+ Linux kernel 4.12.10, 4.9.46, 4.4.85, 3.18.68 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.46
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.85
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.68
+ Apache Log4j 2.9.0 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.9.0
JVNDB-2017-000211 「リモートサポートツール(遠隔サポートツール)」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000211.html
今日も誰かが狙われる
便利なウイルス検査サイト、知っておきたい情報漏洩リスク
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/082400009/?ST=security&itp_list_theme
日立ソリューションズ、秘文のランサムウエア対策を強化
http://itpro.nikkeibp.co.jp/atcl/news/17/083002158/?ST=security&itp_list_theme
7 Things to Know About Today's DDoS Attacks
http://www.linuxsecurity.com/content/view/175528/169/
2017年8月31日木曜日
2017年8月30日水曜日
30日 水曜日、先負
+ Selenium Standard Server 3.5.3 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.5.3 released
http://docs.seleniumhq.org/download/
+ UPDATE: APSB17-24 Security Update Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
+ Wireshark 2.4.1, 2.2.9, 2.0.15 released
https://www.wireshark.org/docs/relnotes/wireshark-2.4.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.15.html
+ Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference
https://cxsecurity.com/issue/WLB-2017080197
VU#403768 Akeo Consulting Rufus fails to update itself securely
https://www.kb.cert.org/vuls/id/403768
VMworld 2017 USレポート
ヴイエムウェアが“アプリ目線”の新セキュリティ対策「VMware AppDefense」
http://itpro.nikkeibp.co.jp/atcl/column/17/082400345/082900002/?ST=security&itp_list_theme
100万円切るOSS検査サービス「WhiteSource」が上陸、GDEPソルが提供
http://itpro.nikkeibp.co.jp/atcl/news/17/082902153/?ST=security&itp_list_theme
UK infrastructure failing to meet the most basic cybersecurity standards
http://www.linuxsecurity.com/content/view/175526/169/
Secret NSA code in Intel chips opens backdoor to computers
http://www.linuxsecurity.com/content/view/175525/169/
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.5.3 released
http://docs.seleniumhq.org/download/
+ UPDATE: APSB17-24 Security Update Available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
+ Wireshark 2.4.1, 2.2.9, 2.0.15 released
https://www.wireshark.org/docs/relnotes/wireshark-2.4.1.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.9.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.15.html
+ Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference
https://cxsecurity.com/issue/WLB-2017080197
VU#403768 Akeo Consulting Rufus fails to update itself securely
https://www.kb.cert.org/vuls/id/403768
VMworld 2017 USレポート
ヴイエムウェアが“アプリ目線”の新セキュリティ対策「VMware AppDefense」
http://itpro.nikkeibp.co.jp/atcl/column/17/082400345/082900002/?ST=security&itp_list_theme
100万円切るOSS検査サービス「WhiteSource」が上陸、GDEPソルが提供
http://itpro.nikkeibp.co.jp/atcl/news/17/082902153/?ST=security&itp_list_theme
UK infrastructure failing to meet the most basic cybersecurity standards
http://www.linuxsecurity.com/content/view/175526/169/
Secret NSA code in Intel chips opens backdoor to computers
http://www.linuxsecurity.com/content/view/175525/169/
2017年8月29日火曜日
29日 火曜日、友引
+ Mozilla Firefox 55.0.3 released
https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/
+ Zabbix 3.4.1 released
https://www.zabbix.com/rn3.4.1
+ Linux kernel 4.12.9, 4.9.45, 4.4.84, 3.18.67, 3.16.47, 3.2.92 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.67
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.47
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.92
+ OpenSSL Security Advisory [28 Aug 2017]
https://www.openssl.org/news/secadv/20170828.txt
CVE-2017-3735
+ hitachi-sec-2017-121 DoS Vulnerability in HiRDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-121/index.html
+ hitachi-sec-2017-121 HiRDBにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-121/index.html
+ libpng 1.6.32 released
http://www.libpng.org/pub/png/src/libpng-1.6.32-README.txt
+ Apple iOS <= 10.3.1 kernel exploit
https://cxsecurity.com/issue/WLB-2017080188
+ Kaspersky Internet Security for Android CVE-2017-12816 Security Bypass Vulnerability
http://www.securityfocus.com/bid/100505
CVE-2017-12816
+ Kaspersky Internet Security for Android CVE-2017-12817 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100504
CVE-2017-12817
+ Linux Kernel 'drivers/acpi/acpica/dsutils.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100502
CVE-2017-13693
+ Linux Kernel 'drivers/acpi/acpica/psobject.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100500
CVE-2017-13694
+ Linux Kernel 'drivers/acpi/acpica/nseval.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100497
CVE-2017-13695
JVNDB-2017-000216 フレッツ接続ツールのインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000216.html
JVNDB-2017-000215 セキュリティセットアップツールのインストーラおよびインストーラを含む自己解凍書庫における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000215.html
JVNDB-2017-000214 フレッツインストールツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000214.html
JVNDB-2017-000212 「フレッツ・あずけ~る Windows用PC自動バックアップツール」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000212.html
JVNDB-2017-000210 セキュリティ機能見張り番のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000210.html
JVNDB-2017-000209 Optimal Guard のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000209.html
JVNDB-2017-000203 baserCMS における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000203.html
Linux Security Week: August 28th, 2017
http://www.linuxsecurity.com/content/view/175522/187/
Leak of >1,700 valid passwords could make the IoT mess much worse
http://www.linuxsecurity.com/content/view/175521/169/
Google opens up on Titan security: Here's how chip combats hardware backdoors
http://www.linuxsecurity.com/content/view/175520/169/
Trump signs bill into law allowing warrantless searches in parts of VA, MD and DC
http://www.linuxsecurity.com/content/view/175519/169/
Linux Advisory Watch: August 25th, 2017
http://www.linuxsecurity.com/content/view/175515/187/
Microsoft's Bid to Save PowerShell From Hackers Starts To Pay Off
http://www.linuxsecurity.com/content/view/175514/169/
How Quantum Computing Will Change Browser Encryption
http://www.linuxsecurity.com/content/view/175513/169/
This Linux tool could improve the security of IoT devices
http://www.linuxsecurity.com/content/view/175512/169/
https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/
+ Zabbix 3.4.1 released
https://www.zabbix.com/rn3.4.1
+ Linux kernel 4.12.9, 4.9.45, 4.4.84, 3.18.67, 3.16.47, 3.2.92 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.45
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.67
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.47
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.92
+ OpenSSL Security Advisory [28 Aug 2017]
https://www.openssl.org/news/secadv/20170828.txt
CVE-2017-3735
+ hitachi-sec-2017-121 DoS Vulnerability in HiRDB
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-121/index.html
+ hitachi-sec-2017-121 HiRDBにおけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-121/index.html
+ libpng 1.6.32 released
http://www.libpng.org/pub/png/src/libpng-1.6.32-README.txt
+ Apple iOS <= 10.3.1 kernel exploit
https://cxsecurity.com/issue/WLB-2017080188
+ Kaspersky Internet Security for Android CVE-2017-12816 Security Bypass Vulnerability
http://www.securityfocus.com/bid/100505
CVE-2017-12816
+ Kaspersky Internet Security for Android CVE-2017-12817 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100504
CVE-2017-12817
+ Linux Kernel 'drivers/acpi/acpica/dsutils.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100502
CVE-2017-13693
+ Linux Kernel 'drivers/acpi/acpica/psobject.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100500
CVE-2017-13694
+ Linux Kernel 'drivers/acpi/acpica/nseval.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100497
CVE-2017-13695
JVNDB-2017-000216 フレッツ接続ツールのインストーラにおける任意の DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000216.html
JVNDB-2017-000215 セキュリティセットアップツールのインストーラおよびインストーラを含む自己解凍書庫における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000215.html
JVNDB-2017-000214 フレッツインストールツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000214.html
JVNDB-2017-000212 「フレッツ・あずけ~る Windows用PC自動バックアップツール」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000212.html
JVNDB-2017-000210 セキュリティ機能見張り番のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000210.html
JVNDB-2017-000209 Optimal Guard のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000209.html
JVNDB-2017-000203 baserCMS における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000203.html
Linux Security Week: August 28th, 2017
http://www.linuxsecurity.com/content/view/175522/187/
Leak of >1,700 valid passwords could make the IoT mess much worse
http://www.linuxsecurity.com/content/view/175521/169/
Google opens up on Titan security: Here's how chip combats hardware backdoors
http://www.linuxsecurity.com/content/view/175520/169/
Trump signs bill into law allowing warrantless searches in parts of VA, MD and DC
http://www.linuxsecurity.com/content/view/175519/169/
Linux Advisory Watch: August 25th, 2017
http://www.linuxsecurity.com/content/view/175515/187/
Microsoft's Bid to Save PowerShell From Hackers Starts To Pay Off
http://www.linuxsecurity.com/content/view/175514/169/
How Quantum Computing Will Change Browser Encryption
http://www.linuxsecurity.com/content/view/175513/169/
This Linux tool could improve the security of IoT devices
http://www.linuxsecurity.com/content/view/175512/169/
2017年8月25日金曜日
25日 金曜日 仏滅
+ Google Chrome 60.0.3112.113 released
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_24.html
+ phpMyAdmin 4.7.4 is released
https://www.phpmyadmin.net/news/2017/8/24/phpmyadmin-474-released/
+ UPDATE: Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc
+ Linux Kernel 'sctp_diag.c' Function Flaws Let Local Users Obtain Potentially Sensitive Information from System Memory
http://www.securitytracker.com/id/1039221
CVE-2017-7558
+ setattrlist() iOS Kernel Vulnerability Explained
https://cxsecurity.com/issue/WLB-2017080175
JVNDB-2017-000208 WordPress 用プラグイン BackupGuard におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000208.html
JVNDB-2017-000207 SEO Panel における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000207.html
JVNDB-2017-000206 WebCalendar における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000206.html
徹底分析 システムトラブル1098件
判明した残念な事実、システム全面ダウンが再び増加
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081700003/?ST=security&itp_list_theme
シリコンバレーNextレポート
ロシア人窃盗犯「メガカーダー」が逮捕された理由
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/082400124/?ST=security&itp_list_theme
ニュース解説
VALU騒動で注目されたICOの法的位置づけは?関心高まる新資金調達手法
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/082401099/?ST=security&itp_list_theme
テレビでは「Webサイト」は「ホームページ」に、セキュリティを伝えることの難しさ
http://itpro.nikkeibp.co.jp/atcl/news/17/082402125/?ST=security&itp_list_theme
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_24.html
+ phpMyAdmin 4.7.4 is released
https://www.phpmyadmin.net/news/2017/8/24/phpmyadmin-474-released/
+ UPDATE: Cisco Smart Net Total Care Contracts Details Page SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc
+ Linux Kernel 'sctp_diag.c' Function Flaws Let Local Users Obtain Potentially Sensitive Information from System Memory
http://www.securitytracker.com/id/1039221
CVE-2017-7558
+ setattrlist() iOS Kernel Vulnerability Explained
https://cxsecurity.com/issue/WLB-2017080175
JVNDB-2017-000208 WordPress 用プラグイン BackupGuard におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000208.html
JVNDB-2017-000207 SEO Panel における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000207.html
JVNDB-2017-000206 WebCalendar における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000206.html
徹底分析 システムトラブル1098件
判明した残念な事実、システム全面ダウンが再び増加
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081700003/?ST=security&itp_list_theme
シリコンバレーNextレポート
ロシア人窃盗犯「メガカーダー」が逮捕された理由
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/082400124/?ST=security&itp_list_theme
ニュース解説
VALU騒動で注目されたICOの法的位置づけは?関心高まる新資金調達手法
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/082401099/?ST=security&itp_list_theme
テレビでは「Webサイト」は「ホームページ」に、セキュリティを伝えることの難しさ
http://itpro.nikkeibp.co.jp/atcl/news/17/082402125/?ST=security&itp_list_theme
