+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
+ Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3823
+ Samba 4.5.5 Available for Download
https://www.samba.org/samba/history/samba-4.5.5.html
JVNVU#90868591 ウェブブラウザ向け Cisco WebEx 拡張機能に任意のコマンドが実行可能な脆弱性
http://jvn.jp/vu/JVNVU90868591/
Z会通信教育の新運用システムに障害、サービス再開は4月か
http://itpro.nikkeibp.co.jp/atcl/news/17/013100290/?ST=security&itp_list_theme
記者の眼
新技術「SD-WAN」が日本で今ひとつ盛り上がらない理由とそれでも普及すると思う理由
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/012500763/?ST=security&itp_list_theme
日本オラクルがシングルサインオンのSaaS、「戦略的価格で挑む」
http://itpro.nikkeibp.co.jp/atcl/news/17/013000289/?ST=security&itp_list_theme
Twitter、過去に受け取った国家安全保障書簡を2通公開
http://itpro.nikkeibp.co.jp/atcl/news/17/013000278/?ST=security&itp_list_theme
2017年1月31日火曜日
2017年1月30日月曜日
30日 月曜日、先負
+ CESA-2017:0190 Critical CentOS 5 firefox Security Update
https://lwn.net/Alerts/712781/
+ CESA-2017:0183 Moderate CentOS 6 squid34 Security Update
https://lwn.net/Alerts/712784/
+ CESA-2017:0184 Important CentOS 6 mysql Security Update
https://lwn.net/Alerts/712782/
+ CESA-2017:0190 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/712779/
+ CESA-2017:0190 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/712780/
+ CESA-2017:0182 Moderate CentOS 7 squid Security Update
https://lwn.net/Alerts/712783/
+ squid 3.5.24 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.24-RELEASENOTES.html
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ VU#909240 Cisco WebEx web browser extension allows arbitrary code execution
https://www.kb.cert.org/vuls/id/909240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3823
+ OpenSSL 1.1.0d, 1.0.2k released
https://www.openssl.org/
+ Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html
+ SA75060 Linux Kernel Color Map Information Disclosure Vulnerabilities
https://secunia.com/advisories/75060/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8405
+ hitachi-sec-2017-101 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-101/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ hitachi-sec-2017-101 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-101/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ JVNVU#92830136 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92830136/
+ macOS 10.12.1 / iOS kernel 'IOService::matchPassive' Use-After-Free
https://cxsecurity.com/issue/WLB-2017010225
+ macOS 10.12.1 / iOS kernel 'host_self_trap' Use-After-Free
https://cxsecurity.com/issue/WLB-2017010224
+ macOS 10.12.1 / iOS 10.2 kernel Userspace Pointer Memory Corruption
https://cxsecurity.com/issue/WLB-2017010223
+ OpenSSH 6.8-6.9 local privilege escalation
https://cxsecurity.com/issue/WLB-2017010222
+ OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
+ OpenSSL CVE-2017-3730 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/95812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
+ OpenSSL CVE-2017-3731 Denial of Service Vulnerability
http://www.securityfocus.com/bid/95813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
pgBadger v9.1 has been released
https://www.postgresql.org/about/news/1730/
JVNDB-2017-000014 CubeCart におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000014.html
「日本企業の45%がEUデータ保護規則を理解せず」、米ブランコ・テクノロジー
http://itpro.nikkeibp.co.jp/atcl/news/17/012700273/?ST=security&itp_list_theme
https://lwn.net/Alerts/712781/
+ CESA-2017:0183 Moderate CentOS 6 squid34 Security Update
https://lwn.net/Alerts/712784/
+ CESA-2017:0184 Important CentOS 6 mysql Security Update
https://lwn.net/Alerts/712782/
+ CESA-2017:0190 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/712779/
+ CESA-2017:0190 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/712780/
+ CESA-2017:0182 Moderate CentOS 7 squid Security Update
https://lwn.net/Alerts/712783/
+ squid 3.5.24 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.24-RELEASENOTES.html
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ VU#909240 Cisco WebEx web browser extension allows arbitrary code execution
https://www.kb.cert.org/vuls/id/909240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3823
+ OpenSSL 1.1.0d, 1.0.2k released
https://www.openssl.org/
+ Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2017-January/000091.html
+ SA75060 Linux Kernel Color Map Information Disclosure Vulnerabilities
https://secunia.com/advisories/75060/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8405
+ hitachi-sec-2017-101 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-101/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ hitachi-sec-2017-101 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-101/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ JVNVU#92830136 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92830136/
+ macOS 10.12.1 / iOS kernel 'IOService::matchPassive' Use-After-Free
https://cxsecurity.com/issue/WLB-2017010225
+ macOS 10.12.1 / iOS kernel 'host_self_trap' Use-After-Free
https://cxsecurity.com/issue/WLB-2017010224
+ macOS 10.12.1 / iOS 10.2 kernel Userspace Pointer Memory Corruption
https://cxsecurity.com/issue/WLB-2017010223
+ OpenSSH 6.8-6.9 local privilege escalation
https://cxsecurity.com/issue/WLB-2017010222
+ OpenSSL CVE-2017-3732 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95814
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
+ OpenSSL CVE-2017-3730 NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/95812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
+ OpenSSL CVE-2017-3731 Denial of Service Vulnerability
http://www.securityfocus.com/bid/95813
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
pgBadger v9.1 has been released
https://www.postgresql.org/about/news/1730/
JVNDB-2017-000014 CubeCart におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000014.html
「日本企業の45%がEUデータ保護規則を理解せず」、米ブランコ・テクノロジー
http://itpro.nikkeibp.co.jp/atcl/news/17/012700273/?ST=security&itp_list_theme
2017年1月27日金曜日
27日 金曜日、大安
+ Mozilla Firefox 51.0.1 released
https://www.mozilla.org/en-US/firefox/51.0.1/releasenotes/
+ Mozilla Thunderbird 45.7.0 released
https://www.mozilla.org/en-US/thunderbird/45.7.0/releasenotes/
+ Linux kernel 4.9.6, 4.4.45 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.45
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/
+ OpenSSL Multiple Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1037717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
+ OpenSSL Security Advisory [26 Jan 2017]
https://www.openssl.org/news/secadv/20170126.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
スマホの利用履歴などを認証IDにする「ライフスタイル認証」、実証実験を開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012600258/?ST=security&itp_list_theme
ファイア・アイが2017年もランサムウエア横行と警鐘、「バックアップで対策を」
http://itpro.nikkeibp.co.jp/atcl/news/17/012600252/?ST=security&itp_list_theme
CTCSP、汎用パソコンをシンクライアント化するサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012600248/?ST=security&itp_list_theme
https://www.mozilla.org/en-US/firefox/51.0.1/releasenotes/
+ Mozilla Thunderbird 45.7.0 released
https://www.mozilla.org/en-US/thunderbird/45.7.0/releasenotes/
+ Linux kernel 4.9.6, 4.4.45 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.45
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/
+ OpenSSL Multiple Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1037717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
+ OpenSSL Security Advisory [26 Jan 2017]
https://www.openssl.org/news/secadv/20170126.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3732
スマホの利用履歴などを認証IDにする「ライフスタイル認証」、実証実験を開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012600258/?ST=security&itp_list_theme
ファイア・アイが2017年もランサムウエア横行と警鐘、「バックアップで対策を」
http://itpro.nikkeibp.co.jp/atcl/news/17/012600252/?ST=security&itp_list_theme
CTCSP、汎用パソコンをシンクライアント化するサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012600248/?ST=security&itp_list_theme
2017年1月26日木曜日
26日 木曜日、仏滅
+ RHSA-2017:0190 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-0190.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
+ Google Chrome 56.0.2924.76 released
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5026
+ Mozilla Firefox 51.0 released
https://www.mozilla.org/en-US/firefox/51.0/releasenotes/
+ Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
+ Wireshark 2.2.4, 2.0.10 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.4.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.10.html
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3792
+ Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3790
+ Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9225
+ Apache Log4J 2.8 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.8
+ Tomcat 8.0.41, 7.0.75 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.41_(violetagg)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.75_(violetagg)
+ Wireshark ASTERIX and DHCPv6 Dissector Bugs Let Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1037694
+ Linux Kernel CVE-2017-5576 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/95767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5576
+ Linux Kernel CVE-2017-5577 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/95765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5577
「対策は不十分」、EUの新個人情報保護法でIIJが警鐘
http://itpro.nikkeibp.co.jp/atcl/news/17/012500235/?ST=security&itp_list_theme
ニュース解説
欧州で進む車載ソフトの標準化 対応遅れる日本市場に差す光明
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012400787/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0190.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
+ Google Chrome 56.0.2924.76 released
https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5026
+ Mozilla Firefox 51.0 released
https://www.mozilla.org/en-US/firefox/51.0/releasenotes/
+ Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
+ Wireshark 2.2.4, 2.0.10 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.4.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.10.html
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3792
+ Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3790
+ Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9225
+ Apache Log4J 2.8 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.8
+ Tomcat 8.0.41, 7.0.75 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.41_(violetagg)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.75_(violetagg)
+ Wireshark ASTERIX and DHCPv6 Dissector Bugs Let Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1037694
+ Linux Kernel CVE-2017-5576 Integer Overflow Vulnerability
http://www.securityfocus.com/bid/95767
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5576
+ Linux Kernel CVE-2017-5577 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/95765
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5577
「対策は不十分」、EUの新個人情報保護法でIIJが警鐘
http://itpro.nikkeibp.co.jp/atcl/news/17/012500235/?ST=security&itp_list_theme
ニュース解説
欧州で進む車載ソフトの標準化 対応遅れる日本市場に差す光明
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012400787/?ST=security&itp_list_theme
2017年1月25日水曜日
25日 水曜日、先負
+ RHSA-2017:0184 Important: mysql security update
https://rhn.redhat.com/errata/RHSA-2017-0184.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
+ RHSA-2017:0183 Moderate: squid34 security update
https://rhn.redhat.com/errata/RHSA-2017-0183.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
+ RHSA-2017:0182 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2017-0182.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
+ About the security content of iTunes 12.5.5 for Windows
https://support.apple.com/ja-jp/HT207486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
+ About the security content of Safari 10.0.3
https://support.apple.com/ja-jp/HT207484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
+ About the security content of iCloud for Windows 6.1.1
https://support.apple.com/ja-jp/HT207481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
+ About the security content of macOS Sierra 10.12.3
https://support.apple.com/ja-jp/HT207483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248
+ About the security content of iOS 10.2.1
https://support.apple.com/ja-jp/HT207482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2351
+ About the security content of tvOS 10.1.1
https://support.apple.com/ja-jp/HT207485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
+ About the security content of watchOS 3.1.3
https://support.apple.com/ja-jp/HT207487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
+ Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ JVNVU#97915630 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97915630/
+ Microsoft Remote Desktop Client for Mac 8.0.36 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010194
+ Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010190
JVNDB-2017-000011 Knowledge におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000011.html
JVNDB-2017-000013 Nessus におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000013.html
JVNDB-2017-000010 smalruby-editor における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000010.html
「みんなのラズパイコンテスト2016」全受賞作品
怪しいメールはPDF化して読む、標的型攻撃メールの対策ラズパイ端末
http://itpro.nikkeibp.co.jp/atcl/column/16/121900307/010500045/?ST=security&itp_list_theme
ニュース解説
なぜマイナポータルはJava必須なのか、開発者側の理屈でユーザー体験がおざなりに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012400785/?ST=security&itp_list_theme
ニュース解説
DDoS攻撃招くIoT機器に回収騒ぎ、マルウエア「mirai」の脅威が深刻に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012300784/?ST=security&itp_list_theme
Apple、将来版iPhoneに向け、光学式指紋認証や顔認証の技術を開発か
http://itpro.nikkeibp.co.jp/atcl/news/17/012400204/?ST=security&itp_list_theme
営業教育スタートアップのTANRENがISMS認証取得、シェアオフィスの不利補う
http://itpro.nikkeibp.co.jp/atcl/news/17/012300197/?ST=security&itp_list_theme
サイバートラスト、手軽にWebサイトの脆弱性を診断できるクラウドサービス
http://itpro.nikkeibp.co.jp/atcl/news/17/012300190/?ST=security&itp_list_theme
内閣官房、マイナポータル環境設定プログラムに脆弱性と公表、再インストール求める
http://itpro.nikkeibp.co.jp/atcl/news/17/012300189/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0184.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6663
+ RHSA-2017:0183 Moderate: squid34 security update
https://rhn.redhat.com/errata/RHSA-2017-0183.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
+ RHSA-2017:0182 Moderate: squid security update
https://rhn.redhat.com/errata/RHSA-2017-0182.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10002
+ About the security content of iTunes 12.5.5 for Windows
https://support.apple.com/ja-jp/HT207486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
+ About the security content of Safari 10.0.3
https://support.apple.com/ja-jp/HT207484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
+ About the security content of iCloud for Windows 6.1.1
https://support.apple.com/ja-jp/HT207481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
+ About the security content of macOS Sierra 10.12.3
https://support.apple.com/ja-jp/HT207483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248
+ About the security content of iOS 10.2.1
https://support.apple.com/ja-jp/HT207482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2351
+ About the security content of tvOS 10.1.1
https://support.apple.com/ja-jp/HT207485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2365
+ About the security content of watchOS 3.1.3
https://support.apple.com/ja-jp/HT207487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7612
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7607
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7615
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7644
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2363
+ Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
+ JVNVU#97915630 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU97915630/
+ Microsoft Remote Desktop Client for Mac 8.0.36 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010194
+ Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010190
JVNDB-2017-000011 Knowledge におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000011.html
JVNDB-2017-000013 Nessus におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000013.html
JVNDB-2017-000010 smalruby-editor における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000010.html
「みんなのラズパイコンテスト2016」全受賞作品
怪しいメールはPDF化して読む、標的型攻撃メールの対策ラズパイ端末
http://itpro.nikkeibp.co.jp/atcl/column/16/121900307/010500045/?ST=security&itp_list_theme
ニュース解説
