+ UPDATE: CVE-2017-8628 | Microsoft Bluetooth ドライバーのなりすましの脆弱性
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-8628
+ RHSA-2017:2832 Important: nss security update
https://access.redhat.com/errata/RHSA-2017:2832
CVE-2017-7805
+ RHSA-2017:2831 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:2831
CVE-2017-7793
CVE-2017-7810
CVE-2017-7814
CVE-2017-7818
CVE-2017-7819
CVE-2017-7823
CVE-2017-7824
+ RHSA-2017:2795 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:2795
CVE-2017-1000253
+ RHSA-2017:2832 Important: nss security update
https://access.redhat.com/errata/RHSA-2017:2832
CVE-2017-7805
+ Mozilla Firefox 56.0 released
https://www.mozilla.org/en-US/firefox/56.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-21 Security vulnerabilities fixed in Firefox 56
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
CVE-2017-7793
CVE-2017-7817
CVE-2017-7818
CVE-2017-7819
CVE-2017-7824
CVE-2017-7805
CVE-2017-7812
CVE-2017-7814
CVE-2017-7813
CVE-2017-7825
CVE-2017-7815
CVE-2017-7816
CVE-2017-7821
CVE-2017-7823
CVE-2017-7822
CVE-2017-7820
CVE-2017-7811
CVE-2017-7810
+ CESA-2017:2795 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/735008/
+ VMware Workstation 14.0.0 Player released
https://docs.vmware.com/en/VMware-Workstation-Player/14.0.0/rn/player-14-release-notes.html
+ CVE-2017-8759 のエクスプロイトの検出と無効化
https://blogs.technet.microsoft.com/jpsecurity/2017/09/28/exploit_for_cve-2017-8759_detected_and_neutralized/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
+ PHP 7.0.24 Released
http://www.php.net/ChangeLog-7.php#7.0.24
+ UPDATE: JVNTA#91240916 Windows アプリケーションによる DLL 読み込みやコマンド実行に関する問題
http://jvn.jp/ta/JVNTA91240916/index.html
+ Mac OS X Local Javascript Quarantine Bypass *youtube
https://cxsecurity.com/issue/WLB-2017090230
+ Trend Micro OfficeScan v11.0 and XG (12.0)* NT Domain Disclosure / PHP Information Disclosure
https://cxsecurity.com/issue/WLB-2017090229
CVE-2017-14085
+ Trend Micro OfficeScan v11.0 and XG (12.0)* Host Header Injection
https://cxsecurity.com/issue/WLB-2017090227
+ iPhone 7 and Samsung Galaxy S7 Wi-Fi Chip Hack
https://cxsecurity.com/issue/WLB-2017090225
CVE-2017-11120
Support for PostgreSQL 9.6.5 in dbForge Data Compare for PostgreSQL
https://www.postgresql.org/about/news/1784/
セキュリティ大実験室 2017
会社のパソコンから不適切なWebサイトにアクセス、社名はバレる?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100010/?ST=security&itp_list_theme
記者の眼
北朝鮮やランサムウエア、サイバー攻撃リスクとどう向き合う
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092600924/?ST=security&itp_list_theme
ニュース解説
ゼロデイ脆弱性の特効薬を標準搭載、Windows 10秋アップデート
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092801140/?ST=security&itp_list_theme
悪意のあるプログラムが実行される「DLL読み込みの脆弱性」が急増、IPAが対策呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/092802357/?ST=security&itp_list_theme
Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'
http://www.linuxsecurity.com/content/view/175965/169/
2017年9月29日金曜日
2017年9月28日木曜日
28日 木曜日、仏滅
+ About the security content of iOS 11.0.1
https://support.apple.com/ja-jp/HT208143
+ Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
CVE-2017-12229
+ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
CVE-2017-12230
+ Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
CVE-2017-12240
+ Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
CVE-2017-3831
+ Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls
CVE-2017-12238
+ Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
CVE-2017-12232
+ Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
CVE-2017-12235
+ Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
CVE-2017-12228
+ Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
CVE-2017-12226
+ Cisco IOS Software Network Address Translation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
CVE-2017-12231
+ Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
CVE-2017-12236
+ Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
CVE-2017-12222
+ Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
CVE-2017-12237
+ Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
CVE-2017-12233
CVE-2017-12234
+ Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
CVE-2017-12239
+ Linux kernel 4.13.4, 4.9.52, 4.4.89, 3.18.72 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.52
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.89
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.72
+ Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1039434
CVE-2017-1000253
+ Apple macOS/OS X Unspecified Flaw Lets Local Users View Keychain Passwords
http://www.securitytracker.com/id/1039430
セキュリティ大実験室 2017
会社のパソコンからファイルを持ち出してもバレない?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100009/?ST=security&itp_list_theme
記者の眼
減少する迷惑メール、でも被害相談が急増している理由
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092600923/?ST=security&itp_list_theme
EMCジャパン、サイバー攻撃調査を効率化する製品の新版を発表
http://itpro.nikkeibp.co.jp/atcl/news/17/092702348/?ST=security&itp_list_theme
メルカリでアクセス障害発生、「短時間だからユーザーに案内しない」
http://itpro.nikkeibp.co.jp/atcl/news/17/092702347/?ST=security&itp_list_theme
!Dios mio! Spain blocks DNS to silence Catalan independence vote sites
http://www.linuxsecurity.com/content/view/175962/169/
https://support.apple.com/ja-jp/HT208143
+ Cisco IOS XE Software Web UI REST API Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-restapi
CVE-2017-12229
+ Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-privesc
CVE-2017-12230
+ Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
CVE-2017-12240
+ Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
CVE-2017-3831
+ Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls
CVE-2017-12238
+ Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
CVE-2017-12232
+ Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet
CVE-2017-12235
+ Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
CVE-2017-12228
+ Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
CVE-2017-12226
+ Cisco IOS Software Network Address Translation Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
CVE-2017-12231
+ Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
CVE-2017-12236
+ Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
CVE-2017-12222
+ Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
CVE-2017-12237
+ Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
CVE-2017-12233
CVE-2017-12234
+ Cisco IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
CVE-2017-12239
+ Linux kernel 4.13.4, 4.9.52, 4.4.89, 3.18.72 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.52
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.89
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.72
+ Linux Kernel Stack Corruption Flaw in PIE Executables Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1039434
CVE-2017-1000253
+ Apple macOS/OS X Unspecified Flaw Lets Local Users View Keychain Passwords
http://www.securitytracker.com/id/1039430
セキュリティ大実験室 2017
会社のパソコンからファイルを持ち出してもバレない?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100009/?ST=security&itp_list_theme
記者の眼
減少する迷惑メール、でも被害相談が急増している理由
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/092600923/?ST=security&itp_list_theme
EMCジャパン、サイバー攻撃調査を効率化する製品の新版を発表
http://itpro.nikkeibp.co.jp/atcl/news/17/092702348/?ST=security&itp_list_theme
メルカリでアクセス障害発生、「短時間だからユーザーに案内しない」
http://itpro.nikkeibp.co.jp/atcl/news/17/092702347/?ST=security&itp_list_theme
!Dios mio! Spain blocks DNS to silence Catalan independence vote sites
http://www.linuxsecurity.com/content/view/175962/169/
2017年9月27日水曜日
27日 水曜日、先負
+ UPDATE: JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/index.html
Microsoft Office に関する報奨金プログラムの延長
https://blogs.technet.microsoft.com/jpsecurity/2017/09/26/extending-the-microsoft-office-bounty-program/
ニュース解説
Webアプリの脆弱性、機械学習で自動検出する新技術
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092501132/?ST=security&itp_list_theme
セキュリティ大実験室 2017
パスワードが公開された公衆無線LAN、暗号化されていても盗聴できる?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100008/?ST=security&itp_list_theme
インタビュー&トーク
「日本の弱点は復元力のなさ」、齋藤ウィリアム浩幸氏
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/092500350/?ST=security&itp_list_theme
さくらに連日のDoS攻撃、「脅迫メールは届いていない」
http://itpro.nikkeibp.co.jp/atcl/news/17/092602337/?ST=security&itp_list_theme
はてなが「はてなブログ」をHTTPS化、11月からブログ全体に
http://itpro.nikkeibp.co.jp/atcl/news/17/092602335/?ST=security&itp_list_theme
PFU、4大ブランドが使える電子マネーチャージ機
http://itpro.nikkeibp.co.jp/atcl/news/17/092602333/?ST=security&itp_list_theme
制御システムのセキュリティ対策へ、デロイトが「iTAP」初公開
http://itpro.nikkeibp.co.jp/atcl/news/17/092602331/?ST=security&itp_list_theme
2017年9月26日火曜日
26日 火曜日、友引
+ Gpg4win 3.0.0 released
https://www.gpg4win.org/change-history.html
+ About the security content of macOS Server 5.4
https://support.apple.com/ja-jp/HT208102
CVE-2017-10978
CVE-2017-10979
+ About the security content of iCloud for Windows 7.0
https://support.apple.com/ja-jp/HT208142
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7089
CVE-2017-7090
CVE-2017-7106
CVE-2017-7109
+ About the security content of macOS High Sierra 10.13
https://support.apple.com/ja-jp/HT208144
CVE-2017-7084
CVE-2017-7074
CVE-2017-7143
CVE-2017-7083
CVE-2017-0381
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-11103
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-7082
CVE-2017-7080
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
+ Google Chrome 61.0.3163.100 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
+ Zabbix 3.4.2, 3.2.8, 3.0.11, 2.2.20 released
https://www.zabbix.com/rn3.4.2
https://www.zabbix.com/rn3.2.7
https://www.zabbix.com/rn3.0.10
https://www.zabbix.com/rn2.2.19
+ CESA-2017:2789 Moderate CentOS 6 samba Security Update
https://lwn.net/Alerts/734584/
+ CESA-2017:2788 Important CentOS 7 augeas Security Update
https://lwn.net/Alerts/734583/
+ CESA-2017:2791 Moderate CentOS 6 samba4 Security Update
https://lwn.net/Alerts/734586/
+ CESA-2017:2790 Moderate CentOS 7 samba Security Update
https://lwn.net/Alerts/734585/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ hitachi-sec-2017-123 Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-123/index.html
CVE-2017-3167
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2017-122 DoS Vulnerability in JP1 and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-122/index.html
+ hitachi-sec-2017-123 Cosminexus HTTP Server, Hitachi Web Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-123/index.html
CVE-2017-3167
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2017-122 JP1およびHitachi IT Operations Director製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-122/index.html
+ Postfix 3.2.3 released
http://www.postfix.org/announcements/postfix-3.2.3.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.2.3.HISTORY
+ UPDATE: JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
JVNVU#90916766 jwt-scala にトークン署名検証回避の脆弱性
http://jvn.jp/vu/JVNVU90916766/
セキュリティ大実験室 2017
OSの機能だけでファイルを完全消去できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100007/?ST=security&itp_list_theme
Suica利用履歴データで交通費を自動精算、コンカーやJR東日本など
http://itpro.nikkeibp.co.jp/atcl/news/17/092502328/?ST=security&itp_list_theme
感染拡大を狙う中国発の通信が急増、ラックが分析
http://itpro.nikkeibp.co.jp/atcl/news/17/092502323/?ST=security&itp_list_theme
さくらのレンタルサーバーがDoS攻撃を受け接続障害
http://itpro.nikkeibp.co.jp/atcl/news/17/092502320/?ST=security&itp_list_theme
編集長の眼
建築家が気づいた「貯蓄から投資へ」を阻む壁
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/092100047/?ST=security&itp_list_theme
ニュース解説
AIとIoTのエンジニア不足が深刻化、国が育成に本腰
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092101127/?ST=security&itp_list_theme
「iPhone X」は買いか?
