2016年12月28日水曜日

28日 水曜日、仏滅

+ Linux kernel 4.1.37, 3.18.46 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.37
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.46

+ Android get_user/put_user Exploit
https://cxsecurity.com/issue/WLB-2016120148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6282

ソニー米国子会社が「ブリトニー死去」の偽ツイート、アカウント乗っ取りで
http://itpro.nikkeibp.co.jp/atcl/news/16/122703850/?ST=security&itp_list_theme

2016年12月27日火曜日

27日 火曜日、先負

+ SA74401 cURL / libcURL Uninitialized Random Vulnerability
https://secunia.com/advisories/74401/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9594

+ SA74321 Linux Kernel KVM nVMX Software Exceptions Denial of Service Vulnerability
https://secunia.com/advisories/74321/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9588

Support for PostgreSQL 9.5 and 9.6 in dbForge Data Compare for PostgreSQL
https://www.postgresql.org/about/news/1725/

JVNDB-2016-000251 WinSparkle におけるレジストリ値を検証しない問題
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000251.html

JVNDB-2016-000250 Windows 版 Wireshark における任意ファイルが削除される問題
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000250.html

UPDATE: JVNVU#94858949 複数の NETGEAR 製ルータに脆弱性
http://jvn.jp/vu/JVNVU94858949/

2016年12月26日月曜日

26日 月曜日、友引

+ uninitialized random
https://curl.haxx.se/docs/adv_20161223.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9594

+ printf floating point buffer overflow
https://curl.haxx.se/docs/adv_20161221A.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

+ Win CE schannel cert wildcard matches too much
https://curl.haxx.se/docs/adv_20161221B.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9952

+ Win CE schannel cert name out of buffer read
https://curl.haxx.se/docs/adv_20161221C.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9953

+ Low: Red Hat Enterprise Linux 5 Three-Month Retirement Notice
https://rhn.redhat.com/errata/RHSA-2016-2997.html

+ Zabbix 3.2.3, 3.0.7 released
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D

+ CESA-2016:2973 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/709945/

+ CESA-2016:2973 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/709944/

+ CESA-2016:2972 Moderate CentOS 6 vim Security Update
https://lwn.net/Alerts/709947/

+ CESA-2016:2972 Moderate CentOS 7 vim Security Update
https://lwn.net/Alerts/709946/

+ CESA-2016:2974 Important CentOS 6 gstreamer-plugins-bad-free Security Update
https://lwn.net/Alerts/709942/

+ CESA-2016:2975 Important CentOS 6 gstreamer-plugins-good Security Update
https://lwn.net/Alerts/709943/

+ curl 7.52.1 released
https://curl.haxx.se/changes.html#7_52_1

+ FreeBSD-SA-16:39.ntp: Multiple vulnerabilities of ntp
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:39.ntp.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311

+ SA74401 cURL / libcURL Uninitialized Random Vulnerability
https://secunia.com/advisories/74401/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9594

+ SA74321 Linux Kernel KVM nVMX Software Exceptions Denial of Service Vulnerability
https://secunia.com/advisories/74321/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9588

+ UPDATE: JVNVU#99304449 Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99304449/index.html

+ UPDATE: JVNVU#99531229 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU99531229/index.html

JVNDB-2016-000249 SKYSEA Client View において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000249.html

JVNDB-2016-000248 H2O における解放済みメモリ使用 (use-after-free) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000248.html

JVNDB-2016-000247 BlueZ 付属のユーティリティにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000247.html

趙 章恩「Korea on the Web」
こんなところまで?ハッキング被害続出の韓国
http://itpro.nikkeibp.co.jp/atcl/column/14/549762/122100124/?ST=security&itp_list_theme

2016年アクセスランキング発表!
[セキュリティ]「セキュリティ人材」は増えるのか?新しい試験や資格に関心集まる
http://itpro.nikkeibp.co.jp/atcl/column/16/120900296/121500003/?ST=security&itp_list_theme

アバスト、Androidのリソースを大量に消費する20のアプリを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/122203828/?ST=security&itp_list_theme

2016年12月22日木曜日

22日 木曜日、仏滅

+ RHSA-2016:2972 Moderate: vim security update
https://rhn.redhat.com/errata/RHSA-2016-2972.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248

+ RHSA-2016:2975 Important: gstreamer-plugins-good security update
https://rhn.redhat.com/errata/RHSA-2016-2975.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808

+ RHSA-2016:2974 Important: gstreamer-plugins-bad-free security update
https://rhn.redhat.com/errata/RHSA-2016-2974.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447

+ RHSA-2016:2973 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-2973.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

+ CESA-2016:2973 Important CentOS 5 thunderbird Security Update
https://lwn.net/Alerts/709805/

+ CESA-2016:2962 Important CentOS 5 kernel Security Update
https://lwn.net/Alerts/709804/

+ CESA-2016:2963 Important CentOS 5 xen Security Update
https://lwn.net/Alerts/709806/

+ UPDATE: Cisco CloudCenter Orchestrator Docker Engine Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-cco

+ Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-jabber
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9224

+ Cisco Intercloud Fabric Database Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9217

+ curl 7.52.0 released
https://curl.haxx.se/changes.html#7_52_0

+ SA74347 VMware ESXi Script Insertion Vulnerability
https://secunia.com/advisories/74347/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7463

+ SA74441 cURL / libcURL Multiple Vulnerabilities
https://secunia.com/advisories/74441/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9953

+ GCC 6.3 released
https://gcc.gnu.org/gcc-6/changes.html

+ cURL/libcURL CVE-2016-9586 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/95019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

+ OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011

+ UPDATE: JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/index.html

+ JVNVU#99304449 Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99304449/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

+ cURL curl_mprintf() Buffer Overflow i Deprecated Function Lets Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9586

+ Apache HTTPD Multiple Flaws Let Remote Users Deny Service, Conduct HTTP Response Splitting Attacks, and Access and Modify Session Data
http://www.securitytracker.com/id/1037508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2161
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743