なぜマイナポータルはJava必須なのか、開発者側の理屈でユーザー体験がおざなりに
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012400785/?ST=security&itp_list_theme
ニュース解説
DDoS攻撃招くIoT機器に回収騒ぎ、マルウエア「mirai」の脅威が深刻に
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012300784/?ST=security&itp_list_theme
Apple、将来版iPhoneに向け、光学式指紋認証や顔認証の技術を開発か
http://itpro.nikkeibp.co.jp/atcl/news/17/012400204/?ST=security&itp_list_theme
営業教育スタートアップのTANRENがISMS認証取得、シェアオフィスの不利補う
http://itpro.nikkeibp.co.jp/atcl/news/17/012300197/?ST=security&itp_list_theme
サイバートラスト、手軽にWebサイトの脆弱性を診断できるクラウドサービス
http://itpro.nikkeibp.co.jp/atcl/news/17/012300190/?ST=security&itp_list_theme
内閣官房、マイナポータル環境設定プログラムに脆弱性と公表、再インストール求める
http://itpro.nikkeibp.co.jp/atcl/news/17/012300189/?ST=security&itp_list_theme
2017年1月24日火曜日
24日 火曜日、友引
+ CESA-2017:0180 Critical CentOS 7 java-1.8.0-openjdk Security Update
https://lwn.net/Alerts/712256/
+ CESA-2017:0180 Critical CentOS 6 java-1.8.0-openjdk Security Update
https://lwn.net/Alerts/712255/
+ phpMyAdmin 4.6.6, 4.4.15.10, 4.0.10.19 released
https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/
https://www.phpmyadmin.net/files/4.6.6/
https://www.phpmyadmin.net/files/4.4.15.10/
https://www.phpmyadmin.net/files/4.0.10.19/
+ UPDATE: Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
+ UPDATE: JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
+ PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010184
+ Microsoft Power Point 2016 Java Payload Code Execution
https://cxsecurity.com/issue/WLB-2017010182
+ Linux Kernel CVE-2017-5550 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5550
+ Linux Kernel CVE-2017-5549 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5549
+ Linux Kernel CVE-2017-5546 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5546
+ Linux Kernel CVE-2017-5551 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5551
+ PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95712
+ Linux Kernel CVE-2016-10153 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10153
+ Linux Kernel CVE-2016-10154 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10154
+ Linux Kernel CVE-2017-5548 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5548
+ Linux Kernel CVE-2017-5547 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5547
トレンドマイクロ、IoT機器の脆弱性をクラウドで検知・保護する新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/012300200/?ST=security&itp_list_theme
https://lwn.net/Alerts/712256/
+ CESA-2017:0180 Critical CentOS 6 java-1.8.0-openjdk Security Update
https://lwn.net/Alerts/712255/
+ phpMyAdmin 4.6.6, 4.4.15.10, 4.0.10.19 released
https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/
https://www.phpmyadmin.net/files/4.6.6/
https://www.phpmyadmin.net/files/4.4.15.10/
https://www.phpmyadmin.net/files/4.0.10.19/
+ UPDATE: Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr
+ UPDATE: Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
+ UPDATE: JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
+ PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010184
+ Microsoft Power Point 2016 Java Payload Code Execution
https://cxsecurity.com/issue/WLB-2017010182
+ Linux Kernel CVE-2017-5550 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5550
+ Linux Kernel CVE-2017-5549 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95715
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5549
+ Linux Kernel CVE-2017-5546 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5546
+ Linux Kernel CVE-2017-5551 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5551
+ PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/95712
+ Linux Kernel CVE-2016-10153 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10153
+ Linux Kernel CVE-2016-10154 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95714
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10154
+ Linux Kernel CVE-2017-5548 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95710
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5548
+ Linux Kernel CVE-2017-5547 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/95709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5547
トレンドマイクロ、IoT機器の脆弱性をクラウドで検知・保護する新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/012300200/?ST=security&itp_list_theme
2017年1月23日月曜日
23日 月曜日、先勝
+ RHSA-2017:0180 Critical: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2017-0180.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ About the security content of GarageBand 10.1.5
https://support.apple.com/ja-jp/HT207477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2372
+ Logic Pro X 10.3 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT207476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2372
+ Google Chrome 57.0.2986.0 released
https://chromereleases.googleblog.com/2017/01/dev-channel-update-for-desktop_19.html
+ UPDATE: APSB17-03 Security Update Available for the Adobe Acrobat extension for Chrome
https://helpx.adobe.com/security/products/acrobat/apsb17-03.html
+ UPDATE: APSB17-01 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
+ Linux kernel 4.9.5, 4.4.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.44
+ SA74808 Linux Kernel "proc_sys_readdir()" Denial of Service Vulnerability
https://secunia.com/advisories/74808/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9191
+ SA74867 Linux Kernel KVM "kvm_ioctl_create_device()" Use-After-Free Vulnerability
https://secunia.com/advisories/74867/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10150
+ JVNDB-2017-000012 Apache Struts 2 において devMode が有効な場合に任意の Java(OGNL) コードが実行可能な問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000012.html
+ UPDATE: JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/index.html
+ UPDATE: JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/index.html
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in curl_file_create()
https://cxsecurity.com/issue/WLB-2017010180
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in ZipArchive::extractTo
https://cxsecurity.com/issue/WLB-2017010179
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in exif_imagetype
https://cxsecurity.com/issue/WLB-2017010178
ニュース解説
マルウエアで生産ラインが急停止、トレンドマイクロが工場へのサイバー攻撃デモ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012100783/?ST=security&itp_list_theme
記者の眼
ランサムウエアに感染したIT社長、怒ってセキュリティソフトを作る
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011800757/?ST=security&itp_list_theme
CTC、簡易セキュリティアセスメントサービスを無償提供
http://itpro.nikkeibp.co.jp/atcl/news/17/012000175/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0180.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3289
+ About the security content of GarageBand 10.1.5
https://support.apple.com/ja-jp/HT207477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2372
+ Logic Pro X 10.3 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT207476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2372
+ Google Chrome 57.0.2986.0 released
https://chromereleases.googleblog.com/2017/01/dev-channel-update-for-desktop_19.html
+ UPDATE: APSB17-03 Security Update Available for the Adobe Acrobat extension for Chrome
https://helpx.adobe.com/security/products/acrobat/apsb17-03.html
+ UPDATE: APSB17-01 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
+ Linux kernel 4.9.5, 4.4.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.44
+ SA74808 Linux Kernel "proc_sys_readdir()" Denial of Service Vulnerability
https://secunia.com/advisories/74808/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9191
+ SA74867 Linux Kernel KVM "kvm_ioctl_create_device()" Use-After-Free Vulnerability
https://secunia.com/advisories/74867/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10150
+ JVNDB-2017-000012 Apache Struts 2 において devMode が有効な場合に任意の Java(OGNL) コードが実行可能な問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000012.html
+ UPDATE: JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/index.html
+ UPDATE: JVNVU#97133859 Apache HTTP Web Server の HTTP/2 プロトコルの処理にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97133859/index.html
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in curl_file_create()
https://cxsecurity.com/issue/WLB-2017010180