底知れぬ魅力をたたえるiPhone XのTrueDepthカメラ、開発者のアイデアに期待
http://itpro.nikkeibp.co.jp/atcl/column/17/091300375/091900005/?ST=security&itp_list_theme
セキュリティ大実験室 2017
書類の母印から指紋認証を突破できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100006/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
セキュリティの現場、AIはどう変えるか
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/091300009/?ST=security&itp_list_theme
ニュース解説
北朝鮮のミサイルを警告できず、Jアラート障害の原因は設定ミス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092201129/?ST=security&itp_list_theme
ニュース解説
グーグルが無効化を発表、シマンテックのサーバー証明書にダメ出し?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092101128/?ST=security&itp_list_theme
東京ガスに再びリスト型攻撃、個人情報流出とポイント不正使用の疑い
http://itpro.nikkeibp.co.jp/atcl/news/17/092202318/?ST=security&itp_list_theme
ネット金融狙うDDoS攻撃が続く、脅迫型による被害も明らかに
http://itpro.nikkeibp.co.jp/atcl/news/17/092202316/?ST=security&itp_list_theme
Google Playで国内7銀行の偽アプリ配布、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/092202314/?ST=security&itp_list_theme
NECや三井住友海上ら4社がセキュリティサービスで協業、攻撃対策からサイバー保険まで
http://itpro.nikkeibp.co.jp/atcl/news/17/092202313/?ST=security&itp_list_theme
カブドットコムが口座開設アプリ、マイナンバーカードでペーパーレス
http://itpro.nikkeibp.co.jp/atcl/news/17/092202312/?ST=security&itp_list_theme
さくら、無効化されるシマンテック証明書の更新方法を12月1日以降に案内
http://itpro.nikkeibp.co.jp/atcl/news/17/092102302/?ST=security&itp_list_theme
2017年「検索リスクの高い有名人」1位はアヴリル・ラヴィーン氏、マカフィー調査
http://itpro.nikkeibp.co.jp/atcl/news/17/092202311/?ST=security&itp_list_theme
米信用情報会社が起こした史上最悪の個人情報漏洩事件、大規模詐欺に発展も
http://itpro.nikkeibp.co.jp/atcl/news/17/092202310/?ST=security&itp_list_theme
Linux Security Week: September 25th, 2017
http://www.linuxsecurity.com/content/view/175950/187/
1.4 Million New Phishing Sites Launched Each Month
http://www.linuxsecurity.com/content/view/175948/169/
Beyond public key encryption
http://www.linuxsecurity.com/content/view/175947/169/
The Pirate Bay Takes Heat for Testing Monero Mining
http://www.linuxsecurity.com/content/view/175922/169/
Joomla patches eight-year-old critical CMS bug
http://www.linuxsecurity.com/content/view/175921/169/
https://www.gpg4win.org/change-history.html
+ About the security content of macOS Server 5.4
https://support.apple.com/ja-jp/HT208102
CVE-2017-10978
CVE-2017-10979
+ About the security content of iCloud for Windows 7.0
https://support.apple.com/ja-jp/HT208142
CVE-2017-7127
CVE-2017-7081
CVE-2017-7087
CVE-2017-7091
CVE-2017-7092
CVE-2017-7093
CVE-2017-7094
CVE-2017-7095
CVE-2017-7096
CVE-2017-7098
CVE-2017-7099
CVE-2017-7100
CVE-2017-7102
CVE-2017-7104
CVE-2017-7107
CVE-2017-7111
CVE-2017-7117
CVE-2017-7120
CVE-2017-7089
CVE-2017-7090
CVE-2017-7106
CVE-2017-7109
+ About the security content of macOS High Sierra 10.13
https://support.apple.com/ja-jp/HT208144
CVE-2017-7084
CVE-2017-7074
CVE-2017-7143
CVE-2017-7083
CVE-2017-0381
CVE-2017-7138
CVE-2017-7121
CVE-2017-7122
CVE-2017-7123
CVE-2017-7124
CVE-2017-7125
CVE-2017-7126
CVE-2017-11103
CVE-2017-7077
CVE-2017-7119
CVE-2017-7114
CVE-2017-7086
CVE-2017-1000373
CVE-2016-9063
CVE-2017-9233
CVE-2017-7141
CVE-2017-7078
CVE-2017-6451
CVE-2017-6452
CVE-2017-6455
CVE-2017-6458
CVE-2017-6459
CVE-2017-6460
CVE-2017-6462
CVE-2017-6463
CVE-2017-6464
CVE-2016-9042
CVE-2017-7082
CVE-2017-7080
CVE-2017-10989
CVE-2017-7128
CVE-2017-7129
CVE-2017-7130
CVE-2017-7127
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
+ Google Chrome 61.0.3163.100 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
+ Zabbix 3.4.2, 3.2.8, 3.0.11, 2.2.20 released
https://www.zabbix.com/rn3.4.2
https://www.zabbix.com/rn3.2.7
https://www.zabbix.com/rn3.0.10
https://www.zabbix.com/rn2.2.19
+ CESA-2017:2789 Moderate CentOS 6 samba Security Update
https://lwn.net/Alerts/734584/
+ CESA-2017:2788 Important CentOS 7 augeas Security Update
https://lwn.net/Alerts/734583/
+ CESA-2017:2791 Moderate CentOS 6 samba4 Security Update
https://lwn.net/Alerts/734586/
+ CESA-2017:2790 Moderate CentOS 7 samba Security Update
https://lwn.net/Alerts/734585/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ hitachi-sec-2017-123 Multiple Vulnerabilities in Cosminexus HTTP Server and Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-123/index.html
CVE-2017-3167
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2017-122 DoS Vulnerability in JP1 and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-122/index.html
+ hitachi-sec-2017-123 Cosminexus HTTP Server, Hitachi Web Serverにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-123/index.html
CVE-2017-3167
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2017-122 JP1およびHitachi IT Operations Director製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-122/index.html
+ Postfix 3.2.3 released
http://www.postfix.org/announcements/postfix-3.2.3.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.2.3.HISTORY
+ UPDATE: JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
JVNVU#90916766 jwt-scala にトークン署名検証回避の脆弱性
http://jvn.jp/vu/JVNVU90916766/
セキュリティ大実験室 2017
OSの機能だけでファイルを完全消去できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100007/?ST=security&itp_list_theme
Suica利用履歴データで交通費を自動精算、コンカーやJR東日本など
http://itpro.nikkeibp.co.jp/atcl/news/17/092502328/?ST=security&itp_list_theme
感染拡大を狙う中国発の通信が急増、ラックが分析
http://itpro.nikkeibp.co.jp/atcl/news/17/092502323/?ST=security&itp_list_theme
さくらのレンタルサーバーがDoS攻撃を受け接続障害
http://itpro.nikkeibp.co.jp/atcl/news/17/092502320/?ST=security&itp_list_theme
編集長の眼
建築家が気づいた「貯蓄から投資へ」を阻む壁
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/092100047/?ST=security&itp_list_theme
ニュース解説
AIとIoTのエンジニア不足が深刻化、国が育成に本腰
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092101127/?ST=security&itp_list_theme
「iPhone X」は買いか?
底知れぬ魅力をたたえるiPhone XのTrueDepthカメラ、開発者のアイデアに期待
http://itpro.nikkeibp.co.jp/atcl/column/17/091300375/091900005/?ST=security&itp_list_theme
セキュリティ大実験室 2017
書類の母印から指紋認証を突破できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/091100006/?ST=security&itp_list_theme
企業セキュリティ、七つの鉄則
セキュリティの現場、AIはどう変えるか
http://itpro.nikkeibp.co.jp/atcl/column/17/062200257/091300009/?ST=security&itp_list_theme
ニュース解説
北朝鮮のミサイルを警告できず、Jアラート障害の原因は設定ミス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092201129/?ST=security&itp_list_theme
ニュース解説
グーグルが無効化を発表、シマンテックのサーバー証明書にダメ出し?
