2017年4月24日月曜日

24日 月曜日、赤口

+ RHSA-2017:1105 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-1105.html
CVE-2017-3136
CVE-2017-3137

+ Selenium Standalone Server 3.4.0 released
http://docs.seleniumhq.org/download/

+ Selenium IE Driver Server 3.4 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG

+ Selenium Client & WebDriver 3.4.0 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG

+ CESA-2017:1100 Critical CentOS 6 nss Security Update
https://lwn.net/Alerts/720606/

+ CESA-2017:1104 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/720600/

+ CESA-2017:1100 Critical CentOS 7 nss-util Security Update
https://lwn.net/Alerts/720603/

+ CESA-2017:1100 Critical CentOS 7 nss Security Update
https://lwn.net/Alerts/720604/

+ CESA-2017:1106 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/720599/

+ CESA-2017:1108 Moderate CentOS 7 java-1.8.0-openjdk Security Update
https://lwn.net/Alerts/720602/

+ CESA-2017:1105 Important CentOS 6 bind Security Update
https://lwn.net/Alerts/720598/

+ CESA-2017:1100 Critical CentOS 6 nss-util Security Update
https://lwn.net/Alerts/720605/

+ UPDATE: Cisco Unified Communications Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

+ Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1

+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl

+ Linux kernel 4.10.12, 4.9.24, 4.4.63, 3.18.50 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.24
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.63
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.50

+ cURL/libcurl TLS Session Resumption Client Certificate Bug Lets Remote Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1038341
CVE-2016-5419
CVE-2017-7468

+ Oracle Java 64bit DLL Hijacking *youtube
https://cxsecurity.com/issue/WLB-2017040147
CVE-2017-3511

+ Apple WebKit/Safari 10.0.2 (12602.3.12.0.1) PrototypeMap::createEmptyStructure XS
https://cxsecurity.com/issue/WLB-2017040142

+ Apple WebKit/Safari 10.0.2 (12602.3.12.0.1) operationSpreadGeneric XSS
https://cxsecurity.com/issue/WLB-2017040141

+ Microsoft Windows 10 10586 IEETWCollector Privilege Escalation
https://cxsecurity.com/issue/WLB-2017040140
CVE-2017-0165

+ Microsoft Windows - ManagementObject Arbitrary .NET Serialization RCE
https://cxsecurity.com/issue/WLB-2017040139
VE-2017-0160

+ Microsoft Windows IFEO Winlogin SYSTEM Backdooring Exploit
https://cxsecurity.com/issue/WLB-2017040138

JVNDB-2017-000072 WNC01WH における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000072.html

日経ITイノベーターズ白熱議論&講演
セキュリティはやっぱり痛い目にあわないと…
http://itpro.nikkeibp.co.jp/atcl/column/17/040500122/041800010/?ST=security&itp_list_theme

百社百様、我が社のCSIRT
[オリンパス]海外拠点とも脅威情報を共有、未然の事故防止に効果あり
http://itpro.nikkeibp.co.jp/atcl/column/16/080500167/041900014/?ST=security&itp_list_theme

ニュース解説
人騒がせな標的型攻撃訓練
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042000942/?ST=security&itp_list_theme

シスコ、セキュリティ教育を学生に無償提供
http://itpro.nikkeibp.co.jp/atcl/news/17/042101239/?ST=security&itp_list_theme

Linux Advisory Watch: April 21st, 2017
http://www.linuxsecurity.com/content/view/171271/187/

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)