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in ZipArchive::extractTo
https://cxsecurity.com/issue/WLB-2017010179
+ PHP 7.1.0/5.6.29 missing null byte checks for paths in exif_imagetype
https://cxsecurity.com/issue/WLB-2017010178
ニュース解説
マルウエアで生産ラインが急停止、トレンドマイクロが工場へのサイバー攻撃デモ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012100783/?ST=security&itp_list_theme
記者の眼
ランサムウエアに感染したIT社長、怒ってセキュリティソフトを作る
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011800757/?ST=security&itp_list_theme
CTC、簡易セキュリティアセスメントサービスを無償提供
http://itpro.nikkeibp.co.jp/atcl/news/17/012000175/?ST=security&itp_list_theme
2017年1月20日金曜日
20日 金曜日、仏滅
+ CESA-2017:0086 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/712042/
+ UPDATE: Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1
+ UPDATE: Cisco Email Security Appliance Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa
+ PHP 7.1.1, 7.0.15, 5.6.30 Released
http://www.php.net/ChangeLog-7.php#7.1.1
http://www.php.net/ChangeLog-7.php#7.0.15
http://www.php.net/ChangeLog-5.php#5.6.30
+ McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1037628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3902
+ Java SE Mission Control Insecure Transport MITM
https://cxsecurity.com/issue/WLB-2017010155
+ Android fps sysfs Entry Buffer Overflow
https://cxsecurity.com/issue/WLB-2017010150
+ Android sec_ts Touchscreen Race Condition
https://cxsecurity.com/issue/WLB-2017010149
データは語る
IT市場の“東京一極集中”が鮮明に、地方は3%のマイナス成長
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/011900025/?ST=security&itp_list_theme
JVNVU#90290095 Apple GarageBand および Logic Pro X の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90290095/
JVNVU#91417143 GigaCC OFFICE における複数の脆弱性
http://jvn.jp/vu/JVNVU91417143/
https://lwn.net/Alerts/712042/
+ UPDATE: Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1
+ UPDATE: Cisco Email Security Appliance Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa
+ PHP 7.1.1, 7.0.15, 5.6.30 Released
http://www.php.net/ChangeLog-7.php#7.1.1
http://www.php.net/ChangeLog-7.php#7.0.15
http://www.php.net/ChangeLog-5.php#5.6.30
+ McAfee ePolicy Orchestrator Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1037628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3902
+ Java SE Mission Control Insecure Transport MITM
https://cxsecurity.com/issue/WLB-2017010155
+ Android fps sysfs Entry Buffer Overflow
https://cxsecurity.com/issue/WLB-2017010150
+ Android sec_ts Touchscreen Race Condition
https://cxsecurity.com/issue/WLB-2017010149
データは語る
IT市場の“東京一極集中”が鮮明に、地方は3%のマイナス成長
http://itpro.nikkeibp.co.jp/atcl/column/16/072600158/011900025/?ST=security&itp_list_theme
JVNVU#90290095 Apple GarageBand および Logic Pro X の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90290095/
JVNVU#91417143 GigaCC OFFICE における複数の脆弱性
http://jvn.jp/vu/JVNVU91417143/
2017年1月19日木曜日
19日 木曜日、先負
+ CESA-2017:0083 Low CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/711925/
+ Cisco WebEx Meeting Center Site Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3799
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3797
+ Cisco WebEx Meetings Server Command Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3796
+ Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3795
+ Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3794
+ Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9222
+ Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3804
+ Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3805
+ Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9218
+ Cisco Email Security Appliance Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3800
+ Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3802
+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3798
+ Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9221
+ Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9220
+ Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3803
+ Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9216
+ Linux kernel 4.1.38, 3.18.47 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.38
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.47
+ Samba 4.5.4 Available for Download
https://www.samba.org/samba/history/samba-4.5.4.html
+ SA74857 Linux Kernel "mcryptd(alg)" Denial of Service Vulnerability
https://secunia.com/advisories/74857/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10147
+ Norton Internet Security DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
+ Norton Anti-Virus DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
+ Symantec Endpoint Protection Cloud DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
瀧口範子のシリコンバレー通信
実現しなかったスノーデン恩赦、Twitter CEOなども嘆願書に署名
http://itpro.nikkeibp.co.jp/atcl/column/15/060200138/011800085/?ST=security&itp_list_theme
「ITとIoTの断絶はセキュリティ上の懸念招く」、デロイト トーマツ丸山満彦氏
http://itpro.nikkeibp.co.jp/atcl/news/17/011800146/?ST=security&itp_list_theme
WindowsのSMBに新たな脆弱性見つかる、企業担当者はファイアウオールの再確認を
http://itpro.nikkeibp.co.jp/atcl/news/17/011800139/?ST=security&itp_list_theme
https://lwn.net/Alerts/711925/
+ Cisco WebEx Meeting Center Site Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3799
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3797
+ Cisco WebEx Meetings Server Command Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3796
+ Cisco WebEx Meetings Server Arbitrary Password Change Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3795
+ Cisco WebEx Meetings Server Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3794
+ Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9222
+ Cisco Nexus 5000, 6000, and 7000 Series Switches Software IS-IS Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3804
+ Cisco IOS and Cisco IOx Software Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3805
+ Cisco Hybrid Meeting Server Web Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9218
+ Cisco Email Security Appliance Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3800
+ Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3802
+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3798
+ Cisco Mobility Express 2800 and 3800 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9221
+ Cisco Mobility Express 2800 and 3800 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9220
+ Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3803
+ Cisco ASR 5000 Software ipsecmgr Process IKE Packet Parsing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9216
+ Linux kernel 4.1.38, 3.18.47 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.38
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.47
+ Samba 4.5.4 Available for Download
https://www.samba.org/samba/history/samba-4.5.4.html
+ SA74857 Linux Kernel "mcryptd(alg)" Denial of Service Vulnerability
https://secunia.com/advisories/74857/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10147
+ Norton Internet Security DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
+ Norton Anti-Virus DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
+ Symantec Endpoint Protection Cloud DLL Loading Error in Norton Download Manager Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1037622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6592
瀧口範子のシリコンバレー通信
実現しなかったスノーデン恩赦、Twitter CEOなども嘆願書に署名
http://itpro.nikkeibp.co.jp/atcl/column/15/060200138/011800085/?ST=security&itp_list_theme
「ITとIoTの断絶はセキュリティ上の懸念招く」、デロイト トーマツ丸山満彦氏
http://itpro.nikkeibp.co.jp/atcl/news/17/011800146/?ST=security&itp_list_theme
WindowsのSMBに新たな脆弱性見つかる、企業担当者はファイアウオールの再確認を
http://itpro.nikkeibp.co.jp/atcl/news/17/011800139/?ST=security&itp_list_theme
2017年1月18日水曜日
18日 水曜日、友引
+ RHSA-2017:0086 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2017-0086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555
+ RHSA-2017:0083 Low: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0083.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2857
+ CESA-2017:0063 Important CentOS 5 bind Security Update
https://lwn.net/Alerts/711814/
+ CESA-2017:0063 Important CentOS 6 bind Security Update
https://lwn.net/Alerts/711815/
+ CESA-2017:0062 Important CentOS 7 bind Security Update
https://lwn.net/Alerts/711813/
+ CESA-2017:0064 Important CentOS 5 bind97 Security Update