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/092101128/?ST=security&itp_list_theme
東京ガスに再びリスト型攻撃、個人情報流出とポイント不正使用の疑い
http://itpro.nikkeibp.co.jp/atcl/news/17/092202318/?ST=security&itp_list_theme
ネット金融狙うDDoS攻撃が続く、脅迫型による被害も明らかに
http://itpro.nikkeibp.co.jp/atcl/news/17/092202316/?ST=security&itp_list_theme
Google Playで国内7銀行の偽アプリ配布、トレンドマイクロが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/092202314/?ST=security&itp_list_theme
NECや三井住友海上ら4社がセキュリティサービスで協業、攻撃対策からサイバー保険まで
http://itpro.nikkeibp.co.jp/atcl/news/17/092202313/?ST=security&itp_list_theme
カブドットコムが口座開設アプリ、マイナンバーカードでペーパーレス
http://itpro.nikkeibp.co.jp/atcl/news/17/092202312/?ST=security&itp_list_theme
さくら、無効化されるシマンテック証明書の更新方法を12月1日以降に案内
http://itpro.nikkeibp.co.jp/atcl/news/17/092102302/?ST=security&itp_list_theme
2017年「検索リスクの高い有名人」1位はアヴリル・ラヴィーン氏、マカフィー調査
http://itpro.nikkeibp.co.jp/atcl/news/17/092202311/?ST=security&itp_list_theme
米信用情報会社が起こした史上最悪の個人情報漏洩事件、大規模詐欺に発展も
http://itpro.nikkeibp.co.jp/atcl/news/17/092202310/?ST=security&itp_list_theme
Linux Security Week: September 25th, 2017
http://www.linuxsecurity.com/content/view/175950/187/
1.4 Million New Phishing Sites Launched Each Month
http://www.linuxsecurity.com/content/view/175948/169/
Beyond public key encryption
http://www.linuxsecurity.com/content/view/175947/169/
The Pirate Bay Takes Heat for Testing Monero Mining
http://www.linuxsecurity.com/content/view/175922/169/
Joomla patches eight-year-old critical CMS bug
http://www.linuxsecurity.com/content/view/175921/169/
2017年9月22日金曜日
22日 金曜日、仏滅
+ PDFCreator 3.0 Released
http://www.pdfforge.org/blog/pdfcreator-30-release
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ UPDATE:Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
+ UPDATE: Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
+ UPDATE: Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
+ Samba 4.7.0 Available for Download
https://www.samba.org/samba/history/samba-4.7.0.html
+ Apache Log4j 2.9.1 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.9.1
+ Java Development Kit 9 released
http://www.oracle.com/technetwork/java/javase/9-relnotes-3622618.html
+ Samba Multiple Flaws Let Remote Users Hijack Connections and Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1039401
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
PostgreSQL 10 RC1 Released
https://www.postgresql.org/about/news/1783/
記者の眼
知らないと損をする、フィッシング撲滅の切り札「DMARC」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/091500919/?ST=security&itp_list_theme
新・ITエンジニア図鑑
引く手あまたのセキュリティエンジニア、攻撃手法や国際規格の事情通
http://itpro.nikkeibp.co.jp/atcl/column/17/072100297/083100016/?ST=security&itp_list_theme
SIMフリースマートフォンを徹底レビュー
7800円の最安級スマホ「g06+」、Jアラート対応の気配り端末だった
http://itpro.nikkeibp.co.jp/atcl/column/15/120300274/092000048/?ST=security&itp_list_theme
週末に遊べるラズパイ
ラズパイが自宅Dropboxになる「NextCloudPi」
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/092100023/?ST=security&itp_list_theme
セキュリティ診断のイロハ
狙われやすいセキュリティの弱点、攻撃者の手法で見つける
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100011/?ST=security&itp_list_theme
DDoS攻撃の停止と引き換えに金銭を要求する脅迫メール、JPCERT/CCが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/092102298/?ST=security&itp_list_theme
FX事業者などを狙ったDDoS攻撃が多発、外為どっとコムや東洋証券が被害
http://itpro.nikkeibp.co.jp/atcl/news/17/092102295/?ST=security&itp_list_theme
ホワイトハッカーを育成、DNPが訓練コース開設
http://itpro.nikkeibp.co.jp/atcl/news/17/092102294/?ST=security&itp_list_theme
ランサムウエアの感染トップはやはり「WannaCry」
http://itpro.nikkeibp.co.jp/atcl/news/17/092102293/?ST=security&itp_list_theme
人気のPC最適化ソフト「CCleaner」にマルウエア混入、正規のデジタル署名で配布
http://itpro.nikkeibp.co.jp/atcl/news/17/092102292/?ST=security&itp_list_theme
富士通SSL、マカフィー製品を活用したマルウエア対策サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/092102291/?ST=security&itp_list_theme
狙われる産業制御システム、NTTセキュリティが対策サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/092102290/?ST=security&itp_list_theme
You lost your ballpoint pen, Slack? Why's your Linux version unsigned?
http://www.linuxsecurity.com/content/view/175913/169/
Apple’s facial recognition: Well, it is more secure for the, er, sleeping user
http://www.linuxsecurity.com/content/view/175912/169/
http://www.pdfforge.org/blog/pdfcreator-30-release
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ UPDATE:Cisco Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ap1800
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
+ UPDATE: Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
+ UPDATE: Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
+ Samba 4.7.0 Available for Download
https://www.samba.org/samba/history/samba-4.7.0.html
+ Apache Log4j 2.9.1 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.9.1
+ Java Development Kit 9 released
http://www.oracle.com/technetwork/java/javase/9-relnotes-3622618.html
+ Samba Multiple Flaws Let Remote Users Hijack Connections and Remote Authenticated Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1039401
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
PostgreSQL 10 RC1 Released
https://www.postgresql.org/about/news/1783/
記者の眼
知らないと損をする、フィッシング撲滅の切り札「DMARC」
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/091500919/?ST=security&itp_list_theme
新・ITエンジニア図鑑
引く手あまたのセキュリティエンジニア、攻撃手法や国際規格の事情通
http://itpro.nikkeibp.co.jp/atcl/column/17/072100297/083100016/?ST=security&itp_list_theme
SIMフリースマートフォンを徹底レビュー
7800円の最安級スマホ「g06+」、Jアラート対応の気配り端末だった
http://itpro.nikkeibp.co.jp/atcl/column/15/120300274/092000048/?ST=security&itp_list_theme
週末に遊べるラズパイ
ラズパイが自宅Dropboxになる「NextCloudPi」
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/092100023/?ST=security&itp_list_theme
セキュリティ診断のイロハ
狙われやすいセキュリティの弱点、攻撃者の手法で見つける
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100011/?ST=security&itp_list_theme
DDoS攻撃の停止と引き換えに金銭を要求する脅迫メール、JPCERT/CCが注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/092102298/?ST=security&itp_list_theme
FX事業者などを狙ったDDoS攻撃が多発、外為どっとコムや東洋証券が被害
http://itpro.nikkeibp.co.jp/atcl/news/17/092102295/?ST=security&itp_list_theme
ホワイトハッカーを育成、DNPが訓練コース開設
http://itpro.nikkeibp.co.jp/atcl/news/17/092102294/?ST=security&itp_list_theme
ランサムウエアの感染トップはやはり「WannaCry」
http://itpro.nikkeibp.co.jp/atcl/news/17/092102293/?ST=security&itp_list_theme
人気のPC最適化ソフト「CCleaner」にマルウエア混入、正規のデジタル署名で配布
http://itpro.nikkeibp.co.jp/atcl/news/17/092102292/?ST=security&itp_list_theme
富士通SSL、マカフィー製品を活用したマルウエア対策サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/092102291/?ST=security&itp_list_theme
狙われる産業制御システム、NTTセキュリティが対策サービスを開始
http://itpro.nikkeibp.co.jp/atcl/news/17/092102290/?ST=security&itp_list_theme
You lost your ballpoint pen, Slack? Why's your Linux version unsigned?