情報セキュリティマネジメントSummit レポート
「WAF導入で131サイトのインシデントがゼロに」、ヤマハ発動機の原子氏
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/122000008/?ST=security&itp_list_theme

横浜市のマイナンバーシステム障害、待機系のパスワード変更漏れが原因
http://itpro.nikkeibp.co.jp/atcl/news/16/122103821/?ST=security&itp_list_theme

またもやLINEをかたるフィッシング出現、「安全認証」にだまされるな
http://itpro.nikkeibp.co.jp/atcl/news/16/122103817/?ST=security&itp_list_theme

1日で10万超のTELNETパケットを観測、IoT機器を狙った攻撃が急増中
http://itpro.nikkeibp.co.jp/atcl/news/16/122103816/?ST=security&itp_list_theme

bitFlyerが「ビットコインより200倍速い」ブロックチェーンを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/122103810/?ST=security&itp_list_theme

UPDATE: JVNVU#98579581 McAfee VirusScan Enterprise for Windows にメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU98579581/index.html

2016年12月21日水曜日

21日 水曜日、先負











+ RHSA-2016:2962 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2016-2962.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117

+ RHSA-2016:2963 Important: xen security update
https://rhn.redhat.com/errata/RHSA-2016-2963.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9637

+ Sudo 1.8.19, 1.8.19p1 released
https://www.sudo.ws/stable.html#1.8.19
https://www.sudo.ws/stable.html#1.8.19p1

+ CentOS 7-1611 released
https://wiki.centos.org/RecentChanges

+ VMSA-2016-0024 vSphere Data Protection (VDP) updates address SSH Key-Based authentication issue
http://www.vmware.com/security/advisories/VMSA-2016-0024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7456

+ VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue
http://www.vmware.com/security/advisories/VMSA-2016-0023.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7463

+ UPDATE: JVNVU#93979172 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU93979172/index.html

+ Samba Lets Remote Authenticated Users Cause the Target 'winbindd' Service to Crash
http://www.securitytracker.com/id/1037495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126

+ Samba Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2125

+ Samba Buffer Overflow in ndr_pull_dnsp_name() Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123

サイバー脅威に対抗する日米英~Borderless Cyber Asia 2016リポート
日米英の13大学の国際連携始まる、慶応大の呼びかけで
http://itpro.nikkeibp.co.jp/atcl/column/16/121900306/122000002/?ST=security&itp_list_theme

情報セキュリティマネジメントSummit レポート
「ベンダー任せにしない事故対応が成長のカギ」、ジャパンネット銀行の小澤氏
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/121900007/?ST=security&itp_list_theme

日立グループ2社、マルウエア感染端末を自動隔離するSIパッケージシステムを発表
http://itpro.nikkeibp.co.jp/atcl/news/16/122003800/?ST=security&itp_list_theme

改正個人情報保護法、全面施行は2017年5月30日
http://itpro.nikkeibp.co.jp/atcl/news/16/122003795/?ST=security&itp_list_theme

2016年12月20日火曜日

20日 火曜日、友引

+ CESA-2016:2946 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/709628/

+ CESA-2016:2946 Critical CentOS 5 firefox Security Update
https://lwn.net/Alerts/709627/

+ CESA-2016:2946 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/709629/

+ UPDATE: Cisco Expressway Series Software Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway

+ Samba 4.5.3, 4.4.8 and 4.3.13 Security Releases Available for Download
https://www.samba.org/samba/history/samba-4.5.3.html
https://www.samba.org/samba/history/samba-4.4.8.html
https://www.samba.org/samba/history/samba-4.3.13.html

+ SA74327 Samba Multiple Vulnerabilities
https://secunia.com/advisories/74327/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2126

+ SA74282 Squid Multiple Security Bypass Vulnerabilities
https://secunia.com/advisories/74282/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10003

+ Apache HTTP Server 2.4.25 Released
http://www.apache.org/dist/httpd/Announcement2.4.html

+ OpenSSH 7.4 released
http://www.openssh.com/txt/release-7.4

+ OpenSSH Multiple Flaws Let Remote Authenticated Users Gain Elevated Privileges and Local Privileged Users Obtain Host Private Keys
http://www.securitytracker.com/id/1037490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10012

記者の眼
「セマネとか意味ない」という誤解はなぜ生まれたか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121600744/?ST=security&itp_list_theme

サイバー脅威に対抗する日米英~Borderless Cyber Asia 2016リポート
「国境を越えた情報共有でサイバー攻撃と対峙を」、日米英の政策キーマンが力説
http://itpro.nikkeibp.co.jp/atcl/column/16/121900306/121900001/?ST=security&itp_list_theme

2016年12月19日月曜日

19日 月曜日、先勝

+ squid 3.5.23 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.23-RELEASENOTES.html

+ Linux kernel 3.12.69 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.69

pgDay Asia 2017 is CFP is Open
https://www.postgresql.org/about/news/1723/

Registration for FOSDEM PGDay 2017 is now open!
https://www.postgresql.org/about/news/1724/

JVNDB-2016-000229 サイボウズ ガルーンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000229.html

JVNDB-2016-000228 サイボウズ ガルーンにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000228.html

JVNDB-2016-000227 サイボウズ ガルーンにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000227.html

JVNDB-2016-000226 サイボウズ ガルーンにおけるスペース機能の ToDo に関するアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000226.html

JVNDB-2016-000225 サイボウズ ガルーンにおけるマルチレポート機能の絞込に関するアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000225.html

JVNDB-2016-000224 サイボウズ ガルーンにおける RSS 機能の設定に関するアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000224.html

JVNDB-2016-000223 サイボウズ ガルーンにおける情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000223.html

JVNDB-2016-000222 サイボウズ ガルーンにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000222.html

JVNVU#90572729 McAfee Virus Scan Enterprise for Linux に複数の脆弱性
http://jvn.jp/vu/JVNVU90572729/

