30日 金曜日、大安

+ Mozilla Firefox 54.0.1 released
https://www.mozilla.org/en-US/firefox/54.0.1/releasenotes/

+ CESA-2017:1576 Important CentOS 6 mercurial Security Update
https://lwn.net/Alerts/726756/

+ phpMyAdmin 4.7.2 is released
https://www.phpmyadmin.net/news/2017/6/29/phpmyadmin-472-released/

+ ISC BIND 9.11.1-P2, 9.10.5-P2, 9.9.10-P2 released
http://ftp.isc.org/isc/bind9/9.11.1-P2/RELEASE-NOTES-bind-9.11.1-P2.html
http://ftp.isc.org/isc/bind9/9.10.5-P2/RELEASE-NOTES-bind-9.10.5-P2.html
http://ftp.isc.org/isc/bind9/9.9.10-P2/RELEASE-NOTES-bind-9.9.10-P2.html

+ CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers
https://kb.isc.org/article/AA-01504
CVE-2017-3142

+ CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates
https://kb.isc.org/article/AA-01503
CVE-2017-3143

+ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
CVE-2017-6736
CVE-2017-6737
CVE-2017-6738

+ Linux kernel 4.11.8, 4.9.35, 4.4.75, 4.1.42, 3.18.59 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.42
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.59

+ JVNVU#93240386 ServerProtect for Linux における複数の脆弱性
http://jvn.jp/vu/JVNVU93240386/
CVE-2017-9032
CVE-2017-9033
CVE-2017-9034
CVE-2017-9035
CVE-2017-9036
CVE-2017-9037

+ JVNVU#95587881 Deep Discovery Email Inspector に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU95587881/index.html

+ JVNVU#95303354 Deep Discovery Email Inspector に複数の脆弱性
http://jvn.jp/vu/JVNVU95303354/index.html

+ BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
http://www.securitytracker.com/id/1038809
CVE-2017-3142
CVE-2017-3143

+ Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038798
CVE-2017-9810
CVE-2017-9811
CVE-2017-9812
CVE-2017-9813

+ Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
https://cxsecurity.com/issue/WLB-2017060226
CVE-2017-9812
CVE-2017-9810
CVE-2017-9811
CVE-2017-9813

+ Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://cxsecurity.com/issue/WLB-2017060225
CVE-2017-9812
CVE-2017-9810
CVE-2017-9811
CVE-2017-9813

+ Oracle Solaris 11.1 / 11.3 RSH Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060223
CVE-2017-3631

+ OpenBSD 'at' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060222
CVE-2017-1000373
CVE-2017-1000372

+ NetBSD Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060221
CVE-2017-1000375

+ FreeBSD 'FGPU' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060220
CVE-2017-1084

+ FreeBSD 'setrlimit' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060219
CVE-2017-1085

+ FreeBSD 'FGPE' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060218
CVE-2017-1084

+ Linux 'ldso_dynamic' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060217
CVE-2017-1000371

+ Linux 'ldso_hwcap_64' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060216
CVE-2017-1000379

+ Linux 'ldso_hwcap' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060215
CVE-2017-1000370

+ Linux 'offset2lib' Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060214
CVE-2017-1000371
CVE-2017-1000370

+ Kaspersky Anti-Virus for Linux File Server Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/99330
CVE-2017-9813
CVE-2017-9810
CVE-2017-9811
CVE-2017-9812

セキュリティ診断のイロハ
サーバー脆弱性を根本対策できる三つのパターン
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061900006/?ST=security&itp_list_theme

国内大手のセキュリティ人材育成
国内最大のセキュリティ人材抱えるNTT、3万人の活かし方
http://itpro.nikkeibp.co.jp/atcl/column/17/062200255/062900004/?ST=security&itp_list_theme

セグメントを細かく分けてクラウドを守る、TEDのセキュリティー製品「APEIRO」
http://itpro.nikkeibp.co.jp/atcl/news/17/062901806/?ST=security&itp_list_theme

ニュース解説
ロシアで猛威のPetyaで分かった、セキュリティ会社の不確かさ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/062901039/?ST=security&itp_list_theme

カブドットコム証券にDDoS攻撃、検知から約38分後にブロック
http://itpro.nikkeibp.co.jp/atcl/news/17/062901804/?ST=security&itp_list_theme

How to keep Debian Linux patched with latest security updates automatically
http://www.linuxsecurity.com/content/view/171967/169/

Linux: A Hacker’s Preference
http://www.linuxsecurity.com/content/view/171966/169/

A critical flaw allows hacking Linux machines with just a malicious DNS Response
http://www.linuxsecurity.com/content/view/171965/169/

29日 木曜日、仏滅

+ マイクロソフト セキュリティ アドバイザリ 4033453 Azure AD Connect の脆弱性により特権が昇格される
https://technet.microsoft.com/ja-jp/library/security/4033453
CVE-2017-8613

+ RHSA-2017:1615 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1615
CVE-2017-2583
CVE-2017-6214
CVE-2017-7477
CVE-2017-7645
CVE-2017-7895

+ RHSA-2017:1595 Moderate: openstack-nova and python-novaclient security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1595
CVE-2017-7214

+ RHSA-2017:1581 Important: freeradius security update
https://access.redhat.com/errata/RHSA-2017:1581
CVE-2017-9148

+ UPDATE: Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc

+ UPDATE: Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1

+ UPDATE: Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2

+ Microsoft MsMpEng mpengine x86 Emulator Heap Corruption in VFS API
https://cxsecurity.com/issue/WLB-2017060212

+ Linux kernel CVE-2017-9984 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/99314
CVE-2017-9984

+ Linux Kernel CVE-2017-7482 Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/99299
CVE-2017-7482

+ Linux Kernel CVE-2017-8797 Denial of Service Vulnerability
http://www.securityfocus.com/bid/99298
CVE-2017-8797

JVNDB-2017-000145 e-Taxソフト (WEB 版) 事前準備セットアップのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000145.html

JVNDB-2017-000146 Marp の JavaScript 実行処理におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000146.html

セキュリティ診断のイロハ
脆弱性スキャナーでオープンポートを自動診断
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061900005/?ST=security&itp_list_theme

IoT時代の最新SELinux入門
コンテナのセキュリティ保護、SELinuxはどう役立つか
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/052600004/?ST=security&itp_list_theme

国内大手のセキュリティ人材育成
WannaCryに襲われた日立、セキュリティ人材1万人の確保急ぐ
http://itpro.nikkeibp.co.jp/atcl/column/17/062200255/062700003/?ST=security&itp_list_theme

IPAが感染拡大するランサムウエアの対策を呼びかけ、日本では被害確認なし
http://itpro.nikkeibp.co.jp/atcl/news/17/062801796/?ST=security&itp_list_theme

アクロニスが企業向けバックアップソフト刷新、ランサムウエアから保護
http://itpro.nikkeibp.co.jp/atcl/news/17/062801788/?ST=security&itp_list_theme

ITproアーカイブス
「マクドナルドのシステム障害」関連記事
http://itpro.nikkeibp.co.jp/atcl/column/17/040700124/062800004/?ST=security&itp_list_theme

［特報］「WannaCry亜種に感染」、マクドナルド障害のマルウエア判明
http://itpro.nikkeibp.co.jp/atcl/news/17/062801786/?ST=security&itp_list_theme

イオングループでクラウド決済「J-Mups」に障害、システム更改が原因か
http://itpro.nikkeibp.co.jp/atcl/news/17/062801785/?ST=security&itp_list_theme

新たなランサムウエア攻撃が世界で拡大中、「WannaCry」より危険との声も
http://itpro.nikkeibp.co.jp/atcl/news/17/062801782/?ST=security&itp_list_theme