2017年8月24日木曜日
24日 木曜日、先負
+ Cisco Meeting Server Command Injection and Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms
CVE-2017-6794
+ Sudo 1.8.21 released
https://www.sudo.ws/stable.html#1.8.21
JVNDB-2017-000205 商業登記電子認証ソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000205.html
JVNDB-2017-000204 「ドコでもeye Smart HD」SCR02HD における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000204.html
IoT時代の最新SELinux入門
「インストール後にすぐ無効」はなくせるか、SELinuxのこれから
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/082200011/?ST=security&itp_list_theme
マカフィー、AWS向けセキュリティ製品「McAfee vNSP」の無償トライアル開始
http://itpro.nikkeibp.co.jp/atcl/news/17/082302120/?ST=security&itp_list_theme
UPDATE: JVN#51274854 シャープ製住民基本台帳用 IC カードリーダライタ関連の複数のソフトウェアにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN51274854/index.html
JVN#30866130 商業登記電子認証ソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN30866130/index.html
JVN#87410770 「ドコでもeye Smart HD」SCR02HD における複数の脆弱性
http://jvn.jp/jp/JVN87410770/index.html
Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer
http://www.linuxsecurity.com/content/view/175510/169/
How to protect your network from ransomware attacks
http://www.linuxsecurity.com/content/view/175509/169/
Dino Dai Zovi Dives Into Container Security, SecDevOps
http://www.linuxsecurity.com/content/view/175508/169/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170823-cms
CVE-2017-6794
+ Sudo 1.8.21 released
https://www.sudo.ws/stable.html#1.8.21
JVNDB-2017-000205 商業登記電子認証ソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000205.html
JVNDB-2017-000204 「ドコでもeye Smart HD」SCR02HD における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000204.html
IoT時代の最新SELinux入門
「インストール後にすぐ無効」はなくせるか、SELinuxのこれから
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/082200011/?ST=security&itp_list_theme
マカフィー、AWS向けセキュリティ製品「McAfee vNSP」の無償トライアル開始
http://itpro.nikkeibp.co.jp/atcl/news/17/082302120/?ST=security&itp_list_theme
UPDATE: JVN#51274854 シャープ製住民基本台帳用 IC カードリーダライタ関連の複数のソフトウェアにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN51274854/index.html
JVN#30866130 商業登記電子認証ソフトのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN30866130/index.html
JVN#87410770 「ドコでもeye Smart HD」SCR02HD における複数の脆弱性
http://jvn.jp/jp/JVN87410770/index.html
Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer
http://www.linuxsecurity.com/content/view/175510/169/
How to protect your network from ransomware attacks
http://www.linuxsecurity.com/content/view/175509/169/
Dino Dai Zovi Dives Into Container Security, SecDevOps
http://www.linuxsecurity.com/content/view/175508/169/
2017年8月23日水曜日
23日 水曜日、友引
+ Selenium Standalone Server 3.5.2 released
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.5.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Selenium Client & WebDriver 3.5.2 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ Zabbix 3.4.0 released
https://www.zabbix.com/rn3.4.0
+ Mozilla Foundation Security Advisory 2017-20 Security vulnerabilities fixed in Thunderbird 52.3
https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
CVE-2017-7800
CVE-2017-7801
CVE-2017-7809
CVE-2017-7784
CVE-2017-7802
CVE-2017-7785
CVE-2017-7786
CVE-2017-7753
CVE-2017-7787
CVE-2017-7807
CVE-2017-7792
CVE-2017-7804
CVE-2017-7791
CVE-2017-7782
CVE-2017-7803
CVE-2017-7779
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html
+ Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
https://cxsecurity.com/issue/WLB-2017080153
+ Microsoft Edge Chakra chakra!Js::GlobalObject Integer Overflow
https://cxsecurity.com/issue/WLB-2017080151
+ VMware VDP Known SSH Key
https://cxsecurity.com/issue/WLB-2017080150
CVE-2016-7456
Announcing the Release of OmniDB: Lightweight and Easy-to-Use Tool for Database Management
https://www.postgresql.org/about/news/1775/
PostgreSQL Maestro 17.8 released. PostgreSQL 10 support and other new features.
https://www.postgresql.org/about/news/1774/
JVNDB-2017-000197 株式会社NTTドコモが提供するフォトコレクションPCソフトのインストーラにおける DLL 読み込みや実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000197.html
UPDATE: JVNTA#91240916 Windows アプリケーションによる DLL 読み込みやコマンド実行に関する問題
http://jvn.jp/ta/JVNTA91240916/
徹底分析 システムトラブル1098件
サイバー攻撃リスクが上昇、BYOD認める企業がすべき対策
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081000002/?ST=security&itp_list_theme
シリコンバレーNextレポート
ドローンやVR機器は超音波に弱い、中国アリババの研究者が実証
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/082100122/?ST=security&itp_list_theme
エルテスが警察庁元幹部を社長に迎え、テロ対策を支援する子会社設立へ
http://itpro.nikkeibp.co.jp/atcl/news/17/082202108/?ST=security&itp_list_theme
医療機器のセキュリティ規制に対策指南、デロイトが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/082202106/?ST=security&itp_list_theme
HISで情報漏洩、バスツアー客の予約情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/082202105/?ST=security&itp_list_theme
Watch Hackers Hijack Three Robots for Spying and Sabotage
http://www.linuxsecurity.com/content/view/175505/169/
Enigma ethereum marketplace hijacked, investors duped by phishing scam
http://www.linuxsecurity.com/content/view/175504/169/
Getting A Girlfriend : The Hacker’s Way ? Part 2
http://www.linuxsecurity.com/content/view/175503/169/
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.5.1 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/cpp/iedriverserver/CHANGELOG
+ Selenium Client & WebDriver 3.5.2 released
https://raw.githubusercontent.com/SeleniumHQ/selenium/master/java/CHANGELOG
+ Zabbix 3.4.0 released
https://www.zabbix.com/rn3.4.0
+ Mozilla Foundation Security Advisory 2017-20 Security vulnerabilities fixed in Thunderbird 52.3
https://www.mozilla.org/en-US/security/advisories/mfsa2017-20/
CVE-2017-7800
CVE-2017-7801
CVE-2017-7809
CVE-2017-7784
CVE-2017-7802
CVE-2017-7785
CVE-2017-7786
CVE-2017-7753
CVE-2017-7787
CVE-2017-7807
CVE-2017-7792
CVE-2017-7804
CVE-2017-7791
CVE-2017-7782
CVE-2017-7803
CVE-2017-7779
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html
+ Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
https://cxsecurity.com/issue/WLB-2017080153
+ Microsoft Edge Chakra chakra!Js::GlobalObject Integer Overflow
https://cxsecurity.com/issue/WLB-2017080151
+ VMware VDP Known SSH Key
https://cxsecurity.com/issue/WLB-2017080150
CVE-2016-7456
Announcing the Release of OmniDB: Lightweight and Easy-to-Use Tool for Database Management
https://www.postgresql.org/about/news/1775/
PostgreSQL Maestro 17.8 released. PostgreSQL 10 support and other new features.
https://www.postgresql.org/about/news/1774/
JVNDB-2017-000197 株式会社NTTドコモが提供するフォトコレクションPCソフトのインストーラにおける DLL 読み込みや実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000197.html
UPDATE: JVNTA#91240916 Windows アプリケーションによる DLL 読み込みやコマンド実行に関する問題
http://jvn.jp/ta/JVNTA91240916/
徹底分析 システムトラブル1098件
サイバー攻撃リスクが上昇、BYOD認める企業がすべき対策
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081000002/?ST=security&itp_list_theme
シリコンバレーNextレポート
ドローンやVR機器は超音波に弱い、中国アリババの研究者が実証
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/082100122/?ST=security&itp_list_theme
エルテスが警察庁元幹部を社長に迎え、テロ対策を支援する子会社設立へ
http://itpro.nikkeibp.co.jp/atcl/news/17/082202108/?ST=security&itp_list_theme
医療機器のセキュリティ規制に対策指南、デロイトが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/082202106/?ST=security&itp_list_theme
HISで情報漏洩、バスツアー客の予約情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/082202105/?ST=security&itp_list_theme
Watch Hackers Hijack Three Robots for Spying and Sabotage
http://www.linuxsecurity.com/content/view/175505/169/
Enigma ethereum marketplace hijacked, investors duped by phishing scam
http://www.linuxsecurity.com/content/view/175504/169/
Getting A Girlfriend : The Hacker’s Way ? Part 2
http://www.linuxsecurity.com/content/view/175503/169/
2017年8月22日火曜日
22日 火曜日、先勝
+ UPDATE: APSB17-27 Security updates available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
+ squid 3.5.27 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27-RELEASENOTES.html
+ Apache Tomcat 8.0.46 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.46_(violetagg)
+ Microsoft Edge Out-of-Bounds Access when Fetching Source
https://cxsecurity.com/issue/WLB-2017080141
+ Microsoft Edge 40.15063.0.0 Chakra Incorrect JIT Optimization with TypedArray Setter
https://cxsecurity.com/issue/WLB-2017080108
+ Microsoft Edge Chakra PreVisitCatch Missing Call
https://cxsecurity.com/issue/WLB-2017080107
+ Microsoft Edge Out-of-Bounds Access when Fetching Source
https://cxsecurity.com/issue/WLB-2017080106
+ Microsoft Edge Chakra EmitAssignment uses the 'this' Register Without Initializing
https://cxsecurity.com/issue/WLB-2017080104
+ Microsoft Edge Chakra Incorrect Usage of 'TryUndeleteProperty'
https://cxsecurity.com/issue/WLB-2017080103
+ Microsoft Edge Chakra InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses
https://cxsecurity.com/issue/WLB-2017080102
JVNDB-2017-000202 サイボウズ ガルーンにおける複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000202.html
JVNDB-2017-000198 TypeAご利用ソフトのインストーラおよびインストーラを含む自己解凍書庫における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000198.html
シリコンバレーNextレポート
Googleがランサムウエアの身代金ルートを追跡、月間1億円を“稼ぐ”ウイルスも
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/081000121/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
注目集まるブロックチェーン、サイバー攻撃には強いのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/080700008/?ST=security&itp_list_theme
ニュース解説
超小型人工衛星で量子通信、世界初のNICT実験は何がすごいのか?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/081801094/?ST=security&itp_list_theme
Windows 7はいつやめる?
Windows 10はウイルス対策ソフトが不要?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/082100009/?ST=security&itp_list_theme
徹底分析 システムトラブル1098件
最大の脅威は「サイバー攻撃」、システムトラブル1098件を分析
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081000001/?ST=security&itp_list_theme
Windows 7はいつやめる?
Windows 10、「サポート終了がない」は本当か?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080900008/?ST=security&itp_list_theme
Linux Security Week: August 21st, 2017
http://www.linuxsecurity.com/content/view/175501/187/
Fail2Ban 0.10 finally released
http://www.linuxsecurity.com/content/view/175500/169/
Bitcoin-accepting sites leave cookie trail that crumbles anonymity
http://www.linuxsecurity.com/content/view/175499/169/
Verizon?Yes, Verizon?Just Stood Up For Your Privacy
http://www.linuxsecurity.com/content/view/175498/169/
China Will Launch World’s First ‘Unhackable’ Computer Network
http://www.linuxsecurity.com/content/view/175497/169/
Linux Advisory Watch: August 18th, 2017
http://www.linuxsecurity.com/content/view/175494/187/
Blowing the Whistle on Bad Attribution
http://www.linuxsecurity.com/content/view/175493/169/
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
+ squid 3.5.27 released
http://www.squid-cache.org/Versions/v3/3.5/squid-3.5.27-RELEASENOTES.html
+ Apache Tomcat 8.0.46 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.46_(violetagg)
+ Microsoft Edge Out-of-Bounds Access when Fetching Source
https://cxsecurity.com/issue/WLB-2017080141
+ Microsoft Edge 40.15063.0.0 Chakra Incorrect JIT Optimization with TypedArray Setter
https://cxsecurity.com/issue/WLB-2017080108
+ Microsoft Edge Chakra PreVisitCatch Missing Call
https://cxsecurity.com/issue/WLB-2017080107
+ Microsoft Edge Out-of-Bounds Access when Fetching Source
https://cxsecurity.com/issue/WLB-2017080106
+ Microsoft Edge Chakra EmitAssignment uses the 'this' Register Without Initializing
https://cxsecurity.com/issue/WLB-2017080104
+ Microsoft Edge Chakra Incorrect Usage of 'TryUndeleteProperty'
https://cxsecurity.com/issue/WLB-2017080103
+ Microsoft Edge Chakra InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses
https://cxsecurity.com/issue/WLB-2017080102
JVNDB-2017-000202 サイボウズ ガルーンにおける複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000202.html
JVNDB-2017-000198 TypeAご利用ソフトのインストーラおよびインストーラを含む自己解凍書庫における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000198.html
シリコンバレーNextレポート
Googleがランサムウエアの身代金ルートを追跡、月間1億円を“稼ぐ”ウイルスも
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/081000121/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
注目集まるブロックチェーン、サイバー攻撃には強いのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/080700008/?ST=security&itp_list_theme
ニュース解説
超小型人工衛星で量子通信、世界初のNICT実験は何がすごいのか?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/081801094/?ST=security&itp_list_theme
Windows 7はいつやめる?
