+ SSL out of buffer access
https://curl.haxx.se/docs/adv_2017-af0a.html
CVE-2017-8818
+ FTP wildcard out of bounds read
https://curl.haxx.se/docs/adv_2017-ae72.html
CVE-2017-8817
+ RHSA-2017:3278 Important: samba4 security update
https://access.redhat.com/errata/RHSA-2017:3278
CVE-2017-14746
CVE-2017-15275
+ About the security content of Security Update 2017-001
https://support.apple.com/ja-jp/HT208315
CVE-2017-13872
+ CESA-2017:3270 Important CentOS 7 apr Security Update
https://lwn.net/Alerts/740201/
+ CESA-2017:3270 Important CentOS 6 apr Security Update
https://lwn.net/Alerts/740200/
+ UPDATE: Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex-players
+ UPDATE: Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex5
+ Cisco WebEx Meeting Center URL Redirection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-wmc
CVE-2017-12297
+ Cisco WebEx Event Center Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex4
CVE-2017-12365
+ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex3
CVE-2017-12363
+ Cisco WebEx Network Recording Player Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex1
CVE-2017-12360
+ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex
CVE-2017-12359
+ Multiple Vulnerabilities in Cisco UCS Central Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ucs-central
CVE-2017-12348
CVE-2017-12349
+ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-switch
CVE-2017-12340
+ Cisco Prime Service Catalog SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-prime
CVE-2017-12364
+ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos9
CVE-2017-12342
+ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos8
CVE-2017-12341
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
CVE-2017-12339
+ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
CVE-2017-12338
+ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos5
CVE-2017-12336
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
CVE-2017-12335
+ Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos3
CVE-2017-12334
+ Cisco NX-OS System Software Image Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos2
CVE-2017-12333
+ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos10
CVE-2017-12351
+ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos1
CVE-2017-12332
+ Cisco NX-OS System Software Patch Signature Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos
CVE-2017-12331
+ Cisco Nexus Series Switches CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
CVE-2017-12330
+ Cisco Jabber Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber2
CVE-2017-12361
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber1
CVE-2017-12358
+ Cisco Jabber Clients Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-jabber
CVE-2017-12356
+ Cisco IP Phone 8800 Series Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp
CVE-2017-12328
+ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
CVE-2017-12355
+ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
CVE-2017-12329
+ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa
CVE-2017-12353
+ Multiple Vulnerabilities in Cisco Data Center Network Manager Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm
CVE-2017-12343
CVE-2017-12344
CVE-2017-12345
+ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cucm
CVE-2017-12357
+ Cisco Meeting Server Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-cms
CVE-2017-12362
+ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-apic
CVE-2017-12352
+ Cisco Secure Access Control System Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs
CVE-2017-12354
+ VU#113765 Apple MacOS High Sierra disabled account authentication bypass
https://www.kb.cert.org/vuls/id/113765
+ curl 7.57.0 released
https://curl.haxx.se/download.html
+ FreeBSD-SA-17:11.openssl OpenSSL multiple vulnerabilities
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:11.openssl.asc
CVE-2017-3735
CVE-2017-3736
JVN#71291160 StreamRelay.net.exe および sDNSProxy.exe におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN71291160/index.html
macOSの脆弱性修正パッチ公開、説明は「なるべく早くインストール」だけ
http://itpro.nikkeibp.co.jp/atcl/news/17/113002768/?ST=security&itp_list_theme
「ルートユーザを無効にする」と危険!macOSに管理者権限悪用の脆弱性
http://itpro.nikkeibp.co.jp/atcl/news/17/113002766/?ST=security&itp_list_theme
ニュース解説
ロボット掃除機COCOROBOがやばい理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201216/?ST=security&itp_list_theme
インターネット再生計画
電子マネーはコストの削減だけじゃない、みずほFGのJ-Coin構想に壮大な狙い
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000002/?ST=security&itp_list_theme
保険会社のSOMPO、サイバーセキュリティ事業に参入
http://itpro.nikkeibp.co.jp/atcl/news/17/112902756/?ST=security&itp_list_theme
+ Linux Kernel 'mm/pagewalk.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101969
CVE-2017-16994
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
2017年11月30日木曜日
2017年11月29日水曜日
29日 水曜日、先負
+ RHSA-2017:3270 Important: apr security update
https://access.redhat.com/errata/RHSA-2017:3270
CVE-2017-12613
+ RHSA-2017:3268 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:3268
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3267 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3267
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3269 Important: procmail security update
https://access.redhat.com/errata/RHSA-2017:3269
CVE-2017-16844
+ RHSA-2017:3264 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3264
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3263 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2017:3263
CVE-2017-1000257
+ CESA-2017:3260 Important CentOS 7 samba Security Update
https://lwn.net/Alerts/740114/
+ CESA-2017:3263 Moderate CentOS 7 curl Security Update
https://lwn.net/Alerts/740113/
+ UPDATE: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
今日も誰かが狙われる
100万ダウンロードを達成、偽スマホアプリの巧みな手口
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/112700011/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3270
CVE-2017-12613
+ RHSA-2017:3268 Critical: java-1.7.1-ibm security update
https://access.redhat.com/errata/RHSA-2017:3268
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3267 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3267
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3269 Important: procmail security update
https://access.redhat.com/errata/RHSA-2017:3269
CVE-2017-16844
+ RHSA-2017:3264 Critical: java-1.8.0-ibm security update
https://access.redhat.com/errata/RHSA-2017:3264
CVE-2016-10165
CVE-2017-10281
CVE-2017-10285
CVE-2017-10295
CVE-2017-10309
CVE-2017-10345
CVE-2017-10346
CVE-2017-10347
CVE-2017-10348
CVE-2017-10349
CVE-2017-10350
CVE-2017-10355
CVE-2017-10356
CVE-2017-10357
CVE-2017-10388
+ RHSA-2017:3263 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2017:3263
CVE-2017-1000257
+ CESA-2017:3260 Important CentOS 7 samba Security Update
https://lwn.net/Alerts/740114/
+ CESA-2017:3263 Moderate CentOS 7 curl Security Update
https://lwn.net/Alerts/740113/
+ UPDATE: Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
今日も誰かが狙われる
100万ダウンロードを達成、偽スマホアプリの巧みな手口
http://itpro.nikkeibp.co.jp/atcl/column/17/050800181/112700011/?ST=security&itp_list_theme
2017年11月28日火曜日
28日 火曜日、友引
+ RHSA-2017:3260 Important: samba security update
https://access.redhat.com/errata/RHSA-2017:3260
CVE-2017-14746
CVE-2017-15275
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ JVNVU#94198685 QND Advance/Standard におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU94198685/index.html