http://www.linuxsecurity.com/content/view/175913/169/
Apple’s facial recognition: Well, it is more secure for the, er, sleeping user
http://www.linuxsecurity.com/content/view/175912/169/
2017年9月21日木曜日
21日 木曜日、先負
+ ADV170015 | 深さの更新で Microsoft Office 防衛
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170015
+ About the security content of Xcode 9
https://support.apple.com/ja-jp/HT208103
CVE-2017-1000117
CVE-2017-7076
CVE-2017-7134
CVE-2017-7135
CVE-2017-7136
CVE-2017-7137
CVE-2017-9800
+ About the security content of tvOS 11
https://support.apple.com/ja-jp/HT208113
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
+ About the security content of watchOS 4
https://support.apple.com/ja-jp/HT208115
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7116
+ About the security content of Safari 11
https://support.apple.com/ja-jp/HT208116
CVE-2017-7085
CVE-2017-7089
CVE-2017-7106
+ About the security content of iOS 11
https://support.apple.com/ja-jp/HT208112
CVE-2017-7088
CVE-2017-7072
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7085
CVE-2017-7106
CVE-2017-7089
+ CESA-2017:2771 Important CentOS 7 emacs Security Update
https://lwn.net/Alerts/734254/
+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
+ Cisco Small Business Managed Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
CVE-2017-6720
+ Cisco Email Security Appliance Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
CVE-2017-12215
+ Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
CVE-2017-12214
+ Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas
CVE-2017-12250
+ Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs
CVE-2017-12255
+ Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
CVE-2017-12219
+ Cisco FindIT DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit
CVE-2017-12252
+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2
CVE-2017-12254
+ Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1
CVE-2017-12253
+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic
CVE-2017-12248
+ Linux kernel 4.13.3, 4.12.14, 4.9.51 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51
+ Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available
https://www.samba.org/samba/history/samba-4.6.8.html
https://www.samba.org/samba/history/samba-4.5.14.html
https://www.samba.org/samba/history/samba-4.4.16.html
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
+ JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
CVE-2017-12615
CVE-2017-12616
+ JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/
+ JVNVU#90447827 InterScan Web Security シリーズの複数製品におけるコードインジェクションの脆弱性
http://jvn.jp/vu/JVNVU90447827/
CVE-2017-11396
+ UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html
+ Apache Tomcat VirtualDirContext Flaw Lets Remote Users View JSP Source Code for the Affected Resource
http://www.securitytracker.com/id/1039393
CVE-2017-12616
+ Apache Tomcat on Windows HTTP PUT Request Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1039392
CVE-2017-12615
+ Apache HTTPD Use-After-Free Memory Error in Processing HTTP OPTIONS Requests Lets Remote Users Obtain Potentially Sensitive Information on the Target System in Certain Cases
http://www.securitytracker.com/id/1039387
CVE-2017-9798
+ Microsoft Edge 38.14393.1066.0 COptionsCollectionCacheItem::GetAt Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2017090154
+ Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/100901
CVE-2017-12615
+ Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100897
CVE-2017-12616
Realese PoWA v3.1.1
https://www.postgresql.org/about/news/1782/
セキュリティ診断のイロハ
攻撃者が狙うシステムの弱点は5つ
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100010/?ST=security&itp_list_theme
わずか400台のボットネットから75GbpsのDDoS攻撃、アカマイが注意呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/092002281/?ST=security&itp_list_theme
アクロニスのバックアップソフト「True Image 2018」、稼働中の複製が可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/092002278/?ST=security&itp_list_theme
Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too
http://www.linuxsecurity.com/content/view/175903/169/
Cloud Security Error Exposes Half a Million Voters' Personal Information
http://www.linuxsecurity.com/content/view/175902/169/
First ever crypto-mining Chrome extension discovered
http://www.linuxsecurity.com/content/view/175901/169/
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV170015
+ About the security content of Xcode 9
https://support.apple.com/ja-jp/HT208103
CVE-2017-1000117
CVE-2017-7076
CVE-2017-7134
CVE-2017-7135
CVE-2017-7136
CVE-2017-7137
CVE-2017-9800
+ About the security content of tvOS 11
https://support.apple.com/ja-jp/HT208113
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7115
CVE-2017-7116
+ About the security content of watchOS 4
https://support.apple.com/ja-jp/HT208115
CVE-2017-7103
CVE-2017-7105
CVE-2017-7108
CVE-2017-7110
CVE-2017-7112
CVE-2017-7116
+ About the security content of Safari 11
https://support.apple.com/ja-jp/HT208116
CVE-2017-7085
CVE-2017-7089
CVE-2017-7106
+ About the security content of iOS 11
https://support.apple.com/ja-jp/HT208112
CVE-2017-7088
CVE-2017-7072
CVE-2017-7097
CVE-2017-7118
CVE-2017-7133
CVE-2017-7085
CVE-2017-7106
CVE-2017-7089
+ CESA-2017:2771 Important CentOS 7 emacs Security Update
https://lwn.net/Alerts/734254/
+ UPDATE: Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
+ Cisco Small Business Managed Switches Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
CVE-2017-6720
+ Cisco Email Security Appliance Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa
CVE-2017-12215
+ Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp
CVE-2017-12214
+ Cisco Wide Area Application Services HTTP Application Optimization Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-waas
CVE-2017-12250
+ Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-ucs
CVE-2017-12255
+ Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-spa
CVE-2017-12219
+ Cisco FindIT DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-findit
CVE-2017-12252
+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic2
CVE-2017-12254
+ Cisco Unified Intelligence Center User Interface Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic1
CVE-2017-12253
+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cuic
CVE-2017-12248
+ Linux kernel 4.13.3, 4.12.14, 4.9.51 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.51
+ Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available
https://www.samba.org/samba/history/samba-4.6.8.html
https://www.samba.org/samba/history/samba-4.5.14.html
https://www.samba.org/samba/history/samba-4.4.16.html
CVE-2017-12150
CVE-2017-12151
CVE-2017-12163
+ JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
CVE-2017-12615
CVE-2017-12616
+ JVNVU#99806334 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99806334/
+ JVNVU#90447827 InterScan Web Security シリーズの複数製品におけるコードインジェクションの脆弱性
http://jvn.jp/vu/JVNVU90447827/
CVE-2017-11396
+ UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html
+ Apache Tomcat VirtualDirContext Flaw Lets Remote Users View JSP Source Code for the Affected Resource
http://www.securitytracker.com/id/1039393
CVE-2017-12616
+ Apache Tomcat on Windows HTTP PUT Request Processing Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1039392
CVE-2017-12615
+ Apache HTTPD Use-After-Free Memory Error in Processing HTTP OPTIONS Requests Lets Remote Users Obtain Potentially Sensitive Information on the Target System in Certain Cases
http://www.securitytracker.com/id/1039387
CVE-2017-9798
+ Microsoft Edge 38.14393.1066.0 COptionsCollectionCacheItem::GetAt Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2017090154
+ Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/100901
CVE-2017-12615
+ Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/100897
CVE-2017-12616
Realese PoWA v3.1.1
https://www.postgresql.org/about/news/1782/
セキュリティ診断のイロハ
攻撃者が狙うシステムの弱点は5つ
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100010/?ST=security&itp_list_theme
わずか400台のボットネットから75GbpsのDDoS攻撃、アカマイが注意呼びかけ
http://itpro.nikkeibp.co.jp/atcl/news/17/092002281/?ST=security&itp_list_theme
アクロニスのバックアップソフト「True Image 2018」、稼働中の複製が可能に
http://itpro.nikkeibp.co.jp/atcl/news/17/092002278/?ST=security&itp_list_theme
Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too
http://www.linuxsecurity.com/content/view/175903/169/
Cloud Security Error Exposes Half a Million Voters' Personal Information
http://www.linuxsecurity.com/content/view/175902/169/
First ever crypto-mining Chrome extension discovered
http://www.linuxsecurity.com/content/view/175901/169/
2017年9月20日水曜日
20日 水曜日、友引
+ Collabtive 3.1 released
http://collabtive.o-dyn.de/
+ MantisBT 2.6.0, 2.5.2, 1.3.12 released
http://www.mantisbt.org/blog/?p=533
+ RHSA-2017:2771 Important: emacs security update
https://access.redhat.com/errata/RHSA-2017:2771
CVE-2017-14482
+ ChakraCore 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
+ Linux kernel 4.1.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.44
+ Apple iOS Multiple Bugs Let Remote Users Spoof the Address Bar, Cause Denial of Service Conditions, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039385
CVE-2017-7072
CVE-2017-7085
CVE-2017-7088
CVE-2017-7089
CVE-2017-7097
CVE-2017-7106
CVE-2017-7118
CVE-2017-7133
+ Apple Safari Input Validation Bugs Let Remote Users Spoof the Address Bar and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039384
CVE-2017-7085
CVE-2017-7089
CVE-2017-7106
+ Apache HTTPd 2.4.27 OPTIONS Memory Leak
https://cxsecurity.com/issue/WLB-2017090149
CVE-2017-9798
+ Microsoft Windows Kernel win32k.sys TTF Font Buffer Overflow
https://cxsecurity.com/issue/WLB-2017090148
+ Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090147
+ Microsoft Windows Kernel win32k!NtGdiDoBanding Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090146
+ Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090145
キュリティ診断のイロハ
DoS攻撃対策の松竹梅、完全防御はムリでも守りは必要
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100009/?ST=security&itp_list_theme
UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html
The laws that are ruining the Internet
http://www.linuxsecurity.com/content/view/175843/169/
Pirate Bay digs itself a new hole: Mining alt-coin in slurper browsers
http://www.linuxsecurity.com/content/view/175841/169/
5 Ways to Secure Wi-Fi Networks
http://www.linuxsecurity.com/content/view/175840/169/
http://collabtive.o-dyn.de/
+ MantisBT 2.6.0, 2.5.2, 1.3.12 released
http://www.mantisbt.org/blog/?p=533
+ RHSA-2017:2771 Important: emacs security update
https://access.redhat.com/errata/RHSA-2017:2771
