2017年4月28日金曜日

28日 金曜日、赤口











+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ Linux kernel 4.10.13, 4.9.25, 4.4.64 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.25
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.64

+ FreeBSD ipfilter Hash Table Bug Lets Remote Users Cause the Target System to Reload
http://www.securitytracker.com/id/1038369
CVE-2017-1081

+ Trend Micro OfficeScan Flaws Let Remote Users Conduct Cross-Site Scripting Attacks and Gain Elevated Privileges
http://www.securitytracker.com/id/1038368

+ Microsoft Internet Explorer CStyleSheetArray::BuildListOfMatchedRules Memory Corruption
https://cxsecurity.com/issue/WLB-2017040189
CVE-2017-0202

辻伸弘の裏読みセキュリティ事件簿
訓練メールなのに注意喚起で大騒ぎ、失敗しない標的型攻撃訓練の進め方
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/042100041/?ST=security&itp_list_theme

GrSecurity Kernel Patches Will No Longer Be Free To The Public
http://www.linuxsecurity.com/content/view/171325/169/

Meet the Nu-Nerds These College-Age Hackers Will Soon Shape Our Future
http://www.linuxsecurity.com/content/view/171324/169/

Open Internet Advocates Vow to Fight Trump FCC’s Plan to Kill Net Neutrality
http://www.linuxsecurity.com/content/view/171323/169/

0 件のコメント:
ラベル: ,

2017年4月27日木曜日

27日 木曜日、大安










+ nginx 1.13.0 released
http://nginx.org/en/CHANGES

+ zabbix 3.2.5, 3.0.9 released
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D

+ hitachi-sec-2017-111 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-111/index.html
CVE-2017-3509
CVE-2017-3511
CVE-2017-3514
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

+ hitachi-sec-2017-111 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-111/index.html
CVE-2017-3509
CVE-2017-3511
CVE-2017-3514
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

+ Apple Safari - Array concat Memory Corruption
https://cxsecurity.com/issue/WLB-2017040177

+ Microsoft Windows 2003 SP2 'ERRATICGOPHER' SMB Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040175

DB Doc 4.1 released
https://www.postgresql.org/about/news/1742/

日経ITイノベーターズ白熱議論&講演
ニセ攻撃メールで訓練、“秒殺”されたセキュリティテストで本気出す
http://itpro.nikkeibp.co.jp/atcl/column/17/040500122/041800013/?ST=security&itp_list_theme

社長に「よし、分かった」と言わせるセキュリティ会話術
「当社には取られて困る情報はない」?経営層による3つの勘違い
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/041900010/?ST=security&itp_list_theme

辻伸弘の裏読みセキュリティ事件簿
ウイルス感染の警告メールがニセモノ、文面に従うとウイルスに感染
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/042100040/?ST=security&itp_list_theme

編集長の眼
次の脅威は「ビジネスメール詐欺」、手口はまるでオレオレ詐欺
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/042000032/?ST=security&itp_list_theme

身代金ウイルス検出数は日本がアジアでトップ、シマンテックが分析
http://itpro.nikkeibp.co.jp/atcl/news/17/042601296/?ST=security&itp_list_theme

JVNVU#96080594 Portrait Displays SDK を使用して作成されたアプリケーションに任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU96080594/index.html

Keybase on Fedora: crypto for everyone
http://www.linuxsecurity.com/content/view/171317/169/

0 件のコメント:
ラベル: ,

2017年4月26日水曜日

26日 水曜日、仏滅











+ Android-x86 6.0-r3 released
http://www.android-x86.org/releases/releasenote-6-0-r3

+ UPDATE: Oracle Critical Patch Update Advisory - April 2017
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

+ Samba 4.6.3 Available for Download
https://www.samba.org/samba/history/samba-4.6.3.html

+ Microsoft Windows Dolby Audio X2 Service Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040166
CVE-2017-7293

+ Microsoft Office Word Malicious Hta Execution
https://cxsecurity.com/issue/WLB-2017040167
CVE-2017-0199

+ Windows 7/ALL/8/8.1 x86/x64 BlueScreen ShellCode Exploit *youtube
https://cxsecurity.com/issue/WLB-2017040168
https://youtu.be/kGypH5dyUuw

+ Linux Kernel 'drivers/net/usb/catc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/98011
CVE-2017-8070

+ Linux Kernel CVE-2007-6761 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/98001
CVE-2007-6761

+ Linux Kernel 'drivers/hid/hid-cp2112.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/98010
CVE-2017-8072

+ Linux Kernel 'drivers/net/usb/rtl8150.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/98008
CVE-2017-8068

+ Trend Micro OfficeScan Multiple Privilege Escalation and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/98007

+ Linux Kernel 'drivers/net/usb/pegasus.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/98000
CVE-2017-8068

+ Linux Kernel CVE-2017-8066 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97992
CVE-2017-8066

+ Linux Kernel 'drivers/char/virtio_console.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97997
CVE-2017-8067

+ Linux Kernel 'crypto/ccm.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97994
CVE-2017-8065

+ Linux Kernel 'drivers/hid/hid-cp2112.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97991
CVE-2017-8071

VU#219739 Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation
https://www.kb.cert.org/vuls/id/219739

JVNDB-2017-000077 Windows 版 Vivaldi のインストーラにおける実行ファイル読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000077.html

日経ITイノベーターズ白熱議論&講演
事件を契機にセキュリティ強化、それで得られた意外な果実
http://itpro.nikkeibp.co.jp/atcl/column/17/040500122/041800012/?ST=security&itp_list_theme

ニュース解説
プライバシー保護とデータ活用の両立支援、NECが新組織で課題解決急ぐ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042400945/?ST=security&itp_list_theme

辻伸弘の裏読みセキュリティ事件簿
大学関係者をだます攻撃の調査で見つかった、複数の外交文書
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/042100039/?ST=security&itp_list_theme

ニュース解説
ぴあ運営サイト不正アクセス、Struts2の脆弱性は「S2-045」
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042500950/?ST=security&itp_list_theme

PwCサイバー、運用委託先を踏み台に機密情報を盗む攻撃を報告
http://itpro.nikkeibp.co.jp/atcl/news/17/042501277/?ST=security&itp_list_theme

またもStruts2で漏洩、ぴあ運営のB.LEAGUEサイトから流出したカード番号で被害
http://itpro.nikkeibp.co.jp/atcl/news/17/042501271/?ST=security&itp_list_theme

FIN7 Evolution and the Phishing LNK
http://www.linuxsecurity.com/content/view/171308/169/

Phishing with Unicode Domains
http://www.linuxsecurity.com/content/view/171307/169/

0 件のコメント:
ラベル: ,

2017年4月25日火曜日

25日 火曜日、先勝

+ CESA-2017:1109 Moderate CentOS 6 java-1.8.0-openjdk Security Updat
https://lwn.net/Alerts/720601/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ UPDATE: JVNVU#91685026 IBM Lotus Domino の IMAP サーバにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91685026/

+ Linux Kernel CVE-2017-8064 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97975
CVE-2017-8064

+ Linux Kernel CVE-2017-8062 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97973
CVE-2017-8062

+ Linux Kernel CVE-2017-8063 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97974
CVE-2017-8063

+ Linux Kernel CVE-2017-8061 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/97972
CVE-2017-8061

日経ITイノベーターズ白熱議論&講演
「当社のCISOはホワイトハッカーです」
http://itpro.nikkeibp.co.jp/atcl/column/17/040500122/041800011/?ST=security&itp_list_theme

ニュース解説
メインフレーム使い続ける住友生命、独自ブラウザーでセキュリティ強化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042400946/?ST=security&itp_list_theme

