+ PostgreSQL ODBC Driver 10.01.0000 released
https://www.postgresql.org/ftp/odbc/versions/msi/
2017年12月28日木曜日
2017年12月27日水曜日
27日 水曜日、友引
+ JVNVU#98736894 InterScan Messaging Security Virtual Appliance における複数の脆弱性
http://jvn.jp/vu/JVNVU98736894/index.html
CVE-2017-11391
CVE-2017-11392
kopsを使ってKubernetesクラスタをAWS上で構成
https://aws.amazon.com/jp/blogs/news/configure-kubernetes-cluster-on-aws-by-kops/
記者の眼
マイナンバー制度の安全性阻む「形だけの電子化」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122200984/?ST=security&itp_list_theme
2017年12月26日火曜日
26日 火曜日、先勝
+ Mozilla Thunderbird 52.5.2 released
https://www.mozilla.org/en-US/thunderbird/52.5.2/releasenotes/
+ Mozilla Foundation Security Advisory 2017-30 Security vulnerabilities fixed in Thunderbird 52.5.2
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
CVE-2017-7845
CVE-2017-7846
CVE-2017-7847
CVE-2017-7848
CVE-2017-7829
+ VMware Workstation 14.1.0 Player released
https://docs.vmware.com/en/VMware-Workstation-Player/14.0.0/rn/player-141-release-notes.html
+ Linux kernel 4.14.9, 4.9.72, 4.4.108, 3.18.90 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.108
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.90
4 つの新しいリージョン (北京、フランクフルト、シンガポール、ムンバイ) で AWS Deep Learning AMI の提供を開始
https://aws.amazon.com/jp/blogs/news/aws-deep-learning-amis-now-available-in-4-new-regions-beijing-frankfurt-singapore-and-mumbai/
AWS CodePipelineとAmazon ECSを使って継続的デリバリパイプラインを設定する
https://aws.amazon.com/jp/blogs/news/set-up-a-continuous-delivery-pipeline-for-containers-using-aws-codepipeline-and-amazon-ecs/
Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/detecting-reflective-dll-loading-with-windows-defender-atp/
Windows Defender Advanced Threat Protection の機械学習: 未知の侵入アクティビティの検出
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity/
未更新のシステム脆弱性を狙う WannaCrypt ランサムウェア
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/wannacrypt_ransomware_worm_targets_out-of-date_systems/
JVN#45494523 MQTT.js における PUBLISH パケットの扱いに関する問題
http://jvn.jp/jp/JVN45494523/
ニュース解説
IPAもびっくり、セキュリティ意識調査で見えたモラルハザード
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122001252/?ST=security&itp_list_theme
https://www.mozilla.org/en-US/thunderbird/52.5.2/releasenotes/
+ Mozilla Foundation Security Advisory 2017-30 Security vulnerabilities fixed in Thunderbird 52.5.2
https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/
CVE-2017-7845
CVE-2017-7846
CVE-2017-7847
CVE-2017-7848
CVE-2017-7829
+ VMware Workstation 14.1.0 Player released
https://docs.vmware.com/en/VMware-Workstation-Player/14.0.0/rn/player-141-release-notes.html
+ Linux kernel 4.14.9, 4.9.72, 4.4.108, 3.18.90 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.72
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.108
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.90
4 つの新しいリージョン (北京、フランクフルト、シンガポール、ムンバイ) で AWS Deep Learning AMI の提供を開始
https://aws.amazon.com/jp/blogs/news/aws-deep-learning-amis-now-available-in-4-new-regions-beijing-frankfurt-singapore-and-mumbai/
AWS CodePipelineとAmazon ECSを使って継続的デリバリパイプラインを設定する
https://aws.amazon.com/jp/blogs/news/set-up-a-continuous-delivery-pipeline-for-containers-using-aws-codepipeline-and-amazon-ecs/
Windows Defender Advanced Threat Protection で反射型の DLL 読み込みを検出
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/detecting-reflective-dll-loading-with-windows-defender-atp/
Windows Defender Advanced Threat Protection の機械学習: 未知の侵入アクティビティの検出
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/windows-defender-atp-machine-learning-detecting-new-and-unusual-breach-activity/
未更新のシステム脆弱性を狙う WannaCrypt ランサムウェア
https://blogs.technet.microsoft.com/jpsecurity/2017/12/25/wannacrypt_ransomware_worm_targets_out-of-date_systems/
JVN#45494523 MQTT.js における PUBLISH パケットの扱いに関する問題
http://jvn.jp/jp/JVN45494523/
ニュース解説
IPAもびっくり、セキュリティ意識調査で見えたモラルハザード
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122001252/?ST=security&itp_list_theme
2017年12月25日月曜日
25日 月曜日、赤口
+ phpMyAdmin 4.7.7 is released
https://www.phpmyadmin.net/news/2017/12/23/phpmyadmin-477-released/
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ Samba 4.7.4 Available for Download
https://www.samba.org/samba/history/samba-4.7.4.html
+ SA80664 VMware Workstation / Player EMF EMR_SMALLTEXTOUT Record Handling Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/80664/
CVE-2016-7082
JVN#60695371 Music Center for PC のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN60695371/index.html
JVN#95423049 コンテンツ管理アシスタント for PlayStation のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN95423049/index.html
ニュース解説
経産省のセキュリティ経営ガイドライン、付録はオマケじゃない
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121901250/?ST=security&itp_list_theme
今日も誰かが狙われる
企業を狙う振り込め詐欺、セキュリティ製品で防げるか
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/122100012/?ST=security&itp_list_theme
ITpro Report
大規模漏洩事件を受け大学のセキュリティに関心集まる、AXIES2017年年次大会
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/122100305/?ST=security&itp_list_theme
2017年アクセスランキング
[セキュリティ]WannaCryやリスト型攻撃の猛威、覆される常識
http://itpro.nikkeibp.co.jp/atcl/column/17/120700565/122000009/?ST=security&itp_list_theme
総務省が上場企業のサイバー対策開示の指針策定へ、開示で保険料優遇も検討
http://itpro.nikkeibp.co.jp/atcl/news/17/122202912/?ST=security&itp_list_theme
2017年12月22日金曜日
22日 金曜日、先負
+ PDFCreator 3.1.0 Release
http://www.pdfforge.org/blog/pdfcreator-310-release
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
+ UPDATE: JVNVU#92256772 Apache HTTP Web Server における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92256772/index.html
+ UPDATE: JVNVU#95549222 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU95549222/index.html
+ UPDATE: JVNVU#90017300 OpenSSL にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU90017300/index.html
+ UPDATE: JVNVU#93384765 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93384765/index.html
+ UPDATE: JVNVU#99304449 Apache HTTP Web Server 2.4 における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99304449/index.html
+ UPDATE: JVNVU#91242711 BSD libc にバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91242711/index.html
+ UPDATE: JVNVU#99531229 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU99531229/index.html
+ UPDATE: JVNVU#92930223 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92930223/index.html
+ UPDATE: JVNVU#98667810 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU98667810/index.html
+ Linux >=4.9 eBPF memory corruption bugs
https://cxsecurity.com/issue/WLB-2017120167
CVE-2017-16995
CVE-2017-16996
+ Microsoft Windows Kernel NtQueryVirtualMemory MemoryMappedFilenameInformation Double-Write Ring-0
https://cxsecurity.com/issue/WLB-2017120162
【開催報告】IVS CTO Night and Day 2017 Winter powered by AWS
https://aws.amazon.com/jp/blogs/news/ivs-cto-night-day-2017-winter/
Amazon EC2 C5 インスタンスと BigDL を使用してディープラーニングに低精度と量子化を使用
https://aws.amazon.com/jp/blogs/news/leveraging-low-precision-and-quantization-for-deep-learning-using-the-amazon-ec2-c5-instance-and-bigdl/
UPDATE: JVNVU#95530052 Infineon 製 RSA ライブラリが RSA 鍵ペアを適切に生成しない問題
http://jvn.jp/vu/JVNVU95530052/index.html
UPDATE: JVNVU#93453933 Dnsmasq に複数の脆弱性
http://jvn.jp/vu/JVNVU93453933/index.html
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/index.html
UPDATE: JVNTA#94087669 細工された PDF による情報詐取について
http://jvn.jp/ta/JVNTA94087669/index.html
東京海上の代理店が利用していたメールサービスから約5400人分の顧客情報が漏洩
http://itpro.nikkeibp.co.jp/atcl/news/17/122102903/?ST=security&itp_list_theme
スカイマークにも振り込め詐欺、1度信じたが金銭被害は免れる、ANAは「メールは確認されていない」
http://itpro.nikkeibp.co.jp/atcl/news/17/122102902/?ST=security&itp_list_theme
2017年12月21日木曜日
21日 木曜日、友引
+ Linux kernel 4.14.8, 4.9.71, 4.4.107, 3.18.89 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.89
+ Samba 4.6.12 Available for Download
https://www.samba.org/samba/history/samba-4.6.12.html
ニュース解説
JALが「信じ込んでしまった」手口とは、振り込め詐欺で3.8億円被害
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122001256/?ST=security&itp_list_theme
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.89
+ Samba 4.6.12 Available for Download
https://www.samba.org/samba/history/samba-4.6.12.html
ニュース解説
JALが「信じ込んでしまった」手口とは、振り込め詐欺で3.8億円被害
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122001256/?ST=security&itp_list_theme
2017年12月20日水曜日
20日 水曜日、先勝
+ Microsoft Windows Array.sort jscript.dll Heap Overflow
https://cxsecurity.com/issue/WLB-2017120139
CVE-2017-11907
+ Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
https://cxsecurity.com/issue/WLB-2017120138
CVE-2017-11906
+ Windows jscript!NameTbl::GetValDef Use-After-Free
https://cxsecurity.com/issue/WLB-2017120137
CVE-2017-11903
+ Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
https://cxsecurity.com/issue/WLB-2017120136
CVE-2017-11793
+ WIndows jscript!JsArraySlice Uninitialized Variable
https://cxsecurity.com/issue/WLB-2017120135
CVE-2017-11855
SAP Hybris CommerceのデータベースとしてAmazon AuroraがSAP認定を取得
https://aws.amazon.com/jp/blogs/news/amazon-aurora-database-now-certified-for-sap-hybris-commerce/
Announcing the release of E-Maj 2.2.0
https://www.postgresql.org/about/news/1817/
JVN#93333702 OneThird CMS におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN93333702/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/
ニュース解説
2018年のセキュリティ脅威予測、破壊的攻撃や敵対的AIが企業を襲う
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121901249/?ST=security&itp_list_theme
「山と渓谷」サイトに不正アクセス、1160件の個人情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/121902889/?ST=security&itp_list_theme
「ログインの約7割がボットネットのなりすまし」、アカマイが調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121902885/?ST=security&itp_list_theme
https://cxsecurity.com/issue/WLB-2017120139
CVE-2017-11907
+ Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
https://cxsecurity.com/issue/WLB-2017120138
CVE-2017-11906
+ Windows jscript!NameTbl::GetValDef Use-After-Free
https://cxsecurity.com/issue/WLB-2017120137
CVE-2017-11903
+ Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free
https://cxsecurity.com/issue/WLB-2017120136
CVE-2017-11793
+ WIndows jscript!JsArraySlice Uninitialized Variable
https://cxsecurity.com/issue/WLB-2017120135
CVE-2017-11855
SAP Hybris CommerceのデータベースとしてAmazon AuroraがSAP認定を取得
https://aws.amazon.com/jp/blogs/news/amazon-aurora-database-now-certified-for-sap-hybris-commerce/
Announcing the release of E-Maj 2.2.0
https://www.postgresql.org/about/news/1817/
JVN#93333702 OneThird CMS におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/jp/JVN93333702/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/
ニュース解説
2018年のセキュリティ脅威予測、破壊的攻撃や敵対的AIが企業を襲う
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121901249/?ST=security&itp_list_theme
「山と渓谷」サイトに不正アクセス、1160件の個人情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/121902889/?ST=security&itp_list_theme
「ログインの約7割がボットネットのなりすまし」、アカマイが調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121902885/?ST=security&itp_list_theme
2017年12月19日火曜日
19日 火曜日、赤口
+ RHSA-2017:3479 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:3479
CVE-2017-15429
+ Selenium IE Driver Server 3.8.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
アジアパシフィック (ムンバイ) リージョンで Amazon EC2 の料金を値下げしました
https://aws.amazon.com/jp/blogs/news/amazon-ec2-price-reduction-in-the-asia-pacific-mumbai-region/
Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに
https://blogs.technet.microsoft.com/jpsecurity/2017/12/18/making-microsoft-edge-the-most-secure-browser-with-windows-defender-application-guard/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/
JVN#84182676 H2O における複数の脆弱性
http://jvn.jp/jp/JVN84182676/
ガイアックスがマイナンバーカード使う本人確認アプリ、仮想通貨口座の即時開設も可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/121802882/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3479
CVE-2017-15429
+ Selenium IE Driver Server 3.8.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
アジアパシフィック (ムンバイ) リージョンで Amazon EC2 の料金を値下げしました
https://aws.amazon.com/jp/blogs/news/amazon-ec2-price-reduction-in-the-asia-pacific-mumbai-region/
Windows Defender Application Guard で Microsoft Edge を最もセキュアなブラウザーに
https://blogs.technet.microsoft.com/jpsecurity/2017/12/18/making-microsoft-edge-the-most-secure-browser-with-windows-defender-application-guard/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/
JVN#84182676 H2O における複数の脆弱性
http://jvn.jp/jp/JVN84182676/
ガイアックスがマイナンバーカード使う本人確認アプリ、仮想通貨口座の即時開設も可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/121802882/?ST=security&itp_list_theme
2017年12月18日月曜日
18日 月曜日、大安
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ Linux kernel 4.14.7, 4.9.70, 4.4.106, 4.1.48, 3.18.88 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.70
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.106
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.48
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.88
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ Apache Tomcat 8.0.48 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.48_(violetagg)
+ iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules
https://cxsecurity.com/issue/WLB-2017120112
CVE-2016-7612
CVE-2016-7633
【開催報告】AWS re:Invent 2017 Gaming re:Cap