JVN#34508179 「事前準備セットアップファイル」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN34508179/

What Are Linux Logs? How to View Them, Most Important Directories, and More
http://www.linuxsecurity.com/content/view/171952/169/

New Research Shows Cybersecurity Battleground Shifting to Linux and Web Servers
http://www.linuxsecurity.com/content/view/171951/169/

28日 水曜日、先負

+ RHSA-2017:1576 Important: mercurial security update
https://access.redhat.com/errata/RHSA-2017:1576
CVE-2017-9462

+ Linux kernel 3.10.107 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.107

+ Apache Tomcat 8.5.16 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.16_(markt)

+ Linux Kernel NFSv4 Server Input Validation Flaw in pNFS LAYOUTGET Command Lets Remote Users Cause the Target Service to Crash
http://www.securitytracker.com/id/1038790
CVE-2017-8797

+ Linux Kernel Kerberos RxRPC Ticket Decoding Bug Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038787
CVE-2017-7482

+ Microsoft Office Word Malicious Hta Execution
https://cxsecurity.com/issue/WLB-2017040167
CVE-2017-0199

+ NTFS 3.1 - Master File Table Denial of Service
https://cxsecurity.com/issue/WLB-2017060201

+ Microsoft Skype 'MSFTEDIT.DLL' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/99281
CVE-2017-9948

JVNDB-2017-000151 東芝ライテック製ホームゲートウェイにおけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000151.html

JVNDB-2017-000150 東芝ライテック製ホームゲートウェイにおける OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000150.html

JVNDB-2017-000149 東芝ライテック製ホームゲートウェイにおける認証情報がハードコードされている問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000149.html

JVNDB-2017-000148 東芝ライテック製ホームゲートウェイにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000148.html

JVNDB-2017-000147 東芝ライテック製ホームゲートウェイにおけるドキュメントに記載されていない開発用画面が存在する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000147.html

ゼロから挑戦！IoT開発
IoTには必ずバグがある
http://itpro.nikkeibp.co.jp/atcl/column/17/030900077/062600008/?ST=security&itp_list_theme

ニュース解説
マクドナルドはどうして障害原因が「WannaCryかも」と言ったのか
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/062701034/?ST=security&itp_list_theme

今後3年でサイバー保険の市場規模は4倍の8000億円に、AIGグループ
http://itpro.nikkeibp.co.jp/atcl/news/17/062701781/?ST=security&itp_list_theme

WannaCryに偽旗作戦の疑いあり、マカフィーが分析
http://itpro.nikkeibp.co.jp/atcl/news/17/062701780/?ST=security&itp_list_theme

［続報］メルカリが個人情報流出で新情報、実際は「有効期限0秒のキャッシュ」
http://itpro.nikkeibp.co.jp/atcl/news/17/062701776/?ST=security&itp_list_theme

Idea to encrypt Web traffic at rest hits the IETF's Standard Track
http://www.linuxsecurity.com/content/view/171944/169/

How to secure your CMS with out patching
http://www.linuxsecurity.com/content/view/171943/169/

Even weak hackers can pull off a password reset MitM attack via account registration
http://www.linuxsecurity.com/content/view/171942/169/

27日 火曜日、友引

+ Google Chrome 59.0.3071.115 released
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_26.html

+ UPDATE: Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp

+ UPDATE: Cisco IOS XR Software Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios

+ UPDATE: Cisco IOS XR Software Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1

+ Linux kernel 4.4.74, 3.18.58 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.74
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.58

+ SA77544 Hitachi Multiple Products Apache Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/77544/
CVE-2016-8743

+ Microsoft Skype 'MSFTEDIT.DLL' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/99281

JVNDB-2017-000144 文部科学省が提供する電子入札設定チェックツールにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000144.html

国内大手のセキュリティ人材育成
「セキュリティを完全に体に染み込ませる」、NECの受注拡大作戦
http://itpro.nikkeibp.co.jp/atcl/column/17/062200255/062600002/?ST=security&itp_list_theme

Google、無償版Gmailのメールスキャンを年内に停止へ
http://itpro.nikkeibp.co.jp/atcl/news/17/062601759/?ST=security&itp_list_theme

Linux Security Week: June 26th, 2017
http://www.linuxsecurity.com/content/view/171924/187/

Basic Security Testing with Kali Linux
http://www.linuxsecurity.com/content/view/171923/169/

3 security tips for software developers
http://www.linuxsecurity.com/content/view/171922/169/

26日 月曜日、先勝

+ CESA-2017:1574 Moderate CentOS 7 sudo Security Update
https://lwn.net/Alerts/726307/

+ CESA-2016:2872 Moderate CentOS 7 sudo Security Update
https://lwn.net/Alerts/726309/

+ CESA-2017:1574 Moderate CentOS 6 sudo Security Update
https://lwn.net/Alerts/726308/

+ Mozilla Thunderbird 52.2.1 released
https://www.mozilla.org/en-US/thunderbird/52.2.1/releasenotes/

+ VMware Workstation 12 Player Version 12.5.7 Released
http://pubs.vmware.com/Release_Notes/en/workstation/12/player-1257-release-notes.html

+ Linux kernel 4.11.7, 4.9.34 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.34

+ hitachi-sec-2017-116 Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-116/index.html
CVE-2016-8743

+ hitachi-sec-2017-115 Multiple Vulnerabilities in Cosminexus HTTP Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-115/index.html
CVE-2016-7055
CVE-2017-3731
CVE-2017-3732

+ hitachi-sec-2017-116 Cosminexus HTTP Server, Hitachi Web Serverにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-116/index.html
CVE-2016-8743

+ hitachi-sec-2017-115 Cosminexus HTTP Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-115/index.html
CVE-2016-7055
CVE-2017-3731
CVE-2017-3732

+ Symantec Messaging Gateway Multiple Flaws Let Remote Users Bypass Security Restrictions and Execute Arbitrary Code
http://www.securitytracker.com/id/1038785
CVE-2017-6324
CVE-2017-6325
CVE-2017-6326

+ Microsoft Windows Defender File Processing Flaw in Malware Protection Engine Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038784
CVE-2017-8558

+ Microsoft Forefront Endpoint Protection File Processing Flaw in Microsoft Malware Protection Engine Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038783
CVE-2017-8558

+ Microsoft Edge CssParser::RecordProperty Type Confusion
https://cxsecurity.com/issue/WLB-2017060188
CVE-2017-8496

+ Symantec Messaging Gateway Remote Code Execution
https://cxsecurity.com/issue/WLB-2017060186

+ Linux Kernel CVE-2017-7518 Privilage Escalation Vulnerability
http://www.securityfocus.com/bid/99263
CVE-2017-7518

+ Microsoft Malware Protection Engine CVE-2017-8558 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/99262
CVE-2017-8558

+ NetBSD CVE-2017-1000378 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/99255
CVE-2017-1000378

JVNDB-2017-000142 キャラミんOMP のインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000142.html

辻伸弘の裏読みセキュリティ事件簿
どんなパソコンが感染したのか、WannaCryを再検証
http://itpro.nikkeibp.co.jp/atcl/column/16/012900025/062300042/?ST=security&itp_list_theme

ニュース解説
初のセキュリティ国家資格試験、「講習義務付け」で敬遠されたか？
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/062201027/?ST=security&itp_list_theme

趙 章恩「Korea on the Web」
ランサムウエア身代金に1億3000万円払った韓国IT企業、データは戻ったか
http://itpro.nikkeibp.co.jp/atcl/column/14/549762/062200152/?ST=security&itp_list_theme