CVE-2017-14482
+ ChakraCore 用のセキュリティ更新プログラムを定例外で公開
https://portal.msrc.microsoft.com/ja-jp/security-guidance
+ Linux kernel 4.1.44 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.44
+ Apple iOS Multiple Bugs Let Remote Users Spoof the Address Bar, Cause Denial of Service Conditions, and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039385
CVE-2017-7072
CVE-2017-7085
CVE-2017-7088
CVE-2017-7089
CVE-2017-7097
CVE-2017-7106
CVE-2017-7118
CVE-2017-7133
+ Apple Safari Input Validation Bugs Let Remote Users Spoof the Address Bar and Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1039384
CVE-2017-7085
CVE-2017-7089
CVE-2017-7106
+ Apache HTTPd 2.4.27 OPTIONS Memory Leak
https://cxsecurity.com/issue/WLB-2017090149
CVE-2017-9798
+ Microsoft Windows Kernel win32k.sys TTF Font Buffer Overflow
https://cxsecurity.com/issue/WLB-2017090148
+ Microsoft Windows Kernel win32k!NtQueryCompositionSurfaceBinding Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090147
+ Microsoft Windows Kernel win32k!NtGdiDoBanding Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090146
+ Microsoft Windows Kernel win32k!NtGdiGetFontResourceInfoInternalW Stack Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090145
キュリティ診断のイロハ
DoS攻撃対策の松竹梅、完全防御はムリでも守りは必要
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100009/?ST=security&itp_list_theme
UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html
The laws that are ruining the Internet
http://www.linuxsecurity.com/content/view/175843/169/
Pirate Bay digs itself a new hole: Mining alt-coin in slurper browsers
http://www.linuxsecurity.com/content/view/175841/169/
5 Ways to Secure Wi-Fi Networks
http://www.linuxsecurity.com/content/view/175840/169/
2017年9月19日火曜日
19日 火曜日、大安
+ CESA-2017:2728 Moderate CentOS 7 postgresql Security Update
https://lwn.net/Alerts/733810/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa
+ UPDATE: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160927-openssl
+ Linux kernel 3.16.48, 3.2.93 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.48
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.93
+ Apache POI 3.17 released
http://poi.apache.org/changes.html#3.17
+ Linux Kernel Buffer Overflow in tpacket_rcv() Lets Local Users Cause Denial of Service Conditions
http://www.securitytracker.com/id/1039371
CVE-2017-14497
+ VMSA-2017-0015.1 VMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2017-0015.html
CVE-2017-4924
CVE-2017-4925
CVE-2017-4926
+ Microsoft Windows Kernel win32k!NtGdiGetGlyphOutline Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017090144
Release - ldap2pg v3.0
https://www.postgresql.org/about/news/1781/
セキュリティ診断のイロハ
我が社のWebサイトは大丈夫?DoS攻撃への耐性を調べる手法
http://itpro.nikkeibp.co.jp/atcl/column/17/061600244/091100008/?ST=security&itp_list_theme
セブン-イレブンが2万店のPOSレジ刷新、操作性とセキュリティを向上
http://itpro.nikkeibp.co.jp/atcl/news/17/091502257/?ST=security&itp_list_theme
Equifaxの最大1億4300万人分の情報漏洩、原因は半年前のStruts2脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/17/091502248/?ST=security&itp_list_theme
PCやスマホの盗難対策ソフト最新版Absolute 7、削除されたアプリを自動修復
http://itpro.nikkeibp.co.jp/atcl/news/17/091502247/?ST=security&itp_list_theme
2017年9月15日金曜日
15日 金曜日、先勝
+ RHSA-2017:2702 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:2702
CVE-2017-11281
CVE-2017-11282
+ RHSA-2017:2685 Moderate: bluez security update
https://access.redhat.com/errata/RHSA-2017:2685
CVE-2017-1000250
+ RHSA-2017:2681 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:2681
CVE-2017-1000251
+ RHSA-2017:2676 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:2676
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ RHSA-2017:2728 Moderate: postgresql security update
https://access.redhat.com/errata/RHSA-2017:2728
CVE-2017-7546
CVE-2017-7547
+ RHSA-2017:2679 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:2679
CVE-2017-1000251
+ Google Chrome 61.0.3163.91 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_14.html
+ CESA-2017:2685 Moderate CentOS 7 bluez Security Update
https://lwn.net/Alerts/733686/
+ CESA-2017:2679 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/733687/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ Updated CentOS Vagrant Images Available (v1708.01)
https://seven.centos.org/2017/09/updated-centos-vagrant-images-available-v1708-01/
+ Java SE Development Kit 8, Update 144 (JDK 8u144) released
http://www.oracle.com/technetwork/java/javase/8u144-relnotes-3838694.html
+ JVNVU#93526380 Microsoft .NET Framework の WSDL 処理に任意コード実行の脆弱性
http://jvn.jp/vu/JVNVU93526380/
CVE-2017-8759
EMET II のさらに先へ ? Windows Defender Exploit Guard
https://blogs.technet.microsoft.com/jpsecurity/2017/09/14/moving-beyond-emet-ii-windows-defender-exploit-guard/
JVNDB-2017-000223 i-フィルター 6.0 のインストール プログラムおよびインストーラにおける DLL 読み込みや実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000223.html
週末に遊べるラズパイ
ラズパイがファイアウォール付き無線LANルーターに変身、「LEDE」で簡単に
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/091400022/?ST=security&itp_list_theme
セキュリティ大実験室 2017
添付PDFファイルを使ったサイバー攻撃、3つの手法
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600005/?ST=security&itp_list_theme
インタビュー&トーク
DNS運用者は10月11日に備えよう
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/091300346/?ST=security&itp_list_theme
デロイト トーマツ リスクサービス、セキュリティ人材の育成プログラム
http://itpro.nikkeibp.co.jp/atcl/news/17/091402246/?ST=security&itp_list_theme
アズジェント、深層学習によるマルウエア対策ソフトを販売
http://itpro.nikkeibp.co.jp/atcl/news/17/091402241/?ST=security&itp_list_theme
「SSOにはアクセスコントロールが必須」、F5がソリューションを披露
http://itpro.nikkeibp.co.jp/atcl/news/17/091402240/?ST=security&itp_list_theme
$1M bounty offered for zero-day exploits targeting Tor Browser
http://www.linuxsecurity.com/content/view/175809/169/
Open Source Summit: Securing IoT is About Avoiding Anti-Patterns
http://www.linuxsecurity.com/content/view/175808/169/
How network automation can speed deployments and improve security
http://www.linuxsecurity.com/content/view/175807/169/
https://access.redhat.com/errata/RHSA-2017:2702
CVE-2017-11281
CVE-2017-11282
+ RHSA-2017:2685 Moderate: bluez security update
https://access.redhat.com/errata/RHSA-2017:2685
CVE-2017-1000250
+ RHSA-2017:2681 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:2681
CVE-2017-1000251
+ RHSA-2017:2676 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:2676
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ RHSA-2017:2728 Moderate: postgresql security update
https://access.redhat.com/errata/RHSA-2017:2728
CVE-2017-7546
CVE-2017-7547
+ RHSA-2017:2679 Important: kernel security update
https://access.redhat.com/errata/RHSA-2017:2679
CVE-2017-1000251
+ Google Chrome 61.0.3163.91 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_14.html
+ CESA-2017:2685 Moderate CentOS 7 bluez Security Update
https://lwn.net/Alerts/733686/
+ CESA-2017:2679 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/733687/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ Updated CentOS Vagrant Images Available (v1708.01)
https://seven.centos.org/2017/09/updated-centos-vagrant-images-available-v1708-01/
+ Java SE Development Kit 8, Update 144 (JDK 8u144) released
http://www.oracle.com/technetwork/java/javase/8u144-relnotes-3838694.html
+ JVNVU#93526380 Microsoft .NET Framework の WSDL 処理に任意コード実行の脆弱性
http://jvn.jp/vu/JVNVU93526380/
CVE-2017-8759
EMET II のさらに先へ ? Windows Defender Exploit Guard
https://blogs.technet.microsoft.com/jpsecurity/2017/09/14/moving-beyond-emet-ii-windows-defender-exploit-guard/
JVNDB-2017-000223 i-フィルター 6.0 のインストール プログラムおよびインストーラにおける DLL 読み込みや実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000223.html
週末に遊べるラズパイ
ラズパイがファイアウォール付き無線LANルーターに変身、「LEDE」で簡単に
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/091400022/?ST=security&itp_list_theme
セキュリティ大実験室 2017
添付PDFファイルを使ったサイバー攻撃、3つの手法
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600005/?ST=security&itp_list_theme
インタビュー&トーク
DNS運用者は10月11日に備えよう
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/091300346/?ST=security&itp_list_theme
デロイト トーマツ リスクサービス、セキュリティ人材の育成プログラム
http://itpro.nikkeibp.co.jp/atcl/news/17/091402246/?ST=security&itp_list_theme
アズジェント、深層学習によるマルウエア対策ソフトを販売
http://itpro.nikkeibp.co.jp/atcl/news/17/091402241/?ST=security&itp_list_theme
「SSOにはアクセスコントロールが必須」、F5がソリューションを披露
http://itpro.nikkeibp.co.jp/atcl/news/17/091402240/?ST=security&itp_list_theme
$1M bounty offered for zero-day exploits targeting Tor Browser
http://www.linuxsecurity.com/content/view/175809/169/
Open Source Summit: Securing IoT is About Avoiding Anti-Patterns
http://www.linuxsecurity.com/content/view/175808/169/
How network automation can speed deployments and improve security
http://www.linuxsecurity.com/content/view/175807/169/
2017年9月14日木曜日
14日 木曜日、赤口
+ UPDATE: MS16-039 - 緊急 Microsoft Graphics コンポーネントのセキュリティ更新プログラム (3148522)
https://technet.microsoft.com/ja-jp/library/security/ms16-039
+ UPDATE: MS16-087 - 緊急 Windows 印刷スプーラー コンポーネント用のセキュリティ更新プログラム (3170005)
https://technet.microsoft.com/ja-jp/library/security/ms16-087
+ UPDATE: MS16-095 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3177356)
https://technet.microsoft.com/ja-jp/library/security/ms16-095
+ UPDATE: MS16-123- 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3192892)
https://technet.microsoft.com/ja-jp/library/security/ms16-123
+ CESA-2017:2681 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/733563/
+ CESA-2017:2685 Moderate CentOS 6 bluez Security Update
https://lwn.net/Alerts/733562/
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn
CVE-2017-12249
+ VU#101048 Microsoft .NET framework WSDL parser PrintClientProxy remote code execution vulnerability
https://www.kb.cert.org/vuls/id/101048
CVE-2017-8759
+ Linux kernel 4.13.2, 4.12.13, 4.9.50, 4.4.88, 3.18.71 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.88
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.71
+ JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/
CVE-2017-1000251
CVE-2017-1000250
CVE-2017-0785
CVE-2017-0781
CVE-2017-0782
CVE-2017-14315
CVE-2017-0783
CVE-2017-8628
【インタビュー&トーク】
Wi-Fiは次世代の802.11axに期待、セキュリティは「オンで当たり前」に
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/091100344/?ST=security&itp_list_theme
今日も誰かが狙われる
もしランサムウエアの支払いがAmazonギフト券だったら
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/090600010/?ST=security&itp_list_theme
セキュリティ大実験室 2017
スマホの画面、何メートル先から盗み見できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600004/?ST=security&itp_list_theme
ソフトに脆弱性が生まれるワケ
Struts2の脆弱性、いまだに見つかる本当の理由
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100004/?ST=security&itp_list_theme
Next US Elections: Open Source vs. Commercial Software?