https://aws.amazon.com/jp/blogs/news/aws-reinvent-2017-gaming-recap/
新世代のAmazon Linux 2 リリース
https://aws.amazon.com/jp/blogs/news/amazon-linux-2-release/
新発表 ? Amazon CloudWatch AgentとAWS Systems Managerとの連携 ? 統一されたメトリクスとログの収集をLinuxとWindowsに
https://aws.amazon.com/jp/blogs/news/new-amazon-cloudwatch-agent-with-aws-systems-manager-integration-unified-metrics-log-collection-for-linux-windows/
入国審査が5秒で完了、パナソニックが羽田導入の顔認証ゲートを披露
http://itpro.nikkeibp.co.jp/atcl/news/17/121502875/?ST=security&itp_list_theme
HPE傘下のアルバ、認証基盤と100社以上のセキュリティ製品を連携
http://itpro.nikkeibp.co.jp/atcl/news/17/121502871/?ST=security&itp_list_theme
2017年12月15日金曜日
15日 金曜日、先勝
+ About the security content of iCloud for Windows 7.2
https://support.apple.com/ja-jp/HT208328
CVE-2017-13864
CVE-2017-7156
CVE-2017-7157
CVE-2017-13856
CVE-2017-13870
CVE-2017-13866
+ About the security content of tvOS 11.2.1
https://support.apple.com/ja-jp/HT208359
CVE-2017-13903
+ About the security content of iOS 11.2.1
https://support.apple.com/ja-jp/HT208357
CVE-2017-13903
+ Google Chrome 63.0.3239.108 released
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
CVE-2017-15429
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14.6, 4.9.69 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69
+ JVNVU#98418454 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU98418454/
+ UPDATE: JVNVU#99266133 GNU Wget における複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99266133/index.html
+ Apple iCloud/iTunes CVE-2017-13864 Security Bypass Vulnerability
http://www.securityfocus.com/bid/102192
CVE-2017-13864
+ Apple iOS and tvOS CVE-2017-13903 Security Bypass Vulnerability
http://www.securityfocus.com/bid/102182
CVE-2017-13903
本番環境でAmazon Redshift Spectrum, Amazon Athena, およびAWS GlueをNode.jsで使用する
https://aws.amazon.com/jp/blogs/news/using-amazon-redshift-spectrum-amazon-athena-and-aws-glue-with-node-js-in-production/
AWS 中国 (寧夏) リージョンが利用可能になりました
https://aws.amazon.com/jp/blogs/news/now-open-aws-china-ningxia-region/
AWS Deep Learning AMI の更新: TensorFlow、Apache MXNet、Keras、PyTorch の新バージョン
https://aws.amazon.com/jp/blogs/news/updated-aws-deep-learning-amis-new-versions-of-tensorflow-apache-mxnet-keras-and-pytorch/
re:Invent Recap ? Windows によるエンタープライズイノベーション推進に関するアナウンスについて
https://aws.amazon.com/jp/blogs/news/reinvent-recap-announcements-to-boost-enterprise-innovation-with-windows/
ニュース解説
パスワードなしの公衆無線LANに規制?総務省が苦悩する問題
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121401245/?ST=security&itp_list_theme
放送大学、第三者の不正利用で迷惑メールを14万回送信
http://itpro.nikkeibp.co.jp/atcl/news/17/121402867/?ST=security&itp_list_theme
悪意ある投稿経験者の3割が「すっとした」、IPA調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121402866/?ST=security&itp_list_theme
不正や虚偽申告をクラウドでストップ、監査法人トーマツが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/121402862/?ST=security&itp_list_theme
「IoT機器への攻撃増加」、トレンドマイクロが2018年を予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121402861/?ST=security&itp_list_theme
ニュース解説
NECと日立と富士通、セキュリティ専門家2000人を共同育成へ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121301244/?ST=security&itp_list_theme
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
https://support.apple.com/ja-jp/HT208328
CVE-2017-13864
CVE-2017-7156
CVE-2017-7157
CVE-2017-13856
CVE-2017-13870
CVE-2017-13866
+ About the security content of tvOS 11.2.1
https://support.apple.com/ja-jp/HT208359
CVE-2017-13903
+ About the security content of iOS 11.2.1
https://support.apple.com/ja-jp/HT208357
CVE-2017-13903
+ Google Chrome 63.0.3239.108 released
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
CVE-2017-15429
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14.6, 4.9.69 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.69
+ JVNVU#98418454 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU98418454/
+ UPDATE: JVNVU#99266133 GNU Wget における複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99266133/index.html
+ Apple iCloud/iTunes CVE-2017-13864 Security Bypass Vulnerability
http://www.securityfocus.com/bid/102192
CVE-2017-13864
+ Apple iOS and tvOS CVE-2017-13903 Security Bypass Vulnerability
http://www.securityfocus.com/bid/102182
CVE-2017-13903
本番環境でAmazon Redshift Spectrum, Amazon Athena, およびAWS GlueをNode.jsで使用する
https://aws.amazon.com/jp/blogs/news/using-amazon-redshift-spectrum-amazon-athena-and-aws-glue-with-node-js-in-production/
AWS 中国 (寧夏) リージョンが利用可能になりました
https://aws.amazon.com/jp/blogs/news/now-open-aws-china-ningxia-region/
AWS Deep Learning AMI の更新: TensorFlow、Apache MXNet、Keras、PyTorch の新バージョン
https://aws.amazon.com/jp/blogs/news/updated-aws-deep-learning-amis-new-versions-of-tensorflow-apache-mxnet-keras-and-pytorch/
re:Invent Recap ? Windows によるエンタープライズイノベーション推進に関するアナウンスについて
https://aws.amazon.com/jp/blogs/news/reinvent-recap-announcements-to-boost-enterprise-innovation-with-windows/
ニュース解説
パスワードなしの公衆無線LANに規制?総務省が苦悩する問題
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121401245/?ST=security&itp_list_theme
放送大学、第三者の不正利用で迷惑メールを14万回送信
http://itpro.nikkeibp.co.jp/atcl/news/17/121402867/?ST=security&itp_list_theme
悪意ある投稿経験者の3割が「すっとした」、IPA調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121402866/?ST=security&itp_list_theme
不正や虚偽申告をクラウドでストップ、監査法人トーマツが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/121402862/?ST=security&itp_list_theme
「IoT機器への攻撃増加」、トレンドマイクロが2018年を予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121402861/?ST=security&itp_list_theme
ニュース解説
NECと日立と富士通、セキュリティ専門家2000人を共同育成へ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121301244/?ST=security&itp_list_theme
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
2017年12月14日木曜日
14日 木曜日、赤口
+ MantisBT 2.9.0, 2.8.1 and 1.3.13 release
http://www.mantisbt.org/blog/?p=543
+ CVE-2017-11761 | Microsoft Exchange Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11761
CVE-2017-11761
+ CVE-2017-11768 | Windows Media Player Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11768
CVE-2017-11768
+ ADV170021 | Microsoft Office Defense in Depth Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170021
+ ADV170022 | December 2017 Flash Security Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170022
CVE-2017-11305
+ ADV170023 | Microsoft Exchange Defense in Depth Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170023
+ マイクロソフト セキュリティ アドバイザリ 4056318 Azure AD Connect がディレクトリ同期を実施する際に使用する AD DS アカウントをセキュリティで保護するためのガイダンス
https://technet.microsoft.com/ja-jp/library/security/4056318
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 4053440 動的データ交換 (DDE) フィールドが含まれている Microsoft Office ドキュメントを安全に開く
https://technet.microsoft.com/ja-jp/library/security/4053440
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ UPDATE: Cisco Email Security Appliance Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
+ GNU C Library ld.so Memory Leak / Buffer Overflow
https://cxsecurity.com/issue/WLB-2017120091
CVE-2017-1000408
CVE-2017-1000409
CVE-2017-1000366
+ Linux Kernel CVE-2017-16911 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/102156
CVE-2017-16911
Apache MXNet 用のモデルサーバーのご紹介
https://aws.amazon.com/jp/blogs/news/introducing-model-server-for-apache-mxnet/
Announcing the Release of repmgr 4.0.1
https://www.postgresql.org/about/news/1813/
pgBackRest 1.26 Released
https://www.postgresql.org/about/news/1815/
PGConf APAC - Registrations now open & CFP Extended
https://www.postgresql.org/about/news/1814/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
UPDATE: JVN#08517069 Media Go および Music Center for PC のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN08517069/index.html
「2018年はAI対AIの戦いが激化」、シマンテックのセキュリティ動向予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121302858/?ST=security&itp_list_theme
「2018年は攻撃者も費用対効果を追求」、カスペルスキーのセキュリティ脅威予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121302856/?ST=security&itp_list_theme
F5新社長が事業方針説明、「クラウド対応や月額課金で事業変革」
http://itpro.nikkeibp.co.jp/atcl/news/17/121302850/?ST=security&itp_list_theme
大阪大学で個人情報8万件超漏洩か、管理者IDで不正ログインの可能性
http://itpro.nikkeibp.co.jp/atcl/news/17/121302846/?ST=security&itp_list_theme
http://www.mantisbt.org/blog/?p=543
+ CVE-2017-11761 | Microsoft Exchange Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11761
CVE-2017-11761
+ CVE-2017-11768 | Windows Media Player Information Disclosure Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11768
CVE-2017-11768
+ ADV170021 | Microsoft Office Defense in Depth Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170021
+ ADV170022 | December 2017 Flash Security Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170022
CVE-2017-11305
+ ADV170023 | Microsoft Exchange Defense in Depth Update
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170023
+ マイクロソフト セキュリティ アドバイザリ 4056318 Azure AD Connect がディレクトリ同期を実施する際に使用する AD DS アカウントをセキュリティで保護するためのガイダンス
https://technet.microsoft.com/ja-jp/library/security/4056318
+ UPDATE: マイクロソフト セキュリティ アドバイザリ 4053440 動的データ交換 (DDE) フィールドが含まれている Microsoft Office ドキュメントを安全に開く
https://technet.microsoft.com/ja-jp/library/security/4053440
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ UPDATE: Cisco Email Security Appliance Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
+ GNU C Library ld.so Memory Leak / Buffer Overflow
https://cxsecurity.com/issue/WLB-2017120091
CVE-2017-1000408
CVE-2017-1000409
CVE-2017-1000366
+ Linux Kernel CVE-2017-16911 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/102156
CVE-2017-16911
Apache MXNet 用のモデルサーバーのご紹介
https://aws.amazon.com/jp/blogs/news/introducing-model-server-for-apache-mxnet/
Announcing the Release of repmgr 4.0.1
https://www.postgresql.org/about/news/1813/
pgBackRest 1.26 Released
https://www.postgresql.org/about/news/1815/
PGConf APAC - Registrations now open & CFP Extended
https://www.postgresql.org/about/news/1814/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
UPDATE: JVN#08517069 Media Go および Music Center for PC のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN08517069/index.html
「2018年はAI対AIの戦いが激化」、シマンテックのセキュリティ動向予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121302858/?ST=security&itp_list_theme
「2018年は攻撃者も費用対効果を追求」、カスペルスキーのセキュリティ脅威予測
http://itpro.nikkeibp.co.jp/atcl/news/17/121302856/?ST=security&itp_list_theme
F5新社長が事業方針説明、「クラウド対応や月額課金で事業変革」
http://itpro.nikkeibp.co.jp/atcl/news/17/121302850/?ST=security&itp_list_theme
大阪大学で個人情報8万件超漏洩か、管理者IDで不正ログインの可能性
http://itpro.nikkeibp.co.jp/atcl/news/17/121302846/?ST=security&itp_list_theme
2017年12月13日水曜日
13日 水曜日、大安
+ About the security content of AirPort Base Station Firmware Update 7.7.9
https://support.apple.com/ja-jp/HT208354
CVE-2017-9417
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ About the security content of AirPort Base Station Firmware Update 7.6.9
https://support.apple.com/ja-jp/HT208258
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ Security updates available for Flash Player | APSB17-42
https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
CVE-2017-11305
+ 2017 年 12 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/12/13/201712-security-updates/
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
CVE-2017-17428
+ UPDATE: Cisco Email Security Appliance Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/index.html
+ macOS getrusage Stack Leak
https://cxsecurity.com/issue/WLB-2017120080
CVE-2017-13869
+ macOS necp_get_socket_attributes so_pcb Type Confusion
https://cxsecurity.com/issue/WLB-2017120079
CVE-2017-13855
+ Linux kernel Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/102150
CVE-2017-16912
CVE-2017-16913
CVE-2017-16914
AWS Glue や Amazon Athena で使用するサーバーレスの管理されていない Machine Learning
https://aws.amazon.com/jp/blogs/news/serverless-unsupervised-machine-learning-with-aws-glue-and-amazon-athena/
VU#144389 TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding
https://www.kb.cert.org/vuls/id/144389
Postgres Migration Tookit v3.1 has been released
https://www.postgresql.org/about/news/1812/
ソフォスがセキュリティ製品のデモ施設、パートナー企業にも開放
http://itpro.nikkeibp.co.jp/atcl/news/17/121202843/?ST=security&itp_list_theme
「メール詐欺対策にDMARCを」、プルーフポイントが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/121202841/?ST=security&itp_list_theme
ネット銀行狙うウイルス「DreamBot」の被害が急増、警察庁などが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/121202839/?ST=security&itp_list_theme
https://support.apple.com/ja-jp/HT208354
CVE-2017-9417
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ About the security content of AirPort Base Station Firmware Update 7.6.9
https://support.apple.com/ja-jp/HT208258
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ Security updates available for Flash Player | APSB17-42
https://helpx.adobe.com/security/products/flash-player/apsb17-42.html
CVE-2017-11305
+ 2017 年 12 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/12/13/201712-security-updates/
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
CVE-2017-17428
+ UPDATE: Cisco Email Security Appliance Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/index.html
+ macOS getrusage Stack Leak
https://cxsecurity.com/issue/WLB-2017120080
CVE-2017-13869