テレワーク支援や重要インフラ強化など、マカフィーが日本での事業戦略を発表
http://itpro.nikkeibp.co.jp/atcl/news/17/042301245/?ST=security&itp_list_theme

Linux Security Week: April 24th, 2017
http://www.linuxsecurity.com/content/view/171297/187/

The Cloud Foundry Approach to Container Storage and Security
http://www.linuxsecurity.com/content/view/171296/169/

Russian hacker arrested in Spain for bot-herding not election-fiddling
http://www.linuxsecurity.com/content/view/171295/169/

0 件のコメント:
ラベル:

2017年4月24日月曜日

24日 月曜日、赤口

+ RHSA-2017:1105 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-1105.html
CVE-2017-3136
CVE-2017-3137

+ Selenium Standalone Server 3.4.0 released
http://docs.seleniumhq.org/download/

+ Selenium IE Driver Server 3.4 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 3.4.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG

+ CESA-2017:1100 Critical CentOS 6 nss Security Update
https://lwn.net/Alerts/720606/

+ CESA-2017:1104 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/720600/

+ CESA-2017:1100 Critical CentOS 7 nss-util Security Update
https://lwn.net/Alerts/720603/

+ CESA-2017:1100 Critical CentOS 7 nss Security Update
https://lwn.net/Alerts/720604/

+ CESA-2017:1106 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/720599/

+ CESA-2017:1108 Moderate CentOS 7 java-1.8.0-openjdk Security Update
https://lwn.net/Alerts/720602/

+ CESA-2017:1105 Important CentOS 6 bind Security Update
https://lwn.net/Alerts/720598/

+ CESA-2017:1100 Critical CentOS 6 nss-util Security Update
https://lwn.net/Alerts/720605/

+ UPDATE: Cisco Unified Communications Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

+ Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1

+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ Linux kernel 4.10.12, 4.9.24, 4.4.63, 3.18.50 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.24
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.50

+ cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1038341
CVE-2016-5419
CVE-2017-7468

+ Oracle Java 64bit DLL Hijacking *youtube
https://cxsecurity.com/issue/WLB-2017040147
CVE-2017-3511

+ Apple WebKit/Safari 10.0.2 (12602.3.12.0.1) PrototypeMap::createEmptyStructure XS
https://cxsecurity.com/issue/WLB-2017040142

+ Apple WebKit/Safari 10.0.2 (12602.3.12.0.1) operationSpreadGeneric XSS
https://cxsecurity.com/issue/WLB-2017040141

+ Microsoft Windows 10 10586 IEETWCollector Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040140
CVE-2017-0165

+ Microsoft Windows - ManagementObject Arbitrary .NET Serialization RCE
https://cxsecurity.com/issue/WLB-2017040139
VE-2017-0160

+ Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit
https://cxsecurity.com/issue/WLB-2017040138

JVNDB-2017-000072 WNC01WH における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000072.html

日経ITイノベーターズ白熱議論&講演
セキュリティはやっぱり痛い目にあわないと…
http://itpro.nikkeibp.co.jp/atcl/column/17/040500122/041800010/?ST=security&itp_list_theme

百社百様、我が社のCSIRT
[オリンパス]海外拠点とも脅威情報を共有、未然の事故防止に効果あり
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041900014/?ST=security&itp_list_theme

ニュース解説
人騒がせな標的型攻撃訓練
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042000942/?ST=security&itp_list_theme

シスコ、セキュリティ教育を学生に無償提供
http://itpro.nikkeibp.co.jp/atcl/news/17/042101239/?ST=security&itp_list_theme

Linux Advisory Watch: April 21st, 2017
http://www.linuxsecurity.com/content/view/171271/187/

0 件のコメント:
ラベル:

2017年4月21日金曜日

21日 金曜日、先負

+ TLS session resumption client cert bypass (again)
https://curl.haxx.se/docs/adv_20170419.html
CVE-2017-7468

+ RHSA-2017:1100 Critical: nss and nss-util security update
https://rhn.redhat.com/errata/RHSA-2017-1100.html
CVE-2017-5461

+ RHSA-2017:1104 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-1104.html
CVE-2017-5429
CVE-2017-5432
CVE-2017-5433
CVE-2017-5434
CVE-2017-5435
CVE-2017-5436
CVE-2017-5437
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5443
CVE-2017-5444
CVE-2017-5445
CVE-2017-5446
CVE-2017-5447
CVE-2017-5448
CVE-2017-5449
CVE-2017-5459
CVE-2017-5460
CVE-2017-5464
CVE-2017-5465
CVE-2017-5469

+ RHSA-2017:1109 Moderate: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2017-1109.html
CVE-2017-3509
CVE-2017-3511
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

+ RHSA-2017:1106 Critical: firefox security update
https://rhn.redhat.com/errata/RHSA-2017-1106.html
CVE-2017-5429
CVE-2017-5430
CVE-2017-5432
CVE-2017-5433
CVE-2017-5434
CVE-2017-5435
CVE-2017-5436
CVE-2017-5437
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5443
CVE-2017-5444
CVE-2017-5445
CVE-2017-5446
CVE-2017-5447
CVE-2017-5448
CVE-2017-5449
CVE-2017-5451
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5459
CVE-2017-5460
CVE-2017-5464
CVE-2017-5465
CVE-2017-5466
CVE-2017-5467
CVE-2017-5469

+ RHSA-2017:1100 Critical: nss and nss-util security update
https://rhn.redhat.com/errata/RHSA-2017-1100.html
CVE-2017-5461

+ RHSA-2017:1108 Moderate: java-1.8.0-openjdk security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-1108.html
CVE-2017-3509
CVE-2017-3511
CVE-2017-3526
CVE-2017-3533
CVE-2017-3539
CVE-2017-3544

+ CESA-2017:0987 Important CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/720511/

+ CESA-2017:1095 Important CentOS 7 bind Security Update
https://lwn.net/Alerts/720510/

+ UPDATE: JVNVU#91685026 IBM Lotus Domino の IMAP サーバにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91685026/index.html

+ UPDATE: JVNVU#90211511 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90211511/index.html

+ Trend Micro Threat Discovery Appliance 2.6.1062r1 logoff.cgi Directory Traversal
https://cxsecurity.com/issue/WLB-2017040131

+ Trend Micro TDA 2.6.1062r1 log_query_dae.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040130

+ Trend Micro TDA 2.6.1062r1 log_query_dlp.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040129

+ Trend Micro TDA 2.6.1062r1 dlp_policy_upload.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040128

+ Trend Micro TDA 2.6.1062r1 hotfix_upload.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040127

+ Trend Micro TDA 2.6.1062r1 admin_sys_time.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040126

+ Trend Micro TDA 2.6.1062r1 detected_potential_files.cgi Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040125

JVNDB-2017-000076 花子を含む複数の製品における任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000076.html

JVNDB-2017-000075 風神ビュアーにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000075.html

JVNDB-2017-000074 WordPress 用プラグイン Booking Calendar におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000074.html

JVNDB-2017-000073 WordPress 用プラグイン Booking Calendar におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000073.html

百社百様、我が社のCSIRT
[千葉大学]重大インシデント教訓に抜本改革、大学初の挑戦次々と
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041900013/?ST=security&itp_list_theme

カスペルスキーがITインフラ全体を監視できるソリューション、機械学習を活用
http://itpro.nikkeibp.co.jp/atcl/news/17/042001227/?ST=security&itp_list_theme