JVN#42070907 複数のソニー製ビデオ会議システムにおける認証不備の脆弱性
http://jvn.jp/jp/JVN42070907/

記者の眼
ついに成立した官民データ活用推進基本法は“2000個問題”を打ち破れるか
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121300740/?ST=security&itp_list_theme

情報セキュリティマネジメントSummit レポート
大成建設のCSIRTはダメージコントロールのための「消防団」
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/121600006/?ST=security&itp_list_theme

ニュース解説
NTTドコモからマイナンバーカード対応Androidスマホが登場
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121600736/?ST=security&itp_list_theme

米エバーノートがプライバシー規約改定を撤回、「中身を目視」に反発強く
http://itpro.nikkeibp.co.jp/atcl/news/16/121603773/?ST=security&itp_list_theme

Facebookが虚偽ニュース対策を試験運用、疑わしい記事に目印
http://itpro.nikkeibp.co.jp/atcl/news/16/121603765/?ST=security&itp_list_theme

2016年12月16日金曜日

16日 金曜日、仏滅

+ Wireshark 2.2.3, 2.0.9 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.3.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.9.html

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd

+ Linux kernel 4.8.15, 4.4.39 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.39

+ SA73977 Linux Kernel netfilter IPv6 Denial of Service Vulnerability
https://secunia.com/advisories/73977/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9755

+ macOS 10.12 XNU UaF due to lack of locking in set_dp_control_port
https://cxsecurity.com/issue/WLB-2016120090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7644

+ Microsoft Internet Explorer 9 IEFRAME CMarkup..RemovePointerPos Use-After-Free
https://cxsecurity.com/issue/WLB-2016120089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3143

+ Microsoft Internet Explorer 9 IEFRAME CMarkupPointer::MoveToGap Use-After-Free
https://cxsecurity.com/issue/WLB-2016120088

+ Microsoft Internet Explorer 9 MSHTML CMarkup::ReloadInCompatView Use-After-Free
https://cxsecurity.com/issue/WLB-2016120087

+ Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/94933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9588

JVNDB-2016-000246 複数のソニー製ビデオ会議システムにおける認証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000246.html

IoTウイルスの脅威
DNSサーバーを“水責め”、IoTウイルスの多様な攻撃
http://itpro.nikkeibp.co.jp/atcl/column/16/112900283/112900005/?ST=security&itp_list_theme

情報セキュリティマネジメントSummit レポート
伊藤忠商事がCERTを組織しトップガンを雇うまでになった内幕
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/121300005/?ST=security&itp_list_theme

記者の眼
「モラル違反は、法律違反より軽い」という勘違い
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/121400742/?ST=security&itp_list_theme

エルテスが不正究明ソフト「VizKey」を提供開始、セブン銀は不正利用口座の調査に活用
http://itpro.nikkeibp.co.jp/atcl/news/16/121503762/?ST=security&itp_list_theme

米Yahoo!、新たに10億人分のデータ流出判明
http://itpro.nikkeibp.co.jp/atcl/news/16/121503750/?ST=security&itp_list_theme

UPDATE: JVNVU#94858949 複数の NETGEAR 製ルータに脆弱性
http://jvn.jp/vu/JVNVU94858949/

2016年12月15日木曜日

15日 木曜日、先負

+ RHSA-2016:2946 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-2946.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905

+ TortoiseSVN 1.9.5 released
https://tortoisesvn.net/tsvn_1.9_releasenotes.html

+ About the security content of iCloud for Windows 6.1
https://support.apple.com/ja-jp/HT207424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7614

+ About the security content of Safari 10.0.2
https://support.apple.com/ja-jp/HT207421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7650

+ About the security content of iTunes 12.5.4 for Windows
https://support.apple.com/ja-jp/HT207427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7640
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7642
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7648
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7632

+ About the security content of macOS Sierra 10.12.2
https://support.apple.com/ja-jp/HT207423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8617
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7633
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7618
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7660

+ Linux kernel 4.9 released
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?id=refs/tags/v4.9

+ SA74000 Microsoft Windows "LoadUvsTable()" Integer Overflow Vulnerability
https://secunia.com/advisories/74000/

+ JVNVU#97133642 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97133642/index.html

+ JVNVU#98579581 McAfee VirusScan Enterprise for Windows における NULL ポインタ参照の脆弱性
http://jvn.jp/vu/JVNVU98579581/index.html

+ JVNVU#96226231 EpubCheck に XML 外部実体参照 (XXE) に関する脆弱性
http://jvn.jp/vu/JVNVU96226231/index.html

+ UPDATE: JVNVU#90572729 McAfee Virus Scan Enterprise for Linux に複数の脆弱性
http://jvn.jp/vu/JVNVU90572729/index.html

+ JVNVU#90937983 Adobe Flash Player における解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU90937983/index.html

+ JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

+ Apple macOS 10.12.2 Safari SSL handshake MiTM Memory Exhaustion
https://cxsecurity.com/issue/WLB-2016120076

+ Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS
https://cxsecurity.com/issue/WLB-2016100213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7636

+ McAfee Virus Scan Enterprise For Linux Remote Code Execution
https://cxsecurity.com/issue/WLB-2016120075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8025

情報セキュリティマネジメントSummit レポート
「セキュリティ担当者が幸せになるCSIRTを作りたい」、リクルート鴨志田氏
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/121300004/?ST=security&itp_list_theme

IoTウイルスの脅威
初期パスワードで不正ログイン、IoTウイルスの侵入手口
http://itpro.nikkeibp.co.jp/atcl/column/16/112900283/112900004/?ST=security&itp_list_theme

企業ネット実態調査2016
[企業ネット実態調査]標的型攻撃への対策が急拡大、上位ベンダーは同じ顔ぶれ
http://itpro.nikkeibp.co.jp/atcl/column/16/120500289/120500004/?ST=security&itp_list_theme

シリコンバレーNextレポート
ペネトレーションテストに新潮流、外部ハッカーに疑似攻撃を依頼
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/121400101/?ST=security&itp_list_theme