+ macOS necp_get_socket_attributes so_pcb Type Confusion
https://cxsecurity.com/issue/WLB-2017120079
CVE-2017-13855
+ Linux kernel Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/102150
CVE-2017-16912
CVE-2017-16913
CVE-2017-16914
AWS Glue や Amazon Athena で使用するサーバーレスの管理されていない Machine Learning
https://aws.amazon.com/jp/blogs/news/serverless-unsupervised-machine-learning-with-aws-glue-and-amazon-athena/
VU#144389 TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding
https://www.kb.cert.org/vuls/id/144389
Postgres Migration Tookit v3.1 has been released
https://www.postgresql.org/about/news/1812/
ソフォスがセキュリティ製品のデモ施設、パートナー企業にも開放
http://itpro.nikkeibp.co.jp/atcl/news/17/121202843/?ST=security&itp_list_theme
「メール詐欺対策にDMARCを」、プルーフポイントが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/121202841/?ST=security&itp_list_theme
ネット銀行狙うウイルス「DreamBot」の被害が急増、警察庁などが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/121202839/?ST=security&itp_list_theme
2017年12月12日火曜日
12日 火曜日、仏滅
+ CESA-2017:3402 Moderate CentOS 7 postgresql Security Update
https://lwn.net/Alerts/741098/
+ UPDATE: JVNVU#99266133 GNU Wget における複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99266133/index.html
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html
+ Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/102122
CVE-2017-17449
AWS Single Sign-On 紹介
https://aws.amazon.com/jp/blogs/news/introducing-aws-single-sign-on/
Amazon Polly を使用した Haptik のパーソナルアシスタントサービス
https://aws.amazon.com/jp/blogs/news/assisting-people-at-haptik-using-amazon-polly/
ONNX 1.0 の提供開始を発表
https://aws.amazon.com/jp/blogs/news/announcing-the-availability-of-onnx-1-0/
AWS利用におけるマネージドサービスの重要性
https://aws.amazon.com/jp/blogs/news/importance-of-managed-service-on-aws/
AWS、Apache MXNet の ディープラーニングエンジンのマイルストーンである 1.0 のリリースに対し新しいモデル提供機能の追加を含む貢献
https://aws.amazon.com/jp/blogs/news/aws-contributes-to-milestone-1-0-release-of-apache-mxnet-including-the-addition-of-a-new-model-serving-capability/
AWS が Apache MXNet のマイルストーン 1.0 リリースに貢献、モデル提供機能を追加
https://aws.amazon.com/jp/blogs/news/aws-contributes-to-milestone-1-0-release-and-adds-model-serving-capability-for-apache-mxnet/
ニュース解説
サポート切れOffice 2007にパッチを月に2度も提供した理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121101241/?ST=security&itp_list_theme
サイバー攻撃を読み解く
Office文書にリンク埋め込むDDEを悪用、攻撃の影響は広範囲に及ぶ
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/120600002/?ST=security&itp_list_theme
「WannaCryを知らないIT担当者が5割超」、マカフィーのセキュリティ調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121102835/?ST=security&itp_list_theme
JVN#27342829 Qt for Android における環境変数を改ざん可能な脆弱性
http://jvn.jp/jp/JVN27342829/index.html
JVN#67389262 Qt for Android における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN67389262/index.html
UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
https://lwn.net/Alerts/741098/
+ UPDATE: JVNVU#99266133 GNU Wget における複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99266133/index.html
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html
+ Linux Kernel 'net/netlink/af_netlink.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/102122
CVE-2017-17449
AWS Single Sign-On 紹介
https://aws.amazon.com/jp/blogs/news/introducing-aws-single-sign-on/
Amazon Polly を使用した Haptik のパーソナルアシスタントサービス
https://aws.amazon.com/jp/blogs/news/assisting-people-at-haptik-using-amazon-polly/
ONNX 1.0 の提供開始を発表
https://aws.amazon.com/jp/blogs/news/announcing-the-availability-of-onnx-1-0/
AWS利用におけるマネージドサービスの重要性
https://aws.amazon.com/jp/blogs/news/importance-of-managed-service-on-aws/
AWS、Apache MXNet の ディープラーニングエンジンのマイルストーンである 1.0 のリリースに対し新しいモデル提供機能の追加を含む貢献
https://aws.amazon.com/jp/blogs/news/aws-contributes-to-milestone-1-0-release-of-apache-mxnet-including-the-addition-of-a-new-model-serving-capability/
AWS が Apache MXNet のマイルストーン 1.0 リリースに貢献、モデル提供機能を追加
https://aws.amazon.com/jp/blogs/news/aws-contributes-to-milestone-1-0-release-and-adds-model-serving-capability-for-apache-mxnet/
ニュース解説
サポート切れOffice 2007にパッチを月に2度も提供した理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/121101241/?ST=security&itp_list_theme
サイバー攻撃を読み解く
Office文書にリンク埋め込むDDEを悪用、攻撃の影響は広範囲に及ぶ
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/120600002/?ST=security&itp_list_theme
「WannaCryを知らないIT担当者が5割超」、マカフィーのセキュリティ調査
http://itpro.nikkeibp.co.jp/atcl/news/17/121102835/?ST=security&itp_list_theme
JVN#27342829 Qt for Android における環境変数を改ざん可能な脆弱性
http://jvn.jp/jp/JVN27342829/index.html
JVN#67389262 Qt for Android における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN67389262/index.html
UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
2017年12月11日月曜日
11日 月曜日、先負
+ UPDATE: CVE-2017-11940 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11940
+ Gpg4win 3.0.2 released
https://www.gpg4win.org/change-history.html
+ RHSA-2017:3401 Critical: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:3401
CVE-2017-15407
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
+ RHSA-2017:3402 Moderate: postgresql security update
https://access.redhat.com/errata/RHSA-2017:3402
CVE-2017-12172
CVE-2017-15097
+ UPDATE: Cisco Email Security Appliance Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
+ FreeBSD-SA-17:12.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:12.openssl.asc
CVE-2017-3737
CVE-2017-3738
+ Linux kernel 4.14.5, 4.9.68, 4.4.105, 4.1.47, 3.18.87 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.68
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.105
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.47
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.87
+ hitachi-sec-2017-133 Cross-site Scripting Vulnerability in JP1/Service Support and JP1/Integrated Management - Service Support
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-133/index.html
+ hitachi-sec-2017-133 JP1/Service SupportおよびJP1/Integrated Management - Service Supportにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-133/index.html
+ JVNVU#99266133 GNU Wget における複数のバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU99266133/index.html
CVE-2017-13089
CVE-2017-13090
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html
+ macOS High Sierra 10.13.1 insecure cron system
https://cxsecurity.com/issue/WLB-2017120051
+ Linux Kernel via Bluetooth Info Leak
https://cxsecurity.com/issue/WLB-2017120049
CVE-2017-1000410
+ Linux Kernel 'net/netfilter/nfnetlink_cthelper.c' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/102117
CVE-2017-17448
+ Linux Kernel '/netfilter/xt_osf.c' Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/102110
CVE-2017-17450
Software Freedom Conservancy 2017 Fundraising Campaign
https://www.samba.org/samba/latest_news.html#sfc_fundraising
JVNVU#95124098 Fluentd におけるエスケープシーケンスインジェクションの脆弱性
http://jvn.jp/vu/JVNVU95124098/
JVN#27342829 Qt for Android における環境変数を改ざん可能な脆弱性
http://jvn.jp/jp/JVN27342829/index.html
JVN#67389262 Qt for Android における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN67389262/index.html
UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
JVNVU#95124098 Fluentd におけるエスケープシーケンスインジェクションの脆弱性
http://jvn.jp/vu/JVNVU95124098/index.html
改正銀行法を満たすセキュリティやコンプライアンスをコードで実装、AWSの新基盤
http://itpro.nikkeibp.co.jp/atcl/news/17/120802831/?ST=security&itp_list_theme
パスワードを不要にする「FIDO」、Androidのカスタマイズなしで利用可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/120802830/?ST=security&itp_list_theme
送信元を偽装できる脆弱性Mailsploit、30以上のメールソフトに影響
http://itpro.nikkeibp.co.jp/atcl/news/17/120802829/?ST=security&itp_list_theme
2017年12月8日金曜日
8日 金曜日、赤口
+ CVE-2017-11937 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-11937
CVE-2017-11937
+ RHSA-2017:3401 Critical: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:3401
CVE-2017-15407
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
+ Mozilla Firefox 57.0.2 released
https://www.mozilla.org/en-US/firefox/57.0.2/releasenotes/
+ Mozilla Foundation Security Advisory 2017-29 Security vulnerabilities fixed in Firefox 57.0.2
https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/
CVE-2017-7845
+ CESA-2017:3392 Important CentOS 7 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/740866/
+ CESA-2017:3392 Important CentOS 6 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/740867/
+ CESA-2017:3372 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/740872/
+ CESA-2017:3379 Moderate CentOS 7 sssd Security Update
https://lwn.net/Alerts/740871/
+ CESA-2017:3368 Moderate CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/740870/
+ CESA-2017:3382 Important CentOS 7 firefox Security Update
https://lwn.net/Alerts/740864/
+ CESA-2017:3372 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/740873/
+ CESA-2017:3384 Moderate CentOS 7 liblouis Security Update
https://lwn.net/Alerts/740869/
+ CESA-2017:3382 Important CentOS 6 firefox Security Update
https://lwn.net/Alerts/740865/
+ CESA-2017:3315 Moderate CentOS 7 kernel Security Update
https://lwn.net/Alerts/740868/
+ Linux kernel 4.1.47 released
https://www.kernel.org/
+ OpenSSL Security Advisory [07 Dec 2017]
https://www.openssl.org/news/secadv/20171207.txt
CVE-2017-3737
CVE-2017-3738
+ OpenSSL 1.0.2n released
https://www.openssl.org/
+ Linux Kernel CVE-2017-15868 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/102084
CVE-2017-15868
AWS DeepLens の拡張機能: 独自のプロジェクトの構築
https://aws.amazon.com/jp/blogs/news/aws-deeplens-extensions-build-your-own-project/
Open letter : call to software vendors for an enterprise-grade support of PostgreSQL Database
https://www.postgresql.org/about/news/1810/
Announcing the Release of OmniDB 2.4
https://www.postgresql.org/about/news/1811/
インターネット再生計画
「ようやく山の頂上が見えてきた」、インターネットの父・村井氏が語るネットの30年
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/120100010/?ST=security&itp_list_theme
カメラに映像データを残さない、IPAがネットワークカメラ運用チェックシート公開
http://itpro.nikkeibp.co.jp/atcl/news/17/120702824/?ST=security&itp_list_theme
LINEやTwitterなど参加の協議会、座間市事件を受け緊急提言
http://itpro.nikkeibp.co.jp/atcl/news/17/120702817/?ST=security&itp_list_theme
2017年12月7日木曜日
7日 木曜日、大安
+ RHSA-2017:3392 Important: java-1.7.0-openjdk security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3392
CVE-2017-10193
CVE-2017-10198
CVE-2017-10274
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ About the security content of iOS 11.2
https://support.apple.com/ja-jp/HT208334
CVE-2017-13847
CVE-2017-13879
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13874
CVE-2017-13860
CVE-2017-13080
+ About the security content of tvOS 11.2
https://support.apple.com/ja-jp/HT208327
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13080
+ About the security content of watchOS 4.2
https://support.apple.com/ja-jp/HT208325
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13080
+ Safari 11.0.2 (details available soon)
https://support.apple.com/en-us/HT201222
+ About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
https://support.apple.com/ja-jp/HT208331
CVE-2017-9798
CVE-2017-1000254
CVE-2017-13872
CVE-2017-13883
CVE-2017-13878
CVE-2017-13875
CVE-2017-13844
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858
CVE-2017-13847
CVE-2017-13862
CVE-2017-13833
CVE-2017-13876
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868: Brandon Azad
CVE-2017-13869
CVE-2017-13871
CVE-2017-13860
CVE-2017-3735
CVE-2017-13826
+ iTunes 12.7.2 for Windows (details available soon)
https://support.apple.com/en-us/HT201222
+ Google Chrome 63.0.3239.84 released
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
CVE-2017-15407
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
+ CESA-2017:3278 Important CentOS 6 samba4 Security Update
https://lwn.net/Alerts/740783/
+ Microsoft Office Equation Editor Code Execution
https://cxsecurity.com/issue/WLB-2017120034
CVE-2017-11882
+ Google Android Multiple Qualcomm Components Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/102073
CVE-2016-3706
CVE-2016-4429
CVE-2017-11043
CVE-2017-11007
CVE-2017-14904
CVE-2017-9716
CVE-2017-14897
CVE-2017-14902
CVE-2017-14895
Whooshkaa と Amazon Polly: 視覚と聴覚を組み合わせてパブリッシングの世界を広げる
https://aws.amazon.com/jp/blogs/news/whooshkaa-and-amazon-polly-combining-eyes-and-ears-to-widen-publishing-horizons/
AWS DeepLens の拡張機能: 独自のプロジェクトの構築
https://aws.amazon.com/jp/blogs/news/aws-deeplens-extensions-build-your-own-project/
AWS と Caltech が新しい研究協力パートナーシップを通じて AI および Machine Learning を促進
https://aws.amazon.com/jp/blogs/news/aws-and-caltech-partner-to-accelerate-ai-and-machine-learning-through-a-new-research-collaboration/
AWS DeepLens を拡張し AWS Lambda で SMS 通知を送信
https://aws.amazon.com/jp/blogs/news/extend-aws-deeplens-to-send-sms-notifications-with-aws-lambda/
AWS サーバーレスアプリケーションのリポジトリの準備を整えてください
https://aws.amazon.com/jp/blogs/news/aws-serverless-app-repo/
PostgreSQL PHP Generator Lite Released
https://www.postgresql.org/about/news/1809/
NISTのフレームワークを使うリスク評価サービス、セキュアワークスが国内で開始
http://itpro.nikkeibp.co.jp/atcl/news/17/120602811/?ST=security&itp_list_theme
「全体像を共有し優先順位付けを」、MUFGが明かすセキュリティ管理の勘所
http://itpro.nikkeibp.co.jp/atcl/news/17/120602805/?ST=security&itp_list_theme
