkeibp.co.jp/atcl/column/15/051100118/112100040/?ST=security&itp_list_theme

自社サイトが改ざんされた!最初の一手は?
「Webサイトが改ざんされている!」、そのときまずは何をすべきか
http://itpro.nikkeibp.co.jp/atcl/column/16/112500273/112500001/?ST=security&itp_list_theme

2016年11月25日金曜日

25日 金曜日、大安

+ JVNVU#92250735 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92250735/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ Linux Kernel Out-of-Bounds Memory Access Error in SCTP Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1037339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555

+ Linux Kernel 2.6.32-642 / 3.16.0-4 'inode' Integer Overflow PoC
https://cxsecurity.com/issue/WLB-2016110205

+ Linux Kernel 'ip_tunnel.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/94500

+ Linux Kernel Out-Of-Bounds Read Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555

データは語る
ランサムウエア検出台数は観測史上最大の約3万4000台、2016年7~9月は前期の約4倍に
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/112400019/?ST=security&itp_list_theme

国内初、千葉大が「バグ報奨金制度」でセキュリティ人材を育成
http://itpro.nikkeibp.co.jp/atcl/news/16/112403495/?ST=security&itp_list_theme

Facebookが中国再参入を狙って検閲ツールを開発か
http://itpro.nikkeibp.co.jp/atcl/news/16/112403485/?ST=security&itp_list_theme

2016年11月24日木曜日

24日 木曜日、仏滅

+ RHSA-2016:2820 Important: memcached security update
https://rhn.redhat.com/errata/RHSA-2016-2820.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8705

+ RHSA-2016:2819 Important: memcached security update
https://rhn.redhat.com/errata/RHSA-2016-2819.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8706

+ Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ SA73827 Fortinet FortiOS (FortiGate) Flow-Based Protection Security Bypass Vulnerability
https://secunia.com/advisories/73827/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7541

+ SA73885 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73885/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73894 Fortinet FortiOS (FortiGate) ANSI X9.31 Information Disclosure Vulnerability
https://secunia.com/advisories/73894/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8492

+ SA73855 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73855/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73797 NTP Multiple Vulnerabilities
https://secunia.com/advisories/73797/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9312

+ SA73865 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73865/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ SA73867 Apache Tomcat Multiple Vulnerabilities
https://secunia.com/advisories/73867/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ VMSA-2016-0022 VMware product updates address information disclosure vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2016-0022.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7460

+ VMSA-2016-0021 VMware product updates address partial information disclosure vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5334

+ JVNVU#99531229 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU99531229/index.html

+ UPDATE: JVN#91002412 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN91002412/index.html

+ Apache Tomcat Lets Remote Users Conduct HTTP Response Splitting Attacks
http://www.securitytracker.com/id/1037332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6816

+ Apache Tomcat JmxRemoteLifecycleListener Bug Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1037331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8735

+ Apache Tomcat HTTP/2 Header Parsing Error Lets Remote Users Deny Service
http://www.securitytracker.com/id/1037330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6817

+ ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
https://cxsecurity.com/issue/WLB-2016110197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434

DbWrench Database Design 4.0 Released
https://www.postgresql.org/about/news/1720/

UPDATE: JVNVU#97326740 WordPress 用プラグイン NextGEN Gallery に PHP ファイルインクルージョンの脆弱性
http://jvn.jp/vu/JVNVU97326740/index.html

焦点を読む
過少と過剰で揺れるセキュリティ対策、求められる「原価」の発想
http://itpro.nikkeibp.co.jp/atcl/column/14/531236/112100070/?ST=security&itp_list_theme

Oracle、大規模DDoS攻撃を受けたDNSサービスのDynを買収へ
http://itpro.nikkeibp.co.jp/atcl/news/16/112203466/?ST=security&itp_list_theme

2016年11月22日火曜日

22日 火曜日、友引

+ RHSA-2016:2809 Important: ipsilon security update
https://rhn.redhat.com/errata/RHSA-2016-2809.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8638

+ CESA-2016:2766 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/706975/

+ CESA-2016:2779 Moderate CentOS 6 nss-util Security Update
https://lwn.net/Alerts/706978/

+ CESA-2016:2779 Moderate CentOS 5 nss Security Update
https://lwn.net/Alerts/706976/

+ CESA-2016:2780 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/706973/

+ CESA-2016:2780 Critical CentOS 5 firefox Security Update
https://lwn.net/Alerts/706972/

+ CESA-2016:2765 Moderate CentOS 6 389-ds-base Security Update
https://lwn.net/Alerts/706971/

+ CESA-2016:2779 Moderate CentOS 6 nss Security Update
https://lwn.net/Alerts/706977/

+ CESA-2016:2658 Important CentOS 5 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/706974/

+ CESA-2016:2702 Important CentOS 6 policycoreutils Security Update
https://lwn.net/Alerts/706979/