Windows 10はウイルス対策ソフトが不要?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/082100009/?ST=security&itp_list_theme
徹底分析 システムトラブル1098件
最大の脅威は「サイバー攻撃」、システムトラブル1098件を分析
http://itpro.nikkeibp.co.jp/atcl/column/17/081000340/081000001/?ST=security&itp_list_theme
Windows 7はいつやめる?
Windows 10、「サポート終了がない」は本当か?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080900008/?ST=security&itp_list_theme
Linux Security Week: August 21st, 2017
http://www.linuxsecurity.com/content/view/175501/187/
Fail2Ban 0.10 finally released
http://www.linuxsecurity.com/content/view/175500/169/
Bitcoin-accepting sites leave cookie trail that crumbles anonymity
http://www.linuxsecurity.com/content/view/175499/169/
Verizon?Yes, Verizon?Just Stood Up For Your Privacy
http://www.linuxsecurity.com/content/view/175498/169/
China Will Launch World’s First ‘Unhackable’ Computer Network
http://www.linuxsecurity.com/content/view/175497/169/
Linux Advisory Watch: August 18th, 2017
http://www.linuxsecurity.com/content/view/175494/187/
Blowing the Whistle on Bad Attribution
http://www.linuxsecurity.com/content/view/175493/169/
2017年8月18日金曜日
18日 金曜日、友引
+ CESA-2017:2485 Important CentOS 6 git Security Update
https://lwn.net/Alerts/731282/
+ Mozilla Thunderbird 52.3.0 released
https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/
+ Apache Tomcat 7.0.81 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.81_(violetagg)
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
+ Drupal Access Control Flaws Let Remote Authenticated Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1039200
CVE-2017-6923
CVE-2017-6924
CVE-2017-6925
+ RHSA-2017:2489 Important: mercurial security update
https://access.redhat.com/errata/RHSA-2017:2489
CVE-2017-1000115
CVE-2017-1000116
+ RHSA-2017:2486 Important: groovy security update
https://access.redhat.com/errata/RHSA-2017:2486
CVE-2016-6814
+ RHSA-2017:2485 Important: git security update
https://access.redhat.com/errata/RHSA-2017:2485
CVE-2017-1000117
+ RHSA-2017:2484 Important: git security update
https://access.redhat.com/errata/RHSA-2017:2484
CVE-2017-1000117
+ RHSA-2017:2481 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:2481
CVE-2017-10053
CVE-2017-10067
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10243
+ RHSA-2017:2480 Important: subversion security update
https://access.redhat.com/errata/RHSA-2017:2480
CVE-2017-9800
+ RHSA-2017:2479 Important: httpd security update
https://access.redhat.com/errata/RHSA-2017:2479
CVE-2017-3167
CVE-2017-3169
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
+ RHSA-2017:2478 Important: httpd security update
https://access.redhat.com/errata/RHSA-2017:2478
CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9788
+ RHSA-2017:2473 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2473
CVE-2017-7533
+ RHSA-2017:2471 Important: spice security update
https://access.redhat.com/errata/RHSA-2017:2471
CVE-2017-7506
+ RHSA-2017:2469 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:2469
CVE-2017-10053
CVE-2017-10067
CVE-2017-10078
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10243
+ RHSA-2017:2456 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:2456
CVE-2017-7753
CVE-2017-7779
CVE-2017-7784
CVE-2017-7785
CVE-2017-7786
CVE-2017-7787
CVE-2017-7791
CVE-2017-7792
CVE-2017-7798
CVE-2017-7800
CVE-2017-7801
CVE-2017-7802
CVE-2017-7803
CVE-2017-7807
CVE-2017-7809
+ RHSA-2017:2459 Important: libsoup security update
https://access.redhat.com/errata/RHSA-2017:2459
CVE-2017-2885
+ RHSA-2017:2457 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:2457
CVE-2017-3085
CVE-2017-3106
+ RHSA-2017:2445 Moderate: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2017:2445
CVE-2017-10664
JVNDB-2017-000201 新・緊急時報告データ入力プログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000201.html
JVNDB-2017-000200 新・石油輸入調査報告データ入力プログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000200.html
JVNDB-2017-000199 新・基幹統計報告データ入力用プログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000199.html
JVNDB-2017-000154 定期報告書作成支援ツールにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000154.html
Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets
http://www.linuxsecurity.com/content/view/175489/169/
A Deep Flaw in Your Car Lets Hackers Shut Down Safety Features
http://www.linuxsecurity.com/content/view/175488/169/
https://lwn.net/Alerts/731282/
+ Mozilla Thunderbird 52.3.0 released
https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/
+ Apache Tomcat 7.0.81 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.81_(violetagg)
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
+ Drupal Access Control Flaws Let Remote Authenticated Users Bypass Security Restrictions on the Target System
http://www.securitytracker.com/id/1039200
CVE-2017-6923
CVE-2017-6924
CVE-2017-6925
+ RHSA-2017:2489 Important: mercurial security update
https://access.redhat.com/errata/RHSA-2017:2489
CVE-2017-1000115
CVE-2017-1000116
+ RHSA-2017:2486 Important: groovy security update
https://access.redhat.com/errata/RHSA-2017:2486
CVE-2016-6814
+ RHSA-2017:2485 Important: git security update
https://access.redhat.com/errata/RHSA-2017:2485
CVE-2017-1000117
+ RHSA-2017:2484 Important: git security update
https://access.redhat.com/errata/RHSA-2017:2484
CVE-2017-1000117
+ RHSA-2017:2481 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:2481
CVE-2017-10053
CVE-2017-10067
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10243
+ RHSA-2017:2480 Important: subversion security update
https://access.redhat.com/errata/RHSA-2017:2480
CVE-2017-9800
+ RHSA-2017:2479 Important: httpd security update
https://access.redhat.com/errata/RHSA-2017:2479
CVE-2017-3167
CVE-2017-3169
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
+ RHSA-2017:2478 Important: httpd security update
https://access.redhat.com/errata/RHSA-2017:2478
CVE-2017-3167
CVE-2017-3169
CVE-2017-7679
CVE-2017-9788
+ RHSA-2017:2473 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2473
CVE-2017-7533
+ RHSA-2017:2471 Important: spice security update
https://access.redhat.com/errata/RHSA-2017:2471
CVE-2017-7506
+ RHSA-2017:2469 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:2469
CVE-2017-10053
CVE-2017-10067
CVE-2017-10078
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10243
+ RHSA-2017:2456 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:2456
CVE-2017-7753
CVE-2017-7779
CVE-2017-7784
CVE-2017-7785
CVE-2017-7786
CVE-2017-7787
CVE-2017-7791
CVE-2017-7792
CVE-2017-7798
CVE-2017-7800
CVE-2017-7801
CVE-2017-7802
CVE-2017-7803
CVE-2017-7807
CVE-2017-7809
+ RHSA-2017:2459 Important: libsoup security update
https://access.redhat.com/errata/RHSA-2017:2459
CVE-2017-2885
+ RHSA-2017:2457 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:2457
CVE-2017-3085
CVE-2017-3106
+ RHSA-2017:2445 Moderate: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2017:2445
CVE-2017-10664
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000201.html
JVNDB-2017-000200 新・石油輸入調査報告データ入力プログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000200.html
JVNDB-2017-000199 新・基幹統計報告データ入力用プログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000199.html
JVNDB-2017-000154 定期報告書作成支援ツールにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000154.html
Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets
http://www.linuxsecurity.com/content/view/175489/169/
A Deep Flaw in Your Car Lets Hackers Shut Down Safety Features
http://www.linuxsecurity.com/content/view/175488/169/
2017年8月17日木曜日
17日 木曜日、先勝
+ Mozilla Firefox 55.0.2 released
https://www.mozilla.org/en-US/firefox/55.0.2/releasenotes/
+ CESA-2017:2478 Critical CentOS 6 httpd Security Update
https://lwn.net/Alerts/731144/
+ CESA-2017:2456 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/731143/
+ CESA-2017:2424 Critical CentOS 6 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/731145/
+ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
CVE-2017-6710
+ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
CVE-2017-6768
+ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
CVE-2017-6767
+ Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
CVE-2017-6790
+ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
CVE-2017-6778
+ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
CVE-2017-6771
+ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
CVE-2017-6785
+ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
CVE-2017-6775
+ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
CVE-2017-6774
+ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
CVE-2017-6773
+ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
CVE-2017-6786
+ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
CVE-2017-6777
+ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
CVE-2017-6776
+ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
CVE-2017-6772
+ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
CVE-2017-6783
+ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
CVE-2017-6784
+ Cisco Policy Suite Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
CVE-2017-6781
+ Cisco Prime Infrastructure HTML Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
CVE-2017-6782
+ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw
CVE-2017-6788
+ Linux kernel 4.12.8, 4.9.44, 4.4.83, 3.18.66 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.83
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.66
+ Apple iOS 10.3 - UI SMS Access Permission Vulnerability *video
https://cxsecurity.com/issue/WLB-2017080096
+ Microsoft Resnet - DNS Configuration Web Vulnerability
https://cxsecurity.com/issue/WLB-2017080097
+ FreeBSD Jails Shared Memory Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/100349
Windows Defender ATP でステルス性の高いクロスプロセス インジェクション手法を検出する: プロセス ハロウイングと AtomBombing
https://blogs.technet.microsoft.com/jpsecurity/2017/08/16/detecting-stealthier-cross-process-injection-techniques-with-windows-defender-atp-process-hollowing-and-atom-bombing/
夏休みスペシャル 2017
ITスキルが上がるゲーム4選、セキュリティからWeb制作まで
http://itpro.nikkeibp.co.jp/atcl/column/17/080300327/080900010/?ST=security&itp_list_theme
Take Part in a Study to Help Improve Onion Services
http://www.linuxsecurity.com/content/view/175485/169/
Google awards student $10k for discovery of App Engine data leak flaw
http://www.linuxsecurity.com/content/view/175484/169/
Top 10 Enterprise Encryption Products
http://www.linuxsecurity.com/content/view/175483/169/
https://www.mozilla.org/en-US/firefox/55.0.2/releasenotes/
+ CESA-2017:2478 Critical CentOS 6 httpd Security Update
https://lwn.net/Alerts/731144/
+ CESA-2017:2456 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/731143/
+ CESA-2017:2424 Critical CentOS 6 java-1.7.0-openjdk Security Update
https://lwn.net/Alerts/731145/
+ Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-em
CVE-2017-6710
+ Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2
CVE-2017-6768
+ Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1
CVE-2017-6767
+ Cisco TelePresence Video Communication Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs
CVE-2017-6790
+ Cisco Ultra Services Platform Deployment Configuration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usp
CVE-2017-6778
+ Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf
CVE-2017-6771
+ Cisco Unified Communications Manager Horizontal Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-ucm
CVE-2017-6785
+ Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3
CVE-2017-6775
+ Cisco StarOS for ASR 5000 Series Routers FTP Configuration File Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros2
CVE-2017-6774
+ Cisco StarOS for ASR 5000 Series Routers Command-Line Interface Security Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros1
CVE-2017-6773
