2017年3月9日木曜日

9日 木曜日、先勝

+ RHSA-2017:0459 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-0459.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

+ RHSA-2017:0461 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-0461.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410

+ Mozilla Firefox 52.0 released
https://www.mozilla.org/en-US/firefox/52.0/releasenotes/

+ Security vulnerabilities fixed in Firefox 52
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5411

+ CESA-2017:0386 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/716336/

+ CESA-2017:0388 Moderate CentOS 7 ipa Security Update
https://lwn.net/Alerts/716335/

+ CESA-2017:0396 Important CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/716337/

+ Moziila Thunderbird 45.8.0 released
https://www.mozilla.org/en-US/thunderbird/45.8.0/releasenotes/

+ Security vulnerabilities fixed in Thunderbird 45.8
https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5398

+ Samba 4.6.0 Available for Download
https://www.samba.org/samba/history/samba-4.6.0.html

+ SA75579 Linux Kernel SOCK_ZAPPED Race Condition Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/75579/

+ S2-045 Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser.
http://struts.apache.org/docs/s2-045.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638

+ Apache Struts 2.5.10.1, 2.3.32 released
http://struts.apache.org/docs/version-notes-25101.html
http://struts.apache.org/docs/version-notes-2332.html

+ Linux Kernel l2tp_ip6_bind() Race Condition Lets Local Users Deny Service or Gain Elevated Privileges
http://www.securitytracker.com/id/1037965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10200

+ Linux Kernel Race Condition in N_HLDC Driver Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1037963
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636

+ Wireshark Flaws in Multiple Dissectors Let Remote Users Cause the Target Service to Crash or Enter an Infinite Loop
http://www.securitytracker.com/id/1037960

VU#305448 D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability
https://www.kb.cert.org/vuls/id/305448

VU#247016 Flash Seats Mobile App for iOS fails to validate SSL certificates
https://www.kb.cert.org/vuls/id/247016

VU#355151 ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
https://www.kb.cert.org/vuls/id/355151

VU#608591 PHP FormMail Generator generates code vulnerable to multiple issues
https://www.kb.cert.org/vuls/id/608591

JVNDB-2017-000043 OneThird CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000043.html

JVNDB-2017-000042 OneThird CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000042.html

JVNVU#92233464 ACTi 製の複数のカメラ製品に脆弱性
http://jvn.jp/vu/JVNVU92233464/index.html

JVNVU#96141589 PHP FormMail Generator で作成した PHP コードに複数の脆弱性
http://jvn.jp/vu/JVNVU96141589/index.html

JVN#46830433 アイ・オー・データ製の複数のネットワークカメラ製品に複数の脆弱性
http://jvn.jp/jp/JVN46830433/index.html

JVNVU#96566737 dotCMS に複数の脆弱性
http://jvn.jp/vu/JVNVU96566737/index.html

社長に「よし、分かった」と言わせるセキュリティ会話術
「ネットにつながなければ安全だな?」、多層防御で抜け漏れを防ごう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/022800003/?ST=security&itp_list_theme

経営の本音
「女性はもう少し堂々と手を挙げたらいい」、シスコ日本法人社長(下)
http://itpro.nikkeibp.co.jp/atcl/column/16/113000287/030300029/?ST=security&itp_list_theme

従業員によるデータ漏洩に注意、ベライゾンが事例で警告
http://itpro.nikkeibp.co.jp/atcl/news/17/030800752/?ST=security&itp_list_theme

CIAの多様なハッキング手段に関する機密文書、WikiLeaksが公開
http://itpro.nikkeibp.co.jp/atcl/news/17/030800740/?ST=security&itp_list_theme

米Treasure Dataが初代CISOを任命、「ISO 27001」の認定を取得
http://itpro.nikkeibp.co.jp/atcl/news/17/030700729/?ST=security&itp_list_theme

150万サイトが被害、WordPressを狙った改ざんの教訓
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/030100866/?ST=security&itp_list_theme

70GbpsのDDoS攻撃や本物のウイルス攻撃を実体験、スパイレント社製テストツール
http://itpro.nikkeibp.co.jp/atcl/news/17/030700737/?ST=security&itp_list_theme

デバイス証明書でIoTセキュリティ強化、パナソニックの監視カメラ新製品
http://itpro.nikkeibp.co.jp/atcl/news/17/030700735/?ST=security&itp_list_theme

アシスト、インターネット分離が可能な仮想ブラウザーにURL自動判別機能
http://itpro.nikkeibp.co.jp/atcl/news/17/030600717/?ST=security&itp_list_theme

IIJがセキュリティオペレーションセンターを初公開、最新設備にリニューアル
http://itpro.nikkeibp.co.jp/atcl/news/17/030600716/?ST=security&itp_list_theme

WikiLeaks publishes docs from what it says is trove of CIA hacking tools
http://www.linuxsecurity.com/content/view/170991/169/

Google’s ‘SHA-1 Countdown Clock’ Could Undermine Enterprise Security
http://www.linuxsecurity.com/content/view/170990/169/

Wikileaks Just Dumped a Cache of Information on Alleged CIA Hacking Tools
http://www.linuxsecurity.com/content/view/170969/169/

Put down the coffee, stop slacking your app chaps or whatever ? and patch Wordpress
http://www.linuxsecurity.com/content/view/170968/169/

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)