ANA国際線で一時チェックインが滞る、パスポート読み取りで不具合
http://itpro.nikkeibp.co.jp/atcl/news/16/121403745/?ST=security&itp_list_theme

大日本印刷、スマホのLEDライトだけで真贋判定できる新型ホログラムを発売
http://itpro.nikkeibp.co.jp/atcl/news/16/121403743/?ST=security&itp_list_theme

HASHコンサルティング、サポートが切れるRHEL 5/CentOS 5からの移行を支援
http://itpro.nikkeibp.co.jp/atcl/news/16/121403741/?ST=security&itp_list_theme

Flash Playerに危険な脆弱性、悪用した標的型攻撃が出現
http://itpro.nikkeibp.co.jp/atcl/news/16/121403735/?ST=security&itp_list_theme

IEやWindowsなどに「緊急」の脆弱性、一部は第三者が公表済み
http://itpro.nikkeibp.co.jp/atcl/news/16/121403732/?ST=security&itp_list_theme

2016年12月14日水曜日

14日 水曜日、友引

















+ 2016 年 12 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms16-dec

+ MS16-144 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3204059)
https://technet.microsoft.com/library/security/ms16-144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7287

+ MS16-145 - 緊急 Microsoft Edge 用の累積的なセキュリティ更新プログラム (3204062)
https://technet.microsoft.com/library/security/ms16-145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7281

+ MS16-146 - 緊急 Microsoft Graphics コンポーネント用のセキュリティ更新プログラム (3204066)
https://technet.microsoft.com/library/security/ms16-146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7273

+ MS16-147 - 緊急 Microsoft Uniscribe 用のセキュリティ更新プログラム (3204063)
https://technet.microsoft.com/library/security/ms16-147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7274

+ MS16-148 - 緊急 Microsoft Office 用のセキュリティ更新プログラム (3204068)
https://technet.microsoft.com/library/security/ms16-148
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7264
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7300

+ MS16-149 - 重要 Microsoft Windows 用のセキュリティ更新プログラム (3205655)
https://technet.microsoft.com/library/security/ms16-149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7292

+ MS16-150 - 重要 保護カーネル モード用のセキュリティ更新プログラム (3205642)
https://technet.microsoft.com/library/security/ms16-150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7271

+ MS16-151 - 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3205651)
https://technet.microsoft.com/library/security/ms16-151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7260

+ MS16-152 - 重要 Windows カーネル用のセキュリティ更新プログラム (3199709)
https://technet.microsoft.com/library/security/ms16-152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7258

+ MS16-153 - 重要 共通ログ ファイル システム ドライバーのセキュリティ更新プログラム (3207328)
https://technet.microsoft.com/library/security/ms16-153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7295

+ MS16-154 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3209498)
https://technet.microsoft.com/library/security/ms16-154

+ MS16-155 - 重要 .NET Framework 用のセキュリティ更新プログラム (3205640)
https://technet.microsoft.com/library/security/ms16-155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7270

+ Mozilla Firefox 50.1.0 released
https://www.mozilla.org/en-US/firefox/50.1.0/releasenotes/

+ MFSA2016-94 Security vulnerabilities fixed in Firefox 50.1
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9896
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893

+ APSB16-46 Security update available for RoboHelp
https://helpx.adobe.com/security/products/robohelp/apsb16-46.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7891

+ APSB16-45 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb16-45.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7889

+ APSB16-44 Security update available for ColdFusion Builder
https://helpx.adobe.com/security/products/coldfusion/apsb16-44.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7887

+ APSB16-43 Security updates available for InDesign
https://helpx.adobe.com/security/products/indesign/apsb16-43.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7886

+ APSB16-42 Security updates available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-42.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7885

+ APSB16-41 Security update available for the Adobe DNG Converter
https://helpx.adobe.com/security/products/dng-converter/apsb16-41.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7856

+ APSB16-40 Security updates available for Adobe Experience Manager Forms
https://helpx.adobe.com/security/products/aem-forms/apsb16-40.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6934

+ APSB16-39 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7867
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7874
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7875
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7878
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7892

+ APSB16-38 Security update available for Adobe Animate
https://helpx.adobe.com/security/products/animate/apsb16-38.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7866

+ About the security content of watchOS 3.1.1
https://support.apple.com/ja-jp/HT207426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626

+ About the security content of tvOS 10.1
https://support.apple.com/ja-jp/HT207425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626

+ About the security content of iOS 10.2
https://support.apple.com/ja-jp/HT207422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7664
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7597

+ VU#535111 McAfee VirusScan Enterprise for Windows is vulnerable to denial of service or code execution
https://www.kb.cert.org/vuls/id/535111

+ JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

+ JVNVU#93979172 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU93979172/index.html

+ JVNVU#90572729 McAfee Virus Scan Enterprise に複数の脆弱性
http://jvn.jp/vu/JVNVU90572729/index.html

+ PHP 7.0.13 Use After Free unserialize() PoC
https://cxsecurity.com/issue/WLB-2016120073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9936

+ Apache Tomcat NIO HTTP Connector Cache Bug Lets Remote Users Obtain Potentially Sensitive Information from Other User Requests
http://www.securitytracker.com/id/1037432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

+ PHP 'ext/wddx/wddx.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/94846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9935

+ PHP 'ext/standard/var.c' Incomplete Fix Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/94849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9936

+ PHP 'ext/wddx/wddx.c' NULL pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/94845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934

+ Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

VU#779243 EpubCheck 4.0.1 contains a XML external entity processing vulnerability
https://www.kb.cert.org/vuls/id/779243

JVNDB-2016-000245 Apache ActiveMQ におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000245.html

Elite x3は本当に「ビジネスモバイル」か?
スマートフォンがWindowsなら同じActive Directoryで認証できる
http://itpro.nikkeibp.co.jp/atcl/column/16/120600292/121200004/?ST=security&itp_list_theme