http://www.linuxsecurity.com/content/view/175804/169/
Windows 10's Subsystem for Linux: Here's how hackers could use it to hide malware
http://www.linuxsecurity.com/content/view/175803/169/
Startup That Sells Zero-Days to Governments Is Offering $1 Million For Tor Hacks
http://www.linuxsecurity.com/content/view/175802/169/
https://technet.microsoft.com/ja-jp/library/security/ms16-039
+ UPDATE: MS16-087 - 緊急 Windows 印刷スプーラー コンポーネント用のセキュリティ更新プログラム (3170005)
https://technet.microsoft.com/ja-jp/library/security/ms16-087
+ UPDATE: MS16-095 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (3177356)
https://technet.microsoft.com/ja-jp/library/security/ms16-095
+ UPDATE: MS16-123- 重要 Windows カーネルモード ドライバー用のセキュリティ更新プログラム (3192892)
https://technet.microsoft.com/ja-jp/library/security/ms16-123
+ CESA-2017:2681 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/733563/
+ CESA-2017:2685 Moderate CentOS 6 bluez Security Update
https://lwn.net/Alerts/733562/
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ Cisco Meeting Server TURN Server Unauthorized Access and Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170913-cmsturn
CVE-2017-12249
+ VU#101048 Microsoft .NET framework WSDL parser PrintClientProxy remote code execution vulnerability
https://www.kb.cert.org/vuls/id/101048
CVE-2017-8759
+ Linux kernel 4.13.2, 4.12.13, 4.9.50, 4.4.88, 3.18.71 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.50
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.88
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.71
+ JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/
CVE-2017-1000251
CVE-2017-1000250
CVE-2017-0785
CVE-2017-0781
CVE-2017-0782
CVE-2017-14315
CVE-2017-0783
CVE-2017-8628
【インタビュー&トーク】
Wi-Fiは次世代の802.11axに期待、セキュリティは「オンで当たり前」に
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/091100344/?ST=security&itp_list_theme
今日も誰かが狙われる
もしランサムウエアの支払いがAmazonギフト券だったら
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/090600010/?ST=security&itp_list_theme
セキュリティ大実験室 2017
スマホの画面、何メートル先から盗み見できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600004/?ST=security&itp_list_theme
ソフトに脆弱性が生まれるワケ
Struts2の脆弱性、いまだに見つかる本当の理由
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100004/?ST=security&itp_list_theme
Next US Elections: Open Source vs. Commercial Software?
http://www.linuxsecurity.com/content/view/175804/169/
Windows 10's Subsystem for Linux: Here's how hackers could use it to hide malware
http://www.linuxsecurity.com/content/view/175803/169/
Startup That Sells Zero-Days to Governments Is Offering $1 Million For Tor Hacks
http://www.linuxsecurity.com/content/view/175802/169/
2017年9月13日水曜日
13日 水曜日、大安
+ Security update available for RoboHelp | APSB17-25
https://helpx.adobe.com/security/products/robohelp/apsb17-25.html
CVE-2017-3104
CVE-2017-3105
+ Security updates available for Flash Player | APSB17-28
https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
CVE-2017-11281
CVE-2017-11282
+ Security updates available for ColdFusion | APSB17-30
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html
CVE-2017-11286
CVE-2017-11285
CVE-2017-11283
CVE-2017-11284
+ 2017 年 9 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/09/13/201709-security-bulletin/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: JVNVU#92761484 Apache Struts2 に任意のコードが実行可能な脆弱性 (S2-052)
http://jvn.jp/vu/JVNVU92761484/index.html
VU#240311 Multiple Bluetooth implementation vulnerabilities affect many devices
https://www.kb.cert.org/vuls/id/240311
PostgreSQL Automatic Failover (PAF) v2.2.0 released
https://www.postgresql.org/about/news/1780/
JVNDB-2017-000218 Wi-Fi STATION L-02F におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000218.html
JVNDB-2017-000217 Wi-Fi STATION L-02F にバックドアの問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000217.html
ソフトに脆弱性が生まれるワケ
WannaCryをさらに凶悪化、米NSAのハッキングツール
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100003/?ST=security&itp_list_theme
ニュース解説
ファイルを一切作らない新型ウイルスの脅威
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/090501112/?ST=security&itp_list_theme
セキュリティ大実験室 2017
企業内のIP電話機を乗っ取れるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600003/?ST=security&itp_list_theme
キヤノンITS、メールの誤送信防止機能など強化した「GUARDIANWALL Mail」新版
http://itpro.nikkeibp.co.jp/atcl/news/17/091202226/?ST=security&itp_list_theme
ドコモのWi-Fiルーターに緊急度の高い脆弱性、悪用した通信も既に観測
http://itpro.nikkeibp.co.jp/atcl/news/17/091202222/?ST=security&itp_list_theme
JVNVU#96769287 Das U-Boot の AES-CBC 暗号化実装に複数の脆弱性
http://jvn.jp/vu/JVNVU96769287/
5 reasons why device makers cannot secure the IoT platform
http://www.linuxsecurity.com/content/view/175800/169/
Securing a Raspberry Pi
http://www.linuxsecurity.com/content/view/175799/169/
Hackers Could Silently Hack Your Cellphone And Computers Over Bluetooth
http://www.linuxsecurity.com/content/view/175798/169/
https://helpx.adobe.com/security/products/robohelp/apsb17-25.html
CVE-2017-3104
CVE-2017-3105
+ Security updates available for Flash Player | APSB17-28
https://helpx.adobe.com/security/products/flash-player/apsb17-28.html
CVE-2017-11281
CVE-2017-11282
+ Security updates available for ColdFusion | APSB17-30
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html
CVE-2017-11286
CVE-2017-11285
CVE-2017-11283
CVE-2017-11284
+ 2017 年 9 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2017/09/13/201709-security-bulletin/
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: JVNVU#92761484 Apache Struts2 に任意のコードが実行可能な脆弱性 (S2-052)
http://jvn.jp/vu/JVNVU92761484/index.html
VU#240311 Multiple Bluetooth implementation vulnerabilities affect many devices
https://www.kb.cert.org/vuls/id/240311
PostgreSQL Automatic Failover (PAF) v2.2.0 released
https://www.postgresql.org/about/news/1780/
JVNDB-2017-000218 Wi-Fi STATION L-02F におけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000218.html
JVNDB-2017-000217 Wi-Fi STATION L-02F にバックドアの問題
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000217.html
ソフトに脆弱性が生まれるワケ
WannaCryをさらに凶悪化、米NSAのハッキングツール
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100003/?ST=security&itp_list_theme
ニュース解説
ファイルを一切作らない新型ウイルスの脅威
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/090501112/?ST=security&itp_list_theme
セキュリティ大実験室 2017
企業内のIP電話機を乗っ取れるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600003/?ST=security&itp_list_theme
キヤノンITS、メールの誤送信防止機能など強化した「GUARDIANWALL Mail」新版
http://itpro.nikkeibp.co.jp/atcl/news/17/091202226/?ST=security&itp_list_theme
ドコモのWi-Fiルーターに緊急度の高い脆弱性、悪用した通信も既に観測
http://itpro.nikkeibp.co.jp/atcl/news/17/091202222/?ST=security&itp_list_theme
JVNVU#96769287 Das U-Boot の AES-CBC 暗号化実装に複数の脆弱性
http://jvn.jp/vu/JVNVU96769287/
5 reasons why device makers cannot secure the IoT platform
http://www.linuxsecurity.com/content/view/175800/169/
Securing a Raspberry Pi
http://www.linuxsecurity.com/content/view/175799/169/
Hackers Could Silently Hack Your Cellphone And Computers Over Bluetooth
http://www.linuxsecurity.com/content/view/175798/169/
2017年9月12日火曜日
12日 火曜日、仏滅
+ UPDATE: Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ Linux kernel 4.13.1, 4.12.12, 4.9.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
+ NetBSD x86 Context Handling Errors Let Local Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1039312
+ NetBSD openat() System Call Vnode Reference Leak Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1039311
+ NetBSD Graphics Driver Buffer Overflow Lets Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1039310
VU#166743 Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/166743
JVNDB-2017-000222 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000222.html
JVNDB-2017-000221 FENCE-Explorer のインストーラにおける DLL 読み込みおよび実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000221.html
JVNDB-2017-000220 CG-WLR300NM における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000220.html
ソフトに脆弱性が生まれるワケ
脆弱性を生む、入力データのチェック漏れ
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100002/?ST=security&itp_list_theme
セキュリティ大実験室 2017
異なる製品を組み合わせたらウイルス検知率はアップするのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600002/?ST=security&itp_list_theme
ソフトに脆弱性が生まれるワケ
脆弱性は攻撃者が「発明」するからなくならない
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100001/?ST=security&itp_list_theme
セキュリティ大実験室 2017
AIは新種のウイルスを検知できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600001/?ST=security&itp_list_theme
1000倍の「太陽フレア」発生、8日午後から衛星通信やGPSに障害発生の恐れ
http://itpro.nikkeibp.co.jp/atcl/news/17/090802204/?ST=security&itp_list_theme
Linux Security Week: September 11th, 2017
http://www.linuxsecurity.com/content/view/175800/187/
Windows 10’s Built-In Linux Shell Could Be Abused to Hide Malware, Researchers Say
http://www.linuxsecurity.com/content/view/175799/169/
Virginia scraps poke-to-vote machines hackers destroyed at DefCon
http://www.linuxsecurity.com/content/view/175798/169/
Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers
http://www.linuxsecurity.com/content/view/175797/169/
Linux Advisory Watch: September 10th, 2017
http://www.linuxsecurity.com/content/view/175796/187/
Equifax blames giant breach on vendor software flaw
http://www.linuxsecurity.com/content/view/175795/169/
Apache Struts Statement on Equifax Security Breach
http://www.linuxsecurity.com/content/view/175794/169/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
+ UPDATE: Apache Struts 2 Remote Code Execution Vulnerability Affecting Multiple Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
+ UPDATE: Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
+ Linux kernel 4.13.1, 4.12.12, 4.9.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.49
+ NetBSD x86 Context Handling Errors Let Local Users Deny Service and Gain Elevated Privileges
http://www.securitytracker.com/id/1039312
+ NetBSD openat() System Call Vnode Reference Leak Lets Local Users Cause Denial of Service Conditions on the Target System
http://www.securitytracker.com/id/1039311
+ NetBSD Graphics Driver Buffer Overflow Lets Local Users Execute Arbitrary Code
http://www.securitytracker.com/id/1039310
VU#166743 Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/166743
JVNDB-2017-000222 SEIL シリーズルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000222.html
JVNDB-2017-000221 FENCE-Explorer のインストーラにおける DLL 読み込みおよび実行ファイル呼び出しに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000221.html
JVNDB-2017-000220 CG-WLR300NM における複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000220.html
ソフトに脆弱性が生まれるワケ
脆弱性を生む、入力データのチェック漏れ
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100002/?ST=security&itp_list_theme
セキュリティ大実験室 2017
異なる製品を組み合わせたらウイルス検知率はアップするのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600002/?ST=security&itp_list_theme
ソフトに脆弱性が生まれるワケ
脆弱性は攻撃者が「発明」するからなくならない
http://itpro.nikkeibp.co.jp/atcl/column/17/090100359/090100001/?ST=security&itp_list_theme
セキュリティ大実験室 2017
AIは新種のウイルスを検知できるか?