https://lwn.net/Alerts/711816/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Oracle Critical Patch Update Advisory - January 2017
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
+ Apache Tomcat 8.5.11 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.11_(markt)
+ Java SE Development Kit 8, Update 121 (JDK 8u121) released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
+ Android ssp_batch_ioctl Out-Of-Bounds Write
https://cxsecurity.com/issue/WLB-2017010112
+ Apple iTunes Notify Script Insertion
https://cxsecurity.com/issue/WLB-2017010106
Linuxカーネルに深刻な脆弱性が見つかる、Androidの全バージョンに影響
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/010500053/?ST=security&itp_list_theme
ニュース解説
割賦販売法改正でカード決済のIC対応が必須に、1年半後に期限迫るも大手に遅れ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011600776/?ST=security&itp_list_theme
富士通が6型のフルWindowsタブレットや777gの超軽量ノートPCを発表
http://itpro.nikkeibp.co.jp/atcl/news/17/011700121/?ST=security&itp_list_theme
NECとインフォセック、トレンドマイクロ製品による標的型攻撃の監視サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/011700118/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0086.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9555
+ RHSA-2017:0083 Low: qemu-kvm security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0083.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2857
+ CESA-2017:0063 Important CentOS 5 bind Security Update
https://lwn.net/Alerts/711814/
+ CESA-2017:0063 Important CentOS 6 bind Security Update
https://lwn.net/Alerts/711815/
+ CESA-2017:0062 Important CentOS 7 bind Security Update
https://lwn.net/Alerts/711813/
+ CESA-2017:0064 Important CentOS 5 bind97 Security Update
https://lwn.net/Alerts/711816/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
+ Oracle Critical Patch Update Advisory - January 2017
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
+ Apache Tomcat 8.5.11 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.11_(markt)
+ Java SE Development Kit 8, Update 121 (JDK 8u121) released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
+ Android ssp_batch_ioctl Out-Of-Bounds Write
https://cxsecurity.com/issue/WLB-2017010112
+ Apple iTunes Notify Script Insertion
https://cxsecurity.com/issue/WLB-2017010106
Linuxカーネルに深刻な脆弱性が見つかる、Androidの全バージョンに影響
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/010500053/?ST=security&itp_list_theme
ニュース解説
割賦販売法改正でカード決済のIC対応が必須に、1年半後に期限迫るも大手に遅れ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011600776/?ST=security&itp_list_theme
富士通が6型のフルWindowsタブレットや777gの超軽量ノートPCを発表
http://itpro.nikkeibp.co.jp/atcl/news/17/011700121/?ST=security&itp_list_theme
NECとインフォセック、トレンドマイクロ製品による標的型攻撃の監視サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/011700118/?ST=security&itp_list_theme
2017年1月17日火曜日
17日 火曜日、先勝
+ RHSA-2017:0064 Important: bind97 security update
https://rhn.redhat.com/errata/RHSA-2017-0064.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ RHSA-2017:0063 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-0063.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ RHSA-2017:0062 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-0062.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ HS16-032 JP1/Cm2/Network Node Manager iにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ ProFTPD 1.3.5d released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5d
JVNDB-2017-000009 MaruUo Factory 製の複数のアタッシェケース製品におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000009.html
JVNDB-2017-000008 アタッシェケースにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000008.html
IIJ、WebゲートウエイサービスにWebコンテンツ無害化オプションを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/011600102/?ST=security&itp_list_theme
「マイナポータル」にマイナンバーカードでログイン可能に、ただしJava実行環境が必要
http://itpro.nikkeibp.co.jp/atcl/news/17/011600097/?ST=security&itp_list_theme
JVNVU#91580972 CodeLathe FileCloud にクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/vu/JVNVU91580972/index.html
https://rhn.redhat.com/errata/RHSA-2017-0064.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ RHSA-2017:0063 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-0063.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ RHSA-2017:0062 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-0062.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ HS16-032 JP1/Cm2/Network Node Manager iにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ ProFTPD 1.3.5d released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5d
JVNDB-2017-000009 MaruUo Factory 製の複数のアタッシェケース製品におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000009.html
JVNDB-2017-000008 アタッシェケースにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000008.html
IIJ、WebゲートウエイサービスにWebコンテンツ無害化オプションを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/011600102/?ST=security&itp_list_theme
「マイナポータル」にマイナンバーカードでログイン可能に、ただしJava実行環境が必要
http://itpro.nikkeibp.co.jp/atcl/news/17/011600097/?ST=security&itp_list_theme
JVNVU#91580972 CodeLathe FileCloud にクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/vu/JVNVU91580972/index.html
2017年1月16日月曜日
16日 月曜日、赤口
+ Android-x86 6.0-r2 (Marshmallow-x86) released
http://www.android-x86.org/releases/releasenote-6-0-r2
+ collabtive 3.0.1 released
http://collabtive.o-dyn.de/
+ CESA-2017:0036 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/711554/
+ CESA-2017:0061 Important CentOS 5 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711553/
+ CESA-2017:0061 Important CentOS 6 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711552/
+ CESA-2017:0061 Important CentOS 7 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711551/
+ Linux kernel 4.9.4, 4.4.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.43
+ Sudo 1.8.19p2 released
https://www.sudo.ws/stable.html#1.8.19p2
+ Apache HTTP Server 2.2.32 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
+ ProFTPD 1.3.5c released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5c
+ Sysstat 11.4.3, 11.2.9 released
http://sebastien.godard.pagesperso-orange.fr/
+ zlib 1.2.11 released
http://www.zlib.net/
+ UPDATE: JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
+ Mozilla Firefox < 50.1.0 - Use After Free
https://cxsecurity.com/issue/WLB-2017010092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
+ Zabbix CVE-2016-10134 SQL Injection Vulnerability
http://www.securityfocus.com/bid/95423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10134
VU#865216 CodeLathe FileCloud is vulnerable to cross-site request forgery
https://www.kb.cert.org/vuls/id/865216
ネットワークの素朴な疑問
ダークウェブって何?
http://itpro.nikkeibp.co.jp/atcl/column/17/010600003/010600001/?ST=security&itp_list_theme
日本HP社長、「2017年は没入型コンピュータや3Dプリンター事業に期待」
http://itpro.nikkeibp.co.jp/atcl/news/17/011300092/?ST=security&itp_list_theme
http://www.android-x86.org/releases/releasenote-6-0-r2
+ collabtive 3.0.1 released
http://collabtive.o-dyn.de/
+ CESA-2017:0036 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/711554/
+ CESA-2017:0061 Important CentOS 5 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711553/
+ CESA-2017:0061 Important CentOS 6 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711552/
+ CESA-2017:0061 Important CentOS 7 java-1.6.0-openjdk Security Update
https://lwn.net/Alerts/711551/
+ Linux kernel 4.9.4, 4.4.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.43
+ Sudo 1.8.19p2 released
https://www.sudo.ws/stable.html#1.8.19p2
+ Apache HTTP Server 2.2.32 Released
http://www.apache.org/dist/httpd/Announcement2.2.html
+ ProFTPD 1.3.5c released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5c
+ Sysstat 11.4.3, 11.2.9 released
http://sebastien.godard.pagesperso-orange.fr/
+ zlib 1.2.11 released
http://www.zlib.net/
+ UPDATE: JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
+ Mozilla Firefox < 50.1.0 - Use After Free
https://cxsecurity.com/issue/WLB-2017010092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
+ Zabbix CVE-2016-10134 SQL Injection Vulnerability
http://www.securityfocus.com/bid/95423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10134
VU#865216 CodeLathe FileCloud is vulnerable to cross-site request forgery
https://www.kb.cert.org/vuls/id/865216
ネットワークの素朴な疑問
ダークウェブって何?