JVN#30352845 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN30352845/index.html
https://access.redhat.com/errata/RHSA-2017:3392
CVE-2017-10193
CVE-2017-10198
CVE-2017-10274
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ About the security content of iOS 11.2
https://support.apple.com/ja-jp/HT208334
CVE-2017-13847
CVE-2017-13879
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13874
CVE-2017-13860
CVE-2017-13080
+ About the security content of tvOS 11.2
https://support.apple.com/ja-jp/HT208327
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13080
+ About the security content of watchOS 4.2
https://support.apple.com/ja-jp/HT208325
CVE-2017-13861
CVE-2017-13862
CVE-2017-13876
CVE-2017-13833
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868
CVE-2017-13869
CVE-2017-13080
+ Safari 11.0.2 (details available soon)
https://support.apple.com/en-us/HT201222
+ About the security content of macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
https://support.apple.com/ja-jp/HT208331
CVE-2017-9798
CVE-2017-1000254
CVE-2017-13872
CVE-2017-13883
CVE-2017-13878
CVE-2017-13875
CVE-2017-13844
CVE-2017-13848: Alex Plaskett of MWR InfoSecurity
CVE-2017-13858
CVE-2017-13847
CVE-2017-13862
CVE-2017-13833
CVE-2017-13876
CVE-2017-13855
CVE-2017-13867
CVE-2017-13865
CVE-2017-13868: Brandon Azad
CVE-2017-13869
CVE-2017-13871
CVE-2017-13860
CVE-2017-3735
CVE-2017-13826
+ iTunes 12.7.2 for Windows (details available soon)
https://support.apple.com/en-us/HT201222
+ Google Chrome 63.0.3239.84 released
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
CVE-2017-15407
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
+ CESA-2017:3278 Important CentOS 6 samba4 Security Update
https://lwn.net/Alerts/740783/
+ Microsoft Office Equation Editor Code Execution
https://cxsecurity.com/issue/WLB-2017120034
CVE-2017-11882
+ Google Android Multiple Qualcomm Components Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/102073
CVE-2016-3706
CVE-2016-4429
CVE-2017-11043
CVE-2017-11007
CVE-2017-14904
CVE-2017-9716
CVE-2017-14897
CVE-2017-14902
CVE-2017-14895
Whooshkaa と Amazon Polly: 視覚と聴覚を組み合わせてパブリッシングの世界を広げる
https://aws.amazon.com/jp/blogs/news/whooshkaa-and-amazon-polly-combining-eyes-and-ears-to-widen-publishing-horizons/
AWS DeepLens の拡張機能: 独自のプロジェクトの構築
https://aws.amazon.com/jp/blogs/news/aws-deeplens-extensions-build-your-own-project/
AWS と Caltech が新しい研究協力パートナーシップを通じて AI および Machine Learning を促進
https://aws.amazon.com/jp/blogs/news/aws-and-caltech-partner-to-accelerate-ai-and-machine-learning-through-a-new-research-collaboration/
AWS DeepLens を拡張し AWS Lambda で SMS 通知を送信
https://aws.amazon.com/jp/blogs/news/extend-aws-deeplens-to-send-sms-notifications-with-aws-lambda/
AWS サーバーレスアプリケーションのリポジトリの準備を整えてください
https://aws.amazon.com/jp/blogs/news/aws-serverless-app-repo/
PostgreSQL PHP Generator Lite Released
https://www.postgresql.org/about/news/1809/
NISTのフレームワークを使うリスク評価サービス、セキュアワークスが国内で開始
http://itpro.nikkeibp.co.jp/atcl/news/17/120602811/?ST=security&itp_list_theme
「全体像を共有し優先順位付けを」、MUFGが明かすセキュリティ管理の勘所
http://itpro.nikkeibp.co.jp/atcl/news/17/120602805/?ST=security&itp_list_theme
JVN#30352845 Windows 版 公的個人認証サービス 利用者クライアントソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN30352845/index.html
2017年12月6日水曜日
6日 水曜日、仏滅
+ RHSA-2017:3382 Important: firefox security update
https://access.redhat.com/errata/RHSA-2017:3382
CVE-2017-7843
+ RHSA-2017:3384 Moderate: liblouis security update
https://access.redhat.com/errata/RHSA-2017:3384
CVE-2017-15101
+ Selenium Standalone Server 3.8.1 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.8.1 released
http://docs.seleniumhq.org/download/
+ Mozilla Foundation Security Advisory 2017-27 Security vulnerabilities fixed in Firefox 57.0.1
https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/
CVE-2017-7843
CVE-2017-7844
+ UPDATE: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
+ Linux kernel 4.14.4, 4.9.67, 4.4.104, 3.18.86 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.67
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.104
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.86
+ Linux Kernel 'arch/x86/kvm/vmx.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/102038
CVE-2017-1000407
Amazon Kinesis を用いた Databaseの継続的な変更
https://aws.amazon.com/jp/blogs/news/streaming-changes-in-a-database-with-amazon-kinesis/
ニュース解説
経産省がセキュリティ経営指針を大幅改定、課題は中堅中小での普及率
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/120101229/?ST=security&itp_list_theme
“音”で近接認証する新技術、SSTが対応端末を発売へ
http://itpro.nikkeibp.co.jp/atcl/news/17/120502802/?ST=security&itp_list_theme
青学大が全教員のパスワードを変更、不審メール送信続き緊急措置
http://itpro.nikkeibp.co.jp/atcl/news/17/120502793/?ST=security&itp_list_theme
2017年12月5日火曜日
5日 火曜日、先負
+ RHSA-2017:3379 Moderate: sssd security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3379
CVE-2017-12173
+ iOS 11.2 (details available soon) released
https://support.apple.com/en-us/HT201222
+ tvOS 11.2 (details available soon) released
https://support.apple.com/en-us/HT201222
+ Android Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80436/
CVE-2016-3706
CVE-2016-4429
CVE-2017-0872
CVE-2017-0873
CVE-2017-0874
CVE-2017-0876
CVE-2017-0877
CVE-2017-0878
CVE-2017-0880
CVE-2017-11005
CVE-2017-11006
CVE-2017-11043
CVE-2017-13148
CVE-2017-13151
CVE-2017-13157
CVE-2017-13158
CVE-2017-13159
CVE-2017-13160
CVE-2017-14895
CVE-2017-14908
CVE-2017-14909
CVE-2017-14914
CVE-2017-14916
CVE-2017-14917
CVE-2017-14918
CVE-2017-6211
+ Apache Struts 2.5.14.1 released
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1
check_pgactivity version 2.3 released
https://www.postgresql.org/about/news/1808/
https://access.redhat.com/errata/RHSA-2017:3379
CVE-2017-12173
+ iOS 11.2 (details available soon) released
https://support.apple.com/en-us/HT201222
+ tvOS 11.2 (details available soon) released
https://support.apple.com/en-us/HT201222
+ Android Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80436/
CVE-2016-3706
CVE-2016-4429
CVE-2017-0872
CVE-2017-0873
CVE-2017-0874
CVE-2017-0876
CVE-2017-0877
CVE-2017-0878
CVE-2017-0880
CVE-2017-11005
CVE-2017-11006
CVE-2017-11043
CVE-2017-13148
CVE-2017-13151
CVE-2017-13157
CVE-2017-13158
CVE-2017-13159
CVE-2017-13160
CVE-2017-14895
CVE-2017-14908
CVE-2017-14909
CVE-2017-14914
CVE-2017-14916
CVE-2017-14917
CVE-2017-14918
CVE-2017-6211
+ Apache Struts 2.5.14.1 released
https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.14.1
check_pgactivity version 2.3 released
https://www.postgresql.org/about/news/1808/
2017年12月4日月曜日
4日 月曜日、友引
+ RHSA-2017:3372 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2017:3372
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ CESA-2017:3269 Important CentOS 7 procmail Security Update
https://lwn.net/Alerts/740202/
+ phpMyAdmin 4.7.6 is released
https://www.phpmyadmin.net/news/2017/12/1/phpmyadmin-476-released/
+ Apache Tomcat 8.5.24 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.24_(markt)
+ Linux Kernel The Huge Dirty Cow Overwriting The Huge Zero Page
https://cxsecurity.com/issue/WLB-2017120003
+ Linux Kernel CVE-2017-17053 Local Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/102010
CVE-2017-17053
Alexa for Business: ワークプレイスでAmazon Alexaデバイスの利用
https://aws.amazon.com/jp/blogs/news/launch-announcing-alexa-for-business-using-amazon-alexas-voice-enabled-devices-for-workplaces/
AWS CloudTrail にAWS Lambda 関数の実行ログ機能を追加
https://aws.amazon.com/jp/blogs/news/aws-cloudtrail-adds-logging-of-execution-activity-for-aws-lambda-functions/
Amazon EC2アップデート ? スポットキャパシティー、スムーズな価格変更、インスタンスハイバネーションへの合理化されたアクセス
https://aws.amazon.com/jp/blogs/news/amazon-ec2-update-streamlined-access-to-spot-capacity-smooth-price-changes-instance-hibernation/
M5 ? 次世代の汎用EC2インスタンス
https://aws.amazon.com/jp/blogs/news/m5-the-next-generation-of-general-purpose-ec2-instances/
H1インスタンス ? ビッグデータアプリケーションのための高速・高密度なストレージ
https://aws.amazon.com/jp/blogs/news/new-h1-instances-fast-dense-storage-for-big-data-applications/
AWS Lambdaファンクション毎の同時実行数の上限設定
https://aws.amazon.com/jp/blogs/news/set-concurrency-limits-on-individual-aws-lambda-functions/
AWS Machine Learning コンピテンシーパートナーをご紹介
https://aws.amazon.com/jp/blogs/news/introducing-the-inaugural-aws-machine-learning-competency-partners/
AWS Serverless Application Repository が登場します
https://aws.amazon.com/jp/blogs/news/get-ready-for-the-aws-serverless-application-repository/
AWS Cloud9 ? クラウド開発環境
https://aws.amazon.com/jp/blogs/news/aws-cloud9-cloud-developer-environments/
JVN#65994435 バッファロー製の複数の有線ブロードバンドルータに複数の脆弱性
http://jvn.jp/jp/JVN65994435/
ニュース解説
中央省庁の8割が非対応、常時SSL化の実態を独自調査
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112801222/?ST=security&itp_list_theme
日本IBM、セキュリティ事業責任者にソフォス元社長の纐纈氏が就任
http://itpro.nikkeibp.co.jp/atcl/news/17/120102785/?ST=security&itp_list_theme
MSがサポート終了の「Office 2007」にパッチを提供
http://itpro.nikkeibp.co.jp/atcl/news/17/120102782/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3372
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ CESA-2017:3269 Important CentOS 7 procmail Security Update
https://lwn.net/Alerts/740202/
+ phpMyAdmin 4.7.6 is released
https://www.phpmyadmin.net/news/2017/12/1/phpmyadmin-476-released/
+ Apache Tomcat 8.5.24 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.24_(markt)
+ Linux Kernel The Huge Dirty Cow Overwriting The Huge Zero Page
https://cxsecurity.com/issue/WLB-2017120003
+ Linux Kernel CVE-2017-17053 Local Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/102010
CVE-2017-17053
Alexa for Business: ワークプレイスでAmazon Alexaデバイスの利用
https://aws.amazon.com/jp/blogs/news/launch-announcing-alexa-for-business-using-amazon-alexas-voice-enabled-devices-for-workplaces/
AWS CloudTrail にAWS Lambda 関数の実行ログ機能を追加
https://aws.amazon.com/jp/blogs/news/aws-cloudtrail-adds-logging-of-execution-activity-for-aws-lambda-functions/
Amazon EC2アップデート ? スポットキャパシティー、スムーズな価格変更、インスタンスハイバネーションへの合理化されたアクセス
https://aws.amazon.com/jp/blogs/news/amazon-ec2-update-streamlined-access-to-spot-capacity-smooth-price-changes-instance-hibernation/
M5 ? 次世代の汎用EC2インスタンス
https://aws.amazon.com/jp/blogs/news/m5-the-next-generation-of-general-purpose-ec2-instances/
H1インスタンス ? ビッグデータアプリケーションのための高速・高密度なストレージ
https://aws.amazon.com/jp/blogs/news/new-h1-instances-fast-dense-storage-for-big-data-applications/
AWS Lambdaファンクション毎の同時実行数の上限設定
https://aws.amazon.com/jp/blogs/news/set-concurrency-limits-on-individual-aws-lambda-functions/
AWS Machine Learning コンピテンシーパートナーをご紹介
https://aws.amazon.com/jp/blogs/news/introducing-the-inaugural-aws-machine-learning-competency-partners/
AWS Serverless Application Repository が登場します
https://aws.amazon.com/jp/blogs/news/get-ready-for-the-aws-serverless-application-repository/
AWS Cloud9 ? クラウド開発環境
https://aws.amazon.com/jp/blogs/news/aws-cloud9-cloud-developer-environments/
JVN#65994435 バッファロー製の複数の有線ブロードバンドルータに複数の脆弱性
http://jvn.jp/jp/JVN65994435/
ニュース解説
中央省庁の8割が非対応、常時SSL化の実態を独自調査
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112801222/?ST=security&itp_list_theme
日本IBM、セキュリティ事業責任者にソフォス元社長の纐纈氏が就任
http://itpro.nikkeibp.co.jp/atcl/news/17/120102785/?ST=security&itp_list_theme
MSがサポート終了の「Office 2007」にパッチを提供
http://itpro.nikkeibp.co.jp/atcl/news/17/120102782/?ST=security&itp_list_theme
2017年12月1日金曜日
1日 金曜日、大安
+ RHSA-2017:3368 Moderate: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2017:3368
CVE-2017-14167
CVE-2017-15289
+ RHSA-2017:3315 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3315
CVE-2017-1000380
+ Selenium Standard Server 3.8.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.8.0 released
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.7.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Mozilla Firefox 57.0.1 released
https://www.mozilla.org/en-US/firefox/57.0.1/releasenotes/
+ Wireshark 2.4.3, 2.2.11 released
https://www.wireshark.org/docs/relnotes/wireshark-2.4.3.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ UPDATE: Multiple Vulnerabilities in Cisco Data Center Network Manager Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
+ UPDATE: Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
+ Linux kernel 4.14.3, 4.9.66, 4.4.103, 3.18.85 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.103
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.85
+ hitachi-sec-2017-132 Cross-site Scripting Vulnerability in JP1/Operations Analytics
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-132/index.html
+ hitachi-sec-2017-132 JP1/Operations Analyticsにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-132/index.html
+ PHP 7.2.0 Released
http://php.net/ChangeLog-7.php#7.2.0
+ JVNVU#113765 Apple macOS High Sierra に無効化されているアカウントに対する認証回避の問題
http://jvn.jp/vu/JVNVU113765/
CVE-2017-13872
+ Microsoft Windows 10 Creators Update 1703 WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110160
+ Mac OS X 10.13.1 Root Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110159
AWSファンクション毎の同時実行数の上限設定
https://aws.amazon.com/jp/blogs/news/set-concurrency-limits-on-individual-aws-lambda-functions/
インターネット再生計画
ネットに入れない11億人、ブロックチェーン個人認証が救う!?