CVE-2017-10861
すごい設計書
システムに不可欠なセキュリティ対策、漏れを食い止める設計書3点セット
http://itpro.nikkeibp.co.jp/atcl/column/17/111000511/111600001/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3260
CVE-2017-14746
CVE-2017-15275
+ UPDATE: Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-ucsm
+ JVNVU#94198685 QND Advance/Standard におけるディレクトリトラバーサルの脆弱性
http://jvn.jp/vu/JVNVU94198685/index.html
CVE-2017-10861
すごい設計書
システムに不可欠なセキュリティ対策、漏れを食い止める設計書3点セット
http://itpro.nikkeibp.co.jp/atcl/column/17/111000511/111600001/?ST=security&itp_list_theme
2017年11月27日月曜日
27日 月曜日、先負
+ nginx-1.13.7 released
http://nginx.org/en/CHANGES
+ Mozilla Foundation Security Advisory 2017-26 Security vulnerabilities fixed in Thunderbird 52.5
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7826
+ Linux kernel 4.14.2, 4.13.16, 4.9.65, 4.4.102, 3.18.84, 3.16.51, 3.2.96 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.102
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.96
+ PHP 7.1.12 Released
http://php.net/ChangeLog-7.php#7.1.12
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ Microsoft Windows 10 nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017110143
+ Linux mincore() Uninitialized Kernel Heap Page Disclosure
https://cxsecurity.com/issue/WLB-2017110142
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
ニュース解説
セキュリティ強化が進むWindows 10、それでも企業が移行を躊躇する理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701211/?ST=security&itp_list_theme
インターネット再生計画
「出会いを完全に防ぐのは無理」、LINEが考える未成年犯罪対策
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112200007/?ST=security&itp_list_theme
http://nginx.org/en/CHANGES
+ Mozilla Foundation Security Advisory 2017-26 Security vulnerabilities fixed in Thunderbird 52.5
https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7826
+ Linux kernel 4.14.2, 4.13.16, 4.9.65, 4.4.102, 3.18.84, 3.16.51, 3.2.96 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.65
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.102
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.84
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.51
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.96
+ PHP 7.1.12 Released
http://php.net/ChangeLog-7.php#7.1.12
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ Microsoft Windows 10 nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry) Pool Memory Disclosure
https://cxsecurity.com/issue/WLB-2017110143
+ Linux mincore() Uninitialized Kernel Heap Page Disclosure
https://cxsecurity.com/issue/WLB-2017110142
+ Linux Kernel CVE-2017-16939 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101954
CVE-2017-16939
ニュース解説
セキュリティ強化が進むWindows 10、それでも企業が移行を躊躇する理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701211/?ST=security&itp_list_theme
インターネット再生計画
「出会いを完全に防ぐのは無理」、LINEが考える未成年犯罪対策
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112200007/?ST=security&itp_list_theme
2017年11月24日金曜日
24日 金曜日、仏滅
+ Mozilla Thunderbird 52.5.0 released
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
+ Apache Log4j 2.10.0 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.10.0
+ PHP 7.0.26 Released
http://www.php.net/ChangeLog-7.php#7.0.26
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ JVNVU#98606324 Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU98606324/
DB Doc 5.0 released
https://www.postgresql.org/about/news/1804/
Citus 7.1 Released: Distributed Transaction Support
https://www.postgresql.org/about/news/1803/
JVN#73141967 PWR-Q200 における DNS キャッシュポイズニングの脆弱性
http://jvn.jp/jp/JVN73141967/
インターネット再生計画
Twitterの犯罪対策を検証、何ができて何ができなかったのか
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112100006/?ST=security&itp_list_theme
ニュース解説
制御システムを守れるか、日立が設けたサイバー防衛訓練施設の全容
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201215/?ST=security&itp_list_theme
Uberが5700万の個人情報を漏洩、1年間知らせず
http://itpro.nikkeibp.co.jp/atcl/news/17/112202716/?ST=security&itp_list_theme
https://www.mozilla.org/en-US/thunderbird/52.5.0/releasenotes/
+ Apache Log4j 2.10.0 released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.10.0
+ PHP 7.0.26 Released
http://www.php.net/ChangeLog-7.php#7.0.26
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/
+ JVNVU#98606324 Install Norton Security for Mac における SSL サーバ証明書の検証不備の脆弱性
http://jvn.jp/vu/JVNVU98606324/
DB Doc 5.0 released
https://www.postgresql.org/about/news/1804/
Citus 7.1 Released: Distributed Transaction Support
https://www.postgresql.org/about/news/1803/
JVN#73141967 PWR-Q200 における DNS キャッシュポイズニングの脆弱性
http://jvn.jp/jp/JVN73141967/
インターネット再生計画
Twitterの犯罪対策を検証、何ができて何ができなかったのか
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/112100006/?ST=security&itp_list_theme
ニュース解説
制御システムを守れるか、日立が設けたサイバー防衛訓練施設の全容
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/112201215/?ST=security&itp_list_theme
Uberが5700万の個人情報を漏洩、1年間知らせず
http://itpro.nikkeibp.co.jp/atcl/news/17/112202716/?ST=security&itp_list_theme
2017年11月21日火曜日
21日 火曜日、先勝
+ RHSA-2017:3247 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2017:3247
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ RHSA-2017:3222 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:3222
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ RHSA-2017:3200 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3200
CVE-2017-14106
CVE-2017-1000111
CVE-2017-1000112
+ RHSA-2017:3221 Moderate: php security update
https://access.redhat.com/errata/RHSA-2017:3221
CVE-2016-10167
CVE-2016-10168
+ CESA-2017:3247 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/739610/
+ CESA-2017:3247 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/739609/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#91363799 Windows 8 およびそれ以降のバージョンにおいて、アドレス空間配置のランダム化が適切に行われない脆弱性
http://jvn.jp/vu/JVNVU91363799/
+ Amazon Key CVE-2017-16867 Security Weakness
http://www.securityfocus.com/bid/101899
CVE-2017-16867
+ Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/101743
CVE-2017-15527
+ Linux kernel CVE-2017-15115 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101877
CVE-2017-15115
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/20/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
インターネット再生計画
偽ニュースの蔓延を防ぐ、スマートニュースの一手
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111600004/?ST=security&itp_list_theme
不正防止に役立つシステム
不正会計は防げる、怪しいデータ操作をAIで自動検知
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500001/?ST=security&itp_list_theme
サイバー攻撃を読み解く
北朝鮮が韓国のATMをハッキング、高まるサイバー攻撃力
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/111700001/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3247
CVE-2017-7826
CVE-2017-7828
CVE-2017-7830
+ RHSA-2017:3222 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2017:3222
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ RHSA-2017:3200 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2017:3200
CVE-2017-14106
CVE-2017-1000111
CVE-2017-1000112
+ RHSA-2017:3221 Moderate: php security update
https://access.redhat.com/errata/RHSA-2017:3221
CVE-2016-10167
CVE-2016-10168
+ CESA-2017:3247 Critical CentOS 7 firefox Security Update
https://lwn.net/Alerts/739610/
+ CESA-2017:3247 Critical CentOS 6 firefox Security Update
https://lwn.net/Alerts/739609/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#91363799 Windows 8 およびそれ以降のバージョンにおいて、アドレス空間配置のランダム化が適切に行われない脆弱性
http://jvn.jp/vu/JVNVU91363799/