国内大手のセキュリティ人材育成
「セキュリティの分からないSE」はもういらない？富士通の1万人計画
http://itpro.nikkeibp.co.jp/atcl/column/17/062200255/062200001/?ST=security&itp_list_theme

ラックとMSがIDセキュリティの推進団体、「Azure利用は前提としない」
http://itpro.nikkeibp.co.jp/atcl/news/17/062301751/?ST=security&itp_list_theme

［特報］NTTがセキュリティ人材を3万人育成、2020年までの目標値の3倍達成
http://itpro.nikkeibp.co.jp/atcl/news/17/062201735/?ST=security&itp_list_theme

Linux Advisory Watch: June 23rd, 2017
http://www.linuxsecurity.com/content/view/171905/187/

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns
http://www.linuxsecurity.com/content/view/171904/169/

8 Hot Hacking Tools to Come out of Black Hat USA
http://www.linuxsecurity.com/content/view/171903/169/

23日 金曜日、先負

+ RHSA-2017:1574 Moderate: sudo security update
https://access.redhat.com/errata/RHSA-2017:1574
CVE-2017-1000368

+ CESA-2017:1561 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/726218/

+ CESA-2017:1561 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/726219/

+ UPDATE: JVNVU#98416507 Apache HTTP Web Server における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU98416507/

+ UPDATE: JVNVU#94071181 ISC BIND に複数の脆弱性
http://jvn.jp/vu/JVNVU94071181/

+ UPDATE: JVNVU#95420726 Apache Tomcat にセキュリティ制限回避の脆弱性
http://jvn.jp/vu/JVNVU95420726/

+ OpenVPN Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code
http://www.securitytracker.com/id/1038768
CVE-2017-7508
CVE-2017-7520
CVE-2017-7521
CVE-2017-7522

+ Microsoft Windows '0x224000 IOCTL (WmiQueryAllData)' Kernel WMIDataDevice Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060163
CVE-2017-8489

+ Microsoft Windows 'nt!NtNotifyChangeDirectoryFile' Kernel Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060164
CVE-2017-0299

+ Microsoft Windows 'IOCTL_DISK_GET_DRIVE_GEOMETRY_EX' Kernel partmgr Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060169

+ Microsoft Windows 'IOCTL_DISK_GET_DRIVE_LAYOUT_EX' Kernel partmgr Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060168
CVE-2017-8469

+ Microsoft Windows 'IOCTL 0x390400, operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060167
CVE-2017-8487

+ Microsoft Windows 'IOCTL_MOUNTMGR_QUERY_POINTS' Kernel Mountmgr Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060166
CVE-2017-8488

+ Microsoft Windows 'nt!NtQueryVolumeInformationFile (FileFsVolumeInformation)' Kernel Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060165
CVE-2017-8462

+ Microsoft Windows 'IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS' volmgr Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060162
CVE-2017-8491

+ Microsoft Windows 'nt!KiDispatchException' Kernel Stack Memory Disclosure in Exception Handling
https://cxsecurity.com/issue/WLB-2017060161
CVE-2017-8482

+ Microsoft Windows 'win32k!NtGdiEnumFonts' Kernel Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060160
CVE-2017-8490

PgBackMan 1.2.0 released
https://www.postgresql.org/about/news/1759/

UPDATE: JVNVU#92606107 libmtk 向けの httpd プラグインを使用する複数の WiMAX ルータに認証回避の脆弱性
http://jvn.jp/vu/JVNVU92606107/

セキュリティ診断のイロハ
稼働中ソフトの推定から脆弱性スキャンまで、Nmapを使ったセキュリティ診断
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061900004/?ST=security&itp_list_theme

AIと倫理
日本ではタブーな話題？AIの軍事利用
http://itpro.nikkeibp.co.jp/atcl/column/17/051800199/062100009/?ST=security&itp_list_theme

Web版メルカリで個人情報流出、システムの切り替え作業ミスで
http://itpro.nikkeibp.co.jp/atcl/news/17/062201744/?ST=security&itp_list_theme

キヤノン製複合機とプリンターにWannaCryの脆弱性の可能性
http://itpro.nikkeibp.co.jp/atcl/news/17/062201742/?ST=security&itp_list_theme

警察庁がWannaCry亜種のレポート公開、感染に気付かず拡大の恐れ
http://itpro.nikkeibp.co.jp/atcl/news/17/062201741/?ST=security&itp_list_theme

Stack Clash flaws blow local root holes in loads of top Linux programs
http://www.linuxsecurity.com/content/view/171889/169/

OpenVPN taken to task after audit ignores remote code execution flaws
http://www.linuxsecurity.com/content/view/171888/169/

22日 木曜日、友引

+ RHSA-2017:1561 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2017:1561

+ CESA-2017:1484 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/726096/

+ Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-vpc
CVE-2017-6678

+ Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-wnrp
CVE-2017-6669

+ Cisco Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm1
CVE-2017-6662

+ Cisco Wide Area Application Services TCP Fragment Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-waas
CVE-2017-6721

+ Cisco Unified Contact Center Express Clear Text Authentication Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ucce
CVE-2017-6722

+ Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf1
CVE-2017-6725

+ Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piwf
CVE-2017-6724

+ Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4
CVE-2017-6700

+ Cisco Prime Infrastructure and Evolved Programmable Network Manager Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm3
CVE-2017-6699

+ Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm2
CVE-2017-6698

+ Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp4
CVE-2017-6706

+ Cisco Prime Collaboration Provisioning Tool Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp3
CVE-2017-6705

+ Cisco Prime Collaboration Provisioning Tool Arbitrary File Download Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp2
CVE-2017-6704

+ Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1
CVE-2017-6703

+ Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ise1
CVE-2017-6605

+ Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ise
CVE-2017-6701

+ Cisco IOS XR Software Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios1
CVE-2017-6718

+ Cisco IOS XR Software Local Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-ios
CVE-2017-6719

+ Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fpmc
CVE-2017-6717

+ Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2
CVE-2017-6716

+ Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1
CVE-2017-6715

+ Cisco SocialMiner Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm
CVE-2017-6702

+ Cisco StarOS for ASR 5000 Series Routers IPsec VPN Tunnel Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-asr
CVE-2017-3865

+ SA77539 McAfee Security for Microsoft Exchange PostgreSQL Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77539/
VE-2016-0703
CVE-2016-0704
CVE-2016-5423
CVE-2016-5424

+ UPDATE: JVNVU#94071181 ISC BIND に複数の脆弱性
http://jvn.jp/vu/JVNVU94071181/index.html

+ OpenVPN Multiple Vulnerabilities post-audit bug bonanza
https://cxsecurity.com/issue/WLB-2017060152
CVE-2017-7520
CVE-2017-7521
CVE-2017-7522
CVE-2017-7508

+ Microsoft Windows Kernel DeviceApi Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017060151
CVE-2017-8474

PL/Java 1.5.1-BETA1 announced; security note.
https://www.postgresql.org/about/news/1758/

IoT時代の最新SELinux入門
動かしてわかるSELinuxセキュリティの基本
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/052500003/?ST=security&itp_list_theme

今日も誰かが狙われる
繰り返される悲劇、「1億円あげます」メールの罠
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/061900005/?ST=security&itp_list_theme

ニュース解説
次に来るネットワーク技術、Interopの受賞製品を分析
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061601020/?ST=security&itp_list_theme

セキュリティ診断のイロハ
セキュリティ診断、稼働中のサービスを探す前にやること
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061900003/?ST=security&itp_list_theme

日本IBM、セキュリティ被害の初動対応を支援する「X-Force IRIS」サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/062101726/?ST=security&itp_list_theme

