+ UPDATE: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+UPDATE: JVNVU#99446427 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99446427/
Amazon Comprehend を使用したカスタマーレビューからのセンチメントの検知
https://aws.amazon.com/jp/blogs/news/detect-sentiment-from-customer-reviews-using-amazon-comprehend/
仮想通貨を盗むウイルス作成容疑の高校生逮捕、掲示板に本人らしき弁明も
http://itpro.nikkeibp.co.jp/atcl/news/17/013003052/?ST=security&itp_list_theme
中堅企業の31%が情シス1人以下、デルがIT投資動向調査
http://itpro.nikkeibp.co.jp/atcl/news/17/013003047/?ST=security&itp_list_theme
JVN#30636823 WordPress 用プラグイン WP Retina 2x におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN30636823/
2018年1月31日水曜日
2018年1月30日火曜日
30日 火曜日、先勝
+ CVE-2018-0764 | .NET および .NET Core のサービス拒否の脆弱性
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0764
CVE-2018-0764
+ CVE-2018-0786 | .NET のセキュリティ機能のバイパスの脆弱性
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0786
CVE-2018-0786
+ Red Hat Enterprise Linux 7.5 Beta
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7-beta/html/7.5_release_notes/index
+ Mozilla Firefox 58.0.1 released
https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/
+ Mozilla Foundation Security Advisory 2018-05 Arbitrary code execution through unsanitized browser UI
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
CVE-2018-5124
+ UPDATE: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/
+ MacOS sysctl_default_netsvctype_to_dscp_map / sysctl_dscp_to_wifi_ac_map Stack Leak
https://cxsecurity.com/issue/WLB-2018010316
CVE-2018-4093
チャットボットにウェブ UI をデプロイする
https://aws.amazon.com/jp/blogs/news/deploy-a-web-ui-for-your-chatbot/
AWS Deep Learning AMI に TensorFlow 1.5 と新しい Model Serving 機能が追加されました
https://aws.amazon.com/jp/blogs/news/aws-deep-learning-amis-now-come-with-tensorflow-1-5-and-new-model-serving-capabilities/
AWS DeepLens Lambda 関数と最新 Model Optimizer を深く知り尽くす
https://aws.amazon.com/jp/blogs/news/dive-deep-into-aws-deeplens-lambda-functions-and-the-new-model-optimizer/
水門は開いた ? EC2 インスタンスのネットワーク帯域幅が増大
https://aws.amazon.com/jp/blogs/news/the-floodgates-are-open-increased-network-bandwidth-for-ec2-instances/
ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法
https://blogs.technet.microsoft.com/jpsecurity/2018/01/29/how-to-disrupt-attacks-caused-by-social-engineering/
Citus 7.2: CTEs, complex subqueries, set operations, and more
https://www.postgresql.org/about/news/1828/
ニュース解説
コインチェックに業務改善命令、MTGOXの教訓が生かされなかった理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012901289/?ST=security&itp_list_theme
日本IBM、サイバー攻撃対策の専門家を集めた新組織、ノウハウ展開と人材育成で
http://itpro.nikkeibp.co.jp/atcl/news/17/012903045/?ST=security&itp_list_theme
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0764
CVE-2018-0764
+ CVE-2018-0786 | .NET のセキュリティ機能のバイパスの脆弱性
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/CVE-2018-0786
CVE-2018-0786
+ Red Hat Enterprise Linux 7.5 Beta
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7-beta/html/7.5_release_notes/index
+ Mozilla Firefox 58.0.1 released
https://www.mozilla.org/en-US/firefox/58.0.1/releasenotes/
+ Mozilla Foundation Security Advisory 2018-05 Arbitrary code execution through unsanitized browser UI
https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
CVE-2018-5124
+ UPDATE: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/
+ MacOS sysctl_default_netsvctype_to_dscp_map / sysctl_dscp_to_wifi_ac_map Stack Leak
https://cxsecurity.com/issue/WLB-2018010316
CVE-2018-4093
チャットボットにウェブ UI をデプロイする
https://aws.amazon.com/jp/blogs/news/deploy-a-web-ui-for-your-chatbot/
AWS Deep Learning AMI に TensorFlow 1.5 と新しい Model Serving 機能が追加されました
https://aws.amazon.com/jp/blogs/news/aws-deep-learning-amis-now-come-with-tensorflow-1-5-and-new-model-serving-capabilities/
AWS DeepLens Lambda 関数と最新 Model Optimizer を深く知り尽くす
https://aws.amazon.com/jp/blogs/news/dive-deep-into-aws-deeplens-lambda-functions-and-the-new-model-optimizer/
水門は開いた ? EC2 インスタンスのネットワーク帯域幅が増大
https://aws.amazon.com/jp/blogs/news/the-floodgates-are-open-increased-network-bandwidth-for-ec2-instances/
ソーシャル エンジニアリングによって引き起こされる攻撃を途絶させる方法
https://blogs.technet.microsoft.com/jpsecurity/2018/01/29/how-to-disrupt-attacks-caused-by-social-engineering/
Citus 7.2: CTEs, complex subqueries, set operations, and more
https://www.postgresql.org/about/news/1828/
ニュース解説
コインチェックに業務改善命令、MTGOXの教訓が生かされなかった理由
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/012901289/?ST=security&itp_list_theme
日本IBM、サイバー攻撃対策の専門家を集めた新組織、ノウハウ展開と人材育成で
http://itpro.nikkeibp.co.jp/atcl/news/17/012903045/?ST=security&itp_list_theme
2018年1月29日月曜日
28日 月曜日、赤口
+ HTTP authentication leak in redirects
https://curl.haxx.se/docs/adv_2018-b3bf.html
CVE-2018-1000007
+ HTTP/2 trailer out-of-bounds read
https://curl.haxx.se/docs/adv_2018-824a.html
VE-2018-1000005
+ MantisBT 2.10.0 and 2.9.1 released
https://mantisbt.org/blog/?p=564
+ CESA-2018:0163 Important CentOS 7 389-ds-base Security Update
https://lwn.net/Articles/745451/
+ CESA-2018:0223 Moderate CentOS 7 nautilus Security Update
https://lwn.net/Articles/745454/
+ CESA-2018:0151 Important CentOS 7 kernel Security Update
https://lwn.net/Articles/745453/
+ CESA-2018:0158 Moderate CentOS 7 dhcp Security Update
https://lwn.net/Articles/745452/
+ Mozilla Foundation Security Advisory 2018-04 Security vulnerabilities fixed in Thunderbird 52.6
https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/
CVE-2018-5095
CVE-2018-5096
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5117
CVE-2018-5089
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ Apache Tomcat 8.0.49, 7.0.84 Released
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html#Tomcat_8.0.49_(violetagg)
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.84_(violetagg)
+ Postfix 