+ Amazon Key CVE-2017-16867 Security Weakness
http://www.securityfocus.com/bid/101899
CVE-2017-16867
+ Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/101743
CVE-2017-15527
+ Linux kernel CVE-2017-15115 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101877
CVE-2017-15115
Windows Defender System Guard でシステムのセキュリティを強化し整合性を維持する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/20/hardening-the-system-and-maintaining-integrity-with-windows-defender-system-guard/
インターネット再生計画
偽ニュースの蔓延を防ぐ、スマートニュースの一手
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111600004/?ST=security&itp_list_theme
不正防止に役立つシステム
不正会計は防げる、怪しいデータ操作をAIで自動検知
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500001/?ST=security&itp_list_theme
サイバー攻撃を読み解く
北朝鮮が韓国のATMをハッキング、高まるサイバー攻撃力
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/111700001/?ST=security&itp_list_theme
2017年11月20日月曜日
20日 月曜日、赤口
+ Selenium Standard Server 3.7.1 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.1 released
http://docs.seleniumhq.org/download/
+ About the security content of iOS 11.1.2
https://support.apple.com/ja-jp/HT208282
+ VU#817544 Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
+ Linux kerne 4.13.14. 4.9.63, 4.4.99, 3.18.82 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.99
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.82
UPDATE: JVN#74871939 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvn.jp/jp/JVN74871939/index.html
ニュース解説
セキュリティ会社の社員逮捕、ウイルス拡散が疑われるも残る疑問
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701209/?ST=security&itp_list_theme
インターネット再生計画
信頼維持の仕組みが崩れ不信広がる、インターネット30年目の実態
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000001/?ST=security&itp_list_theme
不正防止に役立つシステム
PCの操作を丸ごと録画、社内不正を防ぐ番人システム
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500002/?ST=security&itp_list_theme
シャープのロボット掃除機「COCOROBO」に脆弱性、のぞき見の危険性も
http://itpro.nikkeibp.co.jp/atcl/news/17/111702692/?ST=security&itp_list_theme
経産省のサイバーセキュリティ経営ガイドライン改訂、攻撃検知と復旧への備えを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/111702688/?ST=security&itp_list_theme
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.1 released
http://docs.seleniumhq.org/download/
+ About the security content of iOS 11.1.2
https://support.apple.com/ja-jp/HT208282
+ VU#817544 Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
+ Linux kerne 4.13.14. 4.9.63, 4.4.99, 3.18.82 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.63
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.99
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.82
UPDATE: JVN#74871939 WSR-300HP において任意のコードが実行可能な脆弱性
http://jvn.jp/jp/JVN74871939/index.html
ニュース解説
セキュリティ会社の社員逮捕、ウイルス拡散が疑われるも残る疑問
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/111701209/?ST=security&itp_list_theme
インターネット再生計画
信頼維持の仕組みが崩れ不信広がる、インターネット30年目の実態
http://itpro.nikkeibp.co.jp/atcl/column/17/111000513/111000001/?ST=security&itp_list_theme
不正防止に役立つシステム
PCの操作を丸ごと録画、社内不正を防ぐ番人システム
http://itpro.nikkeibp.co.jp/atcl/column/17/110900505/111500002/?ST=security&itp_list_theme
シャープのロボット掃除機「COCOROBO」に脆弱性、のぞき見の危険性も
http://itpro.nikkeibp.co.jp/atcl/news/17/111702692/?ST=security&itp_list_theme
経産省のサイバーセキュリティ経営ガイドライン改訂、攻撃検知と復旧への備えを追加
http://itpro.nikkeibp.co.jp/atcl/news/17/111702688/?ST=security&itp_list_theme
2017年11月17日金曜日
17日 金曜日、先勝
+ CESA-2017:3200 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/739259/
+ CESA-2017:3221 Moderate CentOS 7 php Security Update
https://lwn.net/Alerts/739260/
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#90967793 Microsoft Office 数式エディタにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90967793/
+ JVN#76382932 ロボット家電 COCOROBO におけるセッション管理不備の脆弱性
http://jvn.jp/jp/JVN76382932/
+ Microsoft Edge Object.setPrototypeOf Memory Corruption
https://cxsecurity.com/issue/WLB-2017110098
CVE-2017-8751
+ Microsoft Edge Chakra JIT Bailout Generation
https://cxsecurity.com/issue/WLB-2017110097
CVE-2017-11873
+ Microsoft Edge Chakra JIT Type Confusion
https://cxsecurity.com/issue/WLB-2017110096
CVE-2017-11811
+ Microsoft Edge Charka JIT Incorrect Check
https://cxsecurity.com/issue/WLB-2017110095
CVE-2017-11861
週末スペシャル
iPhone Xの「顔認証」はどこまで使える? 弱点は?
http://itpro.nikkeibp.co.jp/atcl/column/14/255608/111300360/?ST=security&itp_list_theme
企業版振り込め詐欺
犯人は1カ月以上メールを監視、振り込め詐欺対策は3つ
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800002/?ST=security&itp_list_theme
https://lwn.net/Alerts/739259/
+ CESA-2017:3221 Moderate CentOS 7 php Security Update
https://lwn.net/Alerts/739260/
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ JVNVU#90967793 Microsoft Office 数式エディタにスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU90967793/
+ JVN#76382932 ロボット家電 COCOROBO におけるセッション管理不備の脆弱性
http://jvn.jp/jp/JVN76382932/
+ Microsoft Edge Object.setPrototypeOf Memory Corruption
https://cxsecurity.com/issue/WLB-2017110098
CVE-2017-8751
+ Microsoft Edge Chakra JIT Bailout Generation
https://cxsecurity.com/issue/WLB-2017110097
CVE-2017-11873
+ Microsoft Edge Chakra JIT Type Confusion
https://cxsecurity.com/issue/WLB-2017110096
CVE-2017-11811
+ Microsoft Edge Charka JIT Incorrect Check
https://cxsecurity.com/issue/WLB-2017110095
CVE-2017-11861
週末スペシャル
iPhone Xの「顔認証」はどこまで使える? 弱点は?
http://itpro.nikkeibp.co.jp/atcl/column/14/255608/111300360/?ST=security&itp_list_theme
企業版振り込め詐欺
犯人は1カ月以上メールを監視、振り込め詐欺対策は3つ
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800002/?ST=security&itp_list_theme
2017年11月16日木曜日
16日 木曜日、赤口
+ Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
CVE-2017-12337
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-findit
+ Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
CVE-2017-12303
+ Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
CVE-2017-12350
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm
CVE-2017-12302
+ Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
CVE-2017-12306
+ Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1
CVE-2017-12318
+ Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res
CVE-2017-12290
CVE-2017-12291
CVE-2017-12292
+ Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
CVE-2017-12316
+ Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
CVE-2017-12305
+ Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios
CVE-2017-12304
+ Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iami
CVE-2017-12312
+ Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
CVE-2017-12315
+ Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2
CVE-2017-12300
+ Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
CVE-2017-12299
+ Cisco Email Security Appliance HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
CVE-2017-12309
+ Cisco Network Academy Packet Tracer DLL Preload Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cpt
CVE-2017-12313
+ Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cms
CVE-2017-12311
+ VU#421280 Microsoft Office Equation Editor stack buffer overflow
https://www.kb.cert.org/vuls/id/421280
CVE-2017-11882
+ FreeBSD-SA-17:10.kldstat Information leak in kldstat(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
CVE-2017-1088
+ FreeBSD-SA-17:09.shm POSIX shm allows jails to access global namespace
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
CVE-2017-1087
+ FreeBSD-SA-17:08.ptrace Kernel data leak via ptrace(PT_LWPINFO)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
CVE-2017-1086