マックの障害が復旧、マルウエアの正体は「解析中」
http://itpro.nikkeibp.co.jp/atcl/news/17/062101720/?ST=security&itp_list_theme

SBSホールディングスのシステム障害、ランサムウエアに感染するも現在は復旧
http://itpro.nikkeibp.co.jp/atcl/news/17/062101719/?ST=security&itp_list_theme

ホンダの狭山工場、WannaCry感染で1000台生産できず
http://itpro.nikkeibp.co.jp/atcl/news/17/062101717/?ST=security&itp_list_theme

ホンダが工場など複数拠点でWannaCry感染、一部の生産に影響
http://itpro.nikkeibp.co.jp/atcl/news/17/062101713/?ST=security&itp_list_theme

Honeypots and the Internet of Things
http://www.linuxsecurity.com/content/view/171870/169/

Ztorg malware hid in Google Play to send premium-rate SMS texts, delete incoming SMS messages
http://www.linuxsecurity.com/content/view/171869/169/

21日 水曜日、先勝

+ Google Chrome 59.0.3071.109 released
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_20.html

+ CESA-2017:1481 Important CentOS 7 glibc Security Update
https://lwn.net/Alerts/725948/

+ CESA-2017:1480 Important CentOS 6 glibc Security Update
https://lwn.net/Alerts/725947/

+ CESA-2017:1486 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/725949/

+ Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: January and February 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl
CVE-2017-3730
CVE-2017-3731
CVE-2017-3732

+ UPDATE: Oracle Critical Patch Update Advisory - April 2017
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

+ JVNVU#98416507 Apache HTTP Web Server における複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU98416507/
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679

+ Linux Kernel Small Stack Guard Page Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038724
CVE-2017-1000364

+ Glibc Stack/Heap Memory Allocation Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038712
CVE-2017-1000366

+ Apache HTTPD Bugs Let Remote Users Deny Service and Bypass Authentication in Certain Cases
http://www.securitytracker.com/id/1038711
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679

+ Linux Kernel CVE-2017-1000365 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/99156
CVE-2017-1000365

+ Linux Kernel CVE-2017-1000370 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/99149
CVE-2017-1000370

JVNDB-2017-000140 WordPress 用プラグイン Event Calendar WD におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000140.html

JVNDB-2017-000141 アイ・オー・データ製の複数のネットワークカメラ製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000141.html

JVNDB-2017-000138 HOME SPOT CUBE2 のステータス画面におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000138.html

JVNDB-2017-000137 HOME SPOT CUBE2 のステータス画面における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000137.html

JVNDB-2017-000136 HOME SPOT CUBE2 のステータス画面におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000136.html

JVNDB-2017-000135 HOME SPOT CUBE2 の時刻設定機能における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000135.html

UPDATE: JVNTA#99970831 制御システムを狙う CrashOverride マルウェアの脅威
http://jvn.jp/ta/JVNTA99970831/

JVNVU#93495727 Acronis True Image に更新がセキュアに行われない脆弱性
http://jvn.jp/vu/JVNVU93495727/

UPDATE: JVNVU#97705299 HPE SiteScope に複数の脆弱性
http://jvn.jp/vu/JVNVU97705299/

JVN#73550134 WordPress 用プラグイン Event Calendar WD におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN73550134/

JVN#65411235 アイ・オー・データ製の複数のネットワークカメラ製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN65411235/

RSA、認証・SSO製品の強化でいつもと違うログインに追加認証
http://itpro.nikkeibp.co.jp/atcl/news/17/062001706/?ST=security&itp_list_theme

Stack Clash vulnerabilities smash Linux defenses in the quest for root access
http://www.linuxsecurity.com/content/view/171855/169/

pyrasite ? Inject Code Into Running Python Processes
http://www.linuxsecurity.com/content/view/171854/169/

20日 火曜日、赤口

+ RHSA-2017:1480 Important: glibc security update
https://access.redhat.com/errata/RHSA-2017:1480
CVE-2017-1000366

+ RHSA-2017:1486 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:1486
CVE-2017-1000364

+ RHSA-2017:1484 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:1484
CVE-2017-1000364

+ RHSA-2017:1481 Important: glibc security update
https://access.redhat.com/errata/RHSA-2017:1481
CVE-2017-1000366

+ Linux Kernel CVE-2017-1000371 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/99131
CVE-2017-1000371

+ Linux Kernel CVE-2017-1000364 Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/99130
CVE-2017-1000364

+ GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/99127
CVE-2017-1000366

+ Linux Kernel 'sound/core/timer.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/99121
CVE-2017-1000380

VU#489392 Acronis True Image fails to update itself securely
https://www.kb.cert.org/vuls/id/489392

セキュリティ診断のイロハ
セキュリティ診断が必要なサーバーを漏れなく洗い出す
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061600002/?ST=security&itp_list_theme

マックのシステム障害はマルウエアが原因、大量パケットで通信が遮断
http://itpro.nikkeibp.co.jp/atcl/news/17/061901699/?ST=security&itp_list_theme

WikiLeaks emits CIA's Wi-Fi pwnage tool docs
http://www.linuxsecurity.com/content/view/171821/169/

Security-Oriented Alpine Linux 3.6.2 OS Adds Linux Kernel 4.9.32 and Tor 0.3.0.8
http://www.linuxsecurity.com/content/view/171820/169/

Ubuntu 17.10 to Improve Secure Boot for Booting Windows from GRUB, Enable PIE
http://www.linuxsecurity.com/content/view/171819/169/

How to install Linux on a Chromebook (and why you should)
http://www.linuxsecurity.com/content/view/171818/169/

19日 月曜日、大安

+ MantisBT 2.5.1, 2.5.0 and 2.4.2 released
http://www.mantisbt.org/blog/?p=529

+ Linux kernel 4.11.6, 4.9.33, 4.4.73 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.33
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.73

+ Apache HTTP Server 2.4.26 Released
http://www.apache.org/dist/httpd/Announcement2.4.html

+ Sudo get_process_ttyname() Privilege Escalation
https://cxsecurity.com/issue/WLB-2017060118
CVE-2017-1000367

+ Wireshark MP4/DAAP Dissector Bugs Let Remote Users Consume Excessive Memory Resources
http://www.securitytracker.com/id/1038706
CVE-2017-9616
CVE-2017-9617

+ Microsoft Windows OLE 'olecnv32.dll' File Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038702
CVE-2017-8487

+ Windows RPC Request Processing Bug in Routing and Remote Access Service Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1038701
CVE-2017-8461

+ Linux Kernel 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/99095
CVE-2017-9605

JVNVU#99188315 Samsung Magician に更新がセキュアに行われない脆弱性
http://jvn.jp/vu/JVNVU99188315/

セキュリティ診断のイロハ
自分でもできる！サーバーのセキュリティ診断
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061600001/?ST=security&itp_list_theme

Google、Yahoo、Appleのフィッシングサイトが急増、ウェブルートの脅威レポート
http://itpro.nikkeibp.co.jp/atcl/news/17/061601684/?ST=security&itp_list_theme

Facebook、テロ関連コンテンツ対策にもAIを活用
http://itpro.nikkeibp.co.jp/atcl/news/17/061601681/?ST=security&itp_list_theme

Linux Advisory Watch: June 16th, 2017
http://www.linuxsecurity.com/content/view/171801/187/

Brit hacker admits he siphoned info from US military satellite network
http://www.linuxsecurity.com/content/view/171800/169/

CIA has been hacking into Wi-Fi routers for years, leaked documents show
http://www.linuxsecurity.com/content/view/171799/169/