+ Cisco Elastic Services Controller Sensitive Log Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc4
CVE-2017-6786
+ Cisco Elastic Services Controller Configuration Parameters Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc3
CVE-2017-6777
+ Cisco Elastic Services Controller Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2
CVE-2017-6776
+ Cisco Elastic Services Controller Configuration Files Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc1
CVE-2017-6772
+ Cisco Security Appliances SNMP Polling Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-csa
CVE-2017-6783
+ Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-crr
CVE-2017-6784
+ Cisco Policy Suite Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cps
CVE-2017-6781
+ Cisco Prime Infrastructure HTML Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi
CVE-2017-6782
+ Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw
CVE-2017-6788
+ Linux kernel 4.12.8, 4.9.44, 4.4.83, 3.18.66 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.44
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.83
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.66
+ Apple iOS 10.3 - UI SMS Access Permission Vulnerability *video
https://cxsecurity.com/issue/WLB-2017080096
+ Microsoft Resnet - DNS Configuration Web Vulnerability
https://cxsecurity.com/issue/WLB-2017080097
+ FreeBSD Jails Shared Memory Handling Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/100349
Windows Defender ATP でステルス性の高いクロスプロセス インジェクション手法を検出する: プロセス ハロウイングと AtomBombing
https://blogs.technet.microsoft.com/jpsecurity/2017/08/16/detecting-stealthier-cross-process-injection-techniques-with-windows-defender-atp-process-hollowing-and-atom-bombing/
夏休みスペシャル 2017
ITスキルが上がるゲーム4選、セキュリティからWeb制作まで
http://itpro.nikkeibp.co.jp/atcl/column/17/080300327/080900010/?ST=security&itp_list_theme
Take Part in a Study to Help Improve Onion Services
http://www.linuxsecurity.com/content/view/175485/169/
Google awards student $10k for discovery of App Engine data leak flaw
http://www.linuxsecurity.com/content/view/175484/169/
Top 10 Enterprise Encryption Products
http://www.linuxsecurity.com/content/view/175483/169/
2017年8月16日水曜日
16日 水曜日、赤口
+ URL globbing out of bounds read
https://curl.haxx.se/docs/adv_20170809A.html
CVE-2017-1000101
+ TFTP sends more than buffer size
https://curl.haxx.se/docs/adv_20170809B.html
CVE-2017-1000100
+ FILE buffer read out of bounds
https://curl.haxx.se/docs/adv_20170809C.html
CVE-2017-1000099
+ Xamarin.iOS 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
CVE-2017-866
+ ChakraCore 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
CVE-2017-8658
+ curl 7.55.0 released
https://curl.haxx.se/changes.html#7_55_0
+ curl 7.55.1 released
https://curl.haxx.se/changes.html#7_55_1
+ JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
https://curl.haxx.se/docs/adv_20170809A.html
CVE-2017-1000101
+ TFTP sends more than buffer size
https://curl.haxx.se/docs/adv_20170809B.html
CVE-2017-1000100
+ FILE buffer read out of bounds
https://curl.haxx.se/docs/adv_20170809C.html
CVE-2017-1000099
+ Xamarin.iOS 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
CVE-2017-866
+ ChakraCore 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
CVE-2017-8658
+ curl 7.55.0 released
https://curl.haxx.se/changes.html#7_55_0
+ curl 7.55.1 released
https://curl.haxx.se/changes.html#7_55_1
+ JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
2017年8月15日火曜日
15日 火曜日、大安
+ Selenium Client & WebDriver 3.5.0 released
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.5 released
http://docs.seleniumhq.org/download/
+ Selenium Standard Server 3.5.0 released
http://docs.seleniumhq.org/download/
+ TortoiseSVN 1.9.7 released
https://tortoisesvn.net/downloads.html
+ Google Chorme 60.0.3112.101 released
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_14.html
+ Mozilla Firefox 55.0.1 released
https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
+ FreeBSD-SA-17:06.openssh OpenSSH Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:06.openssh.asc
CVE-2016-6515
+ Linux kernel 4.12.7, 4.9.43, 4.4.82, 3.18.65 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.43
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.82
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.65
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ 2017-08-10 Security Update Release
https://www.postgresql.org/about/news/1772/
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
+ PostgreSQL 9.6.4, 9.5.8, 9.4.13, 9.3.18, 9.2.22 released
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html
https://www.postgresql.org/docs/9.5/static/release-9-5-8.html
https://www.postgresql.org/docs/9.4/static/release-9-4-13.html
https://www.postgresql.org/docs/9.3/static/release-9-3-18.html
https://www.postgresql.org/docs/9.2/static/release-9-2-22.html
+ GCC 7.2 released
https://gcc.gnu.org/gcc-7/changes.html
+ Sysstat 11.6.0, 11.4.6, 11.2.12 released
http://sebastien.godard.pagesperso-orange.fr/
+ PostgreSQL Bugs Let Remote Users Bypass Authentication in Certain Cases and Let Remote Authenticated Users Obtain Passwords and Deny Service
http://www.securitytracker.com/id/1039142
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
+ Linux Kernel packet_set_ring() Race Condition Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1039132
CVE-2017-1000111
+ Apache Subversion 'svn+ssh://' URL Processing Flaw Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1039127
CVE-2017-9800
+ cURL 'file://' URL Processing Bug Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1039119
CVE-2017-1000099
+ cURL TFTP URL Processing Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1039118
CVE-2017-1000100
+ cURL URL Globbing Flaw Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1039117
CVE-2017-1000101
+ Linux Kernel CVE-2017-1000111 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/100267
CVE-2017-1000111
+ Linux Kernel CVE-2017-1000112 Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/100262
CVE-2017-1000112
MSRC の 2017 年 “トップ 100 人” セキュリティ研究者一覧
https://blogs.technet.microsoft.com/jpsecurity/2017/08/10/the-msrc-2017-list-of-top-100-security-researchers/
PostgreSQL 10 Beta 3 Released!
https://www.postgresql.org/about/news/1771/
UPDATE: JVN#81659403 Qua station接続ツール (Windows版) のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN81659403/index.html
Linux Security Week: August 14th, 2017
http://www.linuxsecurity.com/content/view/175481/187/
Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass
http://www.linuxsecurity.com/content/view/175480/169/
Those Free Stingray-Detector Apps? Yeah, Spies Could Outsmart Them
http://www.linuxsecurity.com/content/view/175479/169/
Linux Advisory Watch: August 11th, 2017
http://www.linuxsecurity.com/content/view/175472/187/
Git, SVN and Mercurial Open-Source Version Control Systems Update for Critical Security Vulnerabilit
http://www.linuxsecurity.com/content/view/175471/169/
The DDoS Threat: Ukraine's Postal Service Hit by Two-Day Attack
http://www.linuxsecurity.com/content/view/175470/169/
Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi
http://www.linuxsecurity.com/content/view/175469/169/
World's first hack using DNA? Malware in genetic code could wreck police CSI work
http://www.linuxsecurity.com/content/view/175463/169/
So you're thinking about becoming an illegal hacker ? what's your business plan?
http://www.linuxsecurity.com/content/view/175461/169/
Mingw-w64: How to compile Windows exploits on Kali Linux
http://www.linuxsecurity.com/content/view/175460/161/
http://docs.seleniumhq.org/download/
+ Selenium IE Driver Server 3.5 released
http://docs.seleniumhq.org/download/
+ Selenium Standard Server 3.5.0 released
http://docs.seleniumhq.org/download/
+ TortoiseSVN 1.9.7 released
https://tortoisesvn.net/downloads.html
+ Google Chorme 60.0.3112.101 released
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_14.html
+ Mozilla Firefox 55.0.1 released
https://www.mozilla.org/en-US/firefox/55.0.1/releasenotes/
+ UPDATE: Cisco WebEx Browser Extension Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
+ FreeBSD-SA-17:06.openssh OpenSSH Denial of Service vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:06.openssh.asc
CVE-2016-6515
+ Linux kernel 4.12.7, 4.9.43, 4.4.82, 3.18.65 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.43
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.82
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.65
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ 2017-08-10 Security Update Release
https://www.postgresql.org/about/news/1772/
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
+ PostgreSQL 9.6.4, 9.5.8, 9.4.13, 9.3.18, 9.2.22 released
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html
https://www.postgresql.org/docs/9.5/static/release-9-5-8.html
https://www.postgresql.org/docs/9.4/static/release-9-4-13.html
https://www.postgresql.org/docs/9.3/static/release-9-3-18.html
https://www.postgresql.org/docs/9.2/static/release-9-2-22.html
+ GCC 7.2 released
https://gcc.gnu.org/gcc-7/changes.html
+ Sysstat 11.6.0, 11.4.6, 11.2.12 released
http://sebastien.godard.pagesperso-orange.fr/
+ PostgreSQL Bugs Let Remote Users Bypass Authentication in Certain Cases and Let Remote Authenticated Users Obtain Passwords and Deny Service
http://www.securitytracker.com/id/1039142
CVE-2017-7546
CVE-2017-7547
CVE-2017-7548
+ Linux Kernel packet_set_ring() Race Condition Lets Local Users Obtain Root Privileges
http://www.securitytracker.com/id/1039132
CVE-2017-1000111
+ Apache Subversion 'svn+ssh://' URL Processing Flaw Lets Remote Users Execute Arbitrary Commands on the Target System
http://www.securitytracker.com/id/1039127
CVE-2017-9800
+ cURL 'file://' URL Processing Bug Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1039119
CVE-2017-1000099
+ cURL TFTP URL Processing Bug Lets Remote Users Obtain Potentially Sensitive Information on the Target System
http://www.securitytracker.com/id/1039118
CVE-2017-1000100
+ cURL URL Globbing Flaw Lets Local Users View Portions of System Memory on the Target System
http://www.securitytracker.com/id/1039117
CVE-2017-1000101
+ Linux Kernel CVE-2017-1000111 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/100267
CVE-2017-1000111
+ Linux Kernel CVE-2017-1000112 Local Memory Corruption Vulnerability
http://www.securityfocus.com/bid/100262
CVE-2017-1000112
MSRC の 2017 年 “トップ 100 人” セキュリティ研究者一覧
https://blogs.technet.microsoft.com/jpsecurity/2017/08/10/the-msrc-2017-list-of-top-100-security-researchers/
PostgreSQL 10 Beta 3 Released!
https://www.postgresql.org/about/news/1771/
UPDATE: JVN#81659403 Qua station接続ツール (Windows版) のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN81659403/index.html
Linux Security Week: August 14th, 2017
http://www.linuxsecurity.com/content/view/175481/187/
Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass
http://www.linuxsecurity.com/content/view/175480/169/
Those Free Stingray-Detector Apps? Yeah, Spies Could Outsmart Them
http://www.linuxsecurity.com/content/view/175479/169/
Linux Advisory Watch: August 11th, 2017
http://www.linuxsecurity.com/content/view/175472/187/
Git, SVN and Mercurial Open-Source Version Control Systems Update for Critical Security Vulnerabilit
http://www.linuxsecurity.com/content/view/175471/169/
The DDoS Threat: Ukraine's Postal Service Hit by Two-Day Attack
http://www.linuxsecurity.com/content/view/175470/169/
Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi
http://www.linuxsecurity.com/content/view/175469/169/
World's first hack using DNA? Malware in genetic code could wreck police CSI work
http://www.linuxsecurity.com/content/view/175463/169/
So you're thinking about becoming an illegal hacker ? what's your business plan?