+ Linux kernel 4.13.13, 4.9.62, 4.4.98, 3.18.81 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.98
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.81
+ Samba 4.7.2, 4.6.10 Available for Download
https://www.samba.org/samba/history/samba-4.7.2.html
https://www.samba.org/samba/history/samba-4.6.10.html
+ PHP 7.1.8 Heap-Based Buffer Overflow
https://cxsecurity.com/issue/WLB-2017110087
+ Linux Kernel 'drivers/media/usb/dvb-usb/dib0700_devices.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101846
CVE-2017-16646
+ Linux Kernel 'drivers/media/usb/hdpvr/hdpvr-core.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101842
CVE-2017-16644
+ Linux Kernel 'drivers/net/usb/qmi_wwan.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101791
CVE-2017-16650
企業版振り込め詐欺
日本企業で被害が拡大する振り込め詐欺、手法に「やり取り型」や「CxO型」
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800001/?ST=security&itp_list_theme
日立ソリューションズが社内セキュリティコンテスト、ホワイトハッカー育成で事業拡大
http://itpro.nikkeibp.co.jp/atcl/news/17/111502672/?ST=security&itp_list_theme
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos
CVE-2017-12337
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-findit
+ Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-wsa
CVE-2017-12303
+ Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-uva
CVE-2017-12350
+ Cisco Unified Communications Manager SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ucm
CVE-2017-12302
+ Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-spark
CVE-2017-12306
+ Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-rf-gateway-1
CVE-2017-12318
+ Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res
CVE-2017-12290
CVE-2017-12291
CVE-2017-12292
+ Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
CVE-2017-12316
+ Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp
CVE-2017-12305
+ Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ios
CVE-2017-12304
+ Cisco Immunet Antimalware Installer DLL Preloading Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iami
CVE-2017-12312
+ Cisco HyperFlex System Authenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-hyperflex
CVE-2017-12315
+ Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower2
CVE-2017-12300
+ Cisco ASA Next-Generation Firewall Services Local Management Filtering Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-firepower1
CVE-2017-12299
+ Cisco Email Security Appliance HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-esa
CVE-2017-12309
+ Cisco Network Academy Packet Tracer DLL Preload Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cpt
CVE-2017-12313
+ Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-cms
CVE-2017-12311
+ VU#421280 Microsoft Office Equation Editor stack buffer overflow
https://www.kb.cert.org/vuls/id/421280
CVE-2017-11882
+ FreeBSD-SA-17:10.kldstat Information leak in kldstat(2)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
CVE-2017-1088
+ FreeBSD-SA-17:09.shm POSIX shm allows jails to access global namespace
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:09.shm.asc
CVE-2017-1087
+ FreeBSD-SA-17:08.ptrace Kernel data leak via ptrace(PT_LWPINFO)
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
CVE-2017-1086
+ Linux kernel 4.13.13, 4.9.62, 4.4.98, 3.18.81 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.62
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.98
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.81
+ Samba 4.7.2, 4.6.10 Available for Download
https://www.samba.org/samba/history/samba-4.7.2.html
https://www.samba.org/samba/history/samba-4.6.10.html
+ PHP 7.1.8 Heap-Based Buffer Overflow
https://cxsecurity.com/issue/WLB-2017110087
+ Linux Kernel 'drivers/media/usb/dvb-usb/dib0700_devices.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101846
CVE-2017-16646
+ Linux Kernel 'drivers/media/usb/hdpvr/hdpvr-core.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101842
CVE-2017-16644
+ Linux Kernel 'drivers/net/usb/qmi_wwan.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101791
CVE-2017-16650
企業版振り込め詐欺
日本企業で被害が拡大する振り込め詐欺、手法に「やり取り型」や「CxO型」
http://itpro.nikkeibp.co.jp/atcl/column/17/110700496/110800001/?ST=security&itp_list_theme
日立ソリューションズが社内セキュリティコンテスト、ホワイトハッカー育成で事業拡大
http://itpro.nikkeibp.co.jp/atcl/news/17/111502672/?ST=security&itp_list_theme
2017年11月15日水曜日
15日 水曜日、大安
+ Mozilla Firefox 57.0 released
https://www.mozilla.org/en-US/firefox/57.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-24 Security vulnerabilities fixed in Firefox 57
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
CVE-2017-7827
CVE-2017-7826
+ APSB17-41 Security updates available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
CVE-2017-3109
CVE-2017-3111
CVE-2017-11296
+ APSB17-40 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
CVE-2017-11294
+ APSB17-39 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
CVE-2017-11273
CVE-2017-11297
CVE-2017-11298
CVE-2017-11299
CVE-2017-11300
CVE-2017-11301
+ APSB17-38 Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb17-38.html
CVE-2017-11302
+ APSB17-37 Security update available for the Adobe DNG Converter
https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
CVE-2017-11295
+ APSB17-36 Security updates available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
CVE-2017-16377
CVE-2017-16378
CVE-2017-16360
CVE-2017-16388
CVE-2017-16389
CVE-2017-16390
CVE-2017-16393
CVE-2017-16398
CVE-2017-16381
CVE-2017-16385
CVE-2017-16392
CVE-2017-16395
CVE-2017-16396
CVE-2017-16363
CVE-2017-16365
CVE-2017-16374
CVE-2017-16384
CVE-2017-16386
CVE-2017-16387
CVE-2017-16368
CVE-2017-16383
CVE-2017-16391
CVE-2017-16410
CVE-2017-16362
CVE-2017-16370
CVE-2017-16376
CVE-2017-16382
CVE-2017-16394
CVE-2017-16397
CVE-2017-16399
CVE-2017-16400
CVE-2017-16401
CVE-2017-16402
CVE-2017-16403
CVE-2017-16404
CVE-2017-16405
CVE-2017-16408
CVE-2017-16409
CVE-2017-16412
CVE-2017-16414
CVE-2017-16417
CVE-2017-16418
CVE-2017-16420
CVE-2017-11293
CVE-2017-16407
CVE-2017-16413
CVE-2017-16415
CVE-2017-16416
CVE-2017-16361
CVE-2017-16366
CVE-2017-16369
CVE-2017-16380
CVE-2017-16419
CVE-2017-16367
CVE-2017-16379
CVE-2017-16406
CVE-2017-16364
CVE-2017-16371
CVE-2017-16372
CVE-2017-16373
CVE-2017-16375
CVE-2017-16411
+ APSB17-35 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb17-35.html
CVE-2017-11291
CVE-2017-11287
CVE-2017-11288
CVE-2017-11289
CVE-2017-11290
+ APSB17-34 Security updates available for Adobe Photoshop CC
https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
CVE-2017-11303
CVE-2017-11304
+ APSB17-33 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ 2017 年 11 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14, 3.16.50, 3.2.95 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.50
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.95
シリコンバレーNextレポート
ディープラーニングにもセキュリティ問題、AIをだます手口に注意
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/111400137/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
サイバー攻撃の犯人は誰?知る必要はあるのか
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300003/?ST=security&itp_list_theme
JVNVU#94371484 Packetbeat におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94371484/index.html
JVN#05398317 WordPress 用プラグイン TablePress における XML 外部実体参照 (XXE) 処理の脆弱性
http://jvn.jp/jp/JVN05398317/index.html
JVN#18420340 BOOK☆WALKER for Windows/Mac における複数の脆弱性
http://jvn.jp/jp/JVN18420340/index.html
https://www.mozilla.org/en-US/firefox/57.0/releasenotes/