16日 金曜日、友引

+ Google Chrome 59.0.3071.104 released
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop_15.html
CVE-2017-5087
CVE-2017-5088
CVE-2017-5089

+ CESA-2017:1440 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/725480/

+ CESA-2017:1440 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/725481/

+ MFSA 2017-17 Security vulnerabilities fixed in Thunderbird 52.2
https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7756
CVE-2017-7757
CVE-2017-7778
CVE-2017-7758
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-5470

+ CVE-2017-3141: Windows service and uninstall paths are not quoted when BIND is installed
https://kb.isc.org/article/AA-01496
CVE-2017-3141

+ Operational Notification: LMDB integration problems with BIND 9.11.0 and 9.11.1
https://kb.isc.org/article/AA-01497

+ CVE-2017-3140: An error processing RPZ rules can cause named to loop endlessly after handling a query
https://kb.isc.org/article/AA-01495
CVE-2017-3140

+ Linux kernel 4.1.41, 3.10.106 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.41
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.106

+ JVNVU#94071181 ISC BIND に複数の脆弱性
http://jvn.jp/vu/JVNVU94071181/
CVE-2017-3140
CVE-2017-3141

+ libcurl 'file' Protocol Buffer Overflow Lets Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1038697
CVE-2017-9502

+ BIND Windows Installer Unquoted Service Path Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038693
CVE-2017-3141

+ BIND RPZ Rule Processing Bug Lets Remote Users Deny Service
http://www.securitytracker.com/id/1038692
CVE-2017-3140

VU#846320 Samsung Magician fails to update itself securely
https://www.kb.cert.org/vuls/id/846320

JVNDB-2017-000139 WordPress 用プラグイン WP Job Manager におけるアクセス制限不備の問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000139.html

JVNVU#97705299 HPE SiteScope に複数の脆弱性
http://jvn.jp/vu/JVNVU97705299/

JVN#65154137 電子納品チェックシステム（農林水産省農業農村整備事業版）のインストーラにおける DLL 読み込みの脆弱性
http://jvn.jp/jp/JVN65154137/index.html

ゼロから挑戦！IoT開発
セキュリティのないIoTは世界の害悪である
http://itpro.nikkeibp.co.jp/atcl/column/17/030900077/061400007/?ST=security&itp_list_theme

「明日あなたが狙われる」と予測できてこそAI、シマンテックのAI戦略
http://itpro.nikkeibp.co.jp/atcl/news/17/061501670/?ST=security&itp_list_theme

Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021
http://www.linuxsecurity.com/content/view/171790/169/

Buggy devices and lazy operators make VoLTE a security nightmare
http://www.linuxsecurity.com/content/view/171789/169/

Parrot Security OS Devs Mock systemd: It's an Immature Init System for GNU/Linux
http://www.linuxsecurity.com/content/view/171788/169/

15日 木曜日、先勝

+ RHSA-2017:1440 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:1440
CVE-2017-5470
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7756
CVE-2017-7757
CVE-2017-7758
CVE-2017-7764
CVE-2017-7771
CVE-2017-7772
CVE-2017-7773
CVE-2017-7774
CVE-2017-7775
CVE-2017-7776
CVE-2017-7777
CVE-2017-7778

+ CESA-2017:1430 Important CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/725357/

+ Mozilla Thunderbird 52.2.0 released
https://www.mozilla.org/en-US/thunderbird/52.2.0/releasenotes/

+ Linux kernel 4.11.5, 4.9.32, 4.4.72, 3.18.57 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.32
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.72
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.57

+ ISC BIND 9.11.1-P1, 9.10.5-P1, 9.9.10-P1 released
http://ftp.isc.org/isc/bind9/9.11.1-P1/RELEASE-NOTES-bind-9.11.1-P1.html
http://ftp.isc.org/isc/bind9/9.10.5-P1/RELEASE-NOTES-bind-9.10.5-P1.html
http://ftp.isc.org/isc/bind9/9.9.10-P1/RELEASE-NOTES-bind-9.9.10-P1.html

+ Postfix stable release 3.2.2 and legacy releases 3.1.6, 3.0.10 and 2.11.10
http://www.postfix.org/announcements/postfix-3.2.2.html

UPDATE: JVN#01014759 Android アプリ「LaLa Call」における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/jp/JVN01014759/index.html

IoT時代の最新SELinux入門
わかりにくいSELinuxセキュリティの勘所を図で理解
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/052500002/?ST=security&itp_list_theme

「もう絶望しない」、トイレ空き状況がリアルタイムで分かる小田急線新宿駅
http://itpro.nikkeibp.co.jp/atcl/news/17/061401651/?ST=security&itp_list_theme

The 15 worst data security breaches of the 21st Century
http://www.linuxsecurity.com/content/view/171774/169/

DevSecOps is Not a Security Panacea
http://www.linuxsecurity.com/content/view/171773/169/

BlackArch Linux Ethical Hacking and Pen Testing OS Now Offers over 1,800 Tools
http://www.linuxsecurity.com/content/view/171772/169/

14日 水曜日、赤口

+ RHSA-2017:1439 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:1439
CVE-2017-3075
CVE-2017-3076
CVE-2017-3077
CVE-2017-3078
CVE-2017-3079
CVE-2017-3081
CVE-2017-3082
CVE-2017-3083
CVE-2017-3084

+ RHSA-2017:1430 Important: qemu-kvm security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1430
CVE-2017-7718
CVE-2017-7980

+ Mozilla Firefox 54.0 released
https://www.mozilla.org/en-US/firefox/54.0/releasenotes/

+ MFSA2017-15 Security vulnerabilities fixed in Firefox 54
https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/
CVE-2017-5472
CVE-2017-7749
CVE-2017-7750
CVE-2017-7751
CVE-2017-7752
CVE-2017-7754
CVE-2017-7755
CVE-2017-7756
CVE-2017-7757
CVE-2017-7778
CVE-2017-7758
CVE-2017-7759
CVE-2017-7760
CVE-2017-7761
CVE-2017-7762
CVE-2017-7763
CVE-2017-7764
CVE-2017-7765
CVE-2017-7766
CVE-2017-7767
CVE-2017-7768
CVE-2017-7770
CVE-2017-5471
CVE-2017-5470

+ APSB17-17 Security updates available for Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-17.html
CVE-2017-3075
CVE-2017-3081
CVE-2017-3083
CVE-2017-3084
CVE-2017-3076
CVE-2017-3077
CVE-2017-3078
CVE-2017-3079
CVE-2017-3082

+ APSB17-18 Security updates available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb17-18.html
CVE-2017-3086

+ APSB17-19 Security updates available for Adobe Captivate
https://helpx.adobe.com/security/products/captivate/apsb17-19.html
CVE-2017-3087

+ APSB17-20 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html
CVE-2017-3088
CVE-2017-3089
CVE-2017-3093
CVE-2017-3096
CVE-2017-3090
CVE-2017-3092
CVE-2017-3097
CVE-2017-3094
CVE-2017-3095

+ 2017 年 6 月のセキュリティ リリース
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99

+ SA77341 Microsoft Lync / Skype for Business Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77341/
CVE-2017-0283
CVE-2017-8527

+ SA77310 Microsoft Edge Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77310/
CVE-2017-8496
CVE-2017-8497
CVE-2017-8499
CVE-2017-8504
CVE-2017-8517
CVE-2017-8520
CVE-2017-8521
CVE-2017-8522
CVE-2017-8523
CVE-2017-8524
CVE-2017-8529
CVE-2017-8530
CVE-2017-8548
CVE-2017-8549
CVE-2017-8555