IoTウイルスの脅威
ハニーポットで判明、IoTウイルスの恐るべき挙動
http://itpro.nikkeibp.co.jp/atcl/column/16/112900283/112900003/?ST=security&itp_list_theme

マイナンバーカード管理システムの不具合、5社コンソーシアムに損害賠償計1億9450万円を請求
http://itpro.nikkeibp.co.jp/atcl/news/16/121303716/?ST=security&itp_list_theme

2016年12月13日火曜日

13日 火曜日、先勝

+ VU#245327 McAfee Virus Scan Enterprise contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/245327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8025

+ CentOS 7-1611 released
https://arrfab.net/posts/2016/Nov/25/zabbix-selinux-and-centos-731611/

+ SA74240 Apache Tomcat NIO HTTP Connector Information Disclosure Vulnerability
https://secunia.com/advisories/74240/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

+ HS16-031 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478

+ HS16-030 DoS Vulnerability in JP1/Performance Management
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-030/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ HS16-031 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-031/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478

+ HS16-030 JP1/Performance ManagementにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-030/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

+ MySQL 5.7.17, 5.6.35, 5.5.54 released
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-17.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-35.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-54.html

+ Apple iOS/tvOS/watchOS Remote memory corruption through certificate
https://cxsecurity.com/issue/WLB-2016110046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626

+ Opera 41.0.2353.69 Carriage Return Null Object Memory Exhaustion
https://cxsecurity.com/issue/WLB-2016120062

JVNDB-2016-000244 サイボウズ デヂエにおける DBM ファイルの削除に関するアクセス制限不備
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000244.html

JVNDB-2016-000243 サイボウズ デヂエにおける DBM ファイルの取得に関するアクセス制限不備
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000243.html

JVNVU#94858949 複数の NETGEAR 製ルータにコマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU94858949/index.html

JVN#16781735 サイボウズ デヂエにおける複数のアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN16781735/index.html

JVNVU#96676747 ForeScout CounterACT SecureConnector エージェントに権限昇格の脆弱性
http://jvn.jp/vu/JVNVU96676747/index.html

情報セキュリティマネジメントSummit レポート
「有事に最適な対応をするにはCSIRTを作る必要があった」、JCB齋藤氏
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/121200003/?ST=security&itp_list_theme

IoTウイルスの脅威
IoTウイルスはTELNETで感染を広げる
http://itpro.nikkeibp.co.jp/atcl/column/16/112900283/112900002/?ST=security&itp_list_theme

Elite x3は本当に「ビジネスモバイル」か?
スマートフォンで安全にWindowsアプリを操作する方法とは
http://itpro.nikkeibp.co.jp/atcl/column/16/120600292/120600002/?ST=security&itp_list_theme

SMBCと三井住友カード、顔認証で社員食堂の決済を行う実証実験
http://itpro.nikkeibp.co.jp/atcl/news/16/121203704/?ST=security&itp_list_theme

2016年12月12日月曜日

12日 月曜日、赤口

+ Linux kernel 4.8.14, 4.4.38 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.38

+ SA74140 Linux Kernel "icmp6_send()" Denial of Service Vulnerability
https://secunia.com/advisories/74140/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9919

+ SA74131 Linux Kernel "blk_rq_map_user_iov()" Vulnerability
https://secunia.com/advisories/74131/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9576

+ Apache Tomcat 8.5.9 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.9_(markt)

+ PHP 5.6.29 Released
http://www.php.net/ChangeLog-5.php#5.6.29

+ Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
https://cxsecurity.com/issue/WLB-2016120050

VU#582384 Multiple Netgear routers are vulnerable to arbitrary command injection
https://www.kb.cert.org/vuls/id/582384

JVNVU#99577809 PHP FormMail Generator で作成した PHP コードに複数の脆弱性
http://jvn.jp/vu/JVNVU99577809/

リンクス、iOS機器とUSB搭載システム間でデータ交換できるデバイス
http://itpro.nikkeibp.co.jp/atcl/news/16/120903692/?ST=security&itp_list_theme

IoT機器から600Gbpsを超えるDDoS攻撃
http://itpro.nikkeibp.co.jp/atcl/column/16/112900283/112900001/?ST=security&itp_list_theme

情報セキュリティマネジメントSummit レポート
「一般企業のCSIRTは自衛消防隊レベルを目指せ」、ANAシステムズ阿部氏
http://itpro.nikkeibp.co.jp/atcl/column/16/120800293/120900001/?ST=security&itp_list_theme

ニュース解説
WELQ問題、専門家に聞く「コピペに加筆しても著作権侵害の可能性」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120900732/?ST=security&itp_list_theme

ニュース解説
DeNA「WELQ騒動」の余波と教訓、一般企業へ波及も、コンテンツマーケティングが焦点
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120900730/?ST=security&itp_list_theme

2016年12月9日金曜日

9日 金曜日、先負

+ UPDATE: Cisco IOS and IOS XE Software IPv6 First Hop Security Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-fhs

+ Linux kernel 4.8.13, 4.4.37 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.37

+ PHP 7.0.14 Released
http://www.php.net/ChangeLog-7.php#7.0.14

+ Microsoft Remote Desktop Client for Mac Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037405

+ Linux Kernel packet_set_ring() Race Condition Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1037403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655

+ OpenSSH 7.2 Denial Of Service
https://cxsecurity.com/issue/WLB-2016120047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6515

VU#494015 PHP FormMail Generator generates code with multiple vulnerabilities
https://www.kb.cert.org/vuls/id/494015

青木恵美の信州ITラプソディ
MVNOの特定サービス無料、使用状況が読み取られる危険はないのか
http://itpro.nikkeibp.co.jp/atcl/column/16/042700098/120800017/?ST=security&itp_list_theme

シマンテックが2017年のセキュリティ予測、RAMに書き込む「ファイルレス感染」に注意
http://itpro.nikkeibp.co.jp/atcl/news/16/120803680/?ST=security&itp_list_theme