ヤフーがパスワード使わない認証方式導入、SMSで確認コード送信
http://itpro.nikkeibp.co.jp/atcl/news/17/042001220/?ST=security&itp_list_theme

パルスセキュアが国内販売戦略、ジュニパー製品からのリプレース後押し
http://itpro.nikkeibp.co.jp/atcl/news/17/042001209/?ST=security&itp_list_theme

Google Won't Trust Symantec and Neither Should You
http://www.linuxsecurity.com/content/view/171264/169/

Network Firewalls: How to Protect Your Network from Unauthorized Access
http://www.linuxsecurity.com/content/view/171263/169/

0 件のコメント:
ラベル:

2017年4月20日木曜日

20日 木曜日、友引

+ RHSA-2017:1095 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-1095.html
CVE-2017-3136
CVE-2017-3137

+ Google Chrome 58.0.3029.81 released
https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html
CVE-2017-5057
CVE-2017-5058
CVE-2017-5059
CVE-2017-5060
CVE-2017-5061
CVE-2017-5062
CVE-2017-5063
CVE-2017-5064
CVE-2017-5065
CVE-2017-5066
CVE-2017-5067
CVE-2017-5069

+ Mozilla Firefox 53.0 released
https://www.mozilla.org/en-US/firefox/53.0/releasenotes/

+ Mozilla Foundation Security Advisory 2017-10 Security vulnerabilities fixed in Firefox 53
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
CVE-2017-5433
CVE-2017-5435
CVE-2017-5436
CVE-2017-5461
CVE-2017-5459
CVE-2017-5466
CVE-2017-5434
CVE-2017-5432
CVE-2017-5460
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5464
CVE-2017-5443
CVE-2017-5444
CVE-2017-5446
CVE-2017-5447
CVE-2017-5465
CVE-2017-5448
CVE-2017-5437
CVE-2017-5454
CVE-2017-5455
CVE-2017-5456
CVE-2017-5469
CVE-2017-5445
CVE-2017-5449
CVE-2017-5450
CVE-2017-5451
CVE-2017-5462
CVE-2017-5463
CVE-2017-5467
CVE-2017-5452
CVE-2017-5453
CVE-2017-5458
CVE-2017-5468
CVE-2017-5430
CVE-2017-5429

+ CESA-2017:0979 Moderate CentOS 6 libreoffice Security Update
https://lwn.net/Alerts/720384/

+ Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2
CVE-2017-5638

+ Cisco Unified Communications Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
CVE-2017-3808

+ Cisco Firepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-fpsnort
CVE-2016-6368

+ Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
CVE-2017-3860
CVE-2017-3861
CVE-2017-3862

+ Cisco ASA Software Internet Key Exchange Version 1 XAUTH Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth
CVE-2017-6610

+ Cisco ASA Software SSL/TLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls
CVE-2017-6608

+ Cisco ASA Software IPsec Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-ipsec
CVE-2017-6609

+ Cisco ASA Software DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-dns
CVE-2017-6607

+ Cisco Prime Network Registrar DNS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-prime-dns
CVE-2017-6613

+ Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp
CVE-2017-6615

+ Cisco FindIT Network Probe Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-findit
CVE-2017-6614

+ Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cpi
CVE-2017-6611

+ Cisco Integrated Management Controller Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
CVE-2017-6616

+ Cisco Integrated Management Controller User Session Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2
CVE-2017-6617

+ Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1
CVE-2017-6618

+ Cisco Integrated Management Controller Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
CVE-2017-6619

+ Cisco ASA Software and Cisco FTD Software TCP Normalizer Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-norm
CVE-2017-3793

+ cURL 7.54.0 released
https://curl.haxx.se/changes.html#7_54_0

+ Apache Tomcat 8.5.14 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.14_(markt)

+ Apache Tomcat 9.0.0.M20 (alpha) Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.0.M20_(markt)

+ ISC BIND 9.11.1, 9.10.5, 9.9.10 released
http://ftp.isc.org/isc/bind9/9.11.1/CHANGES
http://ftp.isc.org/isc/bind9/9.10.5/CHANGES
http://ftp.isc.org/isc/bind9/9.9.10/CHANGES

+ Microsoft Office Word RTF RCE vulnerability to gain meterpreter shell *youtube
https://cxsecurity.com/issue/WLB-2017040123
CVE-2017-0199

+ Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution
https://cxsecurity.com/issue/WLB-2017040122
CVE-2016-7552
CVE-2016-7547

+ Microsoft Windows taskschd.msc Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040115

+ Apache Struts Vulnerability (Ruby Exploit)
https://cxsecurity.com/issue/WLB-2017040114
CVE-2017-5638

New version of MySQL-to-PostgreSQL has been released
https://www.postgresql.org/about/news/1741/

JVNDB-2017-000071 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000071.html

社長に「よし、分かった」と言わせるセキュリティ会話術
「その説明では分からん」と言われたら、効果を“見える化”しよう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/041100009/?ST=security&itp_list_theme

百社百様、我が社のCSIRT
[ヤマハ発動機]リアル消防団員が率いるCSIRT、初期消火に徹する
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041800012/?ST=security&itp_list_theme

タブレットを「ロックしない」利用者は4割超、シマンテックの調査結果
http://itpro.nikkeibp.co.jp/atcl/news/17/041901205/?ST=security&itp_list_theme

Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure
http://www.linuxsecurity.com/content/view/171235/169/

Encryption: Usage grows again, but only at snail's pace
http://www.linuxsecurity.com/content/view/171234/169/

0 件のコメント:
ラベル:

2017年4月19日水曜日

19日 水曜日、先勝

+ RHSA-2017:0979 Moderate: libreoffice security update
https://rhn.redhat.com/errata/RHSA-2017-0979.html
CVE-2017-3157

+ RHSA-2017:0987 Important: qemu-kvm security update
https://rhn.redhat.com/errata/RHSA-2017-0987.html
CVE-2016-9603

+ Linux kernel 4.10.11, 4.9.23, 4.4.62, 3.18.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.23
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.62
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.49

+ Oracle Critical Patch Update Advisory - April 2017
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

+ VMSA-2017-0008 VMware Unified Access Gateway, Horizon View and Workstation updates resolve multiple security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0008.html
CVE-2017-4907
CVE-2017-4908
CVE-2017-4909
CVE-2017-4910
CVE-2017-4911
CVE-2017-4912
CVE-2017-4913

+ Java Platform, Standard Edition 8 Update 131 (Java SE 8u131) released
http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
http://www.oracle.com/technetwork/java/javase/8u131-relnotes-3565278.html

+ UPDATE: JVNVU#97322649 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97322649/index.html

+ UPDATE: JVNVU#98665451 Microsoft OLE URL Moniker における遠隔の HTA データに対する不適切な処理
http://jvn.jp/vu/JVNVU98665451/index.html

+ VMware Horizon View Buffer Overflows Let Remote Users Execute Arbitrary Code and Guest Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1038281
CVE-2017-4907
CVE-2017-4908
CVE-2017-4909
CVE-2017-4910
CVE-2017-4911
CVE-2017-4912
CVE-2017-4913

+ VMware Workstation Heap Overflows Let Local Users on the Guest System Deny Service or Gain Elevated Privileges on the Host System
http://www.securitytracker.com/id/1038280
CVE-2017-4908
CVE-2017-4909
CVE-2017-4910
CVE-2017-4911
CVE-2017-4912

+ Apache CXF JAX-RS XML Security Streaming Client Validation Flaw Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1038279
CVE-2017-5653

+ MantisBT Input Validation Flaw in 'view_user_page.php' and 'my_view_page.php' Lets Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1038278
CVE-2017-7897