http://www.linuxsecurity.com/content/view/175461/169/
Mingw-w64: How to compile Windows exploits on Kali Linux
http://www.linuxsecurity.com/content/view/175460/161/
2017年8月10日木曜日
10日 木曜日、赤口
+ マイクロソフト セキュリティ アドバイザリ 4038556 WebBrowser コントロールをホストするアプリケーションのセキュリティを強化するためのガイダンス
https://technet.microsoft.com/ja-jp/library/security/4038556
+ RHSA-2017:2424 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2017:2424
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10135
CVE-2017-10243
+ RHSA-2017:2445 Moderate: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2017:2445
CVE-2017-10664
+ RHSA-2017:2423 Important: log4j security update
https://access.redhat.com/errata/RHSA-2017:2423
CVE-2017-5645
+ Mozilla Firefox 55.0 released
https://www.mozilla.org/en-US/firefox/55.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-18 Security vulnerabilities fixed in Firefox 55
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
CVE-2017-7798
CVE-2017-7800
CVE-2017-7801
CVE-2017-7809
CVE-2017-7784
CVE-2017-7802
CVE-2017-7785
CVE-2017-7786
CVE-2017-7806
CVE-2017-7753
CVE-2017-7787
CVE-2017-7807
CVE-2017-7792
CVE-2017-7804
CVE-2017-7791
CVE-2017-7808
CVE-2017-7782
CVE-2017-7781
CVE-2017-7794
CVE-2017-7803
CVE-2017-7799
CVE-2017-7783
CVE-2017-7788
CVE-2017-7789
CVE-2017-7790
CVE-2017-7796
CVE-2017-7797
CVE-2017-7780
CVE-2017-7779
+ Security updates available for Flash Player | APSB17-23
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
CVE-2017-3085
CVE-2017-3106
+ Security Update Available for Adobe Acrobat and Reader | APSB17-24
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
CVE-2017-3016
CVE-2017-3038
CVE-2017-3113
CVE-2017-3115
CVE-2017-3116
CVE-2017-3117
CVE-2017-3118
CVE-2017-3119
CVE-2017-3120
CVE-2017-3121
CVE-2017-3122
CVE-2017-3123
CVE-2017-3124
CVE-2017-11209
CVE-2017-11210
CVE-2017-11211
CVE-2017-11212
CVE-2017-11214
CVE-2017-11216
CVE-2017-11217
CVE-2017-11218
CVE-2017-11219
CVE-2017-11220
CVE-2017-11221
CVE-2017-11222
CVE-2017-11223
CVE-2017-11224
CVE-2017-11226
CVE-2017-11227
CVE-2017-11228
CVE-2017-11229
CVE-2017-11230
CVE-2017-11231
CVE-2017-11232
CVE-2017-11233
CVE-2017-11234
CVE-2017-11235
CVE-2017-11236
CVE-2017-11237
CVE-2017-11238
CVE-2017-11239
CVE-2017-11241
CVE-2017-11242
CVE-2017-11243
CVE-2017-11244
CVE-2017-11245
CVE-2017-11246
CVE-2017-11248
CVE-2017-11249
CVE-2017-11251
CVE-2017-11252
CVE-2017-11254
CVE-2017-11255
CVE-2017-11256
CVE-2017-11257
CVE-2017-11258
CVE-2017-11259
CVE-2017-11260
CVE-2017-11261
CVE-2017-11262
CVE-2017-11263
CVE-2017-11265
CVE-2017-11267
CVE-2017-11268
CVE-2017-11269
CVE-2017-11270
CVE-2017-11271
+ Security updates available for Adobe Experience Manager | APSB17-26
https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html
CVE-2017-3107
CVE-2017-3108
CVE-2017-3110
+ Security updates available for Adobe Digital Editions | APSB17-27
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
CVE-2017-11274
CVE-2017-3091
CVE-2017-11275
CVE-2017-11276
CVE-2017-11277
CVE-2017-11278
CVE-2017-11279
CVE-2017-11280
CVE-2017-11272
+ 2017 年 8 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/08/09/201708-security-bulletin/
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ Samba 4.6.7 Available for Download
https://www.samba.org/samba/history/samba-4.6.7.html
+ CentOS Linux 7 (1708); based on RHEL 7.4 Source Code
https://seven.centos.org/2017/08/centos-linux-7-1708-based-on-rhel-7-4-source-code/
+ Apache Tomcat 8.5.20 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.20_(markt)
+ Microsoft Windows 8.1 (x64) RGNOBJ Integer Overflow MS16-098
https://cxsecurity.com/issue/WLB-2017080055
PostgresOpen SV 2017 - Less than a month away!
https://www.postgresql.org/about/news/1770/
JVNDB-2017-000191 Qua station接続ツール (Windows版) のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000191.html
JVNDB-2017-000194 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000194.html
JVNDB-2017-000192 WCR-1166DS における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000192.html
今日も誰かが狙われる
脅迫するのはランサムウエアだけじゃない
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/080800008/?ST=security&itp_list_theme
IoT時代の最新SELinux入門
新たな脆弱性、SELinuxで守れるかテスト
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/080800010/?ST=security&itp_list_theme
Windows 7はいつやめる?
Chromebookは本当に企業で使えるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080800007/?ST=security&itp_list_theme
Windows 7はいつやめる?
「飲むなら持ち出すな」のキリン、仮想デスクトップ1万4000台をWindows 10に生かす
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080800006/?ST=security&itp_list_theme
シリコンバレーNextレポート
電力インフラを襲うサイバー攻撃、ウクライナ停電事件は対岸の火事ではない
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/080800119/?ST=security&itp_list_theme
PDFやPowerShellの悪用が急増、キヤノンITSがセキュリティ脅威動向を公表
http://itpro.nikkeibp.co.jp/atcl/news/17/080802073/?ST=security&itp_list_theme
UPDATE: JVN#82120115 国土交通省国土技術政策総合研究所が提供する道路工事完成図等チェックプログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN82120115/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/index.html
More on the Vulnerabilities Equities Process
http://www.linuxsecurity.com/content/view/172493/169/
Engineer gets 18 months in the clink for looting ex-bosses' FTP server
http://www.linuxsecurity.com/content/view/172492/169/
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
http://www.linuxsecurity.com/content/view/172482/169/
Send mixed messages: Mozilla wants you to try its encrypted file sharing
http://www.linuxsecurity.com/content/view/172481/169/
https://technet.microsoft.com/ja-jp/library/security/4038556
+ RHSA-2017:2424 Critical: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2017:2424
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10115
CVE-2017-10116
CVE-2017-10135
CVE-2017-10243
+ RHSA-2017:2445 Moderate: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2017:2445
CVE-2017-10664
+ RHSA-2017:2423 Important: log4j security update
https://access.redhat.com/errata/RHSA-2017:2423
CVE-2017-5645
+ Mozilla Firefox 55.0 released
https://www.mozilla.org/en-US/firefox/55.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-18 Security vulnerabilities fixed in Firefox 55
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/
CVE-2017-7798
CVE-2017-7800
CVE-2017-7801
CVE-2017-7809
CVE-2017-7784
CVE-2017-7802
CVE-2017-7785
CVE-2017-7786
CVE-2017-7806
CVE-2017-7753
CVE-2017-7787
CVE-2017-7807
CVE-2017-7792
CVE-2017-7804
CVE-2017-7791
CVE-2017-7808
CVE-2017-7782
CVE-2017-7781
CVE-2017-7794
CVE-2017-7803
CVE-2017-7799
CVE-2017-7783
CVE-2017-7788
CVE-2017-7789
CVE-2017-7790
CVE-2017-7796
CVE-2017-7797
CVE-2017-7780
CVE-2017-7779
+ Security updates available for Flash Player | APSB17-23
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html
CVE-2017-3085
CVE-2017-3106
+ Security Update Available for Adobe Acrobat and Reader | APSB17-24
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
CVE-2017-3016
CVE-2017-3038
CVE-2017-3113
CVE-2017-3115
CVE-2017-3116
CVE-2017-3117
CVE-2017-3118
CVE-2017-3119
CVE-2017-3120
CVE-2017-3121
CVE-2017-3122
CVE-2017-3123
CVE-2017-3124
CVE-2017-11209
CVE-2017-11210
CVE-2017-11211
CVE-2017-11212
CVE-2017-11214
CVE-2017-11216
CVE-2017-11217
CVE-2017-11218
CVE-2017-11219
CVE-2017-11220
CVE-2017-11221
CVE-2017-11222
CVE-2017-11223
CVE-2017-11224
CVE-2017-11226
CVE-2017-11227
CVE-2017-11228
CVE-2017-11229
CVE-2017-11230
CVE-2017-11231
CVE-2017-11232
CVE-2017-11233
CVE-2017-11234
CVE-2017-11235
CVE-2017-11236
CVE-2017-11237
CVE-2017-11238
CVE-2017-11239
CVE-2017-11241
CVE-2017-11242
CVE-2017-11243
CVE-2017-11244
CVE-2017-11245
CVE-2017-11246
CVE-2017-11248
CVE-2017-11249
CVE-2017-11251
CVE-2017-11252
CVE-2017-11254
CVE-2017-11255
CVE-2017-11256
CVE-2017-11257
CVE-2017-11258
CVE-2017-11259
CVE-2017-11260
CVE-2017-11261
CVE-2017-11262
CVE-2017-11263
CVE-2017-11265
CVE-2017-11267
CVE-2017-11268
CVE-2017-11269
CVE-2017-11270
CVE-2017-11271
+ Security updates available for Adobe Experience Manager | APSB17-26
https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html
CVE-2017-3107
CVE-2017-3108
CVE-2017-3110
+ Security updates available for Adobe Digital Editions | APSB17-27
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html
CVE-2017-11274
CVE-2017-3091
CVE-2017-11275
CVE-2017-11276
CVE-2017-11277
CVE-2017-11278
CVE-2017-11279
CVE-2017-11280
CVE-2017-11272
+ 2017 年 8 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/08/09/201708-security-bulletin/
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ Samba 4.6.7 Available for Download
https://www.samba.org/samba/history/samba-4.6.7.html
+ CentOS Linux 7 (1708); based on RHEL 7.4 Source Code
https://seven.centos.org/2017/08/centos-linux-7-1708-based-on-rhel-7-4-source-code/
+ Apache Tomcat 8.5.20 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.20_(markt)
+ Microsoft Windows 8.1 (x64) RGNOBJ Integer Overflow MS16-098
https://cxsecurity.com/issue/WLB-2017080055
PostgresOpen SV 2017 - Less than a month away!
https://www.postgresql.org/about/news/1770/
JVNDB-2017-000191 Qua station接続ツール (Windows版) のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000191.html
JVNDB-2017-000194 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000194.html
JVNDB-2017-000192 WCR-1166DS における OS コマンドインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000192.html
今日も誰かが狙われる
脅迫するのはランサムウエアだけじゃない
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/080800008/?ST=security&itp_list_theme
IoT時代の最新SELinux入門
新たな脆弱性、SELinuxで守れるかテスト
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/080800010/?ST=security&itp_list_theme
Windows 7はいつやめる?
Chromebookは本当に企業で使えるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080800007/?ST=security&itp_list_theme
Windows 7はいつやめる?
「飲むなら持ち出すな」のキリン、仮想デスクトップ1万4000台をWindows 10に生かす
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080800006/?ST=security&itp_list_theme
シリコンバレーNextレポート
電力インフラを襲うサイバー攻撃、ウクライナ停電事件は対岸の火事ではない
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/080800119/?ST=security&itp_list_theme
PDFやPowerShellの悪用が急増、キヤノンITSがセキュリティ脅威動向を公表
http://itpro.nikkeibp.co.jp/atcl/news/17/080802073/?ST=security&itp_list_theme
UPDATE: JVN#82120115 国土交通省国土技術政策総合研究所が提供する道路工事完成図等チェックプログラムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN82120115/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/index.html
More on the Vulnerabilities Equities Process
http://www.linuxsecurity.com/content/view/172493/169/
Engineer gets 18 months in the clink for looting ex-bosses' FTP server
http://www.linuxsecurity.com/content/view/172492/169/
The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!
http://www.linuxsecurity.com/content/view/172482/169/
Send mixed messages: Mozilla wants you to try its encrypted file sharing
http://www.linuxsecurity.com/content/view/172481/169/
2017年8月8日火曜日
8日 火曜日、仏滅
+ Linux kernel 4.9.41, 4.4.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.41
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.80
+ Linux kernel CVE-2017-11176 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/99919
CVE-2017-11176
Windows に関する報奨金プログラムの発表
https://blogs.technet.microsoft.com/jpsecurity/2017/08/07/announcing-the-windows-bounty-program/
ニュース解説
リクルートのレッドチーム、その脆弱性発見力
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/080701085/?ST=security&itp_list_theme
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/index.html
Protect the White Hat Hackers Who Are Just Doing Their Jobs
http://www.linuxsecurity.com/content/view/172456/169/
To truly stay anonymous online, make sure your writing is as dull as the dullest conference call you
http://www.linuxsecurity.com/content/view/172455/169/
Steganography in contemporary cyberattacks
http://www.linuxsecurity.com/content/view/172454/169/
How DEF CON Securely Streams Video to Hackers
http://www.linuxsecurity.com/content/view/172453/169/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.41
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.80
+ Linux kernel CVE-2017-11176 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/99919
CVE-2017-11176
Windows に関する報奨金プログラムの発表
https://blogs.technet.microsoft.com/jpsecurity/2017/08/07/announcing-the-windows-bounty-program/
ニュース解説
リクルートのレッドチーム、その脆弱性発見力
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/080701085/?ST=security&itp_list_theme
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/index.html
Protect the White Hat Hackers Who Are Just Doing Their Jobs
http://www.linuxsecurity.com/content/view/172456/169/
To truly stay anonymous online, make sure your writing is as dull as the dullest conference call you
http://www.linuxsecurity.com/content/view/172455/169/
Steganography in contemporary cyberattacks
http://www.linuxsecurity.com/content/view/172454/169/
How DEF CON Securely Streams Video to Hackers
http://www.linuxsecurity.com/content/view/172453/169/
2017年8月7日月曜日
7日 月曜日、先負
+ APSB17-24 Prenotification Security Advisory for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
+ Linux kernel 4.12.5, 4.1.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.43
+ JVNVU#92360223 Microsoft Windows のショートカットファイルで指定されたコードが自動的に実行される脆弱性
http://jvn.jp/vu/JVNVU92360223/
CVE-2017-8464
+ Linux Kernel Race Condition in inotify_handle_event() and vfs_rename() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1039075
CVE-2017-7533
E-Maj 2.1.0 is released
https://www.postgresql.org/about/news/1769/
Windows 7はいつやめる?