認証技術「FIDO」の国内普及を推進、NTTドコモや三菱東京UFJ銀行らが新団体を発足
http://itpro.nikkeibp.co.jp/atcl/news/16/120803673/?ST=security&itp_list_theme

JVNVU#96676747 ForeScout CounterACT SecureConnector エージェントに権限昇格の脆弱性
http://jvn.jp/vu/JVNVU96676747/

UPDATE: JVNVU#91242711 BSD libc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91242711/

UPDATE: JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/

2016年12月8日木曜日

8日 木曜日、友引

+ Zabbix 3.2.2, 3.0.6, 2.2.16 released
http://www.zabbix.com/rn3.2.2
http://www.zabbix.com/rn3.0.6
http://www.zabbix.com/rn2.2.16

+ CESA-2016:2850 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/708337/

+ CESA-2016:2872 Moderate CentOS 6 sudo Security Update
https://lwn.net/Alerts/708335/

+ CESA-2016:2850 Important CentOS 5 thunderbird Security Update
https://lwn.net/Alerts/708336/

+ UPDATE: Cisco Email Security Appliance Content Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa

+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ UPDATE: Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2

+ Cisco Web Security Appliance Drop Decrypt Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9212

+ Cisco Web Security Appliance HTTP URL Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-wsa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6469

+ Cisco Firepower Management Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-vdc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6471

+ Cisco Unified Communications Manager IM and Presence Service Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6464

+ Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-pca
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9200

+ Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9214

+ Cisco Identity Services Engine Active Directory Integration Component Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9198

+ Cisco IOS XR Software Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9215

+ Cisco IOS and Cisco IOS XE Software Zone-Based Firewall Feature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-zbf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9201

+ Cisco IOS XR Software HTTP 2.0 Request Handling Event Service Daemon Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9205

+ Cisco IOS and IOS XE Software SSH X.509 Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios-xe-x509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6474

+ Cisco IOS Frame Forwarding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6473

+ Cisco Intercloud Fabric Director Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9204

+ Cisco Hybrid Media Service Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-hms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6470

+ Cisco FirePOWER Malware Protection Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fpwr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9209

+ Cisco Firepower Management Center and Cisco FireSIGHT System Software Malicious Software Detection Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-firepower
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9193

+ Cisco FireAMP Connector Endpoint Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-fireamp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6449

+ Cisco Expressway Series Software Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-expressway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9207

+ Cisco Email Security Appliance SMTP Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-esa1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9202

+ Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9210

+ Cisco Unified Communications Manager Administration Page Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9206

+ Cisco ONS 15454 Series Multiservice Provisioning Platforms TCP Port Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cons
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9211

+ Cisco Emergency Responder Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9208

+ Cisco Emergency Responder Cross-Site Request Forgery Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6468

+ Cisco IOx Application-Hosting Framework Directory Traversal Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-caf
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9199

+ Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1411

+ Cisco ASR 5000 Series IKEv2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9203

+ Cisco ASR 5000 Series IPv6 Packet Processing Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6467

+ Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9192

+ Samba 4.5.2 Available for Download
https://www.samba.org/samba/history/samba-4.5.2.html

+ JVNVU#91242711 BSD libc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91242711/

+ FreeBSD/Apple libc link_ntoa() buffer overflow
https://cxsecurity.com/issue/WLB-2016120046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6559

+ Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) AF_PACKET Race Condition Privilege Escalation
https://cxsecurity.com/issue/WLB-2016120045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655

+ Microsoft Windows 10 x86/x64 WLAN AutoConfig Named Pipe Proof Of Concept
https://cxsecurity.com/issue/WLB-2016120041

+ Microsoft Edge CBase-Scriptable::Private-Query-Interface Memory Corruption
https://cxsecurity.com/issue/WLB-2016120039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3222

+ Microsoft PowerShell XXE Injection
https://cxsecurity.com/issue/WLB-2016120038

+ Sony IPELA ENGINE IP Cameras Backdoor Accounts
https://cxsecurity.com/issue/WLB-2016120036

VU#768331 ForeScout CounterACT SecureConnector agent is vulnerable to privilege escalation
https://www.kb.cert.org/vuls/id/768331

JVNDB-2016-000242 Sleipnir for Mac におけるアドレス表示偽装の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000242.html

JVNVU#91760870 SunGard eTRAKiT に SQL インジェクションの脆弱性
http://jvn.jp/vu/JVNVU91760870/

JVNVU#99901500 三菱電機 MELSEC-Q シリーズの Ethernet インターフェースモジュールに複数の脆弱性
http://jvn.jp/vu/JVNVU99901500/

JVN#28151745 Sleipnir for Mac におけるアドレス表示偽装の脆弱性
http://jvn.jp/jp/JVN28151745/

JVNVU#96435227 ソニー製の複数のネットワークカメラ製品に脆弱性
http://jvn.jp/vu/JVNVU96435227/

OSSのAPI管理ソフト「Kong」が日本でのサポート開始
http://itpro.nikkeibp.co.jp/atcl/news/16/120703665/?ST=security&itp_list_theme

カスペルスキー、特定環境下でしか動かないマルウエアを報告
http://itpro.nikkeibp.co.jp/atcl/news/16/120703664/?ST=security&itp_list_theme

IBMが「Watsonでサイバー防御」のベータ運用開始、三井住友銀行が参加
http://itpro.nikkeibp.co.jp/atcl/news/16/120703660/?ST=security&itp_list_theme

ソフトバンク、インターネット接続サービスでマルウエアブロッキングを開始
http://itpro.nikkeibp.co.jp/atcl/news/16/120703659/?ST=security&itp_list_theme

三井住友銀行、セキュリティー人材の育成でNECと協業
http://itpro.nikkeibp.co.jp/atcl/news/16/120703657/?ST=security&itp_list_theme

2016年12月7日水曜日

7日 水曜日、先勝









+ RHSA-2016:2872 Moderate: sudo security update
https://rhn.redhat.com/errata/RHSA-2016-2872.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076

+ VU#548487 BSD libc contains a buffer overflow vulnerability
https://www.kb.cert.org/vuls/id/548487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6559