+ CESA-2016:2674 Moderate CentOS 6 libgcrypt Security Update
https://lwn.net/Alerts/706377/

+ Mozilla Thunderbird 45.5.0 released
https://www.mozilla.org/en-US/thunderbird/45.5.0/releasenotes/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ VU#633847 NTP.org ntpd contains multiple denial of service vulnerabilities
https://www.kb.cert.org/vuls/id/633847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9312

+ Linux kernel 4.8.10, 4.4.34 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.34

+ UPDATE: Oracle Critical Patch Update Advisory - October 2016
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

+ NTP 4.2.8p9 released
https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable

Launch of the Israel PostgreSQL Community Website
https://www.postgresql.org/about/news/1719/

キヤノンITS、マルウエア対策ソフト新版でランサムウエア対策を強化
http://itpro.nikkeibp.co.jp/atcl/news/16/112103453/?ST=security&itp_list_theme

ニュース解説
「セキュリティにおいてAIは万能ではない」、トレンドマイクロが指摘する理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111800706/?ST=security&itp_list_theme

2016年11月21日月曜日

21日 月曜日、先勝

+ Ubuntu 16.04.1 LTS released
https://wiki.ubuntu.com/XenialXerus/ReleaseNotes?_ga=1.93714013.1754260706.1408405881

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ Linux kernel 4.8.9, 4.4.33, 3.16.39, 3.2.84 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.33
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.39
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.84

+ UPDATE: Oracle Solaris Third Party Bulletin - October 2016
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

+ UPDATE: Oracle Linux Bulletin - October 2016
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

+ UPDATE: Oracle VM Server for x86 Bulletin - October 2016
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

+ SA73806 Linux Kernel "get_task_ioprio()" Use-After-Free Vulnerability
https://secunia.com/advisories/73806/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7911

+ SA73811 Linux Kernel "environ_read()" Information Disclosure Vulnerability
https://secunia.com/advisories/73811/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7916

+ SA73807 Linux Kernel "ffs_user_copy_worker()" Use-After-Free Vulnerability
https://secunia.com/advisories/73807/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7912

+ HS16-031 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478

+ HS16-031 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478

+ Wireshark Bugs in Profinet I/O, AllJoyn, OpenFlow, DCERPC, and DTN Dissectors Let Remote Users Deny Service
http://www.securitytracker.com/id/1037313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9376

+ Apple iOS 10.1 - Multiple Access Permission Vulnerabilities *youtube
https://cxsecurity.com/issue/WLB-2016110147

JVNVU#98782459 Ragentek 製のコードを使用した Android 端末の OTA アップデートに中間者攻撃が可能な脆弱性
http://jvn.jp/vu/JVNVU98782459/

ニュース解説
消火ガス噴射音でHDDに障害、データセンターの「騒音リスク」明らかに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111700702/?ST=security&itp_list_theme

企業向けウイルスバスター「XG」発表、AIによる機械学習と従来技術をブレンド
http://itpro.nikkeibp.co.jp/atcl/news/16/111803445/?ST=security&itp_list_theme

五輪を狙うサイバー攻撃対策は情報共有とチーム作りが鍵
http://itpro.nikkeibp.co.jp/atcl/news/16/111803436/?ST=security&itp_list_theme

2016年11月18日金曜日

18日 金曜日、仏滅

+ UPDATE: MS16-133 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3199168)
https://technet.microsoft.com/ja-jp/library/security/MS16-133

+ Wireshark 2.2.2, 2.0.8 Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.8.html

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ SA73703 Wireshark Multiple Denial of Service Vulnerabilities
https://secunia.com/advisories/73703/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9376

+ Nginx (Debian-Based Distros) Root Privilege Escalation
https://cxsecurity.com/issue/WLB-2016110140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247

+ Wireshark Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/94369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9376

+ Wireshark Profinet I/O Dissector CVE-2016-9372 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9372

+ Linux Kernel 'EXT4 image' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94354

VU#624539 Ragentek Android OTA update mechanism vulnerable to MITM attack
https://www.kb.cert.org/vuls/id/624539

JVNVU#97326740 WordPress 用プラグイン NextGEN Gallery に PHP リモートファイルインクルージョンの脆弱性
http://jvn.jp/vu/JVNVU97326740/index.html

ニュース解説
「メリットが見えない」、盛り上がり欠ける情報処理安全確保支援士
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111600700/?ST=security&itp_list_theme

記者の眼
AIやIoTがプライバシーを侵害しないためにできること
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/111600722/?ST=security&itp_list_theme

IoTウイルス「Mirai」の攻撃が活発化か、TELNETを狙ったパケットが急増
http://itpro.nikkeibp.co.jp/atcl/news/16/111703414/?ST=security&itp_list_theme