+ Mozilla Foundation Security Advisory 2017-24 Security vulnerabilities fixed in Firefox 57
https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/
CVE-2017-7828
CVE-2017-7830
CVE-2017-7831
CVE-2017-7832
CVE-2017-7833
CVE-2017-7834
CVE-2017-7835
CVE-2017-7836
CVE-2017-7837
CVE-2017-7838
CVE-2017-7839
CVE-2017-7840
CVE-2017-7842
CVE-2017-7827
CVE-2017-7826
+ APSB17-41 Security updates available for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html
CVE-2017-3109
CVE-2017-3111
CVE-2017-11296
+ APSB17-40 Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb17-40.html
CVE-2017-11294
+ APSB17-39 Security update available for Adobe Digital Editions
https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html
CVE-2017-11273
CVE-2017-11297
CVE-2017-11298
CVE-2017-11299
CVE-2017-11300
CVE-2017-11301
+ APSB17-38 Security update available for Adobe InDesign
https://helpx.adobe.com/security/products/indesign/apsb17-38.html
CVE-2017-11302
+ APSB17-37 Security update available for the Adobe DNG Converter
https://helpx.adobe.com/security/products/dng-converter/apsb17-37.html
CVE-2017-11295
+ APSB17-36 Security updates available for Adobe Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
CVE-2017-16377
CVE-2017-16378
CVE-2017-16360
CVE-2017-16388
CVE-2017-16389
CVE-2017-16390
CVE-2017-16393
CVE-2017-16398
CVE-2017-16381
CVE-2017-16385
CVE-2017-16392
CVE-2017-16395
CVE-2017-16396
CVE-2017-16363
CVE-2017-16365
CVE-2017-16374
CVE-2017-16384
CVE-2017-16386
CVE-2017-16387
CVE-2017-16368
CVE-2017-16383
CVE-2017-16391
CVE-2017-16410
CVE-2017-16362
CVE-2017-16370
CVE-2017-16376
CVE-2017-16382
CVE-2017-16394
CVE-2017-16397
CVE-2017-16399
CVE-2017-16400
CVE-2017-16401
CVE-2017-16402
CVE-2017-16403
CVE-2017-16404
CVE-2017-16405
CVE-2017-16408
CVE-2017-16409
CVE-2017-16412
CVE-2017-16414
CVE-2017-16417
CVE-2017-16418
CVE-2017-16420
CVE-2017-11293
CVE-2017-16407
CVE-2017-16413
CVE-2017-16415
CVE-2017-16416
CVE-2017-16361
CVE-2017-16366
CVE-2017-16369
CVE-2017-16380
CVE-2017-16419
CVE-2017-16367
CVE-2017-16379
CVE-2017-16406
CVE-2017-16364
CVE-2017-16371
CVE-2017-16372
CVE-2017-16373
CVE-2017-16375
CVE-2017-16411
+ APSB17-35 Security update available for Adobe Connect
https://helpx.adobe.com/security/products/connect/apsb17-35.html
CVE-2017-11291
CVE-2017-11287
CVE-2017-11288
CVE-2017-11289
CVE-2017-11290
+ APSB17-34 Security updates available for Adobe Photoshop CC
https://helpx.adobe.com/security/products/photoshop/apsb17-34.html
CVE-2017-11303
CVE-2017-11304
+ APSB17-33 Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-33.html
CVE-2017-3112
CVE-2017-3114
CVE-2017-11213
CVE-2017-11215
CVE-2017-11225
+ 2017 年 11 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/bae9d0d8-e497-e711-80e5-000d3a32fc99
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ Linux kernel 4.14, 3.16.50, 3.2.95 released
https://www.kernel.org/
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.50
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.95
シリコンバレーNextレポート
ディープラーニングにもセキュリティ問題、AIをだます手口に注意
http://itpro.nikkeibp.co.jp/atcl/column/15/061500148/111400137/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
サイバー攻撃の犯人は誰?知る必要はあるのか
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300003/?ST=security&itp_list_theme
JVNVU#94371484 Packetbeat におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94371484/index.html
JVN#05398317 WordPress 用プラグイン TablePress における XML 外部実体参照 (XXE) 処理の脆弱性
http://jvn.jp/jp/JVN05398317/index.html
JVN#18420340 BOOK☆WALKER for Windows/Mac における複数の脆弱性
http://jvn.jp/jp/JVN18420340/index.html
2017年11月14日火曜日
14日 火曜日、仏滅
+ Google Chrome 62.0.3202.94 released
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
+ Linux Kernel CVE-2017-15102 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101790
CVE-2017-15102
+ Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101769
CVE-2017-16643
+ Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101768
CVE-2017-16645
+ Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101761
CVE-2017-16649
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101758
CVE-2017-16648
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
+ Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/101692
CVE-2017-15398
CVE-2017-15399
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
JVN#29602086 CS-Cart日本語版におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN29602086/
編集長の眼
2万円は高いか安いか?セキュリティ国家資格の講習を受けてみた
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/110700052/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
セキュリティ攻撃の被害情報、公開するのは悪いこと?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300002/?ST=security&itp_list_theme
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html
+ Linux Kernel CVE-2017-15102 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101790
CVE-2017-15102
+ Linux Kernel 'drivers/input/tablet/gtco.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101769
CVE-2017-16643
+ Linux Kernel 'drivers/input/misc/ims-pcu.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101768
CVE-2017-16645
+ Linux Kernel 'drivers/net/usb/cdc_ether.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101761
CVE-2017-16649
Linux Kernel 'drivers/media/dvb-core/dvb_frontend.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101758
CVE-2017-16648
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
+ Google Chrome Prior to 62.0.3202.89 Stack Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/101692
CVE-2017-15398
CVE-2017-15399
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
JVN#29602086 CS-Cart日本語版におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN29602086/
編集長の眼
2万円は高いか安いか?セキュリティ国家資格の講習を受けてみた
http://itpro.nikkeibp.co.jp/atcl/watcher/16/110700001/110700052/?ST=security&itp_list_theme
有識者座談会 セキュリティの非常識
セキュリティ攻撃の被害情報、公開するのは悪いこと?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/111300002/?ST=security&itp_list_theme
2017年11月13日月曜日
13日 月曜日、先負
+ CVE-2017-8585 | .NET Denial of Service Vulnerability
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-8585
CVE-2017-8585
+ マイクロソフト セキュリティ アドバイザリ 4053440 Dynamic Data Exchange (DDE) フィールドを含む Microsoft Office ドキュメントを安全に開く方法
https://technet.microsoft.com/ja-jp/library/security/4053440
CVE-2017-8759
CVE-2017-11292
CVE-2017-11826
+ iOS 11.1.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT208255
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
有識者座談会 セキュリティの非常識
アノニマスの攻撃に備えるには莫大な費用がかかる?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/110900001/?ST=security&itp_list_theme
ウインドリバーがIoTセキュリティ説明会、「ウクライナの大停電は当社製品なら防げた」
http://itpro.nikkeibp.co.jp/atcl/news/17/111002645/?ST=security&itp_list_theme
アカマイ、ボットの不正ログインを検知・遮断する「Bot Manager Premier」を発売
http://itpro.nikkeibp.co.jp/atcl/news/17/111002644/?ST=security&itp_list_theme
マカフィーとラック、AWS上におけるセキュリティ対策で協業
http://itpro.nikkeibp.co.jp/atcl/news/17/111002635/?ST=security&itp_list_theme
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2017-8585
CVE-2017-8585
+ マイクロソフト セキュリティ アドバイザリ 4053440 Dynamic Data Exchange (DDE) フィールドを含む Microsoft Office ドキュメントを安全に開く方法
https://technet.microsoft.com/ja-jp/library/security/4053440
CVE-2017-8759
CVE-2017-11292
CVE-2017-11826
+ iOS 11.1.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT208255
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
有識者座談会 セキュリティの非常識
アノニマスの攻撃に備えるには莫大な費用がかかる?