http://itpro.nikkeibp.co.jp/atcl/column/17/010600003/010600001/?ST=security&itp_list_theme
日本HP社長、「2017年は没入型コンピュータや3Dプリンター事業に期待」
http://itpro.nikkeibp.co.jp/atcl/news/17/011300092/?ST=security&itp_list_theme
2017年1月13日金曜日
13日 金曜日、先負
+ RHSA-2017:0061 Important: java-1.6.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2017-0061.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597
+ Linux kernel 4.9.3, 4.4.42 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.42
+ SA74743 ISC BIND Multiple Assertion Failure Denial of Service Vulnerabilities
https://secunia.com/advisories/74743/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ Oracle Critical Patch Update Pre-Release Announcement - January 2017
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
+ JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ BIND Multiple Flaws Let Remote Users Cause the Target named Service to Stop Processing
http://www.securitytracker.com/id/1037582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ ISC BIND CVE-2016-9444 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ ISC BIND CVE-2016-9778 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ ISC BIND CVE-2016-9147 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ ISC BIND CVE-2016-9444 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
「プロダクトキーが不正コピー」日本マイクロソフトが不審メールへの警告を呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/011200078/?ST=security&itp_list_theme
セキュリティの新資格「情報処理安全確保士」試験、受け付け開始
http://itpro.nikkeibp.co.jp/atcl/news/17/011200063/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0061.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5542
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5597
+ Linux kernel 4.9.3, 4.4.42 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.42
+ SA74743 ISC BIND Multiple Assertion Failure Denial of Service Vulnerabilities
https://secunia.com/advisories/74743/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ Oracle Critical Patch Update Pre-Release Announcement - January 2017
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html
+ JVNVU#94085539 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94085539/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ BIND Multiple Flaws Let Remote Users Cause the Target named Service to Stop Processing
http://www.securitytracker.com/id/1037582
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ ISC BIND CVE-2016-9444 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ ISC BIND CVE-2016-9778 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ ISC BIND CVE-2016-9147 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ ISC BIND CVE-2016-9444 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/95393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
「プロダクトキーが不正コピー」日本マイクロソフトが不審メールへの警告を呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/011200078/?ST=security&itp_list_theme
セキュリティの新資格「情報処理安全確保士」試験、受け付け開始
http://itpro.nikkeibp.co.jp/atcl/news/17/011200063/?ST=security&itp_list_theme
2017年1月12日木曜日
12日 木曜日、友引
ISC BIND 9.11.0-P2, 9.10.4-P5, 9.9.9-P5 released
http://ftp.isc.org/isc/bind9/9.11.0-P2/RELEASE-NOTES-bind-9.11.0-P2.html
http://ftp.isc.org/isc/bind9/9.10.4-P5/RELEASE-NOTES-bind-9.10.4-P5.html
http://ftp.isc.org/isc/bind9/9.9.9-P5/RELEASE-NOTES-bind-9.9.9-P5.html
+ CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
https://kb.isc.org/article/AA-01439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
+ CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
https://kb.isc.org/article/AA-01440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
https://kb.isc.org/article/AA-01441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
https://kb.isc.org/article/AA-01442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
+ FreeBSD-SA-17:01.openssh OpenSSH multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010
+ UPDATE: Oracle Solaris Third Party Bulletin - October 2016
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
JVNDB-2017-000007 サイボウズ リモートサービスマネージャーにおけるクライアント証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000007.html
NECネッツエスアイ、安全なWebアクセス環境をクラウドサービス化
http://itpro.nikkeibp.co.jp/atcl/news/17/011100052/?ST=security&itp_list_theme
JVNVU#95516811 iOS 用 ThreatMetrix SDK に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU95516811/
http://ftp.isc.org/isc/bind9/9.11.0-P2/RELEASE-NOTES-bind-9.11.0-P2.html
http://ftp.isc.org/isc/bind9/9.10.4-P5/RELEASE-NOTES-bind-9.10.4-P5.html
http://ftp.isc.org/isc/bind9/9.9.9-P5/RELEASE-NOTES-bind-9.9.9-P5.html
+ CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion
https://kb.isc.org/article/AA-01439
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131
+ CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure
https://kb.isc.org/article/AA-01440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147
+ CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure
https://kb.isc.org/article/AA-01441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444
+ CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
https://kb.isc.org/article/AA-01442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9778
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: November 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161114-openssl
+ FreeBSD-SA-17:01.openssh OpenSSH multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:01.openssh.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10010
+ UPDATE: Oracle Solaris Third Party Bulletin - October 2016
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
JVNDB-2017-000007 サイボウズ リモートサービスマネージャーにおけるクライアント証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000007.html
NECネッツエスアイ、安全なWebアクセス環境をクラウドサービス化
http://itpro.nikkeibp.co.jp/atcl/news/17/011100052/?ST=security&itp_list_theme
JVNVU#95516811 iOS 用 ThreatMetrix SDK に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU95516811/
2017年1月11日水曜日
11日 水曜日、先勝
+ 2017 年 1 月のマイクロソフト セキュリティ情報の概要
https://technet.microsoft.com/ja-jp/library/security/ms17-jan
+ MS17-001 - 重要 Microsoft Edge 用のセキュリティ更新プログラム (3214288)
https://technet.microsoft.com/library/security/MS17-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0002
+ MS17-002 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3214291)
https://technet.microsoft.com/library/security/ms17-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0003
+ MS17-003 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3214628)
https://technet.microsoft.com/library/security/ms17-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2937
+ MS17-004 - 重要 ローカル セキュリティ機関サブシステム サービス用のセキュリティ更新プログラム (3216771)
https://technet.microsoft.com/library/security/ms17-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0004
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2017:0036 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117
+ APSB17-01 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2967
+ APSB17-02 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2938
+ CESA-2017:0020 Moderate CentOS 7 gstreamer1-plugins-good Security Update
https://lwn.net/Alerts/711175/
+ CESA-2017:0021 Moderate CentOS 7 gstreamer1-plugins-bad-free Security Update
https://lwn.net/Alerts/711174/
+ CESA-2017:0019 Moderate CentOS 7 gstreamer-plugins-good Security Update
https://lwn.net/Alerts/711173/
+ CESA-2017:0018 Moderate CentOS 7 gstreamer-plugins-bad-free Security Update
https://lwn.net/Alerts/711172/
+ OpenSSL ecdsa_sign_setup() Timing Flaw Lets Local Users Recover Private Keys