2016年11月17日木曜日

17日 木曜日、先負

+ RHSA-2016:2780 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-2780.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

+ RHSA-2016:2779 Moderate: nss and nss-util security update
https://rhn.redhat.com/errata/RHSA-2016-2779.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6472

+ Cisco Firepower System Software FTP Malware Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-fss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6460

+ Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6463

+ Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6462

+ Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6466

+ Cisco ASA Input Validation File Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161116-asa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6461

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ SA73719 Linux Kernel "sk_filter()" skb Truncation Denial of Service Vulnerability
https://secunia.com/advisories/73719/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645

+ SA73757 McAfee Vulnerability Manager OpenSSL CRL Sanity Check Denial of Service Vulnerability
https://secunia.com/advisories/73757/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052

+ VMSA-2016-0020 vRealize Operations update addresses REST API deserialization vulnerability.
http://www.vmware.com/security/advisories/VMSA-2016-0020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7462

+ Apache Tomcat 6.0.48 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html#Tomcat_6.0.48_(violetagg)

+ Symantec Ghost Suite DLL Loading Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6590

+ VMware vRealize Operations REST API Deserialization Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1037297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7462

+ Linux Kernel EXT4 Memory Corruption / SLAB Out-Of-Bounds Read
https://cxsecurity.com/issue/WLB-2016110135

+ Linux Kernel Keyctl Null Pointer Dereference
https://cxsecurity.com/issue/WLB-2016110134

E-Maj 2.0.0 released
https://www.postgresql.org/about/news/1718/

記者の眼
ヤフーの「超リアル」なサイバーセキュリティ演習に見た凄み
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/111300720/?ST=security&itp_list_theme

ネット犯罪、日本と世界の意識の差が浮き彫りに---ノートン サイバーセキュリティ インサイトレポート 2016
http://itpro.nikkeibp.co.jp/atcl/news/16/111603409/?ST=security&itp_list_theme

「ナイジェリア詐欺」が進化、全世界で被害総額が60億円以上に、パロアルトネットワークスが発表
http://itpro.nikkeibp.co.jp/atcl/news/16/111603408/?ST=security&itp_list_theme

UPDATE: JVN#91002412 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN91002412/

UPDATE: JVNTA#94087669 細工された PDF による情報詐取について
http://jvn.jp/ta/JVNTA94087669/

VU#346175 Imagely NextGen Gallery plugin for Wordpress contains a local file inclusion vulnerability
http://www.kb.cert.org/vuls/id/346175

2016年11月16日水曜日

16日 水曜日、友引

+ RHSA-2016:2765 Moderate: 389-ds-base security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2765.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5416

+ RHSA-2016:2766 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2766.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2143

+ Mozilla Firefox 50.0 released
https://www.mozilla.org/en-US/firefox/50.0/releasenotes/

+ MFSA-2016-89 Security vulnerabilities fixed in Firefox 50
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

+ MFSA-2016-90 Security vulnerabilities fixed in Firefox ESR 45.5
https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

+ Cisco IOS XE Software Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6450

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ Linux kernel 4.8.8, 4.4.32 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.32

+ SA73687 Linux Kernel "hash_accept()" Denial of Service Vulnerability
https://secunia.com/advisories/73687/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8646

+ Apache Tomcat 8.0.39, 7.0.73 released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.39_(violetagg)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.73_(violetagg)

+ Linux BPF Local Privilege Escalation Exploit
https://cxsecurity.com/issue/WLB-2016110131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4557

+ Google Chrome blink Serializer::doSerialize Bad Cast
https://cxsecurity.com/issue/WLB-2016110126

+ Trend Micro Smart Protection Server Exec Remote Code Injection
https://cxsecurity.com/issue/WLB-2016110120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6267

JVNDB-2016-000220 DERAEMON-CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000220.html

UPDATE: JVN#18228200 WFS-SR01 における複数の脆弱性
http://jvn.jp/jp/JVN18228200/

安心お手軽!PCのセキュリティを高める周辺機器
かざすだけ!PCに簡単にログオンできるICカードリーダー/ライター
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/111400006/?ST=security&itp_list_theme

OKI、300メートル先に飛来するドローンを検知できる指向性センサー
http://itpro.nikkeibp.co.jp/atcl/news/16/111503389/?ST=security&itp_list_theme

2016年11月15日火曜日

15日 火曜日、先勝

+ RHSA-2016:2702 Important: policycoreutils security update
https://rhn.redhat.com/errata/RHSA-2016-2702.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545

+ VMware Workstation 12 Player Version 12.5.2 Released
http://pubs.vmware.com/Release_Notes/en/workstation/12player/player-1252-release-notes.html?__utma=207178772.702043549.1440547077.1479081646.1479167860.259&__utmb=207178772.1.10.1479167860&__utmc=207178772&__utmx=-&__utmz=207178772.1440547077.1.1.utmcsr=my.vmware.com|utmccn=(referral)|utmcmd=referral|utmcct=/web/vmware/free&__utmv=-&__utmk=136418099