+ FreeBSD-SA-16:38.bhyve bhyve(8) virtual machine escape
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1889

+ FreeBSD-SA-16:37.libc link_ntoa(3) buffer overflow
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:37.libc.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6559

+ FreeBSD-SA-16:36.telnetd Possible login(1) argument injection in telnetd(8)
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1888

+ SA74058 Google Nexus Multiple Vulnerabilities
https://secunia.com/advisories/74058/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6768

+ SA74097 Android Multiple Vulnerabilities
https://secunia.com/advisories/74097/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6768

+ SA74017 Linux Kernel "packet_set_ring()" Race Condition Vulnerability
https://secunia.com/advisories/74017/
VE-2016-8655

+ JVNVU#92900492 Android アプリ「株式会社三菱東京UFJ銀行」に SSL/TLS ダウングレード攻撃が可能となる脆弱性
http://jvn.jp/vu/JVNVU92900492/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7812

+ JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/index.html

+ Apache HTTPD Web Server 2.4.23 Memory Exhaustion
https://cxsecurity.com/issue/WLB-2016120034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

+ Linux Kernel CVE-2015-8967 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/94680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8967

+ Linux Kernel CVE-2015-8966 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/94673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8966

+ Linux Kernel CVE-2016-9120 Local Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/94669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9120

VU#846103 Sungard eTRAKiT3 may be vulnerable to SQL injection
https://www.kb.cert.org/vuls/id/846103

エンカレッジ・テクノロジ、画像化によるファイル無害化ソフトを販売
http://itpro.nikkeibp.co.jp/atcl/news/16/120603648/?ST=security&itp_list_theme

顔認証でテレワーク管理、キヤノンITソリューションズが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/16/120103596/?ST=security&itp_list_theme

2016年12月6日火曜日

6日 火曜日、赤口

+ RHSA-2016:2850 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2016-2850.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ CESA-2016:2843 Critical CentOS 5 firefox Security Update
https://lwn.net/Alerts/708093/

+ CESA-2016:2843 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/708094/

+ phpMyAdmin 4.6.5.2 is released
https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl

+ SA74015 Linux Kernel "snd_pcm_period_elapsed()" Use-After-Free Vulnerability
https://secunia.com/advisories/74015/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9794

+ SA74085 Apache HTTP Server Multiple Vulnerabilities
https://secunia.com/advisories/74085/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

+ SA74065 Linux Kernel "mpi_powm()" Denial of Service Vulnerability
https://secunia.com/advisories/74065/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8650

+ HTTP/2 CONTINUATION denial of service
http://httpd.apache.org/security/vulnerabilities_24.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

+ Apache HTTPD HTTP/2 Header Processing Lets Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1037388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

+ Apache Struts CVE-2016-8738 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8738

+ Linux Kernel 'sound/core/pcm_lib.c' Local Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/94654

+ Linux Kernel CVE-2016-9806 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94653

+ Linux Kernel 'net/core/sock.c' Multiple Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/94655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9793

+ Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740

6つのポイントを徹底図解「脆弱性 解体新書」
脆弱性があっても被害を防ぐ「DEP」「ASLR」を巡る攻防
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800006/?ST=security&itp_list_theme

編集長の眼
「セキュリティ人材は引っぱりだこ」は本当か?
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/120200011/?ST=security&itp_list_theme

トレンドマイクロが2万円を切る家庭用IPS、スマート家電へのサイバー攻撃を防ぐ
http://itpro.nikkeibp.co.jp/atcl/news/16/120503626/?ST=security&itp_list_theme

「次世代スパコンはARMコアで実現される」、英ARMが解説
http://itpro.nikkeibp.co.jp/atcl/news/16/120403617/?ST=security&itp_list_theme

2016年12月5日月曜日

5日 月曜日、大安

+ CESA-2016:2825 Important CentOS 5 thunderbird Security Update
https://lwn.net/Alerts/707970/

+ CESA-2016:2825 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/707969/

+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl

+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd

+ Linux kernel 4.8.12, 4.4.36 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.36

+ SA74051 Apache Struts URLValidator Denial of Service Vulnerability
https://secunia.com/advisories/74051/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8738

+ S2-044 Possible DoS attack when using URLValidator
http://struts.apache.org/docs/s2-044.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8738

+ Dovecot 2.2.27 released
http://www.dovecot.org/

+ PHP 7.1.0 Released
http://php.net/archive/2016.php#id2016-12-01-3

+ Apple iOS Buffer Overflow Lets Local Users Bypass Activation Lock and Passcode Security Controls
http://www.securitytracker.com/id/1037386

+ Microsoft Authorization Manager "azman" XML External Entity
https://cxsecurity.com/issue/WLB-2016120021

+ Microsoft Excel Starter 2010 XML External Entity
https://cxsecurity.com/issue/WLB-2016120020

+ Microsoft Windows Media Center "ehshell.exe" XML External Entity
https://cxsecurity.com/issue/WLB-2016120019

+ Linux Kernel 'lapic.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/94640

+ Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
http://www.securityfocus.com/bid/94639
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8652

+ Microsoft Windows UAC Protection Security Bypass Vulnerability
http://www.securityfocus.com/bid/94634

JVNDB-2016-000241 WNC01WH における POST リクエストの処理に起因するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000241.html

JVNDB-2016-000240 WNC01WH におけるコマンドの処理に起因するディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000240.html

JVNDB-2016-000239 WNC01WH におけるデバッグオプションを有効化される脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000239.html

JVNDB-2016-000238 WNC01WH におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000238.html

JVNDB-2016-000237 WNC01WH におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000237.html

JVNDB-2016-000236 WNC01WH におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000236.html

6つのポイントを徹底図解「脆弱性 解体新書」
パッチや定義ファイルをいかに早く作り、迅速に提供するか
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800005/?ST=security&itp_list_theme