http://itpro.nikkeibp.co.jp/atcl/column/17/110900508/110900001/?ST=security&itp_list_theme
ウインドリバーがIoTセキュリティ説明会、「ウクライナの大停電は当社製品なら防げた」
http://itpro.nikkeibp.co.jp/atcl/news/17/111002645/?ST=security&itp_list_theme
アカマイ、ボットの不正ログインを検知・遮断する「Bot Manager Premier」を発売
http://itpro.nikkeibp.co.jp/atcl/news/17/111002644/?ST=security&itp_list_theme
マカフィーとラック、AWS上におけるセキュリティ対策で協業
http://itpro.nikkeibp.co.jp/atcl/news/17/111002635/?ST=security&itp_list_theme
2017年11月10日金曜日
10日 金曜日、赤口
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
CVE-2017-3883
+ Linux kernel 4.1.46 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.46
+ PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/docs/10/static/release-10-1.html
https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
https://www.postgresql.org/docs/9.5/static/release-9-5-10.html
https://www.postgresql.org/docs/9.4/static/release-9-4-15.html
https://www.postgresql.org/docs/9.3/static/release-9-3-20.html
CVE-2017-12172
CVE-2017-15098
CVE-2017-15099
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ Microsoft Windows LNK File Code Execution
https://cxsecurity.com/issue/WLB-2017110056
CVE-2015-0096
CVE-2017-8464
JVN#71284826 HYPER SBI のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN71284826/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/
ニュース解説
FinTech?マルウエア?無断でスマホCPU使う謎のサービス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110801194/?ST=security&itp_list_theme
リバーベッドがSD-WAN製品を強化、ZscalerのセキュリティSaaSと連携
http://itpro.nikkeibp.co.jp/atcl/news/17/110902629/?ST=security&itp_list_theme
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
CVE-2017-3883
+ Linux kernel 4.1.46 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.46
+ PostgreSQL 10.1, 9.6.6, 9.5.10, 9.4.15, 9.3.20, and 9.2.24 released!
https://www.postgresql.org/about/news/1801/
https://www.postgresql.org/docs/10/static/release-10-1.html
https://www.postgresql.org/docs/9.6/static/release-9-6-6.html
https://www.postgresql.org/docs/9.5/static/release-9-5-10.html
https://www.postgresql.org/docs/9.4/static/release-9-4-15.html
https://www.postgresql.org/docs/9.3/static/release-9-3-20.html
CVE-2017-12172
CVE-2017-15098
CVE-2017-15099
+ UPDATE: JVNVU#99259676 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99259676/
+ UPDATE: JVNVU#91445763 OpenSSL に複数の脆弱性
http://jvn.jp/vu/JVNVU91445763/
+ Microsoft Windows LNK File Code Execution
https://cxsecurity.com/issue/WLB-2017110056
CVE-2015-0096
CVE-2017-8464
JVN#71284826 HYPER SBI のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN71284826/
UPDATE: JVNVU#93329670 Open Shortest Path First (OSPF) プロトコルの複数の実装に Link State Advertisement (LSA) の扱いに関する問題
http://jvn.jp/vu/JVNVU93329670/
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/
ニュース解説
FinTech?マルウエア?無断でスマホCPU使う謎のサービス
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110801194/?ST=security&itp_list_theme
リバーベッドがSD-WAN製品を強化、ZscalerのセキュリティSaaSと連携
http://itpro.nikkeibp.co.jp/atcl/news/17/110902629/?ST=security&itp_list_theme
2017年11月9日木曜日
9日 木曜日、大安
+ Zabbix 3.4.4, 3.2.10, 3.0.13 released
http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D
+ Linux kernel 4.13.12, 4.9.61, 4.4.97, 3.18.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.97
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.80
+ Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110050
+ Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110049
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
UPDATE: JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/index.html
iPhone X 徹底レビュー
iPhone Xの顔認証で感じる、やっぱりホームボタンは偉大だった
http://itpro.nikkeibp.co.jp/atcl/column/17/110200479/110800002/?ST=security&itp_list_theme
不正アクセス検知ベンチャーのカウリスがアジア進出、安価なAIサービス武器に
http://itpro.nikkeibp.co.jp/atcl/news/17/110802620/?ST=security&itp_list_theme
http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/?C=M;O=D
http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/?C=M;O=D
+ Linux kernel 4.13.12, 4.9.61, 4.4.97, 3.18.80 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.61
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.97
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.80
+ Linux Kernel 4.13 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110050
+ Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation
https://cxsecurity.com/issue/WLB-2017110049
+ PHP CVE-2017-16642 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101745
CVE-2017-16642
UPDATE: JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/index.html
iPhone X 徹底レビュー
iPhone Xの顔認証で感じる、やっぱりホームボタンは偉大だった
http://itpro.nikkeibp.co.jp/atcl/column/17/110200479/110800002/?ST=security&itp_list_theme
不正アクセス検知ベンチャーのカウリスがアジア進出、安価なAIサービス武器に
http://itpro.nikkeibp.co.jp/atcl/news/17/110802620/?ST=security&itp_list_theme
2017年11月8日水曜日
8日 水曜日、仏滅
+ RHSA-2017:3151 Critical: chromium-browser security update
https://access.redhat.com/errata/RHSA-2017:3151
CVE-2017-15398
CVE-2017-15399
+ UPDATE: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
+ UPDATE: JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
Support for .NET Core 2.0 and PostgreSQL 10 in Updated dotConnect for PostgreSQL
https://www.postgresql.org/about/news/1800/
脅威増すサイバー攻撃の正体
新たな手口で脅威増すランサムウエア、次なる標的
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100004/?ST=security&itp_list_theme
シマンテックがエンドポイントセキュリティ新版、おとり機能やEDRなど統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702611/?ST=security&itp_list_theme
Cylance Japan、機械学習ウイルス対策にEDR機能を統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702608/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2017:3151
CVE-2017-15398
CVE-2017-15399
+ UPDATE: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
+ UPDATE: JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux Kernel 'arch/powerpc/kvm/powerpc.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101693
CVE-2017-15306
Support for .NET Core 2.0 and PostgreSQL 10 in Updated dotConnect for PostgreSQL
https://www.postgresql.org/about/news/1800/
脅威増すサイバー攻撃の正体
新たな手口で脅威増すランサムウエア、次なる標的
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100004/?ST=security&itp_list_theme
シマンテックがエンドポイントセキュリティ新版、おとり機能やEDRなど統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702611/?ST=security&itp_list_theme
Cylance Japan、機械学習ウイルス対策にEDR機能を統合
http://itpro.nikkeibp.co.jp/atcl/news/17/110702608/?ST=security&itp_list_theme
2017年11月7日火曜日
7日 火曜日、先負
+ Google Chrome 62.0.3202.89 released
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
CVE-2017-15398
CVE-2017-15399
+ CESA-2017:3111 CentOS 7 liblouis Security Update
https://lwn.net/Alerts/738250/
+ SA79922 McAfee Network Security Manager Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/79922/
CVE-2016-8029
+ Symantec Endpoint Protection CVE-2017-13680 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/101503
CVE-2017-13680
+ Symantec Endpoint Protection Manager CVE-2017-13681 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101504