+ Apache Traffic Server HPACK Decompression and Chunked Data Processing Flaws Let Remote Users Deny Service
http://www.securitytracker.com/id/1038275
CVE-2016-5396
CVE-2017-5659

+ Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
https://cxsecurity.com/issue/WLB-2017040105
CVE-2017-7615

+ Apache Log4j socket receiver deserialization vulnerability
https://cxsecurity.com/issue/WLB-2017040112
CVE-2017-5645

+ Microsoft Windows MS17-010 SMB Remote Code Execution
https://cxsecurity.com/issue/WLB-2017040110
CVE-2017-0143
CVE-2017-0144
CVE-2017-0145
CVE-2017-0146
CVE-2017-0147
CVE-2017-0148

JVNDB-2017-000055 NETGEAR ProSAFE Plus Configuration Utility におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000055.html

JVNVU#91685026 IBM Lotus Domino サーバの IMAP EXAMINE コマンドにバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91685026/index.html

Android向けVPNアプリに情報漏洩リスク、安心して利用するためには?
http://itpro.nikkeibp.co.jp/atcl/column/14/277462/041100057/?ST=security&itp_list_theme

百社百様、我が社のCSIRT
[サイボウズ]CSIRTを出直し、5年でトップガン育成へ
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041800011/?ST=security&itp_list_theme

東京エレクトロン、「おとり」によるセキュリティソリューションを販売へ
http://itpro.nikkeibp.co.jp/atcl/news/17/041801190/?ST=security&itp_list_theme

ANAや電通など8社、セキュリティ強化に向けて55億円出資
http://itpro.nikkeibp.co.jp/atcl/news/17/041801182/?ST=security&itp_list_theme

Apple、iPhone 8で指紋認証「Touch ID」を廃止か
http://itpro.nikkeibp.co.jp/atcl/news/17/041801178/?ST=security&itp_list_theme

Sneaky Exploit Allows Phishing Attacks From Sites That Look Secure
http://www.linuxsecurity.com/content/view/171235/169/

Encryption: Usage grows again, but only at snail's pace
http://www.linuxsecurity.com/content/view/171234/169/

0 件のコメント:
ラベル:

2017年4月18日火曜日

18日 火曜日、赤口

+ MantisBT 2.3.1, 2.2.4, 1.3.10 released
http://www.mantisbt.org/blog/?p=518
https://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.3.1

+ Ubuntu 17.04 released
https://wiki.ubuntu.com/ZestyZapus/ReleaseNotes?_ga=1.159268474.1754260706.1408405881

+ VU#676632 IBM Lotus Domino server IMAP EXAMINE command stack buffer overflow
https://www.kb.cert.org/vuls/id/676632

+ Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/97702
CVE-2017-5645

+ Linux Kernel CVE-2017-7889 Multiple Local Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/97690
CVE-2017-7889

記者の眼
頭を悩ませるIoTセキュリティ、業界をまたいだ指針づくりが始まる
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/041300822/?ST=security&itp_list_theme

百社百様、我が社のCSIRT
[SOMPO HD]橋渡し役に注力、現場の専門家はグローバルで外部調達
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041400010/?ST=security&itp_list_theme

「日本は東京五輪への備えが十分ではない」、米マカフィーが警鐘
http://itpro.nikkeibp.co.jp/atcl/news/17/041701173/?ST=security&itp_list_theme

NSAの監視ツール情報が新たに流出、「脆弱性は修正済み」とMicrosoft
http://itpro.nikkeibp.co.jp/atcl/news/17/041701168/?ST=security&itp_list_theme

Capsule8 Building Container-Aware Security Platform for Linux
http://www.linuxsecurity.com/content/view/171218/169/

Tor Security for Android and Desktop Linux
http://www.linuxsecurity.com/content/view/171217/169/

Big Linux bug, low security concerns
http://www.linuxsecurity.com/content/view/171216/169/

SSHGuard 2.0
http://www.linuxsecurity.com/content/view/171215/169/

0 件のコメント:
ラベル:

2017年4月17日月曜日

17日 月曜日、大安

+ nginx 1.12.0 released
http://nginx.org/en/CHANGES-1.12

+ Mozilla Thunderbird 52.0.1 released
https://www.mozilla.org/en-US/thunderbird/52.0.1/releasenotes/

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ Oracle Critical Patch Update Pre-Release Announcement - April 2017
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

+ SA76328 Hitachi Multiple Products Information Disclosure Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76328/
CVE-2013-2566
CVE-2015-2808
CVE-2016-2183

+ VMSA-2017-0007 VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS
http://www.vmware.com/security/advisories/VMSA-2017-0007.html
CVE-2017-5641

+ hitachi-sec-2017-110 Vulnerability in HiRDB Control Manager - Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-110/index.html
CVE-2017-5638

+ hitachi-sec-2017-109 Multiple Vulnerabilities in JP1/IT Desktop Management 2 - Smart Device Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-109/index.html
CVE-2013-2566
CVE-2015-2808
CVE-2016-2183

+ hitachi-sec-2017-108 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-108/index.html
CVE-2016-0887

+ hitachi-sec-2017-110 HiRDB Control Manager - Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-110/index.html
CVE-2017-5638

+ hitachi-sec-2017-109 JP1/IT Desktop Management 2 - Smart Device Managerにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-109/index.html
CVE-2013-2566
CVE-2015-2808
CVE-2016-2183

+ hitachi-sec-2017-108 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-108/index.html
CVE-2016-0887

+ Apache POI 3.16 released
http://ftp.kddilabs.jp/infosystems/apache/poi/release/RELEASE-NOTES.txt

+ UPDATE: JVNVU#97322649 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97322649/index.html

+ VMware vCenter Server AMF3 Message Deserialization Bug Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1038273
CVE-2017-5641

+ Microsoft Windows Unspecified SmartCard Authentication Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1038264

+ [Duplicate] Windows Server Message Block Unspecified Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1038263

+ Wireshark Multiple Bugs Lets Remote Users Deny Service
http://www.securitytracker.com/id/1038262
CVE-2017-7700
CVE-2017-7701
CVE-2017-7702
CVE-2017-7703
CVE-2017-7704
CVE-2017-7705

+ Mantis Bug Tracker v1.3.0 / 2.3.0 Pre-Auth Remote Password Reset
https://cxsecurity.com/issue/WLB-2017040105
CVE-2017-7615

+ Linux Kernel 4.8.0 udev 232 Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040097
CVE-2017-7874

JVNDB-2017-000069 東芝製メモリカード関連ソフトウェアの複数のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000069.html

JVNDB-2017-000070 WN-AC1167GR におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000070.html

百社百様、我が社のCSIRT
[みずほFG]橋渡し人材がセキュリティの現場と経営の距離縮める
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041400009/?ST=security&itp_list_theme

Linux Advisory Watch: April 14th, 2017
http://www.linuxsecurity.com/content/view/171193/187/

SEI CERT C++ Coding Standard
http://www.linuxsecurity.com/content/view/171192/169/

0 件のコメント:
ラベル:

2017年4月14日金曜日

14日 金曜日、友引

+ CESA-2017:0935 Moderate CentOS 7 tomcat Security Update
https://lwn.net/Alerts/719939/

+ CESA-2017:0907 Moderate CentOS 7 util-linux Security Update
https://lwn.net/Alerts/719940/

+ CESA-2017:0906 Moderate CentOS 7 httpd Security Update
https://lwn.net/Alerts/719935/

+ CESA-2017:0920 Important CentOS 7 389-ds-base Security Update
https://lwn.net/Alerts/719933/

+ CESA-2017:0914 Moderate CentOS 7 libreoffice Security Update
https://lwn.net/Alerts/719938/

