2017年3月23日木曜日

23日 木曜日、先負









+ RHSA-2017:0837 Important: icoutils security update
https://rhn.redhat.com/errata/RHSA-2017-0837.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6011

+ Cisco IOx Data in Motion Stack Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3853

+ Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3859

+ Cisco IOS XE Software HTTP Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-xeci
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3858

+ Cisco IOS XE Software Web User Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3856

+ Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3857

+ Cisco IOS and IOS XE Software DHCP Client Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-dhcpc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3864

+ Cisco Application-Hosting Framework Arbitrary File Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3852

+ Cisco Application-Hosting Framework Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-caf1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3851

+ Linux kernel 4.10.5, 4.9.17, 4.4.56 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.17
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.56

+ NTP 4.2.8p10 released
https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ChangeLog-stable

+ Mozilla Firefox Table Use-After-Free
https://cxsecurity.com/issue/WLB-2017030195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404

JVNDB-2017-000049 PhishWall クライアント Internet Explorer版のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000049.html

追跡!犯罪テクノロジーの実態
潜入、商売上手なダークWeb
http://itpro.nikkeibp.co.jp/atcl/column/17/031500082/031600001/?ST=security&itp_list_theme

記者の眼
そろそろマズいぞ、企業対応進まぬ改正個人情報保護法
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/031700804/?ST=security&itp_list_theme

社長に「よし、分かった」と言わせるセキュリティ会話術
「BYODを認める」、禁止ではなく安全に使える仕組みの提案を
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/031500005/?ST=security&itp_list_theme

ニュース解説
AIと倫理、燃え上がる議論
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/032200895/?ST=security&itp_list_theme

BASEが独自ドメインも常時SSL化、グーグルの「SSL推し」に対応
http://itpro.nikkeibp.co.jp/atcl/news/17/032200901/?ST=security&itp_list_theme

自社が燃えたらどうなる?、竹中工務店が災害VRを開発
http://itpro.nikkeibp.co.jp/atcl/news/17/032200893/?ST=security&itp_list_theme

ヘイトコンテンツでのブランド広告掲載でGoogleが謝罪、対策を説明
http://itpro.nikkeibp.co.jp/atcl/news/17/032200890/?ST=security&itp_list_theme

米国に続き、英国も一部中東からの直行便で電子機器の機内持込を禁止
http://itpro.nikkeibp.co.jp/atcl/news/17/032200886/?ST=security&itp_list_theme

JVNVU#98590454 PCAUSA Rawether for Windows に権限昇格の脆弱性
http://jvn.jp/vu/JVNVU98590454/index.html

JVN#93699304 PhishWall クライアント Internet Explorer版のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN93699304/index.html

LastPass hit by password stealing and code execution vulnerabilities
http://www.linuxsecurity.com/content/view/171094/169/

US-CERT Warns That HTTPS Inspection Tools Weaken TLS
http://www.linuxsecurity.com/content/view/171093/169/

A simple command allows the CIA to commandeer 318 models of Cisco switches
http://www.linuxsecurity.com/content/view/171092/169/

0 件のコメント:

コメントを投稿