+ SA77329 Microsoft Multiple Products Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77329/
CVE-2017-0260
CVE-2017-0282
CVE-2017-0283
CVE-2017-0284
CVE-2017-0285
CVE-2017-0286
CVE-2017-0287
CVE-2017-0288
CVE-2017-0289
CVE-2017-0292
CVE-2017-8506
CVE-2017-8507
CVE-2017-8508
CVE-2017-8509
CVE-2017-8510
CVE-2017-8511
CVE-2017-8512
CVE-2017-8513
CVE-2017-8514
CVE-2017-8527
CVE-2017-8528
CVE-2017-8531
CVE-2017-8532
CVE-2017-8533
CVE-2017-8534
CVE-2017-8550
CVE-2017-8551

+ SA77344 Microsoft Windows Server 2016 Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77344/
CVE-2017-0173
CVE-2017-0193
CVE-2017-0215
CVE-2017-0216
CVE-2017-0218
CVE-2017-0219
CVE-2017-0282
CVE-2017-0283
CVE-2017-0284
CVE-2017-0285
CVE-2017-0287
CVE-2017-0288
CVE-2017-0289
CVE-2017-0291
CVE-2017-0292
CVE-2017-0294
CVE-2017-0295
CVE-2017-0296
CVE-2017-0297
CVE-2017-0298
CVE-2017-0299
CVE-2017-0300
CVE-2017-8460
CVE-2017-8462
CVE-2017-8464
CVE-2017-8465
CVE-2017-8466
CVE-2017-8468
CVE-2017-8470
CVE-2017-8471
CVE-2017-8473
CVE-2017-8474
CVE-2017-8475
CVE-2017-8476
CVE-2017-8477
CVE-2017-8478
CVE-2017-8479
CVE-2017-8480
CVE-2017-8481
CVE-2017-8482
CVE-2017-8483
CVE-2017-8484
CVE-2017-8485
CVE-2017-8489
CVE-2017-8490
CVE-2017-8491
CVE-2017-8492
CVE-2017-8493
CVE-2017-8494
CVE-2017-8515
CVE-2017-8527
CVE-2017-8531
CVE-2017-8532
CVE-2017-8533
CVE-2017-8543
CVE-2017-8544
CVE-2017-8553

+ SA77306 Microsoft Windows Adobe Flash Player Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77306/
CVE-2017-3075
CVE-2017-3076
CVE-2017-3077
CVE-2017-3078
CVE-2017-3079
CVE-2017-3081
CVE-2017-3082
CVE-2017-3083
CVE-2017-3084

+ SA77307 Microsoft Internet Explorer Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/77307/
CVE-2017-8517
CVE-2017-8519
CVE-2017-8522
CVE-2017-8524
CVE-2017-8529
CVE-2017-8547

VU#768399 HPE SiteScope contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/768399

JVNDB-2017-000116 QuickTime for Windows のインストーラにおける任意の DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000116.html

JVNDB-2017-000128 WordPress 用プラグイン WordPress Download Manager におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000128.html

JVNDB-2017-000127 WordPress 用プラグイン WordPress Download Manager におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000127.html

JVNDB-2017-000133 ソースコードセキュリティ検査ツール iCodeChecker におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000133.html

JVNDB-2017-000132 WordPress 用プラグイン WP-Members におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000132.html

UPDATE: JVN#24087303 環境省が提供する報告書作成支援ツールのインストーラにおける任意のDLL読み込みの脆弱性
http://jvn.jp/jp/JVN24087303/index.html

JVNTA#99970831 制御システムを狙う CrashOverride マルウェアの脅威
http://jvn.jp/ta/JVNTA99970831/index.html

Pirates dance around AACS 2 encryption to offer UHD Blu-Ray movies online
http://www.linuxsecurity.com/content/view/171766/169/

Raspberry Pi sours thanks to mining malware
http://www.linuxsecurity.com/content/view/171765/169/

13日 火曜日、大安

+ UPDATE: Vulnerability in Samba Affecting Cisco Products: May 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba

+ PHP 'main/php_ini.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/99003

JVNDB-2017-000130 防衛装備庁が提供する電子入札・開札システムのインストーラにおける実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000130.html

JVNDB-2017-000131 Android アプリ「サイボウズ KUNAI for Android」におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000131.html

ニュース解説
「選んだ機能で経路が変わる」、ShowNetが示す近未来ネットワークの姿
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/061201010/?ST=security&itp_list_theme

トレンドマイクロのサーバーセキュリティ製品が「Google Cloud」に対応
http://itpro.nikkeibp.co.jp/atcl/news/17/061201634/?ST=security&itp_list_theme

Linux Security Week: June 12th, 2017
http://www.linuxsecurity.com/content/view/171757/187/

Docker Aims to Improve Linux Kernel Security With LinuxKit
http://www.linuxsecurity.com/content/view/171756/169/

pymultitor - Python Multi Threaded Tor Proxy
http://www.linuxsecurity.com/content/view/171755/169/

12日 月曜日、仏滅

+ Debian/Ubuntu Cron Symlink Validation Flaw Lets Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1038651
CVE-2017-9525

+ RSA Identity Management and Governance Input Validation Flaws Let Remote and Remote Authenticated Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1038648
CVE-2017-5003
CVE-2017-5004

+ VMware vSphere Data Protection 5.x/6.x Java Deserialization
https://cxsecurity.com/issue/WLB-2017060079
CVE-2017-4914

+ Apple macOS - Disk Arbitration Daemon Race Condition
https://cxsecurity.com/issue/WLB-2017060073
CVE-2017-2533

+ Apple macOS 10.12.3 / iOS < 10.3.2 Userspace Entitlement Checking Race Condition
https://cxsecurity.com/issue/WLB-2017060072
CVE-2017-7004

+ Linux Kernel ping Denial Of Service
https://cxsecurity.com/issue/WLB-2017060067

JVNDB-2017-000126 電子納品チェックシステム（農林水産省農業農村整備事業版）のインストーラにおける DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000126.html

JVNDB-2017-000129 「事前準備セットアップファイル」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000129.html

JVNDB-2017-000117 CASL II シミュレータ（自己解凍形式）のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000117.html

9日 金曜日、先勝

+ UPDATE: Cisco FirePOWER System Software SSL Logging Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-fpwr

+ UPDATE: Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos

+ PHP 7.1.6, 7.0.20 Released
http://www.php.net/ChangeLog-7.php#7.1.6
http://www.php.net/ChangeLog-7.php#7.0.20

+ VMware Horizon View Client for Mac Command Injection Bug Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1038642
CVE-2017-4918

+ Apache Tomcat Default Servlet Error Handling Bug May Let Remote Users Bypass HTTP Method Restrictions on the Target Error Page
http://www.securitytracker.com/id/1038641

+ Linux Kernel < 4.10.13 'keyctl_set_reqkey_keyring' Local Denial of Service
https://cxsecurity.com/issue/WLB-2017060065
CVE-2017-7472

+ PuTTY < 0.68 'ssh_agent_channel_data' Integer Overflow Heap Corruption
https://cxsecurity.com/issue/WLB-2017060064
CVE-2017-6542

+ Windows UAC Protection Bypass (Via FodHelper Registry Key)
https://cxsecurity.com/issue/WLB-2017060060

VU#251927 CalAmp LMU-3030 devices may not authenticate SMS interface
https://www.kb.cert.org/vuls/id/251927

JVNDB-2017-000120 [Simeji Windows版(β)]文字入力システムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000120.html

JVNDB-2017-000124 セミ・ダイナミック補正支援ソフトウェア SemiDynaEXE のインストーラにおける任意の DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000124.html