+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055

+ SA73650 Linux Kernel "__sys_recvmmsg()" Use-After-Free Vulnerability
https://secunia.com/advisories/73650/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117

+ SA73704 VMware Multiple Products DnD Privilege Escalation Vulnerability
https://secunia.com/advisories/73704/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

+ VMSA-2016-0019 VMware Workstation and Fusion updates address critical out-of-bounds memory access vulnerability
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

+ UPDATE: JVNVU#92930223 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92930223/

+ JVNTA#94087669 細工された PDF による情報詐取について
http://jvn.jp/ta/JVNTA94087669/

+ Linux Kernel Crash in tcp_collapse() Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1037285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645

+ VMware Workstation and Fusion Drag and Drop Memory Access Error Lets Local Users on a Guest System Gain Privileges on the Host System
http://www.securitytracker.com/id/1037282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7461

Amazon RDS now supports PostgreSQL 9.6.1
https://www.postgresql.org/about/news/1717/

UPDATE: JVNVU#95749024 MatrixSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95749024/index.html

2016年11月14日月曜日

14日 月曜日、赤口









+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ SA73517 Linux Kernel setgid Security Bypass Vulnerability
https://secunia.com/advisories/73517/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097

+ Google Chrome Flaws Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1037273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5202

+ PHP Multiple Flaws May Let Remote and Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037272

+ Linux Kernel 'crypto/lrw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8970

+ Linux Kernel CVE-2016-8632 Local Heap Overflow Vulnerability
http://www.securityfocus.com/bid/94211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8632

+ Linux Kernel 'tuners/tuner-xc2028.c' Local Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/94201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7913

+ Linux kernel 'usb/gadget/function/f_fs.c' Use After Free Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7912

+ JVNVU#92930223 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92930223/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055

JVNDB-2016-000219 CG-WLR300NX におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000219.html

JVNDB-2016-000218 CG-WLR300NX におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000218.html

JVNDB-2016-000217 CG-WLR300NX におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000217.html

JVNDB-2016-000216 コレガ製の複数の無線 LAN ルータにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000216.html

JVNDB-2016-000221 アイ・オー・データ製の複数のネットワークカメラ製品における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000221.html

デルから独立したソニックウォール、サンドボックスのクラウドサービスを国内DCで提供
http://itpro.nikkeibp.co.jp/atcl/news/16/111103346/?ST=security&itp_list_theme

中国のモバイルショッピング利用は米国の2倍、米業界団体の調査
http://itpro.nikkeibp.co.jp/atcl/news/16/111103345/?ST=security&itp_list_theme

PayPalがiOS版アプリをアップデート、「Hey Siri」で決済が可能に
http://itpro.nikkeibp.co.jp/atcl/news/16/111103344/?ST=security&itp_list_theme

2016年11月11日金曜日

11日 金曜日、先負

+ Google Chrome 54.0.2840.99 released
https://googlechromereleases.blogspot.jp/2016/11/stable-channel-update-for-desktop_9.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5202

+ Linux kernel 4.8.7, 4.4.31, 3.12.67 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.31
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.67

+ OpenSSL 1.1.0c is now available
https://www.openssl.org/

+ OpenSSL Security Advisory [10 Nov 2016]
https://www.openssl.org/news/secadv/20161110.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055

+ SA73637 Linux Kernel KVM "x86_decode_insn()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/73637/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8630

+ Apache Tomcat 8.5.8 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.8_(markt)

+ PHP 7.0.13, 5.6.28 Released
http://www.php.net/ChangeLog-7.php#7.0.13
http://www.php.net/ChangeLog-5.php#5.6.28

+ OpenSSL Multiple Bugs Let Remote Users Cause the Target Application to Crash
http://www.securitytracker.com/id/1037261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055

+ Microsoft Windows 10-Vista Win32k Elevation of Privilege Vulnerability
https://cxsecurity.com/issue/WLB-2016110089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7255

+ OpenSSL CVE-2016-7053 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/94244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7053

+ OpenSSL CVE-2016-7055 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7055

+ OpenSSL CVE-2016-7054 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7054

+ Linux Kernel 'crypto/lrw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8970

+ Linux Kernel CVE-2016-8632 Local Heap Overflow Vulnerability
http://www.securityfocus.com/bid/94211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8632

安心お手軽!PCのセキュリティを高める周辺機器
鍵付きのUSBメモリーで安全にファイルをやり取りしよう
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/110900005/?ST=security&itp_list_theme

カスペルスキー、小規模オフィス向けウイルス対策の管理画面をクラウド化
http://itpro.nikkeibp.co.jp/atcl/news/16/111003333/?ST=security&itp_list_theme