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000003/?ST=security&itp_list_theme
JVN#78501037 Movable Type 用プラグイン A-Member および A-Reserve における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN78501037/
JVN#98295787 ワイヤレスモバイルストレージ「デジ蔵 ShAirDisk」PTW-WMS1 における複数の脆弱性
http://jvn.jp/jp/JVN98295787/
https://access.redhat.com/errata/RHSA-2017:3368
CVE-2017-14167
CVE-2017-15289
+ RHSA-2017:3315 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3315
CVE-2017-1000380
+ Selenium Standard Server 3.8.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.8.0 released
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.7.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Mozilla Firefox 57.0.1 released
https://www.mozilla.org/en-US/firefox/57.0.1/releasenotes/
+ Wireshark 2.4.3, 2.2.11 released
https://www.wireshark.org/docs/relnotes/wireshark-2.4.3.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ UPDATE: Multiple Vulnerabilities in Cisco Data Center Network Manager Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
+ UPDATE: Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
+ Linux kernel 4.14.3, 4.9.66, 4.4.103, 3.18.85 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.66
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.103
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.85
+ hitachi-sec-2017-132 Cross-site Scripting Vulnerability in JP1/Operations Analytics
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-132/index.html
+ hitachi-sec-2017-132 JP1/Operations Analyticsにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-132/index.html
+ PHP 7.2.0 Released
http://php.net/ChangeLog-7.php#7.2.0
+ JVNVU#113765 Apple macOS High Sierra に無効化されているアカウントに対する認証回避の問題
http://jvn.jp/vu/JVNVU113765/
CVE-2017-13872
+ Microsoft Windows 10 Creators Update 1703 WARBIRD NtQuerySystemInformation Kernel Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110160
+ Mac OS X 10.13.1 Root Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110159
AWSファンクション毎の同時実行数の上限設定
https://aws.amazon.com/jp/blogs/news/set-concurrency-limits-on-individual-aws-lambda-functions/
インターネット再生計画
ネットに入れない11億人、ブロックチェーン個人認証が救う!?
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000003/?ST=security&itp_list_theme
JVN#78501037 Movable Type 用プラグイン A-Member および A-Reserve における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN78501037/
JVN#98295787 ワイヤレスモバイルストレージ「デジ蔵 ShAirDisk」PTW-WMS1 における複数の脆弱性
http://jvn.jp/jp/JVN98295787/
2017年11月30日木曜日
30日 木曜日、仏滅
+ SSL out of buffer access
https://curl.haxx.se/docs/adv_2017-af0a.html
CVE-2017-8818
+ FTP wildcard out of bounds read
https://curl.haxx.se/docs/adv_2017-ae72.html
CVE-2017-8817
+ RHSA-2017:3278 Important: samba4 security update
https://access.redhat.com/errata/RHSA-2017:3278
CVE-2017-14746
CVE-2017-15275
+ About the security content of Security Update 2017-001
https://support.apple.com/ja-jp/HT208315
CVE-2017-13872
+ CESA-2017:3270 Important CentOS 7 apr Security Update
https://lwn.net/Alerts/740201/
+ CESA-2017:3270 Important CentOS 6 apr Security Update
https://lwn.net/Alerts/740200/
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ UPDATE: Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5
+ Cisco WebEx Meeting Center URL Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc
CVE-2017-12297
+ Cisco WebEx Event Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4
CVE-2017-12365
+ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3
CVE-2017-12363
+ Cisco WebEx Network Recording Player Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1
CVE-2017-12360
+ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
CVE-2017-12359
+ Multiple Vulnerabilities in Cisco UCS Central Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
CVE-2017-12348
CVE-2017-12349
+ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch
CVE-2017-12340
+ Cisco Prime Service Catalog SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime
CVE-2017-12364
+ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
CVE-2017-12342
+ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
CVE-2017-12341
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
CVE-2017-12339
+ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
CVE-2017-12338
+ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
CVE-2017-12336
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
CVE-2017-12335
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
CVE-2017-12334
+ Cisco NX-OS System Software Image Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
CVE-2017-12333
+ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10
CVE-2017-12351
+ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1
CVE-2017-12332
+ Cisco NX-OS System Software Patch Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos
CVE-2017-12331
+ Cisco Nexus Series Switches CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
CVE-2017-12330
+ Cisco Jabber Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2
CVE-2017-12361
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber1
CVE-2017-12358
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber
CVE-2017-12356
+ Cisco IP Phone 8800 Series Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
CVE-2017-12328
+ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
CVE-2017-12355
+ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
CVE-2017-12329
+ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
CVE-2017-12353
+ Multiple Vulnerabilities in Cisco Data Center Network Manager Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
CVE-2017-12343
CVE-2017-12344
CVE-2017-12345
+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm
CVE-2017-12357
+ Cisco Meeting Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms
CVE-2017-12362
+ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-apic
CVE-2017-12352
+ Cisco Secure Access Control System Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs
CVE-2017-12354
+ VU#113765 Apple MacOS High Sierra disabled account authentication bypass
https://www.kb.cert.org/vuls/id/113765
+ curl 7.57.0 released
https://curl.haxx.se/download.html
+ FreeBSD-SA-17:11.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc
CVE-2017-3735
CVE-2017-3736
JVN#71291160 StreamRelay.net.exe および sDNSProxy.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN71291160/index.html
macOSの脆弱性修正パッチ公開、説明は「なるべく早くインストール」だけ
http://itpro.nikkeibp.co.jp/atcl/news/17/113002768/?ST=security&itp_list_theme
「ルートユーザを無効にする」と危険!macOSに管理者権限悪用の脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/17/113002766/?ST=security&itp_list_theme
ニュース解説
ロボット掃除機COCOROBOがやばい理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201216/?ST=security&itp_list_theme
インターネット再生計画
電子マネーはコストの削減だけじゃない、みずほFGのJ-Coin構想に壮大な狙い
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000002/?ST=security&itp_list_theme
保険会社のSOMPO、サイバーセキュリティ事業に参入
http://itpro.nikkeibp.co.jp/atcl/news/17/112902756/?ST=security&itp_list_theme
+ Linux Kernel 'mm/pagewalk.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101969
CVE-2017-16994
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
https://curl.haxx.se/docs/adv_2017-af0a.html
CVE-2017-8818
+ FTP wildcard out of bounds read
https://curl.haxx.se/docs/adv_2017-ae72.html
CVE-2017-8817
+ RHSA-2017:3278 Important: samba4 security update
https://access.redhat.com/errata/RHSA-2017:3278
CVE-2017-14746
CVE-2017-15275
+ About the security content of Security Update 2017-001
https://support.apple.com/ja-jp/HT208315
CVE-2017-13872
+ CESA-2017:3270 Important CentOS 7 apr Security Update
https://lwn.net/Alerts/740201/
+ CESA-2017:3270 Important CentOS 6 apr Security Update
https://lwn.net/Alerts/740200/
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ UPDATE: Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5
+ Cisco WebEx Meeting Center URL Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc
CVE-2017-12297
+ Cisco WebEx Event Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4
CVE-2017-12365
+ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3
CVE-2017-12363
+ Cisco WebEx Network Recording Player Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1
CVE-2017-12360
+ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
CVE-2017-12359
+ Multiple Vulnerabilities in Cisco UCS Central Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
CVE-2017-12348
CVE-2017-12349
+ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch
CVE-2017-12340
+ Cisco Prime Service Catalog SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime
CVE-2017-12364
+ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
CVE-2017-12342
+ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
CVE-2017-12341
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
CVE-2017-12339
+ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
CVE-2017-12338
+ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
CVE-2017-12336
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
CVE-2017-12335
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
CVE-2017-12334
+ Cisco NX-OS System Software Image Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
CVE-2017-12333
+ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10
CVE-2017-12351
+ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1
CVE-2017-12332
+ Cisco NX-OS System Software Patch Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos
CVE-2017-12331
+ Cisco Nexus Series Switches CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
CVE-2017-12330
+ Cisco Jabber Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2
CVE-2017-12361
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber1
CVE-2017-12358
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber
CVE-2017-12356
+ Cisco IP Phone 8800 Series Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
CVE-2017-12328
+ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
CVE-2017-12355
+ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
CVE-2017-12329
+ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
CVE-2017-12353
+ Multiple Vulnerabilities in Cisco Data Center Network Manager Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
CVE-2017-12343
CVE-2017-12344
CVE-2017-12345
+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm
CVE-2017-12357
+ Cisco Meeting Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms
CVE-2017-12362
+ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-apic
CVE-2017-12352
+ Cisco Secure Access Control System Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs
CVE-2017-12354
+ VU#113765 Apple MacOS High Sierra disabled account authentication bypass
https://www.kb.cert.org/vuls/id/113765
+ curl 7.57.0 released
https://curl.haxx.se/download.html
+ FreeBSD-SA-17:11.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc
CVE-2017-3735
CVE-2017-3736
JVN#71291160 StreamRelay.net.exe および sDNSProxy.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN71291160/index.html
macOSの脆弱性修正パッチ公開、説明は「なるべく早くインストール」だけ
http://itpro.nikkeibp.co.jp/atcl/news/17/113002768/?ST=security&itp_list_theme
「ルートユーザを無効にする」と危険!macOSに管理者権限悪用の脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/17/113002766/?ST=security&itp_list_theme
ニュース解説
ロボット掃除機COCOROBOがやばい理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201216/?ST=security&itp_list_theme
インターネット再生計画
電子マネーはコストの削減だけじゃない、みずほFGのJ-Coin構想に壮大な狙い
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000002/?ST=security&itp_list_theme
保険会社のSOMPO、サイバーセキュリティ事業に参入
http://itpro.nikkeibp.co.jp/atcl/news/17/112902756/?ST=security&itp_list_theme
+ Linux Kernel 'mm/pagewalk.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101969
CVE-2017-16994
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
2017年11月29日水曜日
29日 水曜日、先負
+ RHSA-2017:3270 Important: apr security update
https://access.redhat.com/errata/RHSA-2017:3270
CVE-2017-12613
+ RHSA-2017:3268 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:3268
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3267 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3267
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3269 Important: procmail security update
https://access.redhat.com/errata/RHSA-2017:3269
CVE-2017-16844
+ RHSA-2017:3264 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3264
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3263 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2017:3263
CVE-2017-1000257
+ CESA-2017:3260 Important CentOS 7 samba Security Update
https://lwn.net/Alerts/740114/
+ CESA-2017:3263 Moderate CentOS 7 curl Security Update
https://lwn.net/Alerts/740113/
+ UPDATE: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
今日も誰かが狙われる
100万ダウンロードを達成、偽スマホアプリの巧みな手口
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/112700011/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3270
CVE-2017-12613
+ RHSA-2017:3268 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:3268
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3267 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3267