JVNDB-2017-000123 座標変換ソフトウェア TKY2JGD のインストーラにおける任意の DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000123.html

JVNDB-2017-000122 標高補正ソフトウェア PatchJGD(標高版) のインストーラにおける任意の DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000122.html

JVNDB-2017-000121 座標補正ソフトウェア PatchJGD のインストーラにおける任意の DLL 読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000121.html

常識破りのIoTセキュリティ
ユーザーはセキュリティを気にしない！ それでも安全なIoTデバイスを
http://itpro.nikkeibp.co.jp/atcl/column/17/052900219/060200006/?ST=security&itp_list_theme

ニュース解説
ダウンロードフォルダーが危ない、「DLL読み込みの脆弱性」でウイルス感染
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/060701007/?ST=security&itp_list_theme

JVNVU#92606107 libmtk 向けの httpd プラグインを使用する複数の WiMAX ルータに認証回避の脆弱性
http://jvn.jp/vu/JVNVU92606107/

Tor Browser 7.0 is released
http://www.linuxsecurity.com/content/view/171703/169/

8日 木曜日、赤口

+ RHSA-2017:1399 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:1399

+ Cisco Prime Data Center Network Manager Server Static Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
CVE-2017-6640

+ Cisco Prime Data Center Network Manager Debug Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
CVE-2017-6639

+ Cisco TelePresence Endpoint Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele
CVE-2017-6648

+ Cisco AnyConnect Local Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect
CVE-2017-6638

+ Cisco Ultra Services Platform Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp2
CVE-2017-6695

+ Cisco Ultra Services Platform Plaintext Credential Logging Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6
CVE-2017-6694

+ Cisco Ultra Services Framework Element Manager Insecure Default Account Information Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf5
CVE-2017-6692

+ Cisco Ultra Services Framework Element Manager Insecure Default Password Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
CVE-2017-6687

+ Cisco Ultra Services Framework Element Manager Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf4
CVE-2017-6686

+ Cisco Ultra Services Framework Staging Server Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf3
CVE-2017-6685

+ Cisco Ultra Services Framework AutoVNF VNFStagingView Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf2
CVE-2017-6681

+ Cisco Ultra Services Framework AutoVNF Arbitrary Direction Creation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf1
CVE-2017-6680

+ Cisco StarOS Arbitrary File Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-staros
CVE-2017-6690

+ Cisco IP Phone 8800 Series SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-sip
CVE-2017-6656

+ Cisco Prime Collaboration Assurance Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca
CVE-2017-6659

+ Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos
CVE-2017-6655

+ Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs
CVE-2017-6666

+ Cisco Industrial Network Director Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind
CVE-2017-6675

+ Cisco Firepower Management Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-fmc
CVE-2017-6673

+ Cisco Elastic Services Controller Web Interface System Credentials Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9
CVE-2017-6697

+ Cisco Elastic Services Controller User Credentials Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
CVE-2017-6696

+ Cisco Elastic Services Controller Unauthorized Directory Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7
CVE-2017-6693

+ Cisco Elastic Services Controller Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
CVE-2017-6691

+ Cisco Elastic Services Controller Insecure Default Administrator Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc5
CVE-2017-6689

+ Cisco Elastic Services Controller Insecure Default Password Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
CVE-2017-6688

+ Cisco Elastic Services Controller Insecure Default Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
CVE-2017-6684

+ Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
CVE-2017-6683

+ Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
CVE-2017-6682

+ Cisco Email Security Appliance Attachment Filter Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa1
CVE-2017-6671

+ Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa
CVE-2017-6661

+ Cisco Unified Communications Domain Manager SQL Injection Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm2
CVE-2017-6668

+ Cisco Unified Communications Domain Manager Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-cucm1
CVE-2017-6670

+ Cisco Context Service SDK Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ccs
CVE-2017-6667

+ Linux kernel 4.11.4, 4.9.31, 4.4.71, 3.18.56 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.31
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.56

+ VMSA-2017-0010 vSphere Data Protection (VDP) updates address multiple security issues.
http://www.vmware.com/security/advisories/VMSA-2017-0010.html
CVE-2017-4914
CVE-2017-4917

+ JVNVU#95420726 Apache Tomcat にセキュリティ制限回避の脆弱性
http://jvn.jp/vu/JVNVU95420726/index.html
CVE-2017-5664

+ VMware vSphere Data Protection Java Deserialization Error Lets Remote Users Execute Arbitrary Code and Password Encryption Method Lets Local Users Obtain Plaintext Password
http://www.securitytracker.com/id/1038617
CVE-2017-4914
CVE-2017-4917

VU#350135 Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin
https://www.kb.cert.org/vuls/id/350135

PGConf.EU 2017 Call for Papers and Sponsors
https://www.postgresql.org/about/news/1754/

check_pgactivity 2.2 released
https://www.postgresql.org/about/news/1753/

JVNDB-2017-000125 AppCheck における実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000125.html

常識破りのIoTセキュリティ
IoTビジネスとセキュリティを3段階と4要素で理解する
http://itpro.nikkeibp.co.jp/atcl/column/17/052900219/053000005/?ST=security&itp_list_theme

今日も誰かが狙われる
“正義のウイルス”出現！？脆弱なIoT機器を使用不能に
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/060500003/?ST=security&itp_list_theme

IoT時代の最新SELinux入門
邪魔者扱いはもう卒業、SELinuxで守るIoTセキュリティ
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/052500001/?ST=security&itp_list_theme

5 Tips For Choosing The Right Open Source Code
http://www.linuxsecurity.com/content/view/171696/169/

Encryption leaves authorities 'not in a good place': Former US intelligence chief
http://www.linuxsecurity.com/content/view/171695/169/

The Dark Web is the place to go to find bugs before public disclosure
http://www.linuxsecurity.com/content/view/171694/169/

7日 水曜日、大安

+ RHSA-2017:1399 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:1399
CVE-2017-5070
CVE-2017-5071
CVE-2017-5072
CVE-2017-5073
CVE-2017-5074
CVE-2017-5075
CVE-2017-5076
CVE-2017-5077
CVE-2017-5078
CVE-2017-5079
CVE-2017-5080
CVE-2017-5081
CVE-2017-5082
CVE-2017-5083
CVE-2017-5085
CVE-2017-5086

+ Linux kernel 3.16.44, 3.2.89 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.44
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.89

+ Samba 4.6.5 Available for Download
https://www.samba.org/samba/history/samba-4.6.5.html

+ Wireshark Multiple Dissector Bugs Lets Remote Users Deny Service
http://www.securitytracker.com/id/1038612
CVE-2017-9343
CVE-2017-9344
CVE-2017-9345
CVE-2017-9346
CVE-2017-9347
CVE-2017-9348
CVE-2017-9349
CVE-2017-9350
CVE-2017-9351
CVE-2017-9352
CVE-2017-9353
CVE-2017-9354

+ BIND 9.10.5 Unquoted Service Path Privilege Escalation
https://cxsecurity.com/issue/WLB-2017060048
CVE-2017-3141

JVNDB-2017-000114脆弱性体験学習ツール AppGoat において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000114.html

JVNDB-2017-000113 脆弱性体験学習ツール AppGoat において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000113.html

JVNDB-2017-000112 脆弱性体験学習ツール AppGoat における情報漏えいの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000112.html

JVNDB-2017-000111 脆弱性体験学習ツール AppGoat において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000111.html

JVNDB-2017-000115 WordPress 用プラグイン Multi Feed Reader における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000115.html

記者の眼
恐れすぎるのは愚かだ、サイバー攻撃はアニメの「防壁迷路」で対処
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/060400850/?ST=security&itp_list_theme