+ CESA-2017:0933 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/719936/

+ CESA-2017:0892 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/719937/

+ CESA-2017:0893 Important CentOS 6 389-ds-base Security Update
https://lwn.net/Alerts/719934/

+ Wireshark 2.2.6, 2.0.12 released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.6.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.12.html

+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

+ UPDATE: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

+ Linux kernel 3.12.73 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.73

+ PHP 7.1.4, 7.0.18 Released
http://www.php.net/ChangeLog-7.php#7.1.4
http://www.php.net/ChangeLog-7.php#7.0.18

+ UPDATE: JVNVU#98665451 Microsoft URL Moniker における遠隔の HTA データに対する不適切な処理
http://jvn.jp/vu/JVNVU98665451/

+ UPDATE: JVNVU#98665451 Microsoft URL Moniker における遠隔の HTA データに対する不適切な処理
http://jvn.jp/vu/JVNVU98665451/index.html

+ JVNVU#97322649 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97322649/index.html

+ BIND Null Command String Processing Lets Remote Users on Authorized Hosts Cause the Target Service to Crash
http://www.securitytracker.com/id/1038260
CVE-2017-3138

+ BIND DNS64 State Error Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1038259
CVE-2017-3136

+ BIND CNAME/DNAME Record Processing Bug Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1038258
CVE-2017-3137

+ Windows 10 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017040084
CVE-2017-0167

+ Solaris x86 / SPARC EXTREMEPARR dtappgather Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040082

JVNDB-2017-000068 WordPress 用プラグイン WP Statistics におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000068.html

JVNDB-2017-000067 WordPress 用プラグイン WP Statistics におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000067.html

総務省、Struts2の脆弱性を突かれて2.3万人の個人情報流出か
http://itpro.nikkeibp.co.jp/atcl/news/17/041401147/?ST=security&itp_list_theme

「専念できないセキュリティ担当、現場と認識にズレ」――IPAのCISO/CSIRT実態調査
http://itpro.nikkeibp.co.jp/atcl/news/17/041301138/?ST=security&itp_list_theme

「の陳述書」メールはウイルス付き、警視庁が警告
http://itpro.nikkeibp.co.jp/atcl/news/17/041301129/?ST=security&itp_list_theme

DNS record will help prevent unauthorized SSL certificates
http://www.linuxsecurity.com/content/view/171187/169/

Forget the Tax Man: Time for a DNS Security Audit
http://www.linuxsecurity.com/content/view/171186/169/

Prisoners Hack Prison From Inside Prison
http://www.linuxsecurity.com/content/view/171185/169/

0 件のコメント:
ラベル:

2017年4月13日木曜日

13日 木曜日、先勝

+ RHSA-2017:0933 Important: kernel security, bug fix, and enhancement update
https://rhn.redhat.com/errata/RHSA-2017-0933.html
CVE-2016-8650
CVE-2016-9793
CVE-2017-2618
CVE-2017-2636

+ RHSA-2017:0907 Moderate: util-linux security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0907.html
CVE-2017-2616

+ RHSA-2017:0920 Important: 389-ds-base security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0920.html
CVE-2017-2668

+ RHSA-2017:0914 Moderate: libreoffice security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0914.html
CVE-2017-3157

+ RHSA-2017:0906 Moderate: httpd security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0906.html
CVE-2016-0736
CVE-2016-2161
CVE-2016-8743

+ RHSA-2017:0935 Moderate: tomcat security update
https://rhn.redhat.com/errata/RHSA-2017-0935.html
CVE-2016-6816
CVE-2016-8745

+ ISC BIND 9.11.0-P5, 9.10.4-P8, 9.9.9-P8 released
http://ftp.isc.org/isc/bind9/9.11.0-P5/RELEASE-NOTES-bind-9.11.0-P5.html
http://ftp.isc.org/isc/bind9/9.10.4-P8/RELEASE-NOTES-bind-9.10.4-P8.html
http://ftp.isc.org/isc/bind9/9.9.9-P8/RELEASE-NOTES-bind-9.9.9-P8.html

+ CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
https://kb.isc.org/article/AA-01466
CVE-2017-3137

+ CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
https://kb.isc.org/article/AA-01471
CVE-2017-3138

+ CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
https://kb.isc.org/article/AA-01465
CVE-2017-3136

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ FreeBSD-SA-17:03.ntp Multiple vulnerabilities of ntp
https://security.freebsd.org/advisories/FreeBSD-SA-17:03.ntp.asc
CVE-2017-6464
CVE-2017-6462
CVE-2017-6463
CVE-2016-9042

+ Linux kernel 4.10.10, 4.9.22, 4.4.61 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.22
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.61

+ UPDATE: JVNVU#98665451 Microsoft OLE2Link オブジェクトに含まれる遠隔データへのリンクに対する不適切な処理
http://jvn.jp/vu/JVNVU98665451/index.html

+ JVNVU#90211511 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90211511/index.html

+ Microsoft Office OneNote 2007 DLL Hijacking
https://cxsecurity.com/issue/WLB-2017040065
CVE-2017-0197

ニュース解説
ボットネット“潜入捜査”で判明、1台のPCから毎月25万通のウイルスメール
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/040700924/?ST=security&itp_list_theme

社長に「よし、分かった」と言わせるセキュリティ会話術
「予算はこれで収めて」と言われたら、経営層に社内営業をかけよう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/040400008/?ST=security&itp_list_theme

米フィッシュミーが日本市場参入、フィッシング対策で初年度100社の導入目標
http://itpro.nikkeibp.co.jp/atcl/news/17/041201128/?ST=security&itp_list_theme

大日本印刷とスカイコム、タブレット上で申込書に手書き入力できるサービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/041201126/?ST=security&itp_list_theme

「日本の経営層はセキュリティ事故が我がことではない」、日本IBMが警鐘
http://itpro.nikkeibp.co.jp/atcl/news/17/041201125/?ST=security&itp_list_theme

アズジェントがWeb無害化ツール2製品、ゲートウエイ用とWebサイト用
http://itpro.nikkeibp.co.jp/atcl/news/17/041201121/?ST=security&itp_list_theme

「機密情報が流出」報道にスカイが反論
http://itpro.nikkeibp.co.jp/atcl/news/17/041201112/?ST=security&itp_list_theme

サイバー攻撃の「予兆」を事前に把握、SecureWorks Japanが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/041201108/?ST=security&itp_list_theme

JVNVU#91711014 U818A WIFI に anonymous FTP でフルアクセス可能な脆弱性
http://jvn.jp/vu/JVNVU91711014/index.html

Hacked Dallas sirens get extra encryption to fend off future attacks
http://www.linuxsecurity.com/content/view/171169/169/

0 件のコメント:
ラベル:

2017年4月12日水曜日

12日 水曜日、赤口

+ 2017 年 4 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99
CVE-2013-6629
CVE-2017-0058
CVE-2017-0093
CVE-2017-0106
CVE-2017-0155
CVE-2017-0156
CVE-2017-0158
CVE-2017-0159
CVE-2017-0160
CVE-2017-0162
CVE-2017-0163
CVE-2017-0164
CVE-2017-0165
CVE-2017-0166
CVE-2017-0167
CVE-2017-0168
CVE-2017-0169
CVE-2017-0178
CVE-2017-0179
CVE-2017-0180
CVE-2017-0181
CVE-2017-0182
CVE-2017-0183
CVE-2017-0184
CVE-2017-0185
CVE-2017-0186
CVE-2017-0188
CVE-2017-0189
CVE-2017-0191
CVE-2017-0192
CVE-2017-0194
CVE-2017-0195
CVE-2017-0197
CVE-2017-0199
CVE-2017-0200
CVE-2017-0201
CVE-2017-0202
CVE-2017-0203
CVE-2017-0204
CVE-2017-0205
CVE-2017-0207
CVE-2017-0208
CVE-2017-0210
CVE-2017-0211
CVE-2017-2605
CVE-2017-3447