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3269 Important: procmail security update
https://access.redhat.com/errata/RHSA-2017:3269
CVE-2017-16844
+ RHSA-2017:3264 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3264
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3263 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2017:3263
CVE-2017-1000257
+ CESA-2017:3260 Important CentOS 7 samba Security Update
https://lwn.net/Alerts/740114/
+ CESA-2017:3263 Moderate CentOS 7 curl Security Update
https://lwn.net/Alerts/740113/
+ UPDATE: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
今日も誰かが狙われる
100万ダウンロードを達成、偽スマホアプリの巧みな手口
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/112700011/?ST=security&itp_list_theme
2017年11月28日火曜日
28日 火曜日、友引
+ RHSA-2017:3260 Important: samba security update
https://access.redhat.com/errata/RHSA-2017:3260
CVE-2017-14746
CVE-2017-15275
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ JVNVU#94198685 QND Advance/Standard におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU94198685/index.html
CVE-2017-10861
すごい設計書
システムに不可欠なセキュリティ対策、漏れを食い止める設計書3点セット
http://itpro.nikkeibp.co.jp/atcl/column/17/111000511/111600001/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3260
CVE-2017-14746
CVE-2017-15275
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ JVNVU#94198685 QND Advance/Standard におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU94198685/index.html
CVE-2017-10861
すごい設計書
システムに不可欠なセキュリティ対策、漏れを食い止める設計書3点セット
http://itpro.nikkeibp.co.jp/atcl/column/17/111000511/111600001/?ST=security&itp_list_theme
2017年11月27日月曜日
27日 月曜日、先負
+ nginx-1.13.7 released
http://nginx.org/en/CHANGES
+ Mozilla Foundation Security Advisory 2017-26 Security vulnerabilities fixed in Thunderbird 52.5
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7826
+ Linux kernel 4.14.2, 4.13.16, 4.9.65, 4.4.102, 3.18.84, 3.16.51, 3.2.96 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.102
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.96
+ PHP 7.1.12 Released
http://php.net/ChangeLog-7.php#7.1.12
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ Microsoft Windows 10 nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017110143
+ Linux mincore() Uninitialized Kernel Heap Page Disclosure
https://cxsecurity.com/issue/WLB-2017110142
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
ニュース解説
セキュリティ強化が進むWindows 10、それでも企業が移行を躊躇する理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701211/?ST=security&itp_list_theme
インターネット再生計画
「出会いを完全に防ぐのは無理」、LINEが考える未成年犯罪対策
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112200007/?ST=security&itp_list_theme
http://nginx.org/en/CHANGES
+ Mozilla Foundation Security Advisory 2017-26 Security vulnerabilities fixed in Thunderbird 52.5
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7826
+ Linux kernel 4.14.2, 4.13.16, 4.9.65, 4.4.102, 3.18.84, 3.16.51, 3.2.96 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.102
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.96
+ PHP 7.1.12 Released
http://php.net/ChangeLog-7.php#7.1.12
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ Microsoft Windows 10 nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017110143
+ Linux mincore() Uninitialized Kernel Heap Page Disclosure
https://cxsecurity.com/issue/WLB-2017110142
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
ニュース解説
セキュリティ強化が進むWindows 10、それでも企業が移行を躊躇する理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701211/?ST=security&itp_list_theme
インターネット再生計画
「出会いを完全に防ぐのは無理」、LINEが考える未成年犯罪対策
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112200007/?ST=security&itp_list_theme
2017年11月24日金曜日
24日 金曜日、仏滅
+ Mozilla Thunderbird 52.5.0 released
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
+ Apache Log4j 2.10.0 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.10.0
+ PHP 7.0.26 Released
http://www.php.net/ChangeLog-7.php#7.0.26
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ JVNVU#98606324 Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU98606324/
DB Doc 5.0 released
https://www.postgresql.org/about/news/1804/
Citus 7.1 Released: Distributed Transaction Support
https://www.postgresql.org/about/news/1803/
JVN#73141967 PWR-Q200 における DNS キャッシュポイズニングの脆弱性
http://jvn.jp/jp/JVN73141967/
インターネット再生計画
Twitterの犯罪対策を検証、何ができて何ができなかったのか
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112100006/?ST=security&itp_list_theme
ニュース解説
制御システムを守れるか、日立が設けたサイバー防衛訓練施設の全容
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201215/?ST=security&itp_list_theme
Uberが5700万の個人情報を漏洩、1年間知らせず
http://itpro.nikkeibp.co.jp/atcl/news/17/112202716/?ST=security&itp_list_theme
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
+ Apache Log4j 2.10.0 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.10.0
+ PHP 7.0.26 Released
http://www.php.net/ChangeLog-7.php#7.0.26
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ JVNVU#98606324 Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU98606324/
DB Doc 5.0 released
https://www.postgresql.org/about/news/1804/
Citus 7.1 Released: Distributed Transaction Support
https://www.postgresql.org/about/news/1803/
JVN#73141967 PWR-Q200 における DNS キャッシュポイズニングの脆弱性
http://jvn.jp/jp/JVN73141967/
インターネット再生計画
Twitterの犯罪対策を検証、何ができて何ができなかったのか
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112100006/?ST=security&itp_list_theme
ニュース解説
制御システムを守れるか、日立が設けたサイバー防衛訓練施設の全容
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201215/?ST=security&itp_list_theme
Uberが5700万の個人情報を漏洩、1年間知らせず
http://itpro.nikkeibp.co.jp/atcl/news/17/112202716/?ST=security&itp_list_theme
2017年11月21日火曜日
21日 火曜日、先勝
+ RHSA-2017:3247 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:3247
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ RHSA-2017:3222 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:3222
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ RHSA-2017:3200 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3200
CVE-2017-14106
CVE-2017-1000111
CVE-2017-1000112
+ RHSA-2017:3221 Moderate: php security update
https://access.redhat.com/errata/RHSA-2017:3221
CVE-2016-10167
CVE-2016-10168
+ CESA-2017:3247 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/739610/
+ CESA-2017:3247 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/739609/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#91363799 Windows 8 およびそれ以降のバージョンにおいて、アドレス空間配置のランダム化が適切に行われない脆弱性
http://jvn.jp/vu/JVNVU91363799/
+ Amazon Key CVE-2017-16867 Security Weakness
http://www.securityfocus.com/bid/101899
CVE-2017-16867
+ Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/101743
CVE-2017-15527
+ Linux kernel CVE-2017-15115 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101877
CVE-2017-15115
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/20/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
インターネット再生計画
偽ニュースの蔓延を防ぐ、スマートニュースの一手
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111600004/?ST=security&itp_list_theme
不正防止に役立つシステム
不正会計は防げる、怪しいデータ操作をAIで自動検知
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500001/?ST=security&itp_list_theme
サイバー攻撃を読み解く
北朝鮮が韓国のATMをハッキング、高まるサイバー攻撃力
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/111700001/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3247
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ RHSA-2017:3222 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:3222
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ RHSA-2017:3200 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3200
CVE-2017-14106
CVE-2017-1000111
CVE-2017-1000112
+ RHSA-2017:3221 Moderate: php security update
https://access.redhat.com/errata/RHSA-2017:3221
CVE-2016-10167
CVE-2016-10168
+ CESA-2017:3247 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/739610/
+ CESA-2017:3247 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/739609/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#91363799 Windows 8 およびそれ以降のバージョンにおいて、アドレス空間配置のランダム化が適切に行われない脆弱性
http://jvn.jp/vu/JVNVU91363799/
+ Amazon Key CVE-2017-16867 Security Weakness
http://www.securityfocus.com/bid/101899
CVE-2017-16867
+ Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/101743
CVE-2017-15527
+ Linux kernel CVE-2017-15115 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101877
CVE-2017-15115
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/20/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
インターネット再生計画
偽ニュースの蔓延を防ぐ、スマートニュースの一手
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111600004/?ST=security&itp_list_theme
不正防止に役立つシステム
不正会計は防げる、怪しいデータ操作をAIで自動検知
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500001/?ST=security&itp_list_theme
サイバー攻撃を読み解く
北朝鮮が韓国のATMをハッキング、高まるサイバー攻撃力
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/111700001/?ST=security&itp_list_theme
2017年11月20日月曜日
20日 月曜日、赤口
+ Selenium Standard Server 3.7.1 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.1 released
http://docs.seleniumhq.org/download/
+ About the security content of iOS 11.1.2
https://support.apple.com/ja-jp/HT208282
+ VU#817544 Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
+ Linux kerne 4.13.14. 4.9.63, 4.4.99, 3.18.82 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.99
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.82
UPDATE: JVN#74871939 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvn.jp/jp/JVN74871939/index.html
ニュース解説
セキュリティ会社の社員逮捕、ウイルス拡散が疑われるも残る疑問
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701209/?ST=security&itp_list_theme
インターネット再生計画
信頼維持の仕組みが崩れ不信広がる、インターネット30年目の実態
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000001/?ST=security&itp_list_theme
不正防止に役立つシステム
PCの操作を丸ごと録画、社内不正を防ぐ番人システム
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500002/?ST=security&itp_list_theme
シャープのロボット掃除機「COCOROBO」に脆弱性、のぞき見の危険性も
http://itpro.nikkeibp.co.jp/atcl/news/17/111702692/?ST=security&itp_list_theme
経産省のサイバーセキュリティ経営ガイドライン改訂、攻撃検知と復旧への備えを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/111702688/?ST=security&itp_list_theme
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.1 released
http://docs.seleniumhq.org/download/
+ About the security content of iOS 11.1.2
https://support.apple.com/ja-jp/HT208282
+ VU#817544 Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
+ Linux kerne 4.13.14. 4.9.63, 4.4.99, 3.18.82 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.99
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.82
UPDATE: JVN#74871939 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvn.jp/jp/JVN74871939/index.html
ニュース解説
セキュリティ会社の社員逮捕、ウイルス拡散が疑われるも残る疑問
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701209/?ST=security&itp_list_theme
インターネット再生計画
信頼維持の仕組みが崩れ不信広がる、インターネット30年目の実態
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000001/?ST=security&itp_list_theme
不正防止に役立つシステム
PCの操作を丸ごと録画、社内不正を防ぐ番人システム
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500002/?ST=security&itp_list_theme
シャープのロボット掃除機「COCOROBO」に脆弱性、のぞき見の危険性も
http://itpro.nikkeibp.co.jp/atcl/news/17/111702692/?ST=security&itp_list_theme
経産省のサイバーセキュリティ経営ガイドライン改訂、攻撃検知と復旧への備えを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/111702688/?ST=security&itp_list_theme
2017年11月17日金曜日
17日 金曜日、先勝
+ CESA-2017:3200 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/739259/
+ CESA-2017:3221 Moderate CentOS 7 php Security Update
https://lwn.net/Alerts/739260/
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#90967793 Microsoft Office 数式エディタにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90967793/
+ JVN#76382932 ロボット家電 COCOROBO におけるセッション管理不備の脆弱性
http://jvn.jp/jp/JVN76382932/
+ Microsoft Edge Object.setPrototypeOf Memory Corruption
https://cxsecurity.com/issue/WLB-2017110098
CVE-2017-8751
+ Microsoft Edge Chakra JIT Bailout Generation
https://cxsecurity.com/issue/WLB-2017110097
CVE-2017-11873
+ Microsoft Edge Chakra JIT Type Confusion
https://cxsecurity.com/issue/WLB-2017110096
CVE-2017-11811
+ Microsoft Edge Charka JIT Incorrect Check
https://cxsecurity.com/issue/WLB-2017110095
CVE-2017-11861
週末スペシャル
iPhone Xの「顔認証」はどこまで使える? 弱点は?
http://itpro.nikkeibp.co.jp/atcl/column/14/255608/111300360/?ST=security&itp_list_theme
企業版振り込め詐欺
犯人は1カ月以上メールを監視、振り込め詐欺対策は3つ
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800002/?ST=security&itp_list_theme
https://lwn.net/Alerts/739259/
+ CESA-2017:3221 Moderate CentOS 7 php Security Update
https://lwn.net/Alerts/739260/
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#90967793 Microsoft Office 数式エディタにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90967793/
+ JVN#76382932 ロボット家電 COCOROBO におけるセッション管理不備の脆弱性
http://jvn.jp/jp/JVN76382932/
+ Microsoft Edge Object.setPrototypeOf Memory Corruption
https://cxsecurity.com/issue/WLB-2017110098
CVE-2017-8751
+ Microsoft Edge Chakra JIT Bailout Generation
https://cxsecurity.com/issue/WLB-2017110097
CVE-2017-11873
+ Microsoft Edge Chakra JIT Type Confusion
https://cxsecurity.com/issue/WLB-2017110096
CVE-2017-11811
+ Microsoft Edge Charka JIT Incorrect Check
https://cxsecurity.com/issue/WLB-2017110095
CVE-2017-11861
週末スペシャル
iPhone Xの「顔認証」はどこまで使える? 弱点は?