マカフィーがセキュリティ事件の認知度調査、「ランサムウエアが17位から9位へ」
http://itpro.nikkeibp.co.jp/atcl/news/16/111003330/?ST=security&itp_list_theme

Google、ポリシー違反を繰り返すサイトを「再犯者」に分類
http://itpro.nikkeibp.co.jp/atcl/news/16/111003327/?ST=security&itp_list_theme

ソフトバンク、米ジンペリウムのiOSセキュリティアプリを販売へ
http://itpro.nikkeibp.co.jp/atcl/news/16/111003325/?ST=security&itp_list_theme

2016年11月10日木曜日

10日 木曜日、友引

+ UPDATE: MS16-035 - 重要 セキュリティ機能のバイパスに対処する .NET Framework 用のセキュリティ更新プログラム (3141780)
https://technet.microsoft.com/ja-jp/library/security/ms16-035

+ UPDATE: MS16-091 - 重要 .NET Framework 用のセキュリティ更新プログラム (3170048)
https://technet.microsoft.com/ja-jp/library/security/ms16-091

+ UPDATE: MS16-120 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3192884)
https://technet.microsoft.com/ja-jp/library/security/ms16-120

+ Forthcoming OpenSSL release
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html

+ VMSA-2016-0018 VMware product updates address local privilege escalation vulnerability in linux kernel
http://www.vmware.com/security/advisories/VMSA-2016-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195

+ Linux Kernel TCP Related Read Use-After-Free
https://cxsecurity.com/issue/WLB-2016110084

+ Linux Kernel CVE-2015-8962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/94187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8962

怪しいメールが届いた、さあどうしよう!?
ウイルス感染でも「初期化」は厳禁
http://itpro.nikkeibp.co.jp/atcl/column/16/102700246/102700004/?ST=security&itp_list_theme

記者の眼
富山大を誰が襲ったのか、民間で進むサイバー攻撃の全容解明
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/110300714/?ST=security&itp_list_theme

安心お手軽!PCのセキュリティを高める周辺機器
ノートPCや情報を盗まれないようにする物理的な「カギ
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/110800004/?ST=security&itp_list_theme

シマンテック、APIで感染状況を調査できる企業向けウイルス対策ソフト
http://itpro.nikkeibp.co.jp/atcl/news/16/110903315/?ST=security&itp_list_theme

シリコンバレーNextレポート
番狂わせの米大統領選、「サイバーセキュリティ」の重み
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/110900093/?ST=security&itp_list_theme

2016年11月9日水曜日

9日 水曜日、先勝

+ 2016 年 11 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-nov

+ MS16-129 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3199057)
https://technet.microsoft.com/library/security/MS16-129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7227

+ MS16-130 - 緊急 Microsoft Windows 用のセキュリティ更新プログラム (3199172)
https://technet.microsoft.com/library/security/MS16-130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7212

+ MS16-131 - 緊急 Microsoft ビデオ コントロール用のセキュリティ更新プログラム (3199151)
https://technet.microsoft.com/library/security/MS16-131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7248

+ MS16-132 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3199120)
https://technet.microsoft.com/library/security/MS16-132
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7256

+ MS16-133 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3199168)
https://technet.microsoft.com/library/security/MS16-133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7244

+ MS16-134 - 重要 共通ログ ファイル システム ドライバーのセキュリティ更新プログラム (3193706)
https://technet.microsoft.com/library/security/MS16-134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7184

+ MS16-135 - 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3199135)
https://technet.microsoft.com/library/security/MS16-135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7218

+ MS16-136 - 重要 SQL Server 用のセキュリティ更新プログラム (3199641)
https://technet.microsoft.com/library/security/MS16-136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7253

+ MS16-137 - 重要 Windows 認証方式用のセキュリティ更新プログラム (3199173)
https://technet.microsoft.com/library/security/MS16-137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7238

+ MS16-138 - 重要 Microsoft 仮想ハード ディスク ドライバー用のセキュリティ更新プログラム (3199647)
https://technet.microsoft.com/library/security/MS16-138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7226

+ MS16-139 - 重要 Windows カーネル用のセキュリティ更新プログラム (3199720)
https://technet.microsoft.com/library/security/MS16-139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7216

+ MS16-140 - 重要 ブート マネージャー用のセキュリティ更新プログラム (3193479)
https://technet.microsoft.com/library/security/MS16-140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7247

+ MS16-141 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3202790)
https://technet.microsoft.com/library/security/MS16-141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7865

+ MS16-142 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3198467)
https://technet.microsoft.com/library/security/MS16-142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7239

+ RHSA-2016:2674 Moderate: libgcrypt security update
https://rhn.redhat.com/errata/RHSA-2016-2674.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313

+ APSB16-37 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7860
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7865

+ APSB16-35 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb16-35.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7851