+ RHSA-2017:0892 Important: kernel security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0892.html
CVE-2016-7910
CVE-2017-2636

+ RHSA-2017:0893 Important: 389-ds-base security and bug fix update
https://rhn.redhat.com/errata/RHSA-2017-0893.html
CVE-2017-2668

+ APSB17-09 Security update available for Adobe Campaign
https://helpx.adobe.com/security/products/campaign/apsb17-09.html

+ APSB17-10 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-10.html

+ APSB17-11 Security Updates Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html
CVE-2017-3017
CVE-2017-3018
CVE-2017-3019
CVE-2017-3020
CVE-2017-3021
CVE-2017-3022
CVE-2017-3023
CVE-2017-3024
CVE-2017-3025
CVE-2017-3026
CVE-2017-3027
CVE-2017-3028
CVE-2017-3029
CVE-2017-3030
CVE-2017-3031
CVE-2017-3032
CVE-2017-3033
CVE-2017-3034
CVE-2017-3035
CVE-2017-3036
CVE-2017-3037
CVE-2017-3038
CVE-2017-3039
CVE-2017-3040
CVE-2017-3041
CVE-2017-3042
CVE-2017-3043
CVE-2017-3044
CVE-2017-3045
CVE-2017-3046
CVE-2017-3047
CVE-2017-3048
CVE-2017-3049
CVE-2017-3050
CVE-2017-3051
CVE-2017-3052
CVE-2017-3053
CVE-2017-3054
CVE-2017-3055
CVE-2017-3056
CVE-2017-3057
CVE-2017-3065

+ APSB17-12 Security updates available for Adobe Photoshop CC
https://helpx.adobe.com/security/products/photoshop/apsb17-12.html
CVE-2017-3004
CVE-2017-3005

+ APSB17-13 Security update available for the Creative Cloud Desktop Application
https://helpx.adobe.com/security/products/creative-cloud/apsb17-13.html
CVE-2017-3006
CVE-2017-3007

+ Squid 3.5.25 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.25-RELEASENOTES.html

+ UPDATE: Cisco UCS Director Virtual Machine Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs-director

+ UPDATE: SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle

+ SA76225 Microsoft Windows Adobe Flash Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/76225/
CVE-2017-3058
CVE-2017-3059
CVE-2017-3060
CVE-2017-3061
CVE-2017-3062
CVE-2017-3063
CVE-2017-3064

+ SA73900 Microsoft Windows Server 2016 Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/73900/
CVE-2013-6629
CVE-2017-0058
CVE-2017-0156
CVE-2017-0158
CVE-2017-0159
CVE-2017-0162
CVE-2017-0163
CVE-2017-0164
CVE-2017-0166
CVE-2017-0167
CVE-2017-0178
CVE-2017-0179
CVE-2017-0180
CVE-2017-0181
CVE-2017-0182
CVE-2017-0183
CVE-2017-0184
CVE-2017-0185
CVE-2017-0186
CVE-2017-0188
CVE-2017-0189
CVE-2017-0191
CVE-2017-0192
CVE-2017-0211

+ SA76226 Microsoft Internet Explorer Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/76226/
CVE-2017-0201
CVE-2017-0202
CVE-2017-0210

+ SA76228 Microsoft .NET Insecure Library Loading Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76228/
CVE-2016-0160

+ JVNVU#98665451 Microsoft OLE2Link オブジェクトに含まれる遠隔データへのリンクに対する不適切な処理
http://jvn.jp/vu/JVNVU98665451/index.html

+ Apache Tomcat 8.x / 9.x Refactoring Information Disclosure
https://cxsecurity.com/issue/WLB-2017040061
CVE-2017-5651

+ Microsoft Outlook Email Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038227
CVE-2017-0106
CVE-2017-0204

+ Apache Tomcat Application Listener Facade Object Error Lets Remote Users Modify Data on the Target System
http://www.securitytracker.com/id/1038220
CVE-2017-5648

+ Apache Tomcat HTTP Connector Send File Processing Cache Error Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1038219
CVE-2017-5651

+ Apache Tomcat Pipelined Request Send File Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1038218
CVE-2017-5647

+ Apache Tomcat HTTP/2 GOAWAY Frame Processing Error Lets Remote Users Consume Excessive Resources on the Target System
http://www.securitytracker.com/id/1038217
CVE-2017-5650

VU#334207 DBPOWER U818A WIFI quadcopter drone allows full filesystem permissions to anonymous FTP
https://www.kb.cert.org/vuls/id/334207

JVNDB-2017-000066 サイボウズ Office のAPI に関するサービス運用妨害 (DoS)の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000066.html

JVNDB-2017-000065 サイボウズ Office のカスタムアプリのテンプレート削除機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000065.html

JVNDB-2017-000064 サイボウズ Office のカスタムアプリのファイル書き出し機能におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000064.html

JVNDB-2017-000063 サイボウズ Office のデザイン設定画面におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000063.html

JVNDB-2017-000054 ASSETBASE におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000054.html

UPDATE: JVN#25598952 CS-Cart日本語版におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN25598952/index.html

Mark Shuttleworth says some free software folk are 'deeply anti-social' and 'love to hate'
http://www.linuxsecurity.com/content/view/171167/169/

0 件のコメント:
ラベル:

2017年4月11日火曜日

11日 火曜日、大安











+ Mozilla Thunderbird 52.0 released
https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/

+ Security vulnerabilities fixed in - Thunderbird 52
https://www.mozilla.org/en-US/security/advisories/mfsa2017-09/
CVE-2017-5400
CVE-2017-5401
CVE-2017-5402
CVE-2017-5403
CVE-2017-5404
CVE-2017-5406
CVE-2017-5407
CVE-2017-5410
CVE-2017-5411
CVE-2017-5408
CVE-2017-5412
CVE-2017-5413
CVE-2017-5414
CVE-2017-5416
CVE-2017-5425
CVE-2017-5426
CVE-2017-5418
CVE-2017-5419
CVE-2017-5405
CVE-2017-5421
CVE-2017-5422
CVE-2017-5399
CVE-2017-5398

+ VU#921560 Microsoft OLE2Link object contains an unspecified vulnerability
https://www.kb.cert.org/vuls/id/921560

+ SA76008 Linux Kernel UDP Checksum Calculation Buffer Overflow Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/76008/
CVE-2016-10229

+ SA76271 Microsoft Office / Word RTF Memory Corruption Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76271/

+ Apple WebKit disconnectSubframes UXSS
https://cxsecurity.com/issue/WLB-2017040054
CVE-2017-2445

ニュース解説
一挙公開! 47都道府県「自治体セキュリティクラウド」落札企業
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/040900925/?ST=security&itp_list_theme

Linux Security Week: April 10th, 2017
http://www.linuxsecurity.com/content/view/171158/187/

CIA tools exposed by Wikileaks linked to hacking across 16 countries
http://www.linuxsecurity.com/content/view/171157/169/

spectrology ? Basic Audio Steganography Tool
http://www.linuxsecurity.com/content/view/171156/169/

0 件のコメント:
ラベル: ,

2017年4月10日月曜日

10日 月曜日、仏滅

+ --write-out out of buffer read
https://curl.haxx.se/docs/adv_20170403.html
CVE-2017-7407