http://www.securitytracker.com/id/1037575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
+ PHP 7.1.0 and prior open_basedir bypass through glob wrapper
https://cxsecurity.com/issue/WLB-2017010051
VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates
https://www.kb.cert.org/vuls/id/767208
ニュース解説
アップルのPPTP終了が製品/サービスに影響
移行先はL2TPが本命、脆弱なPPTPから切り替える好機
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122000744/?ST=security&itp_list_theme
セキュアブレイン、大規模サイトに対応したWeb改ざん検知システムのオンプレミス版
http://itpro.nikkeibp.co.jp/atcl/news/17/011000041/?ST=security&itp_list_theme
https://technet.microsoft.com/ja-jp/library/security/ms17-jan
+ MS17-001 - 重要 Microsoft Edge 用のセキュリティ更新プログラム (3214288)
https://technet.microsoft.com/library/security/MS17-001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0002
+ MS17-002 - 重要 Microsoft Office 用のセキュリティ更新プログラム (3214291)
https://technet.microsoft.com/library/security/ms17-002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0003
+ MS17-003 - 緊急 Adobe Flash Player のセキュリティ更新プログラム (3214628)
https://technet.microsoft.com/library/security/ms17-003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2937
+ MS17-004 - 重要 ローカル セキュリティ機関サブシステム サービス用のセキュリティ更新プログラム (3216771)
https://technet.microsoft.com/library/security/ms17-004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0004
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム
https://technet.microsoft.com/ja-jp/library/security/2755801
+ RHSA-2017:0036 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0036.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117
+ APSB17-01 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2964
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2967
+ APSB17-02 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2938
+ CESA-2017:0020 Moderate CentOS 7 gstreamer1-plugins-good Security Update
https://lwn.net/Alerts/711175/
+ CESA-2017:0021 Moderate CentOS 7 gstreamer1-plugins-bad-free Security Update
https://lwn.net/Alerts/711174/
+ CESA-2017:0019 Moderate CentOS 7 gstreamer-plugins-good Security Update
https://lwn.net/Alerts/711173/
+ CESA-2017:0018 Moderate CentOS 7 gstreamer-plugins-bad-free Security Update
https://lwn.net/Alerts/711172/
+ OpenSSL ecdsa_sign_setup() Timing Flaw Lets Local Users Recover Private Keys
http://www.securitytracker.com/id/1037575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
+ PHP 7.1.0 and prior open_basedir bypass through glob wrapper
https://cxsecurity.com/issue/WLB-2017010051
VU#767208 ThreatMetrix SDK for iOS fails to validate SSL certificates
https://www.kb.cert.org/vuls/id/767208
ニュース解説
アップルのPPTP終了が製品/サービスに影響
移行先はL2TPが本命、脆弱なPPTPから切り替える好機
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122000744/?ST=security&itp_list_theme
セキュアブレイン、大規模サイトに対応したWeb改ざん検知システムのオンプレミス版
http://itpro.nikkeibp.co.jp/atcl/news/17/011000041/?ST=security&itp_list_theme
2017年1月10日火曜日
10日 火曜日、赤口
+ Linux kernel 4.9.2, 4.8.17, 4.4.41 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.17
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.41
+ libpng 1.6.28 released
http://www.libpng.org/pub/png/src/libpng-1.6.28-README.txt
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
+ Microsoft Edge (Windows 10) - Info Leak / Type Confusion Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7201
Announcing The Release Of repmgr 3.3
https://www.postgresql.org/about/news/1728/
JVNDB-2017-000003 Olive Diary DX におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000003.html
JVNDB-2017-000002 WEB SCHEDULE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000002.html
JVNDB-2017-000001 Olive Blog におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000001.html
UPDATE: JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/index.html
サイバーソリューションズ、ファイルを添付したまま無害化するメールサーバーを販売
http://itpro.nikkeibp.co.jp/atcl/news/17/010600026/?ST=security&itp_list_theme
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.17
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.41
+ libpng 1.6.28 released
http://www.libpng.org/pub/png/src/libpng-1.6.28-README.txt
+ UPDATE: JVNVU#97321122 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU97321122/index.html
+ Microsoft Edge (Windows 10) - Info Leak / Type Confusion Remote Code Execution
https://cxsecurity.com/issue/WLB-2017010036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7200
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7201
Announcing The Release Of repmgr 3.3
https://www.postgresql.org/about/news/1728/
JVNDB-2017-000003 Olive Diary DX におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000003.html
JVNDB-2017-000002 WEB SCHEDULE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000002.html
JVNDB-2017-000001 Olive Blog におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000001.html
UPDATE: JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/index.html
サイバーソリューションズ、ファイルを添付したまま無害化するメールサーバーを販売
http://itpro.nikkeibp.co.jp/atcl/news/17/010600026/?ST=security&itp_list_theme
2017年1月6日金曜日
6日 金曜日、友引
+ RHSA-2017:0020 Moderate: gstreamer1-plugins-good security update
https://rhn.redhat.com/errata/RHSA-2017-0020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
+ RHSA-2017:0019 Moderate: gstreamer-plugins-good security update
https://rhn.redhat.com/errata/RHSA-2017-0019.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
+ RHSA-2017:0021 Moderate: gstreamer1-plugins-bad-free security update
https://rhn.redhat.com/errata/RHSA-2017-0021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9813
+ RHSA-2017:0018 Moderate: gstreamer-plugins-bad-free security update
https://rhn.redhat.com/errata/RHSA-2017-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809
+ Red Hat Enterprise Linux 6.9 Beta
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/6.9_Release_Notes/index.html
Barman v2.1 Announced
https://www.postgresql.org/about/news/1727/
新ITキーワード2017
「脱BIND」、脆弱性多数の代表的DNSソフトから移行を
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121600003/?ST=security&itp_list_theme
移行先としては、「Unbound」や「NSD」などが有力だ。
https://rhn.redhat.com/errata/RHSA-2017-0020.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
+ RHSA-2017:0019 Moderate: gstreamer-plugins-good security update
https://rhn.redhat.com/errata/RHSA-2017-0019.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
+ RHSA-2017:0021 Moderate: gstreamer1-plugins-bad-free security update
https://rhn.redhat.com/errata/RHSA-2017-0021.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9813
+ RHSA-2017:0018 Moderate: gstreamer-plugins-bad-free security update
https://rhn.redhat.com/errata/RHSA-2017-0018.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809
+ Red Hat Enterprise Linux 6.9 Beta
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/6.9_Release_Notes/index.html
Barman v2.1 Announced
https://www.postgresql.org/about/news/1727/
新ITキーワード2017
「脱BIND」、脆弱性多数の代表的DNSソフトから移行を
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121600003/?ST=security&itp_list_theme
移行先としては、「Unbound」や「NSD」などが有力だ。
2017年1月5日木曜日
5日 木曜日、先勝
+ RHSA-2017:0014 Moderate: ghostscript security update
https://rhn.redhat.com/errata/RHSA-2017-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ RHSA-2017:0013 Moderate: ghostscript security update
https://rhn.redhat.com/errata/RHSA-2017-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ CESA-2017:0014 Moderate CentOS 6 ghostscript Security Update
https://lwn.net/Alerts/710605/
+ CESA-2017:0013 Moderate CentOS 7 ghostscript Security Update
https://lwn.net/Alerts/710604/
+ Samba 4.4.9 Available for Download