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ SA73510 Linux Kernel IP over IEEE 1394 (FireWire) Buffer Overflow Vulnerability
https://secunia.com/advisories/73510/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8633

+ SA73546 Google Nexus Multiple Vulnerabilities
https://secunia.com/advisories/73546/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6747

+ SA73572 Android Multiple Vulnerabilities
https://secunia.com/advisories/73572/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6702
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6703
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6712
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6754

+ Microsoft Internet Explorer 9 MSHTML CPtsTextParaclient::CountApes Out-Of-Bounds Read
https://cxsecurity.com/issue/WLB-2016110062

怪しいメールが届いた、さあどうしよう!?
標的型攻撃は「一発」では終わらない
http://itpro.nikkeibp.co.jp/atcl/column/16/102700246/102700003/?ST=security&itp_list_theme

安心お手軽!PCのセキュリティを高める周辺機器
落としてもなくしても安心のセキュリティ付きストレージ
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/110700003/?ST=security&itp_list_theme

NRIセキュア、産業用制御システムのセキュリティー支援サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/16/110803299/?ST=security&itp_list_theme

中国でサイバーセキュリティ法案が可決、高まる懸念の声
http://itpro.nikkeibp.co.jp/atcl/news/16/110803289/?ST=security&itp_list_theme

JVNVU#99822187 D-Link 製ルータの HNAP サービスにスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99822187/

JVNVU#99862126 Hirschmann Classic Platform スイッチの管理者パスワードが SNMP コミュニティ名を通じて漏えいする問題
http://jvn.jp/vu/JVNVU99862126/

JVNVU#878044 SNMPv3 実装の不適切な HMAC 処理による認証回避の脆弱性
http://jvn.jp/vu/JVNVU878044/

2016年11月8日火曜日

8日 火曜日、赤口

+ RHSA-2016:2658 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2016-2658.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597

+ Linux Kernel CVE-2016-9191 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9191

+ Zabbix CVE-2016-9140 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/94125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9140

+ cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/94107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625

+ cURL/libcURL CVE-2016-8623 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623

+ Linux Kernel Vfio Driver CVE-2016-9084 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/93930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084

+ Linux Kernel CVE-2016-9083 Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/93929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083

VU#677427 DLink routers HNAP service contains stack-based buffer overflow
https://www.kb.cert.org/vuls/id/677427

怪しいメールが届いた、さあどうしよう!?
「標的型メール」偽装の手口
http://itpro.nikkeibp.co.jp/atcl/column/16/102700246/102700002/?ST=security&itp_list_theme

安心お手軽!PCのセキュリティを高める周辺機器
カメラに顔を向けるだけでWindows 10にサインイン!「顔認証カメラ CM01」を試す
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/110400002/?ST=security&itp_list_theme

家庭のルーターやテレビに迫るサイバー攻撃、トレンドマイクロが解説
http://itpro.nikkeibp.co.jp/atcl/news/16/110703280/?ST=security&itp_list_theme

2016年11月7日月曜日

7日 月曜日、大安

+ SA73381 Pacemaker "crm_client_new()" Privilege Escalation Vulnerability
https://secunia.com/advisories/73381/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7035

+ HS16-030 DoS Vulnerability in JP1/Performance Management
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-030/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-030 JP1/Performance ManagementにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-030/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ Sysstat 11.4.2, 11.2.8 released (stable version).
http://sebastien.godard.pagesperso-orange.fr/

+ Norton Mobile Security Bugs Let Remote Users Bypass Whitelist Controls and Execute Arbitrary Code and Let Physically Local Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1037225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6587

+ Google Chrome Out-of-Bounds Memory Access Error in V8 Engine Has Unspecified Impact
http://www.securitytracker.com/id/1037224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5198

+ Docker Container Ambient Capability Configuration Error Lets Applications Gain Elevated Privileges
http://www.securitytracker.com/id/1037203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8867

+ iOS 10.1.x Remote memory corruption through certificate file
https://cxsecurity.com/issue/WLB-2016110046

JVNTA#95530271 Mirai 等のマルウェアで構築されたボットネットによる DDoS 攻撃の脅威
http://jvn.jp/ta/JVNTA95530271/

怪しいメールが届いた、さあどうしよう!?
標的型攻撃は「怪しいメール」から始まる
http://itpro.nikkeibp.co.jp/atcl/column/16/102700246/102700001/?ST=security&itp_list_theme

安心お手軽!PCのセキュリティを高める周辺機器
スマホのカンタン生体認証をPCでも!外付け指紋認証装置を試す
http://itpro.nikkeibp.co.jp/atcl/column/16/110100250/110100001/?ST=security&itp_list_theme

新生銀行グループ企業で債務者名など計38件漏洩か、感染検知も駆除できず
http://itpro.nikkeibp.co.jp/atcl/news/16/110403263/?ST=security&itp_list_theme