CVE-2017-13681
+ OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101666
CVE-2017-3736
+ GNU wget CVE-2017-13090 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101590
CVE-2017-13090
+ GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101592
CVE-2017-13089
脅威増すサイバー攻撃の正体
ランサムウエアをなめてはいけない、本当の恐ろしさ
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100003/?ST=security&itp_list_theme
ITpro Report
Webブラウザーをクラウドで動かす、無害化ソフトのメカニズム
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/110600283/?ST=security&itp_list_theme
JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/
JVN#23367475 Wi-Fi STATION L-02F にバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN23367475/
JVNVU#93593263 IEEE P1735 に脆弱性
http://jvn.jp/vu/JVNVU93593263/
JVN#87886530 LAN DISKコネクトにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN87886530/
https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html
CVE-2017-15398
CVE-2017-15399
+ CESA-2017:3111 CentOS 7 liblouis Security Update
https://lwn.net/Alerts/738250/
+ SA79922 McAfee Network Security Manager Security Bypass Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/79922/
CVE-2016-8029
+ Symantec Endpoint Protection CVE-2017-13680 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/101503
CVE-2017-13680
+ Symantec Endpoint Protection Manager CVE-2017-13681 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/101504
CVE-2017-13681
+ OpenSSL CVE-2017-3736 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/101666
CVE-2017-3736
+ GNU wget CVE-2017-13090 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101590
CVE-2017-13090
+ GNU wget CVE-2017-13089 Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/101592
CVE-2017-13089
脅威増すサイバー攻撃の正体
ランサムウエアをなめてはいけない、本当の恐ろしさ
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100003/?ST=security&itp_list_theme
ITpro Report
Webブラウザーをクラウドで動かす、無害化ソフトのメカニズム
http://itpro.nikkeibp.co.jp/atcl/column/14/090100053/110600283/?ST=security&itp_list_theme
JVNVU#99936709 Savitech 製 USB オーディオドライバがルート CA 証明書を許可なくインストールする問題
http://jvn.jp/vu/JVNVU99936709/
JVN#23367475 Wi-Fi STATION L-02F にバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN23367475/
JVNVU#93593263 IEEE P1735 に脆弱性
http://jvn.jp/vu/JVNVU93593263/
JVN#87886530 LAN DISKコネクトにおけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN87886530/
2017年11月6日月曜日
6日 月曜日、友引
+ RHSA-2017:3111 Moderate: liblouis security update
https://access.redhat.com/errata/RHSA-2017:3111
CVE-2014-8184
CVE-2017-13738
CVE-2017-13740
CVE-2017-13741
CVE-2017-13742
CVE-2017-13743
CVE-2017-13744
+ Selenium Standalone Server 3.7.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.0 released
http://docs.seleniumhq.org/download/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
CVE-2017-12319
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
+ UPDATE: Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
+ UPDATE: Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
+ Linux kernel 4.13.11, 4.9.60, 4.4.96, 3.18.79, 3.10.108 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.96
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.79
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.108
+ OpenSSL OpenSSL 1.1.0g, 1.0.2m released
https://www.openssl.org/
+ OpenSSL Security Advisory [02 Nov 2017]
https://www.openssl.org/news/secadv/20171102.txt
CVE-2017-3732
CVE-2015-3193
+ Win32 OpenSSL v1.1.0g, 1.0.2m released
http://slproweb.com/products/Win32OpenSSL.html
+ Samba 4.7.1 Available for Download
https://www.samba.org/samba/history/samba-4.7.1.html
+ Sysstat 11.6.1, 11.4.7, 11.2.13 released
http://sebastien.godard.pagesperso-orange.fr/
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
+ JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux kernel CVE-2017-15951 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101621
CVE-2017-15951
VU#739007 IEEE P1735 implementations may have weak cryptographic protections
https://www.kb.cert.org/vuls/id/739007
VU#446847 Savitech USB audio drivers install a new root CA certificate
https://www.kb.cert.org/vuls/id/446847
Announcing the Release of OmniDB 2.3
https://www.postgresql.org/about/news/1799/
Aiven first to offer managed PG 10 on all major clouds
https://www.postgresql.org/about/news/1798/
脅威増すサイバー攻撃の正体
10年前から存在するランサムウエア、なぜ“ブレイク”したのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100002/?ST=security&itp_list_theme
感染してもタブを閉じれば無害、アシストがブラウザー分離ソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/110202592/?ST=security&itp_list_theme
JVN#97243511 フレッツ簡単セットアップツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN97243511/index.html
JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/index.html
https://access.redhat.com/errata/RHSA-2017:3111
CVE-2014-8184
CVE-2017-13738
CVE-2017-13740
CVE-2017-13741
CVE-2017-13742
CVE-2017-13743
CVE-2017-13744
+ Selenium Standalone Server 3.7.0 released
http://docs.seleniumhq.org/download/
+ Selenium Client & WebDriver 3.7.0 released
http://docs.seleniumhq.org/download/
+ UPDATE: Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp
CVE-2017-12319
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
+ UPDATE: Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
+ UPDATE: Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
+ UPDATE: Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
+ Linux kernel 4.13.11, 4.9.60, 4.4.96, 3.18.79, 3.10.108 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.60
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.96
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.79
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.108
+ OpenSSL OpenSSL 1.1.0g, 1.0.2m released
https://www.openssl.org/
+ OpenSSL Security Advisory [02 Nov 2017]
https://www.openssl.org/news/secadv/20171102.txt
CVE-2017-3732
CVE-2015-3193
+ Win32 OpenSSL v1.1.0g, 1.0.2m released
http://slproweb.com/products/Win32OpenSSL.html
+ Samba 4.7.1 Available for Download
https://www.samba.org/samba/history/samba-4.7.1.html
+ Sysstat 11.6.1, 11.4.7, 11.2.13 released
http://sebastien.godard.pagesperso-orange.fr/
+ UPDATE: JVNVU#90609033 Wi-Fi Protected Access II (WPA2) ハンドシェイクにおいて Nonce およびセッション鍵が再利用される問題
http://jvn.jp/vu/JVNVU90609033/index.html
+ JVNVU#99000953 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99000953/index.html
+ Linux kernel CVE-2017-15951 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101621
CVE-2017-15951
VU#739007 IEEE P1735 implementations may have weak cryptographic protections
https://www.kb.cert.org/vuls/id/739007
VU#446847 Savitech USB audio drivers install a new root CA certificate
https://www.kb.cert.org/vuls/id/446847
Announcing the Release of OmniDB 2.3
https://www.postgresql.org/about/news/1799/
Aiven first to offer managed PG 10 on all major clouds
https://www.postgresql.org/about/news/1798/
脅威増すサイバー攻撃の正体
10年前から存在するランサムウエア、なぜ“ブレイク”したのか?
