2017年6月30日金曜日

30日 金曜日、大安










+ Mozilla Firefox 54.0.1 released
https://www.mozilla.org/en-US/firefox/54.0.1/releasenotes/

+ CESA-2017:1576 Important CentOS 6 mercurial Security Update
https://lwn.net/Alerts/726756/

+ phpMyAdmin 4.7.2 is released
https://www.phpmyadmin.net/news/2017/6/29/phpmyadmin-472-released/

+ ISC BIND 9.11.1-P2, 9.10.5-P2, 9.9.10-P2 released
http://ftp.isc.org/isc/bind9/9.11.1-P2/RELEASE-NOTES-bind-9.11.1-P2.html
http://ftp.isc.org/isc/bind9/9.10.5-P2/RELEASE-NOTES-bind-9.10.5-P2.html
http://ftp.isc.org/isc/bind9/9.9.10-P2/RELEASE-NOTES-bind-9.9.10-P2.html

+ CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers
https://kb.isc.org/article/AA-01504
CVE-2017-3142

+ CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates
https://kb.isc.org/article/AA-01503
CVE-2017-3143

+ SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
CVE-2017-6736
CVE-2017-6737
CVE-2017-6738

+ Linux kernel 4.11.8, 4.9.35, 4.4.75, 4.1.42, 3.18.59 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.35
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.42
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.59

+ JVNVU#93240386 ServerProtect for Linux における複数の脆弱性
http://jvn.jp/vu/JVNVU93240386/
CVE-2017-9032
CVE-2017-9033
CVE-2017-9034
CVE-2017-9035
CVE-2017-9036
CVE-2017-9037

+ JVNVU#95587881 Deep Discovery Email Inspector に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU95587881/index.html

+ JVNVU#95303354 Deep Discovery Email Inspector に複数の脆弱性
http://jvn.jp/vu/JVNVU95303354/index.html

+ BIND TSIG Authentication Bugs Let Remote Users Bypass Authentication to Transfer or Modify Zone Conetnt
http://www.securitytracker.com/id/1038809
CVE-2017-3142
CVE-2017-3143

+ Kaspersky Anti-Virus for Linux File Server Multiple Flaws Let Remote Users Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks, Remote Authenticated Users View Files on the Target System, and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038798
CVE-2017-9810
CVE-2017-9811
CVE-2017-9812
CVE-2017-9813

+ Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
https://cxsecurity.com/issue/WLB-2017060226
CVE-2017-9812
CVE-2017-9810
CVE-2017-9811
CVE-2017-9813

+ Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
https://cxsecurity.com/issue/WLB-2017060225
CVE-2017-9812
CVE-2017-9810
CVE-2017-9811
CVE-2017-9813

+ Oracle Solaris 11.1 / 11.3 RSH Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060223
CVE-2017-3631

+ OpenBSD 'at' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060222
CVE-2017-1000373
CVE-2017-1000372

+ NetBSD Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060221
CVE-2017-1000375

+ FreeBSD 'FGPU' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060220
CVE-2017-1084

+ FreeBSD 'setrlimit' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060219
CVE-2017-1085

+ FreeBSD 'FGPE' Stack Clash Proof of Concept
https://cxsecurity.com/issue/WLB-2017060218
CVE-2017-1084

+ Linux 'ldso_dynamic' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060217
CVE-2017-1000371

+ Linux 'ldso_hwcap_64' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060216
CVE-2017-1000379

+ Linux 'ldso_hwcap' Local Root Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060215
CVE-2017-1000370

+ Linux 'offset2lib' Stack Clash Exploit
https://cxsecurity.com/issue/WLB-2017060214
CVE-2017-1000371
CVE-2017-1000370

+ Kaspersky Anti-Virus for Linux File Server Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/99330
CVE-2017-9813
CVE-2017-9810
CVE-2017-9811
CVE-2017-9812

セキュリティ診断のイロハ
サーバー脆弱性を根本対策できる三つのパターン
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/061900006/?ST=security&itp_list_theme

国内大手のセキュリティ人材育成
国内最大のセキュリティ人材抱えるNTT、3万人の活かし方
http://itpro.nikkeibp.co.jp/atcl/column/17/062200255/062900004/?ST=security&itp_list_theme

セグメントを細かく分けてクラウドを守る、TEDのセキュリティー製品「APEIRO」
http://itpro.nikkeibp.co.jp/atcl/news/17/062901806/?ST=security&itp_list_theme

ニュース解説
ロシアで猛威のPetyaで分かった、セキュリティ会社の不確かさ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/062901039/?ST=security&itp_list_theme

カブドットコム証券にDDoS攻撃、検知から約38分後にブロック
http://itpro.nikkeibp.co.jp/atcl/news/17/062901804/?ST=security&itp_list_theme

How to keep Debian Linux patched with latest security updates automatically
http://www.linuxsecurity.com/content/view/171967/169/

Linux: A Hacker’s Preference
http://www.linuxsecurity.com/content/view/171966/169/

A critical flaw allows hacking Linux machines with just a malicious DNS Response
http://www.linuxsecurity.com/content/view/171965/169/

ラベル: ,

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)