「制御システムは隔離されているから大丈夫というのは慢心」とアズジェント中山氏
http://itpro.nikkeibp.co.jp/atcl/news/16/110403257/?ST=security&itp_list_theme

2016年11月4日金曜日

4日 金曜日、友引

+ cookie injection for other servers
https://curl.haxx.se/docs/adv_20161102A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615

+ case insensitive password comparison
https://curl.haxx.se/docs/adv_20161102B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616

+ OOB write via unchecked multiplication
https://curl.haxx.se/docs/adv_20161102C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617

+ double-free in curl_maprintf
https://curl.haxx.se/docs/adv_20161102D.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618

+ glob parser write/read out of bounds
https://curl.haxx.se/docs/adv_20161102F.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620

+ curl_getdate read out of bounds
https://curl.haxx.se/docs/adv_20161102G.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621

+ URL unescape heap overflow via integer truncation
https://curl.haxx.se/docs/adv_20161102H.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622

+ Use-after-free via shared cookies
https://curl.haxx.se/docs/adv_20161102I.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623

+ invalid URL parsing with '#'
https://curl.haxx.se/docs/adv_20161102J.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624

+ IDNA 2003 makes curl use wrong host
https://curl.haxx.se/docs/adv_20161102K.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625

+ RHSA-2016:2142 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2016-2142.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ RHSA-2016:2141 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ RHSA-2016:2141 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2141.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ Red Hat Enterprise Linux 7.3 now available
https://access.redhat.com/announcements/2747541
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html

+ RHSA-2016:2606 Moderate: postgresql security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2606.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424

+ RHSA-2016:2599 Moderate: tomcat security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2599.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ RHSA-2016:2615 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2016-2615.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ RHSA-2016:2587 Moderate: wget security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2587.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4971

+ RHSA-2016:2574 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2574.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6480

+ RHSA-2016:2598 Moderate: php security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2598.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5768

+ RHSA-2016:2575 Moderate: curl security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2575.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141

+ RHSA-2016:2588 Moderate: openssh security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2016-2588.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8325

+ CESA-2016:2142 Important CentOS 5 bind97 Security Update
http://lwn.net/Alerts/705537/

+ CESA-2016:2141 Important CentOS 6 bind Security Update
http://lwn.net/Alerts/705536/

+ CESA-2016:2141 Important CentOS 5 bind Security Update
http://lwn.net/Alerts/705535/

+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ Cisco TelePresence Endpoints Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6459

+ Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6441

+ Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6457

+ Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6458

+ Cisco Prime Home Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6452

+ Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6448

+ Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6447

+ Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6455

+ curl 7.51.0 released
https://curl.haxx.se/changes.html#7_51_0

+ FreeBSD-SA-16:35.openssl OpenSSL Remote DoS vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:35.openssl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8610

+ FreeBSD-SA-16:34.bind BIND Remote Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:34.bind.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ FreeBSD-SA-16:33.openssh OpenSSH Remote Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:33.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8858

+ JDBC 1212 Released
https://www.postgresql.org/about/news/1716/

+ Samba 4.3.12 Available for Download
https://www.samba.org/samba/history/samba-4.3.12.html

+ UPDATE: JVNVU#97485903 Apache HTTPD の HTTP/2 通信における X.509 クライアント証明書の認証処理の問題
http://jvn.jp/vu/JVNVU97485903/index.html

+ UPDATE: JVNVU#95877131 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU95877131/index.html

+ UPDATE: JVNVU#96605606 Network Time Protocol daemon (ntpd) に複数の脆弱性
http://jvn.jp/vu/JVNVU96605606/index.html

+ UPDATE: JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/vu/JVNVU707943/index.html

+ JVNVU#92683474 ISC BIND の DNAME レコードを含む応答パケットの処理に脆弱性
http://jvn.jp/vu/JVNVU92683474/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864

+ MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'root' Privilege Escalation
https://cxsecurity.com/issue/WLB-2016110019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6664

+ Microsoft Internet Explorer 9 MSHTML CAttrArray Use-After-Free
https://cxsecurity.com/issue/WLB-2016110016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4141

pgBackRest 1.09 Released
https://www.postgresql.org/about/news/1715/

PostgreSQL Magazine presents : The Paper Elephant #01
https://www.postgresql.org/about/news/1714/

JVNDB-2016-000215 WFS-SR01 におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000215.html

JVNDB-2016-000214 WFS-SR01 において任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000214.html

またもやBINDに深刻な脆弱性、直近3年で「緊急」の脆弱性が12件も
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110100683/?ST=security&itp_list_theme

「電気やガスもサイバー攻撃の標的」、サイバーディフェンス研究所の名和氏
http://itpro.nikkeibp.co.jp/atcl/news/16/110203241/?ST=security&itp_list_theme