http://itpro.nikkeibp.co.jp/atcl/column/17/090600370/090600001/?ST=security&itp_list_theme
1000倍の「太陽フレア」発生、8日午後から衛星通信やGPSに障害発生の恐れ
http://itpro.nikkeibp.co.jp/atcl/news/17/090802204/?ST=security&itp_list_theme
Linux Security Week: September 11th, 2017
http://www.linuxsecurity.com/content/view/175800/187/
Windows 10’s Built-In Linux Shell Could Be Abused to Hide Malware, Researchers Say
http://www.linuxsecurity.com/content/view/175799/169/
Virginia scraps poke-to-vote machines hackers destroyed at DefCon
http://www.linuxsecurity.com/content/view/175798/169/
Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers
http://www.linuxsecurity.com/content/view/175797/169/
Linux Advisory Watch: September 10th, 2017
http://www.linuxsecurity.com/content/view/175796/187/
Equifax blames giant breach on vendor software flaw
http://www.linuxsecurity.com/content/view/175795/169/
Apache Struts Statement on Equifax Security Breach
http://www.linuxsecurity.com/content/view/175794/169/
2017年9月8日金曜日
8日 金曜日、赤口
+ Android to x86 7.1-rc1 released
http://www.android-x86.org/releases/releasenote-7-1-rc1
+ Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
CVE-2017-9793
CVE-2017-9804
CVE-2017-9805
+ Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp
CVE-2017-6627
+ Linux kernel 4.12.11, 4.9.48, 4.4.87, 3.18.70 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.87
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.70
+ Sudo 1.8.21p2 released
https://www.sudo.ws/stable.html#1.8.21p2
+ S2-053 A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals
http://struts.apache.org/docs/s2-053.html
CVE-2017-12611
+ Apache Struts 2.3.34 released
http://struts.apache.org/announce.html#a20170907
+ UPDATE: JVNVU#92761484 Apache Struts2 に任意のコードが実行可能な脆弱性 (S2-052)
http://jvn.jp/vu/JVNVU92761484/index.html
+ Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions and Execute Arbitrary Code
http://www.securitytracker.com/id/1039291
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ Apache Struts 2.5 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017090047
CVE-2017-9805
ウイルスバスターの最新版はXGenの技術と機械学習機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/17/090702203/?ST=security&itp_list_theme
http://www.android-x86.org/releases/releasenote-7-1-rc1
+ Multiple Vulnerabilities in Apache Struts 2 Affecting Cisco Products: September 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2
CVE-2017-9793
CVE-2017-9804
CVE-2017-9805
+ Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp
CVE-2017-6627
+ Linux kernel 4.12.11, 4.9.48, 4.4.87, 3.18.70 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.48
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.87
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.70
+ Sudo 1.8.21p2 released
https://www.sudo.ws/stable.html#1.8.21p2
+ S2-053 A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals
http://struts.apache.org/docs/s2-053.html
CVE-2017-12611
+ Apache Struts 2.3.34 released
http://struts.apache.org/announce.html#a20170907
+ UPDATE: JVNVU#92761484 Apache Struts2 に任意のコードが実行可能な脆弱性 (S2-052)
http://jvn.jp/vu/JVNVU92761484/index.html
+ Google Chrome Multiple Flaws Let Remote Bypass Security Restrictions and Execute Arbitrary Code
http://www.securitytracker.com/id/1039291
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ Apache Struts 2.5 Remote Code Execution
https://cxsecurity.com/issue/WLB-2017090047
CVE-2017-9805
ウイルスバスターの最新版はXGenの技術と機械学習機能を搭載
http://itpro.nikkeibp.co.jp/atcl/news/17/090702203/?ST=security&itp_list_theme
2017年9月7日木曜日
7日 木曜日、大安
+ Cisco IoT Field Network Director Memory Exhaustion Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd
CVE-2017-6780
+ Cisco Unified Communications Manager Trust Verification Service Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ucm
CVE-2017-6791
+ Cisco Yes Set-Top Box Denial of Service vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb
CVE-2017-6631
+ Cisco SocialMiner XML External Entity Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-socmin
CVE-2017-12216
+ Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp
CVE-2017-12211
+ Cisco Prime LAN Management Solution Session Fixation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-prime-lms
CVE-2017-12225
+ Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt1
CVE-2017-6793
+ Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-pcpt
CVE-2017-6792
+ Cisco IR800 Integrated Services Router ROM Monitor Input Validation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-isr
CVE-2017-12223
+ Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp
CVE-2017-6627
+ Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-2
CVE-2017-12221
+ Cisco Firepower Management Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-firepower-1
CVE-2017-12220
+ Cisco Email Security Appliance Malformed EML Attachment Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-esa
CVE-2017-12218
+ Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuic
CVE-2017-6789
+ Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cuc
CVE-2017-12212
+ Cisco Meeting Server Guest Hyperlink Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cms
CVE-2017-12224
+ Cisco Emergency Responder Blind SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cer
CVE-2017-12227
+ Cisco Catalyst 4000 Series Switches Dynamic ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat
CVE-2017-12213
+ Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary File Overwrite Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-2
CVE-2017-6795
+ Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1
CVE-2017-6796
+ Cisco ASR 5500 System Architecture Evolution Gateway GPRS Tunneling Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr
CVE-2017-12217
+ VU#112992 Apache Struts 2 framework REST plugin insecurely deserializes untrusted XML data
https://www.kb.cert.org/vuls/id/112992
CVE-2017-9805
+ JVNVU#92761484 Apache Struts2 に任意のコードが実行可能な脆弱性 (S2-052)
http://jvn.jp/vu/JVNVU92761484/
CVE-2017-9805
+ Apache Struts 2.5.13 released
https://struts.apache.org/announce.html#a20170905
+ Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/100609
CVE-2017-9805
+ Microsoft Edge Content Security Policy Security Bypass Vulnerability
http://www.securityfocus.com/bid/100637
編集長の眼
どうにも冴えない企業SDN、起爆剤はあるのか
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/090100045/?ST=security&itp_list_theme
米国発! Appleニュースの読み解き方
新型iPhone発表間近、有機EL採用で高まる「北朝鮮リスク」
http://itpro.nikkeibp.co.jp/atcl/column/16/082600184/090600056/?ST=security&itp_list_theme
Windows 10の機能で攻撃を検知・回復、PwCが新サービス
http://itpro.nikkeibp.co.jp/atcl/news/17/090602187/?ST=security&itp_list_theme
Struts 2にまたも深刻な脆弱性、至急対応を
http://itpro.nikkeibp.co.jp/atcl/news/17/090602186/?ST=security&itp_list_theme
タニウムがEDR特化の新製品、ウイルス感染の検知から対応を迅速に
http://itpro.nikkeibp.co.jp/atcl/news/17/090602184/?ST=security&itp_list_theme
Tor Project boosts support for anonymous mobile browsing
http://www.linuxsecurity.com/content/view/175778/169/
Scammers Are Targeting Naive Bitcoin Owners With Terribly Simple Trick
http://www.linuxsecurity.com/content/view/175777/169/
CISOs' Salaries Expected to Edge Above $240,000 in 2018
http://www.linuxsecurity.com/content/view/175776/169/
2017年9月6日水曜日
6日 水曜日、仏滅
+ PostgreSQL ODBC Driver 09.06.0500 released
https://www.postgresql.org/ftp/odbc/versions/msi/
+ RHSA-2017:2569 Moderate: 389-ds-base security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2569
CVE-2017-7551
+ Google Chrome 61.0.3163.79 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)
http://struts.apache.org/docs/s2-050.html
CVE-2017-9804
+ A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin
http://struts.apache.org/docs/s2-051.html
CVE-2017-9793
+ Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads
http://struts.apache.org/docs/s2-052.html
CVE-2017-9805
+ Apache Struts REST Plugin XStream Deserialization Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1039263
CVE-2017-9805
+ Apache Struts REST Plugin XStream Library Lets Remote Users Deny Service
http://www.securitytracker.com/id/1039262
CVE-2017-9793
+ Apache Struts Regex Processing Flaw in URLValidator Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1039261
CVE-2017-9804
+ Linux kernel 4.13 released
https://git.kernel.org/torvalds/h/v4.13
総務省、重要インフラ向けIoT機器に対する脆弱性調査を実施へ
http://itpro.nikkeibp.co.jp/atcl/news/17/090502179/?ST=security&itp_list_theme
On internet privacy, be very afraid
http://www.linuxsecurity.com/content/view/175764/169/
Linux Security Week: September 5th, 2017
http://www.linuxsecurity.com/content/view/175763/187/
Microsoft Releases Long-Awaited Security Tool, Sets Linux Preview
http://www.linuxsecurity.com/content/view/175762/169/
MongoDB ransacking starts again: Hackers ransom 26,000 unsecured instances
http://www.linuxsecurity.com/content/view/175761/169/
https://www.postgresql.org/ftp/odbc/versions/msi/
+ RHSA-2017:2569 Moderate: 389-ds-base security and bug fix update
https://access.redhat.com/errata/RHSA-2017:2569
CVE-2017-7551
+ Google Chrome 61.0.3163.79 released
https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop.html
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
+ A regular expression Denial of Service when using URLValidator (similar to S2-044 & S2-047)
http://struts.apache.org/docs/s2-050.html
CVE-2017-9804
+ A remote attacker may create a DoS attack by sending crafted xml request when using the Struts REST plugin
http://struts.apache.org/docs/s2-051.html
CVE-2017-9793
+ Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads
http://struts.apache.org/docs/s2-052.html
CVE-2017-9805
+ Apache Struts REST Plugin XStream Deserialization Flaw Lets Remote Users Execute Arbitrary Code on the Target System
http://www.securitytracker.com/id/1039263
CVE-2017-9805
+ Apache Struts REST Plugin XStream Library Lets Remote Users Deny Service
http://www.securitytracker.com/id/1039262
CVE-2017-9793
+ Apache Struts Regex Processing Flaw in URLValidator Lets Remote Users Consume Excessive CPU Resources on the Target System
http://www.securitytracker.com/id/1039261
CVE-2017-9804
+ Linux kernel 4.13 released
https://git.kernel.org/torvalds/h/v4.13
総務省、重要インフラ向けIoT機器に対する脆弱性調査を実施へ
http://itpro.nikkeibp.co.jp/atcl/news/17/090502179/?ST=security&itp_list_theme
On internet privacy, be very afraid
http://www.linuxsecurity.com/content/view/175764/169/
Linux Security Week: September 5th, 2017
http://www.linuxsecurity.com/content/view/175763/187/
Microsoft Releases Long-Awaited Security Tool, Sets Linux Preview
http://www.linuxsecurity.com/content/view/175762/169/
MongoDB ransacking starts again: Hackers ransom 26,000 unsecured instances
http://www.linuxsecurity.com/content/view/175761/169/
2017年9月5日火曜日
5日 火曜日、先負
+ CESA-2017:2550 Moderate CentOS 6 poppler Security Update
https://lwn.net/Alerts/732627/
+ CESA-2017:2534 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/732628/
+ CESA-2017:2563 Moderate CentOS 6 openssh Security Update
https://lwn.net/Alerts/732626/
+ Linux kernel 4.9.47, 4.4.86, 3.18.69 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.86
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.69
+ Sudo 1.8.21p1 released
https://www.sudo.ws/stable.html#1.8.21p1
+ hitachi-sec-2017-122 DoS Vulnerability in JP1 and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-122/index.html
+ hitachi-sec-2017-122 JP1およびHitachi IT Operations Director製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-122/index.html
+ PHP 7.1.9, 7.0.23 Released
http://www.php.net/ChangeLog-7.php#7.1.9
http://www.php.net/ChangeLog-7.php#7.0.23
+ Wireshark MSDP/Profinet I/O/Modbus/IrCOMM Dissector Bugs Lets Remote Users Cause Denial of Service Conditions
http://www.securitytracker.com/id/1039254
CVE-2017-13764
CVE-2017-13765
CVE-2017-13766
CVE-2017-13767
ニュース解説
変わる暗号通信TLS、メリットとデメリット
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/090401109/?ST=security&itp_list_theme
ハード不況でもなぜ売れる?