Windows 10とChromebookを併用、“節税”狙うフジテック
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080300005/?ST=security&itp_list_theme
Linux Advisory Watch: August 4th, 2017
http://www.linuxsecurity.com/content/view/172429/187/
Hacker Who Stopped WannaCry Charged With Writing Banking Malware
http://www.linuxsecurity.com/content/view/172428/169/
https://helpx.adobe.com/security/products/acrobat/apsb17-24.html
+ Linux kernel 4.12.5, 4.1.43 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.43
+ JVNVU#92360223 Microsoft Windows のショートカットファイルで指定されたコードが自動的に実行される脆弱性
http://jvn.jp/vu/JVNVU92360223/
CVE-2017-8464
+ Linux Kernel Race Condition in inotify_handle_event() and vfs_rename() Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1039075
CVE-2017-7533
E-Maj 2.1.0 is released
https://www.postgresql.org/about/news/1769/
Windows 7はいつやめる?
Windows 10とChromebookを併用、“節税”狙うフジテック
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080300005/?ST=security&itp_list_theme
Linux Advisory Watch: August 4th, 2017
http://www.linuxsecurity.com/content/view/172429/187/
Hacker Who Stopped WannaCry Charged With Writing Banking Malware
http://www.linuxsecurity.com/content/view/172428/169/
2017年8月4日金曜日
4日 金曜日、赤口
+ UPDATE: Multiple Cisco Products OSPF LSA Manipulation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf
+ VU#824672 Microsoft Windows automatically executes code specified in shortcut files
https://www.kb.cert.org/vuls/id/824672
CVE-2017-8464
+ PHP 7.1.8, 7.0.22 Released
http://php.net/archive/2017.php#id2017-08-03-3
http://php.net/archive/2017.php#id2017-08-03-1
+ UPDATE: JVNVU#98641178 Ghostscript に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU98641178/index.html
+ Windows 10 SMBLoris Denial Of Service
https://cxsecurity.com/issue/WLB-2017080024
JVNDB-2017-000196 IP Messenger のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000196.html
JVNDB-2017-000195 Baidu IME 文字入力システムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000195.html
UPDATE: JVNVU#96141589 PHP FormMail Generator で作成した PHP コードに複数の脆弱性
http://jvn.jp/vu/JVNVU96141589/index.html
徹底解説CDN
CDNでセキュリティ対策、サイトのTLS/SSL対応にも使える
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100005/?ST=security&itp_list_theme
記者の眼
WannaCryに感染していないのにシステムが止まった話
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/080100892/?ST=security&itp_list_theme
インタビュー&トーク
サーバーに大事なことは「PARIS」にあり
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/080200343/?ST=security&itp_list_theme
週末に遊べるラズパイ
自宅LANにリモートアクセス、「PiVPN」とラズパイで簡単に
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/080200018/?ST=security&itp_list_theme
Windows 7はいつやめる?
XPの反省生かすイオン、Windows 7サポート切れの4年前から準備
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080200004/?ST=security&itp_list_theme
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf
+ VU#824672 Microsoft Windows automatically executes code specified in shortcut files
https://www.kb.cert.org/vuls/id/824672
CVE-2017-8464
+ PHP 7.1.8, 7.0.22 Released
http://php.net/archive/2017.php#id2017-08-03-3
http://php.net/archive/2017.php#id2017-08-03-1
+ UPDATE: JVNVU#98641178 Ghostscript に任意のコードが実行可能な脆弱性
http://jvn.jp/vu/JVNVU98641178/index.html
+ Windows 10 SMBLoris Denial Of Service
https://cxsecurity.com/issue/WLB-2017080024
JVNDB-2017-000196 IP Messenger のインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000196.html
JVNDB-2017-000195 Baidu IME 文字入力システムのインストーラにおける DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000195.html
UPDATE: JVNVU#96141589 PHP FormMail Generator で作成した PHP コードに複数の脆弱性
http://jvn.jp/vu/JVNVU96141589/index.html
徹底解説CDN
CDNでセキュリティ対策、サイトのTLS/SSL対応にも使える
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100005/?ST=security&itp_list_theme
記者の眼
WannaCryに感染していないのにシステムが止まった話
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/080100892/?ST=security&itp_list_theme
インタビュー&トーク
サーバーに大事なことは「PARIS」にあり
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/080200343/?ST=security&itp_list_theme
週末に遊べるラズパイ
自宅LANにリモートアクセス、「PiVPN」とラズパイで簡単に
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/080200018/?ST=security&itp_list_theme
Windows 7はいつやめる?
XPの反省生かすイオン、Windows 7サポート切れの4年前から準備
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080200004/?ST=security&itp_list_theme
2017年8月3日木曜日
3日 木曜日、大安
+ RHSA-2017:1833 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:1833
CVE-2017-5091
CVE-2017-5092
CVE-2017-5093
CVE-2017-5094
CVE-2017-5095
CVE-2017-5096
CVE-2017-5097
CVE-2017-5098
CVE-2017-5099
CVE-2017-5100
CVE-2017-5101
CVE-2017-5102
CVE-2017-5103
CVE-2017-5104
CVE-2017-5105
CVE-2017-5106
CVE-2017-5107
CVE-2017-5108
CVE-2017-5109
CVE-2017-5110
CVE-2017-7000
+ RHSA-2017:2389 Important: freeradius security update
https://access.redhat.com/errata/RHSA-2017:2389
CVE-2017-10978
CVE-2017-10983
CVE-2017-10984
CVE-2017-10985
CVE-2017-10986
CVE-2017-10987
+ RHSA-2017:2388 Important: evince security update
https://access.redhat.com/errata/RHSA-2017:2388
CVE-2017-1000083
+ RHSA-2017:2258 Moderate: gtk-vnc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2258
CVE-2017-5884
CVE-2017-5885
+ RHSA-2017:2247 Low: tomcat security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2247
CVE-2016-0762
CVE-2016-5018
CVE-2016-6794
CVE-2016-6796
CVE-2016-6797
+ RHSA-2017:2192 Moderate: mariadb security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2192
CVE-2016-5483
CVE-2016-5617
CVE-2016-6664
CVE-2017-3238
CVE-2017-3243
CVE-2017-3244
CVE-2017-3258
CVE-2017-3265
CVE-2017-3291
CVE-2017-3302
CVE-2017-3308
CVE-2017-3309
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
CVE-2017-3600
+ RHSA-2017:2180 Low: ghostscript security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2180
CVE-2017-7207
+ RHSA-2017:2128 Moderate: gdm and gnome-session security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2128
CVE-2015-7496
+ RHSA-2017:2060 Moderate: GStreamer security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2060
CVE-2016-10198
CVE-2016-10199
CVE-2016-9446
CVE-2016-9810
CVE-2016-9811
CVE-2017-5837
CVE-2017-5838
CVE-2017-5839
CVE-2017-5840
CVE-2017-5841
CVE-2017-5842
CVE-2017-5843
CVE-2017-5844
CVE-2017-5845
CVE-2017-5848
+ RHSA-2017:2029 Moderate: openssh security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2029
CVE-2016-10009
CVE-2016-10011
CVE-2016-10012
CVE-2016-6210
CVE-2016-6515
+ RHSA-2017:2016 Moderate: curl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2016
CVE-2016-7167
+ RHSA-2017:2004 Moderate: git security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2004
CVE-2014-9938
CVE-2017-8386
+ RHSA-2017:2000 Moderate: tigervnc and fltk security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2000
CVE-2016-10207
CVE-2017-5581
CVE-2017-7392
CVE-2017-7393
CVE-2017-7394
CVE-2017-7395
CVE-2017-7396
+ RHSA-2017:1983 Moderate: postgresql security and enhancement update
https://access.redhat.com/errata/RHSA-2017:1983
CVE-2017-7484
CVE-2017-7486
+ RHSA-2017:1950 Low: samba security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1950
CVE-2017-9461
+ RHSA-2017:1931 Moderate: bash security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1931
CVE-2016-0634
CVE-2016-7543
CVE-2016-9401
+ RHSA-2017:1916 Moderate: glibc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1916
CVE-2014-9761
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779
+ RHSA-2017:1859 Moderate: golang security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1859
CVE-2017-8932
+ RHSA-2017:1868 Moderate: python security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1868
CVE-2014-9365
+ RHSA-2017:1860 Moderate: libtasn1 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1860
CVE-2015-2806
CVE-2015-3622
+ RHSA-2017:1865 Moderate: X.org X11 libraries security, bug fix and enhancement update
https://access.redhat.com/errata/RHSA-2017:1865
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
+ RHSA-2017:1856 Moderate: qemu-kvm security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1856
CVE-2016-4020
CVE-2017-2633
CVE-2017-5898
+ RHSA-2017:1852 Moderate: openldap security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1852
CVE-2017-9287
+ RHSA-2017:1842 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1842
CVE-2014-7970
CVE-2014-7975
CVE-2015-8839
CVE-2015-8970
CVE-2016-10088
CVE-2016-10147
CVE-2016-10200
CVE-2016-6213
CVE-2016-7042
CVE-2016-7097
CVE-2016-8645
CVE-2016-9576
CVE-2016-9588
CVE-2016-9604
CVE-2016-9685
CVE-2016-9806
CVE-2017-2596
CVE-2017-2647
CVE-2017-2671
CVE-2017-5970
CVE-2017-6001
CVE-2017-6951
CVE-2017-7187
CVE-2017-7616
CVE-2017-7889
CVE-2017-8797
CVE-2017-8890
CVE-2017-9074
CVE-2017-9075
CVE-2017-9076
CVE-2017-9077
CVE-2017-9242
+ RHSA-2017:1854 Moderate: pidgin security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1854
CVE-2014-3694
CVE-2014-3695
CVE-2014-3696
CVE-2014-3698
CVE-2017-2640
+ RHSA-2017:2299 Moderate: NetworkManager and libnl3 security, bug fix and enhancement update
https://access.redhat.com/errata/RHSA-2017:2299
CVE-2017-0553
+ RHSA-2017:2292 Moderate: gnutls security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2292
CVE-2016-7444
CVE-2017-5334
CVE-2017-5335
CVE-2017-5336
CVE-2017-5337
CVE-2017-7507
CVE-2017-7869
+ RHSA-2017:2335 Moderate: pki-core security update
https://access.redhat.com/errata/RHSA-2017:2335
CVE-2017-7537
+ RHSA-2017:2285 Moderate: authconfig security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2285
CVE-2017-7488
+ RHSA-2017:1975 Moderate: libreoffice security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1975
CVE-2017-7870
+ RHSA-2017:1871 Moderate: tcpdump security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1871
CVE-2015-0261
CVE-2015-2153
CVE-2015-2154
CVE-2015-2155
CVE-2016-7922
CVE-2016-7923
CVE-2016-7924
CVE-2016-7925
CVE-2016-7926
CVE-2016-7927
CVE-2016-7928
CVE-2016-7929
CVE-2016-7930
CVE-2016-7931
CVE-2016-7932
CVE-2016-7933
CVE-2016-7934
CVE-2016-7935
CVE-2016-7936
CVE-2016-7937
CVE-2016-7938
CVE-2016-7939
CVE-2016-7940
CVE-2016-7973
CVE-2016-7974
CVE-2016-7975
CVE-2016-7983
CVE-2016-7984
CVE-2016-7985
CVE-2016-7986
CVE-2016-7992
CVE-2016-7993
CVE-2016-8574
CVE-2016-8575
CVE-2017-5202
CVE-2017-5203
CVE-2017-5204
CVE-2017-5205
CVE-2017-5341
CVE-2017-5342
CVE-2017-5482
CVE-2017-5483
CVE-2017-5484
CVE-2017-5485
CVE-2017-5486
+ Google Chrome 60.0.3112.90 released
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop.html
+ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds
CVE-2017-6745
+ Cisco Identity Services Engine Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise
CVE-2017-6747
+ Cisco Unified Communications Manager Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1
CVE-2017-6758
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm
CVE-2017-6757
+ Cisco Smart Net Total Care Software Collector Appliance SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc
CVE-2017-6754
+ Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1
CVE-2017-6756
+ Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt
CVE-2017-6759
+ Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms
CVE-2017-6763
+ Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw
CVE-2017-6766
+ Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj
CVE-2017-6762
+ Cisco Finesse Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf
CVE-2017-6761
+ Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2
CVE-2017-6752
+ Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa1
CVE-2017-6765
+ Cisco Adaptive Security Appliance Authenticated Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa
CVE-2017-6764
+ glibc 2.26 released
https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html
UPDATE: JVN#74247807 ScreenOS における複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN74247807/
JVN#24087303 環境省が提供する報告書作成支援ツールのインストーラにおける任意のDLL読み込みの脆弱性
http://jvn.jp/jp/JVN24087303/
徹底解説CDN
CDNがパブリックDNSを使っても最寄りサーバーを判断できる理由
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100004/?ST=security&itp_list_theme
IoT時代の最新SELinux入門
SELinuxで今どきのログ収集サーバーを守る
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/080100009/?ST=security&itp_list_theme
Windows 7はいつやめる?