ソフトバンク傘下で人員倍増「IoTエコシステムを作る」、英ARM副社長
http://itpro.nikkeibp.co.jp/atcl/news/16/120203615/?ST=security&itp_list_theme

[続報]子会社の42万人分の情報漏えいで資生堂副社長が陳謝
http://itpro.nikkeibp.co.jp/atcl/news/16/120203608/?ST=security&itp_list_theme

日立システムズ、京葉銀行の勘定系端末にホワイトリスト型ウイルス対策ソフトを導入
http://itpro.nikkeibp.co.jp/atcl/news/16/120203606/?ST=security&itp_list_theme

資生堂子会社で個人情報流出の疑い、最大42万件 脆弱性突かれる
http://itpro.nikkeibp.co.jp/atcl/news/16/120203605/?ST=security&itp_list_theme

JVN#40613060 WNC01WH における複数の脆弱性
http://jvn.jp/jp/JVN40613060/index.html

2016年12月2日金曜日

2日 金曜日、友引

+ RHSA-2016:2843 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2016-2843.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ Google Chrome 55.0.2883.75 released
https://googlechromereleases.blogspot.jp/2016/12/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5217
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5218
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9652

+ SA73888 Linux Kernel "xfs_attr_shortform_list()" and "xfs_attr3_leaf_list_int()" Memory Leak Denial of Service Vulnerabilities
https://secunia.com/advisories/73888/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9685

+ SA73876 Linux Kernel "sctp_sf_ootb()" Denial of Service Vulnerability
https://secunia.com/advisories/73876/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555

+ SA73471 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/73471/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ JVNVU#93847769 Mozilla Firefox における解放済みメモリ使用 (use-after-free) の脆弱性
http://jvn.jp/vu/JVNVU93847769/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ Linux Kernel 'IPv6 Implementation' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/94626

+ Linux Kernel 'kvm/emulate.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/94615

JVNDB-2016-000233 日本年金機構製の複数のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000233.html

6つのポイントを徹底図解「脆弱性 解体新書」
「ファジング」「報奨金」――、脆弱性を見つける方法はこんなにある
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800004/?ST=security&itp_list_theme

インタビュー&トーク
脅威はIoTにも広がる、必要なのは統合型の対策だ
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/113000293/?ST=security&itp_list_theme

「アカウントがロックされます!」、Apple IDを狙う偽メールに注意
http://itpro.nikkeibp.co.jp/atcl/news/16/120103584/?ST=security&itp_list_theme

日本年金機構が提供するソフトのインストーラーに脆弱性、最新版では解消
http://itpro.nikkeibp.co.jp/atcl/news/16/120103586/?ST=security&itp_list_theme

Androidマルウエア「Gooligan」、100万超のGoogleアカウントが被害に
http://itpro.nikkeibp.co.jp/atcl/news/16/120103574/?ST=security&itp_list_theme

JVN#08868688 日本年金機構製の複数のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN08868688/

2016年12月1日木曜日

1日 木曜日、先勝

+ Mozilla Firefox 50.0.2 released
https://www.mozilla.org/en-US/firefox/50.0.2/releasenotes/

+ MFSA2016-92 Firefox SVG Animation Remote Code Execution
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ Moziila Thunderbird 45.5.1 released
https://www.mozilla.org/en-US/thunderbird/45.5.1/releasenotes/

+ VU#791496 Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability
https://www.kb.cert.org/vuls/id/791496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ Linux kernel 4.1.36, 3.18.45 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.36
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.45

+ SA73471 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/73471/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ SA73948 Mozilla Firefox / Firefox ESR SVG Animation Use-After-Free Vulnerability
https://secunia.com/advisories/73948/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

+ UPDATE: JVNVU#99531229 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU99531229/index.html

+ JVN#25059363 アイ・オー・データ製の複数のネットワークカメラ製品に複数の脆弱性
http://jvn.jp/jp/JVN25059363/index.html

+ Mozilla Firefox JavaScript Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037370

+ Apache Subversion XML External Entity Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1037361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734

+ Google Chrome Accessibility blink::Node Corruption
https://cxsecurity.com/issue/WLB-2016110243

+ 「Tera Term」v4.93、メモリリークの問題を修正 ほか
http://forest.watch.impress.co.jp/docs/digest/1032608.html

+ Linux Kernel CVE-2016-9685 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/94593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9685

+ Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
http://www.securityfocus.com/bid/94588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734

JVNDB-2016-000235 アイ・オー・データ製の複数のネットワークカメラ製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000235.html

JVNDB-2016-000234 アイ・オー・データ製の複数のネットワークカメラ製品における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-000234.html

チェック・ポイント、長期間セキュリティパッチを適用できないスマホの危険性を指摘
http://itpro.nikkeibp.co.jp/atcl/news/16/113003571/?ST=security&itp_list_theme

キヤノンMJがNECの顔認証ソフト「NeoFace」を搭載できる映像システム
http://itpro.nikkeibp.co.jp/atcl/news/16/113003572/?ST=security&itp_list_theme

6つのポイントを徹底図解「脆弱性 解体新書」
脆弱性を生じさせない開発体制をいかに整えるか、ベンダーの実態は
http://itpro.nikkeibp.co.jp/atcl/column/16/112800281/112800003/?ST=security&itp_list_theme

TCSI、秘密分散法で大容量ファイルを安全に送受信するサービス
http://itpro.nikkeibp.co.jp/atcl/news/16/113003570/?ST=security&itp_list_theme

日本にも「Mirai」ウイルス感染のIoT機器、Rapid7がハニーポットで観測
http://itpro.nikkeibp.co.jp/atcl/news/16/113003564/?ST=security&itp_list_theme

三菱重工とNTT、制御システム向けサイバー攻撃対策装置を試作
http://itpro.nikkeibp.co.jp/atcl/news/16/113003563/?ST=security&itp_list_theme

「講習費用は3年間で14万円」、情報処理安全確保支援士の詳細が明らかに
http://itpro.nikkeibp.co.jp/atcl/news/16/113003559/?ST=security&itp_list_theme