http://itpro.nikkeibp.co.jp/atcl/column/14/255608/111300360/?ST=security&itp_list_theme
企業版振り込め詐欺
犯人は1カ月以上メールを監視、振り込め詐欺対策は3つ
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800002/?ST=security&itp_list_theme
2017年11月16日木曜日
16日 木曜日、赤口
+ Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
CVE-2017-12337
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-findit
+ Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
CVE-2017-12303
+ Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
CVE-2017-12350
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm
CVE-2017-12302
+ Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
CVE-2017-12306
+ Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1
CVE-2017-12318
+ Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res
CVE-2017-12290
CVE-2017-12291
CVE-2017-12292
+ Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
CVE-2017-12316
+ Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
CVE-2017-12305
+ Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios
CVE-2017-12304
+ Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iami
CVE-2017-12312
+ Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
CVE-2017-12315
+ Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2
CVE-2017-12300
+ Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
CVE-2017-12299
+ Cisco Email Security Appliance HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
CVE-2017-12309
+ Cisco Network Academy Packet Tracer DLL Preload Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cpt
CVE-2017-12313
+ Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cms
CVE-2017-12311
+ VU#421280 Microsoft Office Equation Editor stack buffer overflow
https://www.kb.cert.org/vuls/id/421280
CVE-2017-11882
+ FreeBSD-SA-17:10.kldstat Information leak in kldstat(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
CVE-2017-1088
+ FreeBSD-SA-17:09.shm POSIX shm allows jails to access global namespace
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
CVE-2017-1087
+ FreeBSD-SA-17:08.ptrace Kernel data leak via ptrace(PT_LWPINFO)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
CVE-2017-1086
+ Linux kernel 4.13.13, 4.9.62, 4.4.98, 3.18.81 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.98
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.81
+ Samba 4.7.2, 4.6.10 Available for Download
https://www.samba.org/samba/history/samba-4.7.2.html
https://www.samba.org/samba/history/samba-4.6.10.html
+ PHP 7.1.8 Heap-Based Buffer Overflow
https://cxsecurity.com/issue/WLB-2017110087
+ Linux Kernel 'drivers/media/usb/dvb-usb/dib0700_devices.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101846
CVE-2017-16646
+ Linux Kernel 'drivers/media/usb/hdpvr/hdpvr-core.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101842
CVE-2017-16644
+ Linux Kernel 'drivers/net/usb/qmi_wwan.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101791
CVE-2017-16650
企業版振り込め詐欺
日本企業で被害が拡大する振り込め詐欺、手法に「やり取り型」や「CxO型」
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800001/?ST=security&itp_list_theme
日立ソリューションズが社内セキュリティコンテスト、ホワイトハッカー育成で事業拡大
http://itpro.nikkeibp.co.jp/atcl/news/17/111502672/?ST=security&itp_list_theme
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
CVE-2017-12337
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-findit
+ Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
CVE-2017-12303
+ Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
CVE-2017-12350
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm
CVE-2017-12302
+ Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
CVE-2017-12306
+ Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1
CVE-2017-12318
+ Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res
CVE-2017-12290
CVE-2017-12291
CVE-2017-12292
+ Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
CVE-2017-12316
+ Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
CVE-2017-12305
+ Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios
CVE-2017-12304
+ Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iami
CVE-2017-12312
+ Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
CVE-2017-12315
+ Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2
CVE-2017-12300
+ Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
CVE-2017-12299
+ Cisco Email Security Appliance HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
CVE-2017-12309
+ Cisco Network Academy Packet Tracer DLL Preload Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cpt
CVE-2017-12313
+ Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cms
CVE-2017-12311
+ VU#421280 Microsoft Office Equation Editor stack buffer overflow
https://www.kb.cert.org/vuls/id/421280
CVE-2017-11882
+ FreeBSD-SA-17:10.kldstat Information leak in kldstat(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
CVE-2017-1088
+ FreeBSD-SA-17:09.shm POSIX shm allows jails to access global namespace
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
CVE-2017-1087
+ FreeBSD-SA-17:08.ptrace Kernel data leak via ptrace(PT_LWPINFO)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
CVE-2017-1086
+ Linux kernel 4.13.13, 4.9.62, 4.4.98, 3.18.81 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.98
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.81
+ Samba 4.7.2, 4.6.10 Available for Download
https://www.samba.org/samba/history/samba-4.7.2.html
https://www.samba.org/samba/history/samba-4.6.10.html
+ PHP 7.1.8 Heap-Based Buffer Overflow
https://cxsecurity.com/issue/WLB-2017110087
+ Linux Kernel 'drivers/media/usb/dvb-usb/dib0700_devices.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101846
CVE-2017-16646
+ Linux Kernel 'drivers/media/usb/hdpvr/hdpvr-core.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101842
CVE-2017-16644
+ Linux Kernel 'drivers/net/usb/qmi_wwan.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101791
CVE-2017-16650
企業版振り込め詐欺
日本企業で被害が拡大する振り込め詐欺、手法に「やり取り型」や「CxO型」
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800001/?ST=security&itp_list_theme
日立ソリューションズが社内セキュリティコンテスト、ホワイトハッカー育成で事業拡大
http://itpro.nikkeibp.co.jp/atcl/news/17/111502672/?ST=security&itp_list_theme
2017年11月15日水曜日
15日 水曜日、大安
+ Mozilla Firefox 57.0 released
https://www.mozilla.org/en-US/firefox/57.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-24 Security vulnerabilities fixed in Firefox 57
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
CVE-2017-7827
CVE-2017-7826
+ APSB17-41 Security updates available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
CVE-2017-3109
CVE-2017-3111
CVE-2017-11296
+ APSB17-40 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
CVE-2017-11294
+ APSB17-39 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
CVE-2017-11273
CVE-2017-11297
CVE-2017-11298
CVE-2017-11299
CVE-2017-11300
CVE-2017-11301
+ APSB17-38 Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb17-38.html
CVE-2017-11302
+ APSB17-37 Security update available for the Adobe DNG Converter
https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
CVE-2017-11295
+ APSB17-36 Security updates available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
CVE-2017-16377
CVE-2017-16378
CVE-2017-16360
CVE-2017-16388
CVE-2017-16389
CVE-2017-16390
CVE-2017-16393
CVE-2017-16398
CVE-2017-16381
CVE-2017-16385
CVE-2017-16392
CVE-2017-16395
CVE-2017-16396
CVE-2017-16363
CVE-2017-16365
CVE-2017-16374
CVE-2017-16384
CVE-2017-16386
CVE-2017-16387
CVE-2017-16368
CVE-2017-16383
CVE-2017-16391
CVE-2017-16410
CVE-2017-16362
CVE-2017-16370
CVE-2017-16376
CVE-2017-16382
CVE-2017-16394
CVE-2017-16397
CVE-2017-16399
CVE-2017-16400
CVE-2017-16401
CVE-2017-16402
CVE-2017-16403
CVE-2017-16404
CVE-2017-16405
CVE-2017-16408
CVE-2017-16409
CVE-2017-16412
CVE-2017-16414
CVE-2017-16417
CVE-2017-16418
CVE-2017-16420
CVE-2017-11293
CVE-2017-16407
CVE-2017-16413
CVE-2017-16415
CVE-2017-16416
CVE-2017-16361
CVE-2017-16366
CVE-2017-16369
CVE-2017-16380
CVE-2017-16419
CVE-2017-16367
CVE-2017-16379
CVE-2017-16406
CVE-2017-16364
CVE-2017-16371
CVE-2017-16372
CVE-2017-16373
CVE-2017-16375
CVE-2017-16411
+ APSB17-35 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb17-35.html
CVE-2017-11291
CVE-2017-11287
CVE-2017-11288
CVE-2017-11289
CVE-2017-11290
+ APSB17-34 Security updates available for Adobe Photoshop CC
https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
CVE-2017-11303
CVE-2017-11304
+ APSB17-33 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ 2017 年 11 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14, 3.16.50, 3.2.95 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.50
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.95
シリコンバレーNextレポート
ディープラーニングにもセキュリティ問題、AIをだます手口に注意
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/111400137/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
サイバー攻撃の犯人は誰?知る必要はあるのか
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300003/?ST=security&itp_list_theme
JVNVU#94371484 Packetbeat におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94371484/index.html
JVN#05398317 WordPress 用プラグイン TablePress における XML 外部実体参照 (XXE) 処理の脆弱性
http://jvn.jp/jp/JVN05398317/index.html
JVN#18420340 BOOK☆WALKER for Windows/Mac における複数の脆弱性
http://jvn.jp/jp/JVN18420340/index.html
https://www.mozilla.org/en-US/firefox/57.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-24 Security vulnerabilities fixed in Firefox 57
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
CVE-2017-7827
CVE-2017-7826
+ APSB17-41 Security updates available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
CVE-2017-3109
CVE-2017-3111
CVE-2017-11296
+ APSB17-40 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
CVE-2017-11294
+ APSB17-39 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
CVE-2017-11273
CVE-2017-11297
CVE-2017-11298
CVE-2017-11299
CVE-2017-11300
CVE-2017-11301
+ APSB17-38 Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb17-38.html
CVE-2017-11302
+ APSB17-37 Security update available for the Adobe DNG Converter
https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
CVE-2017-11295
+ APSB17-36 Security updates available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
CVE-2017-16377
CVE-2017-16378
CVE-2017-16360
CVE-2017-16388
CVE-2017-16389
CVE-2017-16390
CVE-2017-16393
CVE-2017-16398
CVE-2017-16381
CVE-2017-16385
CVE-2017-16392
CVE-2017-16395
CVE-2017-16396
CVE-2017-16363
CVE-2017-16365
CVE-2017-16374
CVE-2017-16384
CVE-2017-16386
CVE-2017-16387
CVE-2017-16368
CVE-2017-16383
CVE-2017-16391
CVE-2017-16410
CVE-2017-16362
CVE-2017-16370
CVE-2017-16376
CVE-2017-16382
CVE-2017-16394
CVE-2017-16397
CVE-2017-16399
CVE-2017-16400
CVE-2017-16401
CVE-2017-16402
CVE-2017-16403
CVE-2017-16404
CVE-2017-16405
CVE-2017-16408
CVE-2017-16409
CVE-2017-16412
CVE-2017-16414
CVE-2017-16417
CVE-2017-16418
CVE-2017-16420
CVE-2017-11293
CVE-2017-16407
CVE-2017-16413
CVE-2017-16415
CVE-2017-16416
CVE-2017-16361
CVE-2017-16366
CVE-2017-16369
CVE-2017-16380
CVE-2017-16419
CVE-2017-16367
CVE-2017-16379
CVE-2017-16406
CVE-2017-16364
CVE-2017-16371
CVE-2017-16372
CVE-2017-16373
CVE-2017-16375
CVE-2017-16411
+ APSB17-35 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb17-35.html
CVE-2017-11291
CVE-2017-11287
CVE-2017-11288
CVE-2017-11289
CVE-2017-11290
+ APSB17-34 Security updates available for Adobe Photoshop CC
https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
CVE-2017-11303
CVE-2017-11304
+ APSB17-33 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ 2017 年 11 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14, 3.16.50, 3.2.95 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.50
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.95
シリコンバレーNextレポート
ディープラーニングにもセキュリティ問題、AIをだます手口に注意
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/111400137/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
サイバー攻撃の犯人は誰?知る必要はあるのか
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300003/?ST=security&itp_list_theme
JVNVU#94371484 Packetbeat におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94371484/index.html
JVN#05398317 WordPress 用プラグイン TablePress における XML 外部実体参照 (XXE) 処理の脆弱性
http://jvn.jp/jp/JVN05398317/index.html
JVN#18420340 BOOK☆WALKER for Windows/Mac における複数の脆弱性
http://jvn.jp/jp/JVN18420340/index.html
2017年11月14日火曜日
14日 火曜日、仏滅
+ Google Chrome 62.0.3202.94 released
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
+ Linux Kernel CVE-2017-15102 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101790
CVE-2017-15102
+ Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101769
CVE-2017-16643
+ Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101768
CVE-2017-16645
+ Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101761
CVE-2017-16649
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101758
CVE-2017-16648
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
+ Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/101692
CVE-2017-15398
CVE-2017-15399
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
JVN#29602086 CS-Cart日本語版におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN29602086/
編集長の眼
2万円は高いか安いか?セキュリティ国家資格の講習を受けてみた
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/110700052/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
セキュリティ攻撃の被害情報、公開するのは悪いこと?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300002/?ST=security&itp_list_theme
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
+ Linux Kernel CVE-2017-15102 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101790
CVE-2017-15102
+ Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101769
CVE-2017-16643
+ Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101768
CVE-2017-16645
+ Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101761
CVE-2017-16649
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101758
CVE-2017-16648
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
+ Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/101692
CVE-2017-15398
CVE-2017-15399
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
JVN#29602086 CS-Cart日本語版におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN29602086/
編集長の眼
2万円は高いか安いか?セキュリティ国家資格の講習を受けてみた
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/110700052/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
セキュリティ攻撃の被害情報、公開するのは悪いこと?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300002/?ST=security&itp_list_theme
2017年11月13日月曜日
13日 月曜日、先負
+ CVE-2017-8585 | .NET Denial of Service Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-8585
CVE-2017-8585
+ マイクロソフト セキュリティ アドバイザリ 4053440 Dynamic Data Exchange (DDE) フィールドを含む Microsoft Office ドキュメントを安全に開く方法
https://technet.microsoft.com/ja-jp/library/security/4053440
CVE-2017-8759
CVE-2017-11292
CVE-2017-11826
+ iOS 11.1.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT208255
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
有識者座談会 セキュリティの非常識
アノニマスの攻撃に備えるには莫大な費用がかかる?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/110900001/?ST=security&itp_list_theme
ウインドリバーがIoTセキュリティ説明会、「ウクライナの大停電は当社製品なら防げた」
http://itpro.nikkeibp.co.jp/atcl/news/17/111002645/?ST=security&itp_list_theme
アカマイ、ボットの不正ログインを検知・遮断する「Bot Manager Premier」を発売
http://itpro.nikkeibp.co.jp/atcl/news/17/111002644/?ST=security&itp_list_theme
マカフィーとラック、AWS上におけるセキュリティ対策で協業
http://itpro.nikkeibp.co.jp/atcl/news/17/111002635/?ST=security&itp_list_theme
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-8585
CVE-2017-8585
+ マイクロソフト セキュリティ アドバイザリ 4053440 Dynamic Data Exchange (DDE) フィールドを含む Microsoft Office ドキュメントを安全に開く方法
https://technet.microsoft.com/ja-jp/library/security/4053440
CVE-2017-8759
CVE-2017-11292
CVE-2017-11826
+ iOS 11.1.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT208255
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
有識者座談会 セキュリティの非常識
アノニマスの攻撃に備えるには莫大な費用がかかる?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/110900001/?ST=security&itp_list_theme
ウインドリバーがIoTセキュリティ説明会、「ウクライナの大停電は当社製品なら防げた」
http://itpro.nikkeibp.co.jp/atcl/news/17/111002645/?ST=security&itp_list_theme
アカマイ、ボットの不正ログインを検知・遮断する「Bot Manager Premier」を発売
http://itpro.nikkeibp.co.jp/atcl/news/17/111002644/?ST=security&itp_list_theme
マカフィーとラック、AWS上におけるセキュリティ対策で協業
http://itpro.nikkeibp.co.jp/atcl/news/17/111002635/?ST=security&itp_list_theme
2017年11月10日金曜日
10日 金曜日、赤口
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
CVE-2017-3883
+ Linux kernel 4.1.46 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.46
+ PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/docs/10/static/release-10-1.html
https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
https://www.postgresql.org/docs/9.5/static/release-9-5-10.html