「Windows 10移行とSurface2000台導入で働き方改革」、日清食品HD
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080100003/?ST=security&itp_list_theme
Win10で需要増、キヤノンITSが汎用機エミュレーター「TCPLink」の新版
http://itpro.nikkeibp.co.jp/atcl/news/17/080102032/?ST=security&itp_list_theme
米Amazonが米BLU製格安スマホを販売停止、ユーザー情報を中国へ送信
http://itpro.nikkeibp.co.jp/atcl/news/17/080202046/?ST=security&itp_list_theme
AI quickly cooks malware that AV software can't spot
http://www.linuxsecurity.com/content/view/172407/169/
Security This Week: The Very Best Hacks From Black Hat and Defcon
http://www.linuxsecurity.com/content/view/172406/169/
12 signs you've been hacked -- and how to fight back
http://www.linuxsecurity.com/content/view/172405/169/
https://access.redhat.com/errata/RHSA-2017:1833
CVE-2017-5091
CVE-2017-5092
CVE-2017-5093
CVE-2017-5094
CVE-2017-5095
CVE-2017-5096
CVE-2017-5097
CVE-2017-5098
CVE-2017-5099
CVE-2017-5100
CVE-2017-5101
CVE-2017-5102
CVE-2017-5103
CVE-2017-5104
CVE-2017-5105
CVE-2017-5106
CVE-2017-5107
CVE-2017-5108
CVE-2017-5109
CVE-2017-5110
CVE-2017-7000
+ RHSA-2017:2389 Important: freeradius security update
https://access.redhat.com/errata/RHSA-2017:2389
CVE-2017-10978
CVE-2017-10983
CVE-2017-10984
CVE-2017-10985
CVE-2017-10986
CVE-2017-10987
+ RHSA-2017:2388 Important: evince security update
https://access.redhat.com/errata/RHSA-2017:2388
CVE-2017-1000083
+ RHSA-2017:2258 Moderate: gtk-vnc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2258
CVE-2017-5884
CVE-2017-5885
+ RHSA-2017:2247 Low: tomcat security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2247
CVE-2016-0762
CVE-2016-5018
CVE-2016-6794
CVE-2016-6796
CVE-2016-6797
+ RHSA-2017:2192 Moderate: mariadb security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2192
CVE-2016-5483
CVE-2016-5617
CVE-2016-6664
CVE-2017-3238
CVE-2017-3243
CVE-2017-3244
CVE-2017-3258
CVE-2017-3265
CVE-2017-3291
CVE-2017-3302
CVE-2017-3308
CVE-2017-3309
CVE-2017-3312
CVE-2017-3313
CVE-2017-3317
CVE-2017-3318
CVE-2017-3453
CVE-2017-3456
CVE-2017-3464
CVE-2017-3600
+ RHSA-2017:2180 Low: ghostscript security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2180
CVE-2017-7207
+ RHSA-2017:2128 Moderate: gdm and gnome-session security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2128
CVE-2015-7496
+ RHSA-2017:2060 Moderate: GStreamer security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2060
CVE-2016-10198
CVE-2016-10199
CVE-2016-9446
CVE-2016-9810
CVE-2016-9811
CVE-2017-5837
CVE-2017-5838
CVE-2017-5839
CVE-2017-5840
CVE-2017-5841
CVE-2017-5842
CVE-2017-5843
CVE-2017-5844
CVE-2017-5845
CVE-2017-5848
+ RHSA-2017:2029 Moderate: openssh security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2029
CVE-2016-10009
CVE-2016-10011
CVE-2016-10012
CVE-2016-6210
CVE-2016-6515
+ RHSA-2017:2016 Moderate: curl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2016
CVE-2016-7167
+ RHSA-2017:2004 Moderate: git security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2004
CVE-2014-9938
CVE-2017-8386
+ RHSA-2017:2000 Moderate: tigervnc and fltk security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2000
CVE-2016-10207
CVE-2017-5581
CVE-2017-7392
CVE-2017-7393
CVE-2017-7394
CVE-2017-7395
CVE-2017-7396
+ RHSA-2017:1983 Moderate: postgresql security and enhancement update
https://access.redhat.com/errata/RHSA-2017:1983
CVE-2017-7484
CVE-2017-7486
+ RHSA-2017:1950 Low: samba security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1950
CVE-2017-9461
+ RHSA-2017:1931 Moderate: bash security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1931
CVE-2016-0634
CVE-2016-7543
CVE-2016-9401
+ RHSA-2017:1916 Moderate: glibc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1916
CVE-2014-9761
CVE-2015-8776
CVE-2015-8777
CVE-2015-8778
CVE-2015-8779
+ RHSA-2017:1859 Moderate: golang security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1859
CVE-2017-8932
+ RHSA-2017:1868 Moderate: python security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1868
CVE-2014-9365
+ RHSA-2017:1860 Moderate: libtasn1 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1860
CVE-2015-2806
CVE-2015-3622
+ RHSA-2017:1865 Moderate: X.org X11 libraries security, bug fix and enhancement update
https://access.redhat.com/errata/RHSA-2017:1865
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
+ RHSA-2017:1856 Moderate: qemu-kvm security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1856
CVE-2016-4020
CVE-2017-2633
CVE-2017-5898
+ RHSA-2017:1852 Moderate: openldap security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1852
CVE-2017-9287
+ RHSA-2017:1842 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1842
CVE-2014-7970
CVE-2014-7975
CVE-2015-8839
CVE-2015-8970
CVE-2016-10088
CVE-2016-10147
CVE-2016-10200
CVE-2016-6213
CVE-2016-7042
CVE-2016-7097
CVE-2016-8645
CVE-2016-9576
CVE-2016-9588
CVE-2016-9604
CVE-2016-9685
CVE-2016-9806
CVE-2017-2596
CVE-2017-2647
CVE-2017-2671
CVE-2017-5970
CVE-2017-6001
CVE-2017-6951
CVE-2017-7187
CVE-2017-7616
CVE-2017-7889
CVE-2017-8797
CVE-2017-8890
CVE-2017-9074
CVE-2017-9075
CVE-2017-9076
CVE-2017-9077
CVE-2017-9242
+ RHSA-2017:1854 Moderate: pidgin security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1854
CVE-2014-3694
CVE-2014-3695
CVE-2014-3696
CVE-2014-3698
CVE-2017-2640
+ RHSA-2017:2299 Moderate: NetworkManager and libnl3 security, bug fix and enhancement update
https://access.redhat.com/errata/RHSA-2017:2299
CVE-2017-0553
+ RHSA-2017:2292 Moderate: gnutls security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2292
CVE-2016-7444
CVE-2017-5334
CVE-2017-5335
CVE-2017-5336
CVE-2017-5337
CVE-2017-7507
CVE-2017-7869
+ RHSA-2017:2335 Moderate: pki-core security update
https://access.redhat.com/errata/RHSA-2017:2335
CVE-2017-7537
+ RHSA-2017:2285 Moderate: authconfig security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:2285
CVE-2017-7488
+ RHSA-2017:1975 Moderate: libreoffice security and bug fix update
https://access.redhat.com/errata/RHSA-2017:1975
CVE-2017-7870
+ RHSA-2017:1871 Moderate: tcpdump security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2017:1871
CVE-2015-0261
CVE-2015-2153
CVE-2015-2154
CVE-2015-2155
CVE-2016-7922
CVE-2016-7923
CVE-2016-7924
CVE-2016-7925
CVE-2016-7926
CVE-2016-7927
CVE-2016-7928
CVE-2016-7929
CVE-2016-7930
CVE-2016-7931
CVE-2016-7932
CVE-2016-7933
CVE-2016-7934
CVE-2016-7935
CVE-2016-7936
CVE-2016-7937
CVE-2016-7938
CVE-2016-7939
CVE-2016-7940
CVE-2016-7973
CVE-2016-7974
CVE-2016-7975
CVE-2016-7983
CVE-2016-7984
CVE-2016-7985
CVE-2016-7986
CVE-2016-7992
CVE-2016-7993
CVE-2016-8574
CVE-2016-8575
CVE-2017-5202
CVE-2017-5203
CVE-2017-5204
CVE-2017-5205
CVE-2017-5341
CVE-2017-5342
CVE-2017-5482
CVE-2017-5483
CVE-2017-5484
CVE-2017-5485
CVE-2017-5486
+ Google Chrome 60.0.3112.90 released
https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop.html
+ Cisco Videoscape Distribution Suite Cache Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds
CVE-2017-6745
+ Cisco Identity Services Engine Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise
CVE-2017-6747
+ Cisco Unified Communications Manager Directory Traversal Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1
CVE-2017-6758
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm
CVE-2017-6757
+ Cisco Smart Net Total Care Software Collector Appliance SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-sntc
CVE-2017-6754
+ Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt1
CVE-2017-6756
+ Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt
CVE-2017-6759
+ Cisco Meeting Server H.264 Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ms
CVE-2017-6763
+ Cisco Firepower System Software Secure Sockets Layer Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-fpw
CVE-2017-6766
+ Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cj
CVE-2017-6762
+ Cisco Finesse Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf
CVE-2017-6761
+ Cisco Adaptive Security Appliance Username Enumeration Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa2
CVE-2017-6752
+ Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa1
CVE-2017-6765
+ Cisco Adaptive Security Appliance Authenticated Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-asa
CVE-2017-6764
+ glibc 2.26 released
https://sourceware.org/ml/libc-alpha/2017-08/msg00010.html
UPDATE: JVN#74247807 ScreenOS における複数のクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN74247807/
JVN#24087303 環境省が提供する報告書作成支援ツールのインストーラにおける任意のDLL読み込みの脆弱性
http://jvn.jp/jp/JVN24087303/
徹底解説CDN
CDNがパブリックDNSを使っても最寄りサーバーを判断できる理由
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100004/?ST=security&itp_list_theme
IoT時代の最新SELinux入門
SELinuxで今どきのログ収集サーバーを守る
http://itpro.nikkeibp.co.jp/atcl/column/17/041900153/080100009/?ST=security&itp_list_theme
Windows 7はいつやめる?