https://www.samba.org/samba/history/samba-4.4.9.html
+ SA74603 Android Multiple Vulnerabilities
https://secunia.com/advisories/74603/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0394
+ Kaspersky Local CA Root Protected Incorrectly
https://cxsecurity.com/issue/WLB-2017010017
+ Linux Kernel CVE-2016-10088 Incomplete Fix Multiple Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/95169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088
JVNVU#92879974 iOS アプリ「ShoreTel Mobility Client」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU92879974/index.html
新ITキーワード2017
「セキュリティAI」、ITシステムをAIが守る
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121500002/?ST=security&itp_list_theme
https://rhn.redhat.com/errata/RHSA-2017-0014.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ RHSA-2017:0013 Moderate: ghostscript security update
https://rhn.redhat.com/errata/RHSA-2017-0013.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8602
+ CESA-2017:0014 Moderate CentOS 6 ghostscript Security Update
https://lwn.net/Alerts/710605/
+ CESA-2017:0013 Moderate CentOS 7 ghostscript Security Update
https://lwn.net/Alerts/710604/
+ Samba 4.4.9 Available for Download
https://www.samba.org/samba/history/samba-4.4.9.html
+ SA74603 Android Multiple Vulnerabilities
https://secunia.com/advisories/74603/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0394
+ Kaspersky Local CA Root Protected Incorrectly
https://cxsecurity.com/issue/WLB-2017010017
+ Linux Kernel CVE-2016-10088 Incomplete Fix Multiple Local Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/95169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088
JVNVU#92879974 iOS アプリ「ShoreTel Mobility Client」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU92879974/index.html
新ITキーワード2017
「セキュリティAI」、ITシステムをAIが守る
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121500002/?ST=security&itp_list_theme
2017年1月4日水曜日
4日 水曜日、赤口
+ MantisBT 1.3.5 Released
https://www.mantisbt.org/bugs/changelog_page.php?version_id=261
+ MantisBT 2.0.0 (stable) Released ? Happy New Year!!!
http://www.mantisbt.org/blog/?p=489#more-489
+ RHSA-2017:0001 Moderate: ipa security update
https://rhn.redhat.com/errata/RHSA-2017-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9575
+ CESA-2017:0001 Moderate CentOS 7 ipa Security Update
https://lwn.net/Alerts/710522/
+ Mozilla Thunderbird 45.6.0 released
https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
+ MFSA2016-96 Security vulnerabilities fixed in Thunderbird 45.6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
+ VU#475907 Shoretel Mobility Client iOS application does not verify SSL certificates
https://www.kb.cert.org/vuls/id/475907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6562
+ SA74483 libpng "png_set_text_2()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/74483/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
+ SA74290 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/74290/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
+ HS16-032 Vulnerability in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ HS16-032 JP1/Cm2/Network Node Manager iにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ Apache Ant 1.9.8 and 1.10.0 Released
http://ant.apache.org/
+ libpng 1.6.27 released
http://www.libpng.org/pub/png/src/libpng-1.6.27-README.txt
+ Postfix 3.1.4, 3.0.8, 2.11.9 released
http://www.postfix.org/announcements/postfix-3.1.4.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.9.HISTORY
+ zlib 1.2.10 released
http://www.zlib.net/ChangeLog.txt
+ Kaspersky Internet Security Bugs Let Remote Users Bypass Certificate Validation and Access SSL Data and Let Local Users Access an SSL Private Key
http://www.securitytracker.com/id/1037546
+ Kaspersky Anti-Virus Bugs Let Remote Users Bypass Certificate Validation and Access SSL Data and Let Local Users Access an SSL Private Key
http://www.securitytracker.com/id/1037545
+ Apple iOS VCF Processing Flaw in Messages App Lets Remote Users Cause the Target Application to Crash
http://www.securitytracker.com/id/1037540
+ Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1037538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088
JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/
新ITキーワード2017
「IDDoS攻撃」、IoT機器から超弩級のサイバー攻撃
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121500001/?ST=security&itp_list_theme
インタビュー&トーク
アカマイ幹部「2017年からIoT向けインフラサービス強化、先駆けは自動車サービス」
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/122700307/?ST=security&itp_list_theme
https://www.mantisbt.org/bugs/changelog_page.php?version_id=261
+ MantisBT 2.0.0 (stable) Released ? Happy New Year!!!
http://www.mantisbt.org/blog/?p=489#more-489
+ RHSA-2017:0001 Moderate: ipa security update
https://rhn.redhat.com/errata/RHSA-2017-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9575
+ CESA-2017:0001 Moderate CentOS 7 ipa Security Update
https://lwn.net/Alerts/710522/
+ Mozilla Thunderbird 45.6.0 released
https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
+ MFSA2016-96 Security vulnerabilities fixed in Thunderbird 45.6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
+ VU#475907 Shoretel Mobility Client iOS application does not verify SSL certificates
https://www.kb.cert.org/vuls/id/475907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6562
+ SA74483 libpng "png_set_text_2()" NULL Pointer Dereference Vulnerability
https://secunia.com/advisories/74483/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
+ SA74290 Mozilla Thunderbird Multiple Vulnerabilities
https://secunia.com/advisories/74290/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9893
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9895
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9897
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9898
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9905
+ HS16-032 Vulnerability in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ HS16-032 JP1/Cm2/Network Node Manager iにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS16-032/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4397
+ Apache Ant 1.9.8 and 1.10.0 Released
http://ant.apache.org/
+ libpng 1.6.27 released
http://www.libpng.org/pub/png/src/libpng-1.6.27-README.txt
+ Postfix 3.1.4, 3.0.8, 2.11.9 released
http://www.postfix.org/announcements/postfix-3.1.4.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.4.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.9.HISTORY
+ zlib 1.2.10 released
http://www.zlib.net/ChangeLog.txt
+ Kaspersky Internet Security Bugs Let Remote Users Bypass Certificate Validation and Access SSL Data and Let Local Users Access an SSL Private Key
http://www.securitytracker.com/id/1037546
+ Kaspersky Anti-Virus Bugs Let Remote Users Bypass Certificate Validation and Access SSL Data and Let Local Users Access an SSL Private Key
http://www.securitytracker.com/id/1037545
+ Apple iOS VCF Processing Flaw in Messages App Lets Remote Users Cause the Target Application to Crash
http://www.securitytracker.com/id/1037540
+ Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1037538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088
JVNVU#99931177 PHPMailer に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU99931177/
新ITキーワード2017
「IDDoS攻撃」、IoT機器から超弩級のサイバー攻撃
http://itpro.nikkeibp.co.jp/atcl/column/16/120900297/121500001/?ST=security&itp_list_theme
インタビュー&トーク
アカマイ幹部「2017年からIoT向けインフラサービス強化、先駆けは自動車サービス」
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/122700307/?ST=security&itp_list_theme
登録:
投稿 (Atom)