+ PostgreSQL ODBC Driver 09.06.0300 released
https://www.postgresql.org/ftp/odbc/versions/msi/
+ RHSA-2017:1202 Important: bind security update
https://rhn.redhat.com/errata/RHSA-2017-1202.html
CVE-2017-3139
+ RHSA-2017:1201 Important: thunderbird security update
https://rhn.redhat.com/errata/RHSA-2017-1201.html
CVE-2016-10195
CVE-2016-10196
CVE-2016-10197
CVE-2017-5429
CVE-2017-5432
CVE-2017-5433
CVE-2017-5434
CVE-2017-5435
CVE-2017-5436
CVE-2017-5438
CVE-2017-5439
CVE-2017-5440
CVE-2017-5441
CVE-2017-5442
CVE-2017-5443
CVE-2017-5444
CVE-2017-5445
CVE-2017-5446
CVE-2017-5447
CVE-2017-5449
CVE-2017-5451
CVE-2017-5454
CVE-2017-5459
CVE-2017-5460
CVE-2017-5464
CVE-2017-5465
CVE-2017-5466
CVE-2017-5467
CVE-2017-5469
+ Google Chrome 58.0.3029.96 released
https://chromereleases.googleblog.com/2017/05/stable-channel-update-for-desktop.html
CVE-2017-5068
+ Mozilla Firefox 53.0.2 released
https://www.mozilla.org/en-US/firefox/53.0.2/releasenotes/
+ Mozilla Foundation Security Advisory 2017-14
https://www.mozilla.org/en-US/security/advisories/mfsa2017-14/
CVE-2017-5031
+ Zabbix 3.2.6 released
http://www.zabbix.com/rn3.2.6
+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
+ UPDATE: Apache Struts2 Jakarta Multipart Parser File Upload Code Execution Vulnerability Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2
+ UPDATE: Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
+ UPDATE: Cisco TelePresence ICMP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp
+ Cisco IOS XR Software Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr
CVE-2017-3876
+ Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
CVE-2017-3873
+ Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas
CVE-2017-6628
+ Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
CVE-2017-6625
+ Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce
CVE-2017-6626
+ Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
CVE-2017-6620
+ Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc
CVE-2017-6629
+ Cisco CallManager Express Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
CVE-2017-6624
+ Linux kernel 4.10.14, 4.9.27, 4.4.67, 3.18.52 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.27
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.67
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.52
+ UPDATE: Oracle Critical Patch Update Advisory - April 2017
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
+ SA76711 McAfee Network Security Manager "HTTP_PROXY" Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/76711/
CVE-2016-5385
+ GCC 7.1 released
https://gcc.gnu.org/gcc-7/changes.html
+ UPDATE: JVNVU#98641178 Ghostscript に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU98641178/
+ UPDATE: JVNVU#97322649 ISC BIND に複数のサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU97322649/
+ BIND DNSSEC Validation Flaw Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1038418
CVE-2017-3139
+ MySQL 5.6.35 / 5.7.17 Integer Overflow
https://cxsecurity.com/issue/WLB-2017050006
CVE-2017-3599
+ ISC BIND CVE-2017-3139 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/98334
CVE-2017-3139
VU#556600 Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates
https://www.kb.cert.org/vuls/id/556600
VU#276408 Think Mutual Bank Mobile Banking App for iPhone fails to properly validate SSL certificates
https://www.kb.cert.org/vuls/id/276408
VU#491375 Intel Active Management Technology (AMT) does not properly enforce access control
https://www.kb.cert.org/vuls/id/491375
pg_chameleon 1.0 released
https://www.postgresql.org/about/news/1745/
Announcing The Release Of pglogical 2.0
https://www.postgresql.org/about/news/1744/
ニュース解説
「RSA暗号は量子コンピュータで破られない」、生みの親が日本国際賞受賞で熱弁
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/042700954/?ST=security&itp_list_theme
NECがサイバー攻撃分析にAI導入、人が処理する警告を3割減に
http://itpro.nikkeibp.co.jp/atcl/news/17/050801341/?ST=security&itp_list_theme
デジタルアーツ、情報漏えい防止製品に標的型攻撃対策を追加
http://itpro.nikkeibp.co.jp/atcl/news/17/050801340/?ST=security&itp_list_theme
Google Docsを悪用したフィッシング攻撃が発生、すでに対処済み
http://itpro.nikkeibp.co.jp/atcl/news/17/050801335/?ST=security&itp_list_theme
JVNVU#97533441 スマートフォンアプリ「Space Coast Credit Union SCCU Mobile」における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU97533441/index.html
JVNVU#92990454 iOS アプリ「Think Mutual Bank Mobile Banking App」に SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU92990454/index.html
JVNVU#92793783 Intel Active Management Technology (AMT) にアクセス制限不備の脆弱性
http://jvn.jp/vu/JVNVU92793783/index.html
JVNVU#96080594 Portrait Displays SDK を使用して作成されたアプリケーションに任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU96080594/index.html
Linux Security Week: May 8th, 2017
http://www.linuxsecurity.com/content/view/171400/187/
Google Docs Phishing Scam a Game Changer
http://www.linuxsecurity.com/content/view/171399/169/
Hackers are reusing free online tools as part of their cyberespionage campaigns
http://www.linuxsecurity.com/content/view/171398/169/
Not-so-secret DOD “spy drone” footage, live on the Internet
http://www.linuxsecurity.com/content/view/171386/169/
Types of DDoS Attacks
http://www.linuxsecurity.com/content/view/171385/169/
Are we heading for a new encryption war?
http://www.linuxsecurity.com/content/view/171384/169/
Top tips for finding the right cybersecurity products
http://www.linuxsecurity.com/content/view/171383/169/
You only need 60 bytes to hose Linux's rpcbind
http://www.linuxsecurity.com/content/view/171377/169/
Fake Google Docs phishing deluge hits Gmail
http://www.linuxsecurity.com/content/view/171376/169/
Red alert! Intel patches remote execution hole that's been hidden in biz, server chips since 2010
http://www.linuxsecurity.com/content/view/171373/169/
Hackers Are Remotely Controlling Industrial Robots Now
http://www.linuxsecurity.com/content/view/171372/169/
Kali Linux 2017.1 Security OS Released With New Updates And Features
http://www.linuxsecurity.com/content/view/171364/169/
Linux kernel security gurus Grsecurity oust freeloaders from castle
http://www.linuxsecurity.com/content/view/171363/169/
Flickr account hijack flaw earns researcher $7k
http://www.linuxsecurity.com/content/view/171362/169/
0 件のコメント:
コメントを投稿