「Windows 10移行とSurface2000台導入で働き方改革」、日清食品HD
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/080100003/?ST=security&itp_list_theme
Win10で需要増、キヤノンITSが汎用機エミュレーター「TCPLink」の新版
http://itpro.nikkeibp.co.jp/atcl/news/17/080102032/?ST=security&itp_list_theme
米Amazonが米BLU製格安スマホを販売停止、ユーザー情報を中国へ送信
http://itpro.nikkeibp.co.jp/atcl/news/17/080202046/?ST=security&itp_list_theme
AI quickly cooks malware that AV software can't spot
http://www.linuxsecurity.com/content/view/172407/169/
Security This Week: The Very Best Hacks From Black Hat and Defcon
http://www.linuxsecurity.com/content/view/172406/169/
12 signs you've been hacked -- and how to fight back
http://www.linuxsecurity.com/content/view/172405/169/
2017年8月2日水曜日
2日 水曜日、仏滅
+ RED HAT ENTERPRISE LINUX 7.4 released
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ MantisBT Input Validation Flaws in '/admin/install.php' and 'manage_user_page.php' Let Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039030
CVE-2017-12061
CVE-2017-12062
+ iOS/macOS xpc_data Objects Sandbox Escape Privelege Escalation
https://cxsecurity.com/issue/WLB-2017080009
CVE-2017-7047
JVNVU#91587298 MaLion における複数の脆弱性
http://jvn.jp/vu/JVNVU91587298/
徹底解説CDN
高速通信を実現するCDNが効率よくデータを配信する工夫
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100003/?ST=security&itp_list_theme
Windows 7はいつやめる?
「Windows 7の9割はChromebookへ移行する」、東急ハンズ
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/073100002/?ST=security&itp_list_theme
総務省が「情報セキュリティ政策局」を検討、マイナンバーやIoTなどで対策強化
http://itpro.nikkeibp.co.jp/atcl/news/17/080102045/?ST=security&itp_list_theme
他人の名前で標的型攻撃の訓練をするな、IPAがポイント解説を公開
http://itpro.nikkeibp.co.jp/atcl/news/17/080102041/?ST=security&itp_list_theme
「Jp+w2st0pass16%」この複雑なパスワードはどう作る?
http://itpro.nikkeibp.co.jp/atcl/news/17/080102038/?ST=security&itp_list_theme
「脅威情報は収益源ではなくなる」、米RSAセキュリティ幹部
http://itpro.nikkeibp.co.jp/atcl/news/17/080102036/?ST=security&itp_list_theme
ビットコインの分裂迫る、取引所は送金一時停止などで備え
http://itpro.nikkeibp.co.jp/atcl/news/17/080102031/?ST=security&itp_list_theme
True random numbers are here ? what that means for data centers
http://www.linuxsecurity.com/content/view/172395/169/
Long Live Gopher: The Techies Keeping the Text-Driven Internet Alive
http://www.linuxsecurity.com/content/view/172394/169/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
+ UPDATE: Oracle Critical Patch Update Advisory - July 2017
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
+ MantisBT Input Validation Flaws in '/admin/install.php' and 'manage_user_page.php' Let Remote Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039030
CVE-2017-12061
CVE-2017-12062
+ iOS/macOS xpc_data Objects Sandbox Escape Privelege Escalation
https://cxsecurity.com/issue/WLB-2017080009
CVE-2017-7047
JVNVU#91587298 MaLion における複数の脆弱性
http://jvn.jp/vu/JVNVU91587298/
徹底解説CDN
高速通信を実現するCDNが効率よくデータを配信する工夫
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100003/?ST=security&itp_list_theme
Windows 7はいつやめる?
「Windows 7の9割はChromebookへ移行する」、東急ハンズ
http://itpro.nikkeibp.co.jp/atcl/column/17/072600315/073100002/?ST=security&itp_list_theme
総務省が「情報セキュリティ政策局」を検討、マイナンバーやIoTなどで対策強化
http://itpro.nikkeibp.co.jp/atcl/news/17/080102045/?ST=security&itp_list_theme
他人の名前で標的型攻撃の訓練をするな、IPAがポイント解説を公開
http://itpro.nikkeibp.co.jp/atcl/news/17/080102041/?ST=security&itp_list_theme
「Jp+w2st0pass16%」この複雑なパスワードはどう作る?
http://itpro.nikkeibp.co.jp/atcl/news/17/080102038/?ST=security&itp_list_theme
「脅威情報は収益源ではなくなる」、米RSAセキュリティ幹部
http://itpro.nikkeibp.co.jp/atcl/news/17/080102036/?ST=security&itp_list_theme
ビットコインの分裂迫る、取引所は送金一時停止などで備え
http://itpro.nikkeibp.co.jp/atcl/news/17/080102031/?ST=security&itp_list_theme
True random numbers are here ? what that means for data centers
http://www.linuxsecurity.com/content/view/172395/169/
Long Live Gopher: The Techies Keeping the Text-Driven Internet Alive
http://www.linuxsecurity.com/content/view/172394/169/
2017年8月1日火曜日
1日 火曜日、先負
+ CESA-2017:1809 Important CentOS 7 tomcat Security Update
https://lwn.net/Alerts/729114/
+ Outlook の脆弱性を修正するセキュリティ更新プログラムを定例外で公開
https://blogs.technet.microsoft.com/jpsecurity/2017/07/28/outlookoobrelease/
CVE-2017-8571
CVE-2017-8572
CVE-2017-8663
+ UPDATE: Multiple Cisco Products OSPF LSA Manipulation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf
+ ISC BIND 9.11.2, 9.10.6, 9.9.11 released
http://ftp.isc.org/isc/bind9/9.11.2/RELEASE-NOTES-bind-9.11.2.html
http://ftp.isc.org/isc/bind9/9.10.6/RELEASE-NOTES-bind-9.10.6.html
http://ftp.isc.org/isc/bind9/9.9.11/RELEASE-NOTES-bind-9.9.11.html
+ hitachi-sec-2017-120 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-120/index.html
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
+ hitachi-sec-2017-120 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-120/index.html
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
+ Linux kernel CVE-2017-11473 Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/100010
CVE-2017-11473
Navicat for PL/PGSQL version 12 is released - introducing PostgreSQL Debugger & support PostgreSQL 9.6
https://www.postgresql.org/about/news/1766/
Announcing 2ndQuadrant PostgreSQL Conference 2017
https://www.postgresql.org/about/news/1767/
徹底解説CDN
ピークやDDoSの対策に有効なCDN、クラウド連携や価格下落でお手軽度向上
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100002/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
悪夢の「APT宣告」、その時組織が取るべき行動とは
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/071200007/?ST=security&itp_list_theme
議論白熱!セキュリティクラウド
悩ましい、オープンデータを推進する意義
http://itpro.nikkeibp.co.jp/atcl/column/17/072400306/072400004/?ST=security&itp_list_theme
徹底解説CDN
北米とのネットワーク遅延を20分の1以下に減らすCDN
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100001/?ST=security&itp_list_theme
記者の眼
Flash終了の知らせには、二度驚いた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/072700889/?ST=security&itp_list_theme
編集長の眼
どうする、クラウドの“野良サーバー”
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/072500042/?ST=security&itp_list_theme
マクドナルドで再びポイントや電子マネー使用不能に、WannaCryとは無関係
http://itpro.nikkeibp.co.jp/atcl/news/17/072802012/?ST=security&itp_list_theme
マネースクウェアの情報漏洩は最大11万件超と判明、丸1年不正アクセスに気づかず
http://itpro.nikkeibp.co.jp/atcl/news/17/072802010/?ST=security&itp_list_theme
シリコンバレーNextレポート
こうしてTesla車を遠隔ハッキングした、中国Tencentが詳細を公開
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/072800116/?ST=security&itp_list_theme
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
Def Con hackers showed how easily voting machines can be hacked
http://www.linuxsecurity.com/content/view/172380/169/
Linux Advisory Watch: July 28th, 2017
http://www.linuxsecurity.com/content/view/172368/187/
Privacy Isn't Dead. It's More Popular Than Ever
http://www.linuxsecurity.com/content/view/172367/169/
'SambaCry' malware scum return with a Windows encore
http://www.linuxsecurity.com/content/view/172366/169/
How a Bug in an Obscure Chip Exposed a Billion Smartphones to Hackers
http://www.linuxsecurity.com/content/view/172365/169/
https://lwn.net/Alerts/729114/
+ Outlook の脆弱性を修正するセキュリティ更新プログラムを定例外で公開
https://blogs.technet.microsoft.com/jpsecurity/2017/07/28/outlookoobrelease/
CVE-2017-8571
CVE-2017-8572
CVE-2017-8663
+ UPDATE: Multiple Cisco Products OSPF LSA Manipulation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf
+ ISC BIND 9.11.2, 9.10.6, 9.9.11 released
http://ftp.isc.org/isc/bind9/9.11.2/RELEASE-NOTES-bind-9.11.2.html
http://ftp.isc.org/isc/bind9/9.10.6/RELEASE-NOTES-bind-9.10.6.html
http://ftp.isc.org/isc/bind9/9.9.11/RELEASE-NOTES-bind-9.9.11.html
+ hitachi-sec-2017-120 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-120/index.html
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
+ hitachi-sec-2017-120 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-120/index.html
CVE-2017-10053
CVE-2017-10067
CVE-2017-10074
CVE-2017-10078
CVE-2017-10081
CVE-2017-10087
CVE-2017-10089
CVE-2017-10090
CVE-2017-10096
CVE-2017-10101
CVE-2017-10102
CVE-2017-10105
CVE-2017-10107
CVE-2017-10108
CVE-2017-10109
CVE-2017-10110
CVE-2017-10111
CVE-2017-10115
CVE-2017-10116
CVE-2017-10118
CVE-2017-10135
CVE-2017-10176
CVE-2017-10193
CVE-2017-10198
CVE-2017-10243
+ Linux kernel CVE-2017-11473 Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/100010
CVE-2017-11473
Navicat for PL/PGSQL version 12 is released - introducing PostgreSQL Debugger & support PostgreSQL 9.6
https://www.postgresql.org/about/news/1766/
Announcing 2ndQuadrant PostgreSQL Conference 2017
https://www.postgresql.org/about/news/1767/
徹底解説CDN
ピークやDDoSの対策に有効なCDN、クラウド連携や価格下落でお手軽度向上
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100002/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
悪夢の「APT宣告」、その時組織が取るべき行動とは
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/071200007/?ST=security&itp_list_theme
議論白熱!セキュリティクラウド
悩ましい、オープンデータを推進する意義
http://itpro.nikkeibp.co.jp/atcl/column/17/072400306/072400004/?ST=security&itp_list_theme
徹底解説CDN
北米とのネットワーク遅延を20分の1以下に減らすCDN
http://itpro.nikkeibp.co.jp/atcl/column/17/072100302/072100001/?ST=security&itp_list_theme
記者の眼
Flash終了の知らせには、二度驚いた
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/072700889/?ST=security&itp_list_theme
編集長の眼
どうする、クラウドの“野良サーバー”
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/072500042/?ST=security&itp_list_theme
マクドナルドで再びポイントや電子マネー使用不能に、WannaCryとは無関係
http://itpro.nikkeibp.co.jp/atcl/news/17/072802012/?ST=security&itp_list_theme
マネースクウェアの情報漏洩は最大11万件超と判明、丸1年不正アクセスに気づかず
http://itpro.nikkeibp.co.jp/atcl/news/17/072802010/?ST=security&itp_list_theme
シリコンバレーNextレポート
こうしてTesla車を遠隔ハッキングした、中国Tencentが詳細を公開
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/072800116/?ST=security&itp_list_theme
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
Def Con hackers showed how easily voting machines can be hacked
http://www.linuxsecurity.com/content/view/172380/169/
Linux Advisory Watch: July 28th, 2017
http://www.linuxsecurity.com/content/view/172368/187/
Privacy Isn't Dead. It's More Popular Than Ever
http://www.linuxsecurity.com/content/view/172367/169/
'SambaCry' malware scum return with a Windows encore
http://www.linuxsecurity.com/content/view/172366/169/
How a Bug in an Obscure Chip Exposed a Billion Smartphones to Hackers
http://www.linuxsecurity.com/content/view/172365/169/
登録:
投稿 (Atom)