アイ・オー・データの「ポケドラ」一部機種にtelnetで遠隔操作される脆弱性、販売を一時停止
http://itpro.nikkeibp.co.jp/atcl/news/16/110203247/?ST=security&itp_list_theme

ラック、「Enterprise Mobility Suite」のコンサルと監視サービスを2017年に開始
http://itpro.nikkeibp.co.jp/atcl/news/16/110203240/?ST=security&itp_list_theme

UPDATE: JVNVU#91485132 CGI ウェブサーバがヘッダ Proxy の値を環境変数 HTTP_PROXY に設定する脆弱性
http://jvn.jp/vu/JVNVU91485132/index.html

UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/index.html

JVN#18228200 WFS-SR01 における複数の脆弱性
http://jvn.jp/jp/JVN18228200/index.html

2016年11月2日水曜日

2日 水曜日、赤口

+ Google Chrome 54.0.2840.87 released
https://googlechromereleases.blogspot.jp/2016/11/stable-channel-update-for-desktop.html

+ CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure
https://kb.isc.org/article/AA-01434
CVE-2016-8864

+ BIND 9.11.0-P1, 9.10.4-P4, 9.9.9-P4 released
http://ftp.isc.org/isc/bind9/9.11.0-P1/RELEASE-NOTES-bind-9.11.0-P1.html
http://ftp.isc.org/isc/bind9/9.10.4-P4/RELEASE-NOTES-bind-9.10.4-P4.html
http://ftp.isc.org/isc/bind9/9.9.9-P4/RELEASE-NOTES-bind-9.9.9-P4.html

+ Linux kernel 4.4.30 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.30

+ BIND DNAME Response Processing Bug Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1037156
CVE-2016-8864

+ Windows Kernel Bug in NtSetWindowLongPtr() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037155

JVNDB-2016-000212 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000212.html

JVNDB-2016-000213 スマートフォンアプリ「mobiGate」における SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000213.html

記者の眼
監視カメラから“史上最大級”のサイバー攻撃、IoTの危険な現状
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/102000701/?ST=security&itp_list_theme

サイバー攻撃された、さあどうしよう!?
サイバー攻撃の応急処置は自身でやるしかない
http://itpro.nikkeibp.co.jp/atcl/column/16/102500243/102500003/?ST=security&itp_list_theme

2016年11月1日火曜日

1日 火曜日、大安

+ MantisBT 1.3.3 Released
https://www.mantisbt.org/bugs/changelog_page.php?version_id=257

+ About the security content of iOS 10.1.1
https://support.apple.com/ja-jp/HT207287

+ CESA-2016:2124 Important CentOS 5 kernel Security Update
http://lwn.net/Alerts/705056/

+ UPDATE: Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3

+ UPDATE: Cisco Email and Web Security Appliance MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2

+ Linux kernel 4.8.6, 4.4.29 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.29

+ HS16-029 DoS Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-028 Vulnerabilitie in JP1/IT Desktop Management 2 - Manager and JP1/NETM/DM
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-028/index.html

+ HS16-027 Vulnerability in Hitachi Device Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-027/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107

+ HS16-026 DoS Vulnerability in Hitachi Command Suite and JP1/Automatic Operation
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-025 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-025/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597

+ HS16-029 JP1/IT Desktop Management - Manager, Hitachi IT Operations DirectorにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-029/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-028 JP1/IT Desktop Management 2 - Manager, JP1/NETM/DMにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-028/index.html

+ HS16-027 Hitachi Device Managerにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-027/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2107

+ HS16-026 Hitachi Command Suite製品, JP1/Automatic OperationにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-026/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-025 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-025/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597

+ UPDATE: JVNVU#95366887 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU95366887/

+ UPDATE: JVNVU#98667810 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98667810/

pgAdmin 4 v1.1 Released!
https://www.postgresql.org/about/news/1711/

DB Doc 3.2 for PostgreSQL released
https://www.postgresql.org/about/news/1710/

サイバー攻撃された、さあどうしよう!?
サイバー攻撃を防げない理由
http://itpro.nikkeibp.co.jp/atcl/column/16/102500243/102500002/?ST=security&itp_list_theme

日立、携帯の電波を検知して振り込み詐欺を防止するシステムを常陽銀行に導入
http://itpro.nikkeibp.co.jp/atcl/news/16/103103200/?ST=security&itp_list_theme

IIJがセキュリティの新ブランド、社内技術者集約で分析基盤も刷新
http://itpro.nikkeibp.co.jp/atcl/news/16/103103195/?ST=security&itp_list_theme

UPDATE: JVNVU#97645703 TrackR Bravo に複数の脆弱性
http://jvn.jp/vu/JVNVU97645703/index.html

UPDATE: JVNVU#96741452 ASUS RP-AC52 に複数の脆弱性
http://jvn.jp/vu/JVNVU96741452/index.html