+ APSB17-11 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-11.html

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ Linux kernel 4.10.9, 4.9.21, 4.4.60 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.21
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.60

+ Apache Log4j 2.8.2 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.8.2

+ Apache Tomcat 6.0.53 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html#Tomcat_6.0.53_(violetagg)

+ ProFTPD 1.3.6, 1.3.5e released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.6
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5e

+ JVNVU#91290407 Trend Micro Control Manager における SQL インジェクションの脆弱性
http://jvn.jp/vu/JVNVU91290407/

+ JVNVU#95072816 Trend Micro Control Manager における複数の脆弱性
http://jvn.jp/vu/JVNVU95072816/

PgComment for PostgreSQL released
https://www.postgresql.org/about/news/1740/

JVNDB-2017-000061 CS-Cart日本語版におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000061.html

JVNDB-2017-000060 WN-G300R3 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000060.html

JVNDB-2017-000059 WN-G300R3 における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000059.html

JVNDB-2017-000062 WordPress 用プラグイン WP Statistics におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000062.html

JVNDB-2017-000058 Tablacus Explorer におけるスクリプトインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000058.html

ニュース解説
Active Directoryを狙う標的型攻撃が相次ぐ、危険な現状を認識せよ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/040500919/?ST=security&itp_list_theme

新社会人必読のITマナー「職場のPCでそれやっちゃダメ」
「便利だと思って」があだになる、企業特有のパソコン使用ルール
http://itpro.nikkeibp.co.jp/atcl/column/17/033000112/040500005/?ST=security&itp_list_theme

IPA、セキュリティとデータサイエンスのタスクとスキルを「ITSS+」で定義
http://itpro.nikkeibp.co.jp/atcl/news/17/040701077/?ST=security&itp_list_theme

架空の“マイナンバー新年度更新手続き”促す不審メール、総務省が注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/040701075/?ST=security&itp_list_theme

システム管理者と情報管理者の権限を分離、内部犯行による情報漏洩を防ぐ新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/040701066/?ST=security&itp_list_theme

JVNVU#97538972 Java で実装された複数の Action Message Format (AMF3) ライブラリに脆弱性
http://jvn.jp/vu/JVNVU97538972/

Linux Advisory Watch: April 7th, 2017
http://www.linuxsecurity.com/content/view/171153/187/

Trump Is About to Find Out What Happens When You Mess With the Open Internet
http://www.linuxsecurity.com/content/view/171152/169/

Android devices can be fatally hacked by malicious Wi-Fi networks
http://www.linuxsecurity.com/content/view/171151/169/

0 件のコメント:
ラベル:

2017年4月7日金曜日

7日 金曜日、先勝

+ libpng 1.6.19 released
http://www.libpng.org/pub/png/src/libpng-1.6.29-README.txt

+ Moodle URL Manipulation Remote Account Information Disclosure
https://cxsecurity.com/issue/WLB-2017040026

+ Apache Tomcat Directory/Path Traversal
https://cxsecurity.com/issue/WLB-2017040025

JVNDB-2017-000057 CS-Cart日本語版におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000057.html

JVNDB-2017-000056 CS-Cart日本語版におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000056.html

新社会人必読のITマナー「職場のPCでそれやっちゃダメ」
新人による「まさかの社外秘流出」、阻止するためのソフト利用教育とは
http://itpro.nikkeibp.co.jp/atcl/column/17/033000112/040400004/?ST=security&itp_list_theme

ニュース解説
日本マクドナルドが海外版Apple Pay対応へ、決済規格の勢力図に変化
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/040500920/?ST=security&itp_list_theme

ウイルス対策のアバスト、日本法人設立で国内サポート強化へ
http://itpro.nikkeibp.co.jp/atcl/news/17/040601055/?ST=security&itp_list_theme

Facebook、リベンジポルノ画像の拡散を防止するツールを実装
http://itpro.nikkeibp.co.jp/atcl/news/17/040601043/?ST=security&itp_list_theme

Linux File Encryption By Jetico Cares For Ultimate User Privacy
http://www.linuxsecurity.com/content/view/171150/169/

0 件のコメント:
ラベル:

2017年4月6日木曜日

6日 木曜日、赤口

+ iOS 10.3.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT207688
CVE-2017-6975

+ About the security content of Apple Music 2.0 for Android
https://support.apple.com/ja-jp/HT207605
CVE-2017-2387

+ Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
CVE-2017-3834

+ Cisco Wireless LAN Controller Management GUI Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc3
CVE-2017-3832

+ Cisco Wireless LAN Controller IPv6 UDP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc2
CVE-2016-9219

+ Cisco Wireless LAN Controller 802.11 WME Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc
CVE-2016-9194

+ Cisco Wireless LAN Controller RADIUS Change of Authorization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-wlc1
CVE-2016-9195

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs1
CVE-2017-6600

+ Cisco UCS Director Virtual Machine Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
CVE-2017-3817

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Debug Plug-in Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucs
CVE-2017-6598

+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm1
CVE-2017-3888

+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ucm
CVE-2017-3886

+ Cisco Registered Envelope Service Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res
CVE-2017-3889

+ Cisco IOS XE Software Startup Script Local Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-iosxe
CVE-2017-6606

+ Cisco IOS XR Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
CVE-2017-6599

+ Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Web Interface Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cpi
CVE-2017-3884

+ Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
CVE-2016-9197

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli2
CVE-2017-6602

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli1
CVE-2017-6601

+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance local-mgmt CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli
CVE-2017-6597

+ Cisco Integrated Management Controller Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cimc
CVE-2017-6604

+ Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1
CVE-2017-3887

+ Cisco Firepower Detection Engine SSL Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw
CVE-2017-3885

+ Cisco ASR 903 and ASR 920 Series Devices IPv6 Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr
CVE-2017-6603

+ Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms Shell Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet
CVE-2016-9196

+ Linux kernel 3.16.43, 3.2.88 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.43
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.88

+ SA76222 Linux Kernel Encryption Policy Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76222/
CVE-2016-10318

+ Mozilla Thunderbird 52.0 released
https://www.mozilla.org/en-US/thunderbird/52.0/releasenotes/

+ macOS/iOS Kernel 10.12.3 Double-Free Due to Bad Locking in fsevents Device
https://cxsecurity.com/issue/WLB-2017040021
CVE-2017-2490

+ Apple Webkit 'JSCallbackData' Universal Cross-Site Scripting
https://cxsecurity.com/issue/WLB-2017040020
CVE-2017-2442

+ Apple WebKit 10.0.2 'Frame::setDocument (1)' Universal Cross-Site Scripting
https://cxsecurity.com/issue/WLB-2017040019
CVE-2017-2364

+ Apple WebKit 10.0.2 'constructJSReadableStreamDefaultReader' Type Confusion
https://cxsecurity.com/issue/WLB-2017040018
CVE-2017-2457

+ Apple WebKit 10.0.2(12602.3.12.0.1) 'disconnectSubframes' Universal Cross-Site
https://cxsecurity.com/issue/WLB-2017040017
CVE-2017-2445

+ Apple Webkit Cross-Site Scripting (Named Property from an Unloaded Window)
https://cxsecurity.com/issue/WLB-2017040016
CVE-2017-2367

社長に「よし、分かった」と言わせるセキュリティ会話術
「ルールを守らせろ」と言われても、破られる前提で対策しておこう
http://itpro.nikkeibp.co.jp/atcl/column/17/021400032/032900007/?ST=security&itp_list_theme

ウフルとZenmuTechが提携、IoTの通信費低減やセキュリティ向上で
http://itpro.nikkeibp.co.jp/atcl/news/17/040501041/?ST=security&itp_list_theme