ITproアーカイブス
「Struts2脆弱性」関連記事
http://itpro.nikkeibp.co.jp/atcl/column/17/040700124/060600003/?ST=security&itp_list_theme

児童ポルノなど9割削除、セーファーインターネット協会が2016年実績
http://itpro.nikkeibp.co.jp/atcl/news/17/060601598/?ST=security&itp_list_theme

またもStruts2脆弱性被害、国交省で約20万件の情報流出か
http://itpro.nikkeibp.co.jp/atcl/news/17/060601596/?ST=security&itp_list_theme

Why you must patch the new Linux sudo security hole
http://www.linuxsecurity.com/content/view/171679/169/

6日 火曜日、仏滅

+ Google Chrome 59.0.3071.86 released
https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
CVE-2017-5070
CVE-2017-5071
CVE-2017-5072
CVE-2017-5073
CVE-2017-5074
CVE-2017-5075
CVE-2017-5086
CVE-2017-5076
CVE-2017-5077
CVE-2017-5078
CVE-2017-5079
CVE-2017-5080
CVE-2017-5081
CVE-2017-5082
CVE-2017-5083
CVE-2017-5085

+ UPDATE: OneLogin Breach Guidance for Cisco Customers
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170603-cdol

+ UPDATE: JVNVU#98641178 Ghostscript に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU98641178/index.html

+ Sudo CVE-2017-1000368 Incomplete Fix Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/98838
CVE-2017-1000368

JVNDB-2017-000119 環境省が提供する報告書作成支援ツールのインストーラにおける任意のDLL読み込みの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000119.html

常識破りのIoTセキュリティ
ITセキュリティが使えないIoTの世界、技術の違いを理解する
http://itpro.nikkeibp.co.jp/atcl/column/17/052900219/052900003/?ST=security&itp_list_theme

佐野正弘が斬る！ニュースなアプリの裏側
南相馬市で原発事故の帰還支援、5G時代到来前にあるべき遠隔医療の姿とは
http://itpro.nikkeibp.co.jp/atcl/column/15/040800083/053000108/?ST=security&itp_list_theme

ニュース解説
改正個人情報保護法施行に伴い、JIPDECなどが自主ルール策定
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/060401002/?ST=security&itp_list_theme

CIA's Pandemic Toolkit
http://www.linuxsecurity.com/content/view/171664/169/

Hackers leak 8 unaired episodes of ABC's Steve Harvey’s Funderdome TV series
http://www.linuxsecurity.com/content/view/171663/169/

5日 月曜日、先負

+ Squid 3.5.26 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.26-RELEASENOTES.html

+ Wireshark 2.2.7, 2.0.13 Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.7.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.13.html

+ OneLogin Breach Guidance for Cisco Customers
https://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20170603-cdol

+ UPDATE: Vulnerability in Samba Affecting Cisco Products: May 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba

+ Samba is_known_pipename() Code Execution
https://cxsecurity.com/issue/WLB-2017060026
CVE-2017-7494

+ Sudo get_process_ttyname() Race Condition
https://cxsecurity.com/issue/WLB-2017060025
CVE-2017-1000367

JVNDB-2017-000110 SaAT Personal のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000110.html

JVNDB-2017-000109 SaAT Netizen のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000109.html

JVN#24087303 環境省が提供する報告書作成支援ツールのインストーラにおける任意のDLL読み込みの脆弱性
http://jvn.jp/jp/JVN24087303/index.html

常識破りのIoTセキュリティ
本格普及間近のIoT、今できるセキュリティ対策は？
http://itpro.nikkeibp.co.jp/atcl/column/17/052900219/052900001/?ST=security&itp_list_theme

「保証期間内で軽度のデータ復旧なら無償対応」、バッファローが価格破壊の深層語る
http://itpro.nikkeibp.co.jp/atcl/news/17/060201574/?ST=security&itp_list_theme

Linux Advisory Watch: June 2nd, 2017
http://www.linuxsecurity.com/content/view/171651/187/

Phishing Campaigns Follow Trends
http://www.linuxsecurity.com/content/view/171650/169/

2日 金曜日、赤口

+ CESA-2017:1365 Important CentOS 7 nss Security Update
https://lwn.net/Alerts/724343/

+ CESA-2017:1382 Important CentOS 6 sudo Security Update
https://lwn.net/Alerts/724344/

+ CESA-2017:1364 Important CentOS 6 nss Security Update
https://lwn.net/Alerts/724342/

+ CESA-2017:1382 Important CentOS 7 sudo Security Update
https://lwn.net/Alerts/724345/

+ CESA-2017:1372 Moderate CentOS 6 kernel Security Update
https://lwn.net/Alerts/724341/

+ UPDATE: Vulnerability in Samba Affecting Cisco Products: May 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170530-samba

+ OpenLDAP 2.4.45 released
http://www.openldap.org/

+ JVNDB-2017-000108 Tera Term のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000108.html

+ Trend Micro Deep Security 6.5 XXE / Code Execution
https://cxsecurity.com/issue/WLB-2017060003

Database .NET v22 released
https://www.postgresql.org/about/news/1752/

JVNDB-2017-000107 RW-5100 動作確認ツールにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000107.html

JVNDB-2017-000106 RW-5100 ドライバソフトインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000106.html

JVNDB-2017-000105 RW-4040 動作確認ツールにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000105.html

JVNDB-2017-000104 RW-4040 ドライバソフトインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000104.html

JVNDB-2017-000103 WordPress 用プラグイン WP Live Chat Support におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000103.html

ジュピターテクノロジー、ランサムウエア攻撃を無害化するソフト「Ranstop」を発売
http://itpro.nikkeibp.co.jp/atcl/news/17/060101567/?ST=security&itp_list_theme

UPDATE: JVN#51274854 シャープ製住民基本台帳用 IC カードリーダライタ関連の複数のソフトウェアにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN51274854/

Silk Road founder Ross Ulbricht loses appeal for new trial
http://www.linuxsecurity.com/content/view/171643/169/

Biker group charged with hacking hundreds of Jeeps, motorcycles in crime spree
http://www.linuxsecurity.com/content/view/171642/169/

1日 木曜日、大安

+ UPDATE: Cisco Integrated Management Controller Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3

+ UPDATE: Cisco Integrated Management Controller Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc

+ UPDATE: Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux

+ UPDATE: Cisco Integrated Management Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc1

+ UPDATE: Cisco Integrated Management Controller User Session Hijacking Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2

+ sudo 1.8.20p2 released
https://www.sudo.ws/stable.html#1.8.20p2

+ OpenLDAP Double Free Memory Error Lets Remote Authenticated Users Cause the Target slapd Service to Crash
http://www.securitytracker.com/id/1038591
CVE-2017-9287

+ OpenLDAP 'servers/slapd/back-mdb/search.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/98736
CVE-2017-9287

+ Sudo '/src/ttyname.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/98745
CVE-2017-1000367

New versions of MSSQL-to-PostgreSQL and Oracle-to-PostgreSQL have been released
https://www.postgresql.org/about/news/1751/

AWS Summit Tokyo 2017レポート
AWS採用を前提に整備、シャドーITから始まったKDDIのクラウド統制
http://itpro.nikkeibp.co.jp/atcl/column/17/052600214/053100004/?ST=security&itp_list_theme

Shadow Brokers lay out pitch ? and name price ? for monthly zero-day subscription service
http://www.linuxsecurity.com/content/view/171635/169/

Blockchains are the new Linux, not the new internet
http://www.linuxsecurity.com/content/view/171634/169/