+ RHSA-2017:2911 Important: wpa_supplicant security update
https://access.redhat.com/errata/RHSA-2017:2911
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
CVE-2017-13087
+ Google Chrome 62.0.3202.62 released
https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html
CVE-2017-5124
CVE-2017-5125
CVE-2017-5126
CVE-2017-5127
CVE-2017-5128
CVE-2017-5129
CVE-2017-5132
CVE-2017-5130
CVE-2017-5131
CVE-2017-5133
CVE-2017-15386
CVE-2017-15387
CVE-2017-15388
CVE-2017-15389
CVE-2017-15390
CVE-2017-15391
CVE-2017-15392
CVE-2017-15393
CVE-2017-15394
CVE-2017-15395
+ CESA-2017:2907 Important CentOS 7 wpa_supplicant Security Update
https://lwn.net/Alerts/736751/
+ Cisco Cloud Services Platform 2100 Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ccs
CVE-2017-12251
+ Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
+ Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
CVE-2017-3883
+ Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1
CVE-2017-12260
+ Cisco Small Business SPA51x Series IP Phones SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip
CVE-2017-12259
+ Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms1
CVE-2017-12296
+ Cisco WebEx Meetings Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wms
CVE-2017-12293
+ Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-wmc1
CVE-2017-12298
+ Cisco Unified Contact Center Express Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ucce
CVE-2017-12288
+ Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa
CVE-2017-12271
+ Cisco NX-OS Software Python Parser Escape Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-ppe
CVE-2017-12301
+ Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-nam
CVE-2017-12285
+ Cisco Jabber Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab1
CVE-2017-12286
+ Cisco Jabber for Windows Client Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-jab
CVE-2017-12284
+ Cisco Expressway Series and Cisco TelePresence Video Communication Server REST API Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-expressway-tp-vcs
CVE-2017-12287
+ Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1
CVE-2017-12289
+ Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe
CVE-2017-12272
+ FreeBSD-SA-17:07.wpa WPA2 protocol vulnerability
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:07.wpa.asc
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
+ Linux kernel 4.13.8, 4.9.57, 4.4.93, 3.18.76 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.57
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.93
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.76
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/index.html
+ Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
https://cxsecurity.com/issue/WLB-2017100132
CVE-2017-11817
+ Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
https://cxsecurity.com/issue/WLB-2017100131
CVE-2017-11784
CVE-2017-8482
VU#307015 Infineon RSA library does not properly generate RSA key pairs
https://www.kb.cert.org/vuls/id/307015
ニュース解説
WannaCry被害に遭った日立、新設CISOにシステム停止の権限
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/101801167/?ST=security&itp_list_theme
IPA、「ランサムウェア特設サイト」を開設
http://itpro.nikkeibp.co.jp/atcl/news/17/101802468/?ST=security&itp_list_theme
インフィニオンのTPM搭載PCでディスク暗号化を破られる可能性、対策はパッチの適用
http://itpro.nikkeibp.co.jp/atcl/news/17/101802467/?ST=security&itp_list_theme
シスコが2018年度の事業戦略、デジタル変革の支援サービスなど新設
http://itpro.nikkeibp.co.jp/atcl/news/17/101802465/?ST=security&itp_list_theme
トレンドマイクロの不正侵入防御、Wikipediaへのアクセスを誤って遮断
http://itpro.nikkeibp.co.jp/atcl/news/17/101802463/?ST=security&itp_list_theme
東芝メモリがマルウエア被害との報道、「グループ内の感染は事実」
http://itpro.nikkeibp.co.jp/atcl/news/17/101802460/?ST=security&itp_list_theme
ニュース解説
WPA2の脆弱性問題が明らかに、危険なこととすべきこと
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/101701165/?ST=security&itp_list_theme
UPDATE: JVNVU#95530052 Infineon 製 RSA ライブラリが RSA 鍵ペアを適切に生成しない問題
http://jvn.jp/vu/JVNVU95530052/index.html
UPDATE: JVNVU#93453933 Dnsmasq に複数の脆弱性
http://jvn.jp/vu/JVNVU93453933/index.html
UPDATE: JVNVU#95513538 様々な Bluetooth 実装に複数の脆弱性
http://jvn.jp/vu/JVNVU95513538/index.html
0 件のコメント:
コメントを投稿