GMO-PG、Struts2脆弱性によるクレジットカード情報流出が確定
http://itpro.nikkeibp.co.jp/atcl/news/17/040501031/?ST=security&itp_list_theme

Web制作会社の迷惑メール送信は放置されたWordPressが原因
http://itpro.nikkeibp.co.jp/atcl/news/17/040501029/?ST=security&itp_list_theme

How Hackers Hijacked a Bank’s Entire Online Operation
http://www.linuxsecurity.com/content/view/171149/169/

After Congress revokes Internet privacy rules, downloads double of VPN-equipped Opera browser
http://www.linuxsecurity.com/content/view/171148/169/

Tim Berners-Lee, Inventor of the Web, Wins $1 Million Turing Award 2016
http://www.linuxsecurity.com/content/view/171147/169/

0 件のコメント:
ラベル:

2017年4月5日水曜日

5日 水曜日、大安

+ SA76186 Android Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/76186/
CVE-2016-5129
CVE-2017-0538
CVE-2017-0539
CVE-2017-0540
CVE-2017-0541
CVE-2017-0542
CVE-2017-0543
CVE-2017-0548
CVE-2017-0549
CVE-2017-0550
CVE-2017-0551
CVE-2017-0552

+ About the security content of iOS 10.3.1
https://support.apple.com/en-us/HT207688
CVE-2017-6975

+ JVNVU#91033489 Apple iOS におけるバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU91033489/index.html
CVE-2017-6975

+ Apple iOS Buffer Overflow in WiFi Chip Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038172
CVE-2017-6975

+ Trend Micro Enterprise Mobile Security Android MITM SSL Certificate Vulnerability
https://cxsecurity.com/issue/WLB-2017040009
CVE-2016-9319

+ Apache Tomcat 6/7/8/9 - Information Disclosure
https://cxsecurity.com/issue/WLB-2017040007
CVE-2016-6816

VU#307983 AMF3 Java implementations are vulnerable to insecure deserialization and XML external entities references
https://www.kb.cert.org/vuls/id/307983

キュリティの救世主!?無害化、無意味化
無意味化は情報漏洩の免罪符か
http://itpro.nikkeibp.co.jp/atcl/column/17/033000113/040300005/?ST=security&itp_list_theme

ニュース解説
GPS捜査「違法」の最高裁判決、IT企業にも影響大
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/033000910/?ST=security&itp_list_theme

FacebookやMozillaなど、フェイクニュース対策に合計1400万ドル出資
http://itpro.nikkeibp.co.jp/atcl/news/17/040401011/?ST=security&itp_list_theme

Hackers Are Emptying ATMs With a Single Drilled Hole and $15 Worth of Gear
http://www.linuxsecurity.com/content/view/171141/169/

Trump signs law allowing ISPs to sell your browsing history
http://www.linuxsecurity.com/content/view/171140/169/

0 件のコメント:
ラベル:

2017年4月4日火曜日

4日 火曜日、仏滅

+ RHSA-2017:0862 Low: Red Hat Enterprise Linux 5 Retirement Notice
https://rhn.redhat.com/errata/RHSA-2017-0862.html

+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

+ Apache Tomcat 8.0.43, 7.0.77 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.43_(violetagg)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.77_(violetagg)

+ UPDATE: JVNVU#95549222 NTP.org の ntpd に複数の脆弱性
http://jvn.jp/vu/JVNVU95549222/index.html

+ UPDATE: JVNVU#94686945 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94686945/index.html

+ UPDATE: JVNVU#94686945 Apache Tomcat に情報漏えいの脆弱性
http://jvn.jp/vu/JVNVU94686945/index.html

+ UPDATE: JVNVU#93610402 Apache Struts2 に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU93610402/index.html

+ UPDATE: JVNVU#90017300 OpenSSL にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU90017300/index.html

+ UPDATE: JVNVU#93384765 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93384765/index.html

+ UPDATE: JVNVU#92830136 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU92830136/index.html

新社会人必読のITマナー「職場のPCでそれやっちゃダメ」
知らないと炎上必至? 新人に教えるべきクラウドサービスの使い方
http://itpro.nikkeibp.co.jp/atcl/column/17/033000112/033100002/?ST=security&itp_list_theme

セキュリティの救世主!?無害化、無意味化
こっそり待たせて処理を実行、メール無害化
http://itpro.nikkeibp.co.jp/atcl/column/17/033000113/040300004/?ST=security&itp_list_theme

BlackBerry、セキュリティおよびブランドライセンスをスマホ以外にも拡大
http://itpro.nikkeibp.co.jp/atcl/news/17/040300996/?ST=security&itp_list_theme

JVNVU#90556561 GIGABYTE BRIX のファームウェア保護機能に複数の脆弱性
http://jvn.jp/vu/JVNVU90556561/index.html

Congress to US citizens: Want online privacy? Pay up!
http://www.linuxsecurity.com/content/view/171137/169/

TorBirdy 0.2.2 is released
http://www.linuxsecurity.com/content/view/171136/169/

Email security appears grounded as attacks continue to take flight
http://www.linuxsecurity.com/content/view/171135/169/

0 件のコメント:
ラベル:

2017年4月3日月曜日

3日 月曜日、先負













+ MantisBT 2.3.0, 2.2.3, and 1.3.9 released
http://www.mantisbt.org/blog/?p=514

+ MantisBT Security releases 1.3.8, 2.1.2 and 2.2.2
http://www.mantisbt.org/blog/?p=508

+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl

+ Linux kernel 4.10.8, 4.9.20, 4.4.59 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.20
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.59

+ Samba 4.6.2, 4.5.8 and 4.4.13 Available for Download
https://www.samba.org/samba/history/samba-4.6.2.html
https://www.samba.org/samba/history/samba-4.5.8.html
https://www.samba.org/samba/history/samba-4.4.13.html

+ SA76156 McAfee Web Gateway Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/76156/
CVE-2016-8105
CVE-2017-5897
CVE-2017-6214

+ Apache Tomcat 8.5.13 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.13_(markt)

+ MantisBT Input Validation Flaws in 'adm_config_report.php' and 'move_attachments_page.php' Let Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1038169
CVE-2017-6973
CVE-2017-7241
CVE-2017-7309

+ Microsoft Internet Information Server (IIS) Web Server Buffer Overflow in WebDAV ScStoragePathFromUrl() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038168
CVE-2017-7269

+ Apple macOS/IOS 10.12.2(16C67) mach_msg Heap Overflow
https://cxsecurity.com/issue/WLB-2017030254

VU#507496 GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed
https://www.kb.cert.org/vuls/id/507496

セキュリティの救世主!?無害化、無意味化
Webアクセスの無害化、その盲点
http://itpro.nikkeibp.co.jp/atcl/column/17/033000113/033100001/?ST=security&itp_list_theme

Linux Advisory Watch: March 31st, 2017
http://www.linuxsecurity.com/content/view/171131/187/

Using a VPN Sucks
http://www.linuxsecurity.com/content/view/171130/169/

EFF: Verizon will install spyware on all its Android phones
http://www.linuxsecurity.com/content/view/171129/169/

APT29 Domain Fronting With TOR
http://www.linuxsecurity.com/content/view/171127/169/

Someone is putting lots of work into hacking Github developers
http://www.linuxsecurity.com/content/view/171126/169/

VMware patches critical virtual machine escape flaws
http://www.linuxsecurity.com/content/view/171125/169/

0 件のコメント:
ラベル: ,
登録: 投稿 (Atom)