http://itpro.nikkeibp.co.jp/atcl/column/17/102700456/110100002/?ST=security&itp_list_theme
感染してもタブを閉じれば無害、アシストがブラウザー分離ソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/110202592/?ST=security&itp_list_theme
JVN#97243511 フレッツ簡単セットアップツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN97243511/index.html
JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/index.html
2017年11月2日木曜日
2日 木曜日、仏滅
+ About the security content of iCloud for Windows 7.1
https://support.apple.com/ja-jp/HT208225
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of iTunes 12.7.1 for Windows
https://support.apple.com/ja-jp/HT208224
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of Safari 11.1
https://support.apple.com/ja-jp/HT208223
CVE-2017-13790
CVE-2017-13789
CVE-2017-13784
CVE-2017-13785
CVE-2017-13783
CVE-2017-13788
CVE-2017-13795
CVE-2017-13802
CVE-2017-13792
CVE-2017-13791
CVE-2017-13798
CVE-2017-13796
CVE-2017-13793
CVE-2017-13794
CVE-2017-13803
+ About the security content of tvOS 11.1
https://support.apple.com/ja-jp/HT208219
CVE-2017-13849
CVE-2017-13799
CVE-2017-13804
CVE-2017-13784
CVE-2017-13783
CVE-2017-13785
CVE-2017-13788
CVE-2017-13802
CVE-2017-13792
CVE-2017-13795
CVE-2017-13798
CVE-2017-13796
CVE-2017-13794
CVE-2017-13793
CVE-2017-13791
CVE-2017-13803
CVE-2017-13080
+ About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
https://support.apple.com/ja-jp/HT208221
CVE-2017-13832
CVE-2016-736
CVE-2016-2161
CVE-2016-5387
CVE-2016-8740
CVE-2016-8743
CVE-2017-3167
CVE-2017-3169
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
CVE-2017-9789
CVE-2017-13786
CVE-2017-13800
CVE-2017-13809
CVE-2017-13820
CVE-2017-13807
CVE-2017-13821
CVE-2017-13825
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-13801
CVE-2017-13815
CVE-2017-13828
CVE-2017-13811
CVE-2017-13830
CVE-2017-11103
CVE-2017-13819
CVE-2017-13814
CVE-2017-13831
CVE-2017-13810
CVE-2017-13817
CVE-2017-13818
CVE-2017-13836
CVE-2017-13841
CVE-2017-13840
CVE-2017-13842
CVE-2017-13782
CVE-2017-13843
CVE-2017-13834
CVE-2017-13799
CVE-2017-13813
CVE-2017-13816
CVE-2017-13812
CVE-2016-4736
CVE-2017-13824
CVE-2017-13846
CVE-2017-13826
CVE-2017-13822
CVE-2017-7132
CVE-2017-13823
CVE-2017-13808
CVE-2017-13838
CVE-2017-13804
CVE-2017-11108
CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
+ About the security content of iOS 11.1
https://support.apple.com/ja-jp/HT208222
CVE-2017-13849
CVE-2017-13799
CVE-2017-13844
CVE-2017-13805
CVE-2017-13804
CVE-2017-7113
CVE-2017-13784
CVE-2017-13783
CVE-2017-13785
CVE-2017-13788
CVE-2017-13802
CVE-2017-13792
CVE-2017-13795
CVE-2017-13798
CVE-2017-13796
CVE-2017-13794
CVE-2017-13793
CVE-2017-13791
CVE-2017-13803
CVE-2017-13080
+ About the security content of watchOS 4.1
https://support.apple.com/ja-jp/HT208220
CVE-2017-13849
CVE-2017-13799
CVE-2017-13804
CVE-2017-13080
+ UPDATE: Cisco FXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty
+ Cisco Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
CVE-2017-12275
+ Cisco Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
CVE-2017-12278
+ Cisco Identity Services Engine Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise
CVE-2017-12261
+ Cisco Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-fpwr
CVE-2017-12277
+ Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-cpcp
CVE-2017-12276
+ Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem
CVE-2017-12262
+ Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet2
CVE-2017-12274
+ Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet1
CVE-2017-12273
+ Cisco Wireless LAN Controller Access Network Query Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4
CVE-2017-12282
+ Cisco Wireless LAN Controller CAPWAP Discovery Request Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc3
CVE-2017-12280
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex2
CVE-2017-12295
+ Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-webex1
CVE-2017-12294
+ Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-iosap
CVE-2017-12279
+ Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-arce
CVE-2017-12243
+ Cisco Aironet 3800 Series Access Points Protected Management Frames User Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet4
CVE-2017-12283
+ Cisco Aironet 1800, 2800, and 3800 Series Access Points MAC Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-aironet3
CVE-2017-12281
+ JVNVU#94207433 Trend Micro Control Manager における複数の脆弱性
http://jvn.jp/vu/JVNVU94207433/
CVE-2017-11383
CVE-2017-11384
CVE-2017-11385
CVE-2017-11386
CVE-2017-11387
CVE-2017-11388
CVE-2017-11389
CVE-2017-11390
CVE-2017-11391
Windows Defender Exploit Guard: 攻撃表面を縮小して次世代型マルウェアに対抗する
https://blogs.technet.microsoft.com/jpsecurity/2017/11/01/windows-defender-exploit-guard-reduce-the-attack-surface-against-next-generation-malware/
MicroOLAP Database Designer meets PostgreSQL 10!
https://www.postgresql.org/about/news/1796/
ニュース解説
サイバー攻撃をプロバイダーは止められるか、総務省の意欲
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/110101186/?ST=security&itp_list_theme
中小向け「Microsoft 365」開始、月額2000円台でOfficeとセキュリティ提供
http://itpro.nikkeibp.co.jp/atcl/news/17/110102588/?ST=security&itp_list_theme
シマンテックのサーバー証明書、国内でもデジサートが発行へ
http://itpro.nikkeibp.co.jp/atcl/news/17/110102581/?ST=security&itp_list_theme
GMOインターネットから漏えいの個人情報、Amazonの電子書籍として販売される
http://itpro.nikkeibp.co.jp/atcl/news/17/110102579/?ST=security&itp_list_theme
ウイルス保管容疑でセキュリティ企業ディアイティの社員逮捕、同社は反論
http://itpro.nikkeibp.co.jp/atcl/news/17/110102576/?ST=security&itp_list_theme
UPDATE: JVN#79546124 OpenAM (オープンソース版) における認証回避の脆弱性
http://jvn.jp/jp/JVN79546124/
2017年11月1日水曜日
1日 水曜日、先負
+ RHSA-2017:2561 Low: Red Hat Enterprise Virtualization 3.x - 30 Day End Of Life Notice
https://access.redhat.com/errata/RHSA-2017:2561
+ SA79745 Apple OS X Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/79745/
CVE-2016-2161
CVE-2016-4736
CVE-2016-5387
CVE-2016-8743
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-11103
CVE-2017-11108
CVE-2017-11541
CVE-2017-11542
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13077
CVE-2017-13078
CVE-2017-13080
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
CVE-2017-13782
CVE-2017-13786
CVE-2017-13799
CVE-2017-13800
CVE-2017-13801
CVE-2017-13804
CVE-2017-13807
CVE-2017-13808
CVE-2017-13810
CVE-2017-13811
CVE-2017-13812
CVE-2017-13813
CVE-2017-13814
CVE-2017-13815
CVE-2017-13816
CVE-2017-13817
CVE-2017-13818
CVE-2017-13819
CVE-2017-13820
CVE-2017-13821
CVE-2017-13822
CVE-2017-13823
CVE-2017-13825
CVE-2017-13826
CVE-2017-13828
CVE-2017-13830
CVE-2017-13831
CVE-2017-13832
CVE-2017-13836
CVE-2017-13838
CVE-2017-13840
CVE-2017-13841
CVE-2017-13842
CVE-2017-13843
CVE-2017-13846
CVE-2017-3167
CVE-2017-3169
CVE-2017-7132
CVE-2017-7659
CVE-2017-7668
CVE-2017-7679
CVE-2017-9788
+ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure
https://cxsecurity.com/issue/WLB-2017100226
CVE-2017-10309
+ McAfee Network Data Loss Prevention CVE-2017-3933 Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/101628
CVE-2017-3933
+ Linux kernel CVE-2017-15951 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/101621
CVE-2017-15951
+ Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/101620
CVE-2013-4246
ランサムウエア対処の鉄則
これまでとは異なる恐怖、最新型ランサムウエアの常識
http://itpro.nikkeibp.co.jp/atcl/column/17/102600453/103100003/?ST=security&itp_list_theme
ファイア・アイが中小向けセキュリティ対策パッケージ、300万円以下で提供
http://itpro.nikkeibp.co.jp/atcl/news/17/103102561/?ST=security&itp_list_theme
登録:
投稿 (Atom)