5年で4倍に、静脈認証が好調な理由
http://itpro.nikkeibp.co.jp/atcl/column/17/082800349/090100002/?ST=security&itp_list_theme
半年で1億8000万円被害、ソフトバンクと愛知県警らが架空請求詐欺撲滅へ
http://itpro.nikkeibp.co.jp/atcl/news/17/090402176/?ST=security&itp_list_theme
東京ガスの料金照会サービスに不正アクセス、17件の顧客情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/090102175/?ST=security&itp_list_theme
ソネットの通信障害、原因は「中継機器への大量アクセス
http://itpro.nikkeibp.co.jp/atcl/news/17/090102172/?ST=security&itp_list_theme
US government: We can jail you indefinitely for not decrypting your data
http://www.linuxsecurity.com/content/view/175531/169/
Now you, too, can disable Intel ME 'backdoor' thanks to the NSA
http://www.linuxsecurity.com/content/view/175530/169/
https://lwn.net/Alerts/732627/
+ CESA-2017:2534 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/732628/
+ CESA-2017:2563 Moderate CentOS 6 openssh Security Update
https://lwn.net/Alerts/732626/
+ Linux kernel 4.9.47, 4.4.86, 3.18.69 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.47
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.86
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.69
+ Sudo 1.8.21p1 released
https://www.sudo.ws/stable.html#1.8.21p1
+ hitachi-sec-2017-122 DoS Vulnerability in JP1 and Hitachi IT Operations Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-122/index.html
+ hitachi-sec-2017-122 JP1およびHitachi IT Operations Director製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-122/index.html
+ PHP 7.1.9, 7.0.23 Released
http://www.php.net/ChangeLog-7.php#7.1.9
http://www.php.net/ChangeLog-7.php#7.0.23
+ Wireshark MSDP/Profinet I/O/Modbus/IrCOMM Dissector Bugs Lets Remote Users Cause Denial of Service Conditions
http://www.securitytracker.com/id/1039254
CVE-2017-13764
CVE-2017-13765
CVE-2017-13766
CVE-2017-13767
ニュース解説
変わる暗号通信TLS、メリットとデメリット
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/090401109/?ST=security&itp_list_theme
ハード不況でもなぜ売れる?
5年で4倍に、静脈認証が好調な理由
http://itpro.nikkeibp.co.jp/atcl/column/17/082800349/090100002/?ST=security&itp_list_theme
半年で1億8000万円被害、ソフトバンクと愛知県警らが架空請求詐欺撲滅へ
http://itpro.nikkeibp.co.jp/atcl/news/17/090402176/?ST=security&itp_list_theme
東京ガスの料金照会サービスに不正アクセス、17件の顧客情報が流出
http://itpro.nikkeibp.co.jp/atcl/news/17/090102175/?ST=security&itp_list_theme
ソネットの通信障害、原因は「中継機器への大量アクセス
http://itpro.nikkeibp.co.jp/atcl/news/17/090102172/?ST=security&itp_list_theme
US government: We can jail you indefinitely for not decrypting your data
http://www.linuxsecurity.com/content/view/175531/169/
Now you, too, can disable Intel ME 'backdoor' thanks to the NSA
http://www.linuxsecurity.com/content/view/175530/169/
2017年9月1日金曜日
1日 金曜日、大安
+ RHSA-2017:2563 Moderate: openssh security update
https://access.redhat.com/errata/RHSA-2017:2563
CVE-2016-6210
+ PostgreSQL 9.6.5, 9.5.9, 9.4.14, 9.3.19 and 9.2.23 released!
https://www.postgresql.org/about/news/1777/
https://www.postgresql.org/docs/9.6/static/release-9-6-5.html
https://www.postgresql.org/docs/9.5/static/release-9-5-9.html
https://www.postgresql.org/docs/9.4/static/release-9-4-14.html
https://www.postgresql.org/docs/9.3/static/release-9-3-19.html
https://www.postgresql.org/docs/9.2/static/release-9-2-23.html
+ Samba 4.5.13 Available for Download
https://www.samba.org/samba/history/samba-4.5.13.html
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
+ Ruby Flaws in RubyGems Let Remote Users Hijack the DNS and Overwrite Files and Let Local Users Deny Service
http://www.securitytracker.com/id/1039249
CVE-2017-0899
CVE-2017-0900
CVE-2017-0901
CVE-2017-0902
+ Wireshark Modbus Dissector CVE-2017-13764 Denial of Service Vulnerability
http://www.securityfocus.com/bid/100545
CVE-2017-13764
PostgreSQL 10 Beta 4 Released!
https://www.postgresql.org/about/news/1776/
JVNDB-2017-000219 富士ゼロックス株式会社製の複数の製品における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000219.html
週末に遊べるラズパイ
怪しいサイトをラズパイでブロック、「DansGuardian」でWebフィルタリング
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/083100020/?ST=security&itp_list_theme
ニュース解説
OCNはとばっちり、米グーグルによる大規模ネット障害の真相
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/083101108/?ST=security&itp_list_theme
UPDATE: JVNVU#98807587 gSOAP にスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98807587/
JVNVU#98866977 Rufus に更新がセキュアに行われない脆弱性
http://jvn.jp/vu/JVNVU98866977/
ARM’s embedded TLS library fixes man-in-the-middle fiddle
http://www.linuxsecurity.com/content/view/175529/169/
https://access.redhat.com/errata/RHSA-2017:2563
CVE-2016-6210
+ PostgreSQL 9.6.5, 9.5.9, 9.4.14, 9.3.19 and 9.2.23 released!
https://www.postgresql.org/about/news/1777/
https://www.postgresql.org/docs/9.6/static/release-9-6-5.html
https://www.postgresql.org/docs/9.5/static/release-9-5-9.html
https://www.postgresql.org/docs/9.4/static/release-9-4-14.html
https://www.postgresql.org/docs/9.3/static/release-9-3-19.html
https://www.postgresql.org/docs/9.2/static/release-9-2-23.html
+ Samba 4.5.13 Available for Download
https://www.samba.org/samba/history/samba-4.5.13.html
+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/
+ Ruby Flaws in RubyGems Let Remote Users Hijack the DNS and Overwrite Files and Let Local Users Deny Service
http://www.securitytracker.com/id/1039249
CVE-2017-0899
CVE-2017-0900
CVE-2017-0901
CVE-2017-0902
+ Wireshark Modbus Dissector CVE-2017-13764 Denial of Service Vulnerability
http://www.securityfocus.com/bid/100545
CVE-2017-13764
PostgreSQL 10 Beta 4 Released!
https://www.postgresql.org/about/news/1776/
JVNDB-2017-000219 富士ゼロックス株式会社製の複数の製品における DLL 読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-000219.html
週末に遊べるラズパイ
怪しいサイトをラズパイでブロック、「DansGuardian」でWebフィルタリング
http://itpro.nikkeibp.co.jp/atcl/column/17/041900152/083100020/?ST=security&itp_list_theme
ニュース解説
OCNはとばっちり、米グーグルによる大規模ネット障害の真相
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/083101108/?ST=security&itp_list_theme
UPDATE: JVNVU#98807587 gSOAP にスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU98807587/
JVNVU#98866977 Rufus に更新がセキュアに行われない脆弱性
http://jvn.jp/vu/JVNVU98866977/
ARM’s embedded TLS library fixes man-in-the-middle fiddle
http://www.linuxsecurity.com/content/view/175529/169/
登録:
投稿 (Atom)