https://www.postgresql.org/docs/9.4/static/release-9-4-15.html
https://www.postgresql.org/docs/9.3/static/release-9-3-20.html
CVE-2017-12172
CVE-2017-15098
CVE-2017-15099
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ Microsoft Windows LNK File Code Execution
https://cxsecurity.com/issue/WLB-2017110056
CVE-2015-0096
CVE-2017-8464
JVN#71284826 HYPER SBI のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN71284826/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/
ニュース解説
FinTech?マルウエア?無断でスマホCPU使う謎のサービス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110801194/?ST=security&itp_list_theme
リバーベッドがSD-WAN製品を強化、ZscalerのセキュリティSaaSと連携
http://itpro.nikkeibp.co.jp/atcl/news/17/110902629/?ST=security&itp_list_theme
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
CVE-2017-3883
+ Linux kernel 4.1.46 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.46
+ PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/docs/10/static/release-10-1.html
https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
https://www.postgresql.org/docs/9.5/static/release-9-5-10.html
https://www.postgresql.org/docs/9.4/static/release-9-4-15.html
https://www.postgresql.org/docs/9.3/static/release-9-3-20.html
CVE-2017-12172
CVE-2017-15098
CVE-2017-15099
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ Microsoft Windows LNK File Code Execution
https://cxsecurity.com/issue/WLB-2017110056
CVE-2015-0096
CVE-2017-8464
JVN#71284826 HYPER SBI のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN71284826/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/
ニュース解説
FinTech?マルウエア?無断でスマホCPU使う謎のサービス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110801194/?ST=security&itp_list_theme
リバーベッドがSD-WAN製品を強化、ZscalerのセキュリティSaaSと連携
http://itpro.nikkeibp.co.jp/atcl/news/17/110902629/?ST=security&itp_list_theme
2017年11月9日木曜日
9日 木曜日、大安
+ Zabbix 3.4.4, 3.2.10, 3.0.13 released
http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D
+ Linux kernel 4.13.12, 4.9.61, 4.4.97, 3.18.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.97
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.80
+ Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110050
+ Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110049
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
UPDATE: JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/index.html
iPhone X 徹底レビュー
iPhone Xの顔認証で感じる、やっぱりホームボタンは偉大だった
http://itpro.nikkeibp.co.jp/atcl/column/17/110200479/110800002/?ST=security&itp_list_theme
不正アクセス検知ベンチャーのカウリスがアジア進出、安価なAIサービス武器に
http://itpro.nikkeibp.co.jp/atcl/news/17/110802620/?ST=security&itp_list_theme
http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D
+ Linux kernel 4.13.12, 4.9.61, 4.4.97, 3.18.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.97
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.80
+ Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110050
+ Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110049
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
UPDATE: JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/index.html
iPhone X 徹底レビュー
iPhone Xの顔認証で感じる、やっぱりホームボタンは偉大だった
http://itpro.nikkeibp.co.jp/atcl/column/17/110200479/110800002/?ST=security&itp_list_theme
不正アクセス検知ベンチャーのカウリスがアジア進出、安価なAIサービス武器に
http://itpro.nikkeibp.co.jp/atcl/news/17/110802620/?ST=security&itp_list_theme
2017年11月8日水曜日
8日 水曜日、仏滅
+ RHSA-2017:3151 Critical: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:3151
CVE-2017-15398
CVE-2017-15399
+ UPDATE: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
+ UPDATE: JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
Support for .NET Core 2.0 and PostgreSQL 10 in Updated dotConnect for PostgreSQL
https://www.postgresql.org/about/news/1800/
脅威増すサイバー攻撃の正体
新たな手口で脅威増すランサムウエア、次なる標的
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100004/?ST=security&itp_list_theme
シマンテックがエンドポイントセキュリティ新版、おとり機能やEDRなど統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702611/?ST=security&itp_list_theme
Cylance Japan、機械学習ウイルス対策にEDR機能を統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702608/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3151
CVE-2017-15398
CVE-2017-15399
+ UPDATE: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
+ UPDATE: JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
Support for .NET Core 2.0 and PostgreSQL 10 in Updated dotConnect for PostgreSQL
https://www.postgresql.org/about/news/1800/
脅威増すサイバー攻撃の正体
新たな手口で脅威増すランサムウエア、次なる標的
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100004/?ST=security&itp_list_theme
シマンテックがエンドポイントセキュリティ新版、おとり機能やEDRなど統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702611/?ST=security&itp_list_theme
Cylance Japan、機械学習ウイルス対策にEDR機能を統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702608/?ST=security&itp_list_theme
2017年11月7日火曜日
7日 火曜日、先負
+ Google Chrome 62.0.3202.89 released
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
CVE-2017-15398
CVE-2017-15399
+ CESA-2017:3111 CentOS 7 liblouis Security Update
https://lwn.net/Alerts/738250/
+ SA79922 McAfee Network Security Manager Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/79922/
CVE-2016-8029
+ Symantec Endpoint Protection CVE-2017-13680 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/101503
CVE-2017-13680
+ Symantec Endpoint Protection Manager CVE-2017-13681 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101504
CVE-2017-13681
+ OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101666
CVE-2017-3736
+ GNU wget CVE-2017-13090 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101590
CVE-2017-13090
+ GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101592
CVE-2017-13089
脅威増すサイバー攻撃の正体
ランサムウエアをなめてはいけない、本当の恐ろしさ
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100003/?ST=security&itp_list_theme
ITpro Report
Webブラウザーをクラウドで動かす、無害化ソフトのメカニズム
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/110600283/?ST=security&itp_list_theme
JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/
JVN#23367475 Wi-Fi STATION L-02F にバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN23367475/
JVNVU#93593263 IEEE P1735 に脆弱性
http://jvn.jp/vu/JVNVU93593263/
JVN#87886530 LAN DISKコネクトにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN87886530/
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
CVE-2017-15398
CVE-2017-15399
+ CESA-2017:3111 CentOS 7 liblouis Security Update
https://lwn.net/Alerts/738250/
+ SA79922 McAfee Network Security Manager Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/79922/
CVE-2016-8029
+ Symantec Endpoint Protection CVE-2017-13680 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/101503
CVE-2017-13680
+ Symantec Endpoint Protection Manager CVE-2017-13681 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101504
CVE-2017-13681
+ OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101666
CVE-2017-3736
+ GNU wget CVE-2017-13090 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101590
CVE-2017-13090
+ GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101592
CVE-2017-13089
脅威増すサイバー攻撃の正体
ランサムウエアをなめてはいけない、本当の恐ろしさ
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100003/?ST=security&itp_list_theme
ITpro Report
Webブラウザーをクラウドで動かす、無害化ソフトのメカニズム
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/110600283/?ST=security&itp_list_theme
JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/
JVN#23367475 Wi-Fi STATION L-02F にバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN23367475/
JVNVU#93593263 IEEE P1735 に脆弱性
http://jvn.jp/vu/JVNVU93593263/
JVN#87886530 LAN DISKコネクトにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN87886530/
2017年11月6日月曜日
6日 月曜日、友引
+ RHSA-2017:3111 Moderate: liblouis security update
https://access.redhat.com/errata/RHSA-2017:3111
CVE-2014-8184
CVE-2017-13738
CVE-2017-13740
CVE-2017-13741
CVE-2017-13742
CVE-2017-13743
CVE-2017-13744
+ Selenium Standalone Server 3.7.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.0 released
http://docs.seleniumhq.org/download/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
CVE-2017-12319
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
+ UPDATE: Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
+ UPDATE: Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
+ Linux kernel 4.13.11, 4.9.60, 4.4.96, 3.18.79, 3.10.108 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.96
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.79
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.108
+ OpenSSL OpenSSL 1.1.0g, 1.0.2m released
https://www.openssl.org/
+ OpenSSL Security Advisory [02 Nov 2017]
https://www.openssl.org/news/secadv/20171102.txt
CVE-2017-3732
CVE-2015-3193
+ Win32 OpenSSL v1.1.0g, 1.0.2m released
http://slproweb.com/products/Win32OpenSSL.html
+ Samba 4.7.1 Available for Download
https://www.samba.org/samba/history/samba-4.7.1.html
+ Sysstat 11.6.1, 11.4.7, 11.2.13 released
http://sebastien.godard.pagesperso-orange.fr/
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
+ JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux kernel CVE-2017-15951 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101621
CVE-2017-15951
VU#739007 IEEE P1735 implementations may have weak cryptographic protections
https://www.kb.cert.org/vuls/id/739007
VU#446847 Savitech USB audio drivers install a new root CA certificate
https://www.kb.cert.org/vuls/id/446847
Announcing the Release of OmniDB 2.3
https://www.postgresql.org/about/news/1799/
Aiven first to offer managed PG 10 on all major clouds
https://www.postgresql.org/about/news/1798/
脅威増すサイバー攻撃の正体
10年前から存在するランサムウエア、なぜ“ブレイク”したのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100002/?ST=security&itp_list_theme
感染してもタブを閉じれば無害、アシストがブラウザー分離ソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/110202592/?ST=security&itp_list_theme
JVN#97243511 フレッツ簡単セットアップツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN97243511/index.html
JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/index.html
https://access.redhat.com/errata/RHSA-2017:3111
CVE-2014-8184
CVE-2017-13738
CVE-2017-13740
CVE-2017-13741
CVE-2017-13742
CVE-2017-13743
CVE-2017-13744
+ Selenium Standalone Server 3.7.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.0 released
http://docs.seleniumhq.org/download/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
CVE-2017-12319
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
+ UPDATE: Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
+ UPDATE: Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
+ Linux kernel 4.13.11, 4.9.60, 4.4.96, 3.18.79, 3.10.108 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.96
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.79
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.108
+ OpenSSL OpenSSL 1.1.0g, 1.0.2m released
https://www.openssl.org/
+ OpenSSL Security Advisory [02 Nov 2017]
https://www.openssl.org/news/secadv/20171102.txt
CVE-2017-3732
CVE-2015-3193
+ Win32 OpenSSL v1.1.0g, 1.0.2m released
http://slproweb.com/products/Win32OpenSSL.html
+ Samba 4.7.1 Available for Download
https://www.samba.org/samba/history/samba-4.7.1.html
+ Sysstat 11.6.1, 11.4.7, 11.2.13 released
http://sebastien.godard.pagesperso-orange.fr/
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
+ JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux kernel CVE-2017-15951 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101621
CVE-2017-15951
VU#739007 IEEE P1735 implementations may have weak cryptographic protections
https://www.kb.cert.org/vuls/id/739007
VU#446847 Savitech USB audio drivers install a new root CA certificate
https://www.kb.cert.org/vuls/id/446847
Announcing the Release of OmniDB 2.3
https://www.postgresql.org/about/news/1799/
Aiven first to offer managed PG 10 on all major clouds
https://www.postgresql.org/about/news/1798/
脅威増すサイバー攻撃の正体
10年前から存在するランサムウエア、なぜ“ブレイク”したのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100002/?ST=security&itp_list_theme
感染してもタブを閉じれば無害、アシストがブラウザー分離ソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/110202592/?ST=security&itp_list_theme
JVN#97243511 フレッツ簡単セットアップツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN97243511/index.html
JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/index.html
2017年11月2日木曜日
2日 木曜日、仏滅
+ About the security content of iCloud for Windows 7.1
https://support.apple.com/ja-jp/HT208225
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of iTunes 12.7.1 for Windows
https://support.apple.com/ja-jp/HT208224
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of Safari 11.1
https://support.apple.com/ja-jp/HT208223
CVE-2017-13790
CVE-2017-13789
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of tvOS 11.1
https://support.apple.com/ja-jp/HT208219
CVE-2017-13849
CVE-2017-13799
CVE-2017-13804
CVE-2017-13784
CVE-2017-13783
CVE-2017-13785
CVE-2017-13788
CVE-2017-13802
CVE-2017-13792
CVE-2017-13795
CVE-2017-13798
CVE-2017-13796
CVE-2017-13794
CVE-2017-13793
CVE-2017-13791
CVE-2017-13803
CVE-2017-13080
+ About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
https://support.apple.com/ja-jp/HT208221
CVE-2017-13832
CVE-2016-736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
CVE-2017-13786
CVE-2017-13800
CVE-2017-13809
CVE-2017-13820
CVE-2017-13807
CVE-2017-13821
CVE-2017-13825
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-13801
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13830
CVE-2017-11103
CVE-2017-13819
CVE-2017-13814
CVE-2017-13831
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13834
CVE-2017-13799
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-13824
CVE-2017-13846
CVE-2017-13826
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-13804
CVE-2017-11108
CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ About the security content of iOS 11.1
https://support.apple.com/ja-jp/HT208222
CVE-2017-13849
CVE-2017-13799
CVE-2017-13844
CVE-2017-13805
CVE-2017-13804
CVE-2017-7113
CVE-2017-13784
CVE-2017-13783
CVE-2017-13785
CVE-2017-13788
CVE-2017-13802
CVE-2017-13792
CVE-2017-13795
CVE-2017-13798
CVE-2017-13796
CVE-2017-13794
CVE-2017-13793
CVE-2017-13791
CVE-2017-13803
CVE-2017-13080
+ About the security content of watchOS 4.1
https://support.apple.com/ja-jp/HT208220
CVE-2017-13849
CVE-2017-13799
CVE-2017-13804
CVE-2017-13080
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
CVE-2017-12275
+ Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
CVE-2017-12278
+ Cisco Identity Services Engine Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise
CVE-2017-12261
+ Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr
CVE-2017-12277
+ Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp
CVE-2017-12276
+ Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
CVE-2017-12262
+ Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
CVE-2017-12274
+ Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
CVE-2017-12273
+ Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4
CVE-2017-12282
+ Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3
CVE-2017-12280
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2
CVE-2017-12295
+ Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1
CVE-2017-12294
+ Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap
CVE-2017-12279
+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce
CVE-2017-12243
+ Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4
CVE-2017-12283
+ Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3
CVE-2017-12281
+ JVNVU#94207433 Trend Micro Control Manager における複数の脆弱性
http://jvn.jp/vu/JVNVU94207433/
CVE-2017-11383
CVE-2017-11384
CVE-2017-11385
CVE-2017-11386
CVE-2017-11387
CVE-2017-11388
CVE-2017-11389
CVE-2017-11390
CVE-2017-11391
Windows Defender Exploit Guard: 攻撃表面を縮小して次世代型マルウェアに対抗する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/01/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/
MicroOLAP Database Designer meets PostgreSQL 10!
https://www.postgresql.org/about/news/1796/
ニュース解説
サイバー攻撃をプロバイダーは止められるか、総務省の意欲
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110101186/?ST=security&itp_list_theme
中小向け「Microsoft 365」開始、月額2000円台でOfficeとセキュリティ提供
http://itpro.nikkeibp.co.jp/atcl/news/17/110102588/?ST=security&itp_list_theme
シマンテックのサーバー証明書、国内でもデジサートが発行へ
http://itpro.nikkeibp.co.jp/atcl/news/17/110102581/?ST=security&itp_list_theme
GMOインターネットから漏えいの個人情報、Amazonの電子書籍として販売される
http://itpro.nikkeibp.co.jp/atcl/news/17/110102579/?ST=security&itp_list_theme
ウイルス保管容疑でセキュリティ企業ディアイティの社員逮捕、同社は反論
http://itpro.nikkeibp.co.jp/atcl/news/17/110102576/?ST=security&itp_list_theme
UPDATE: JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/
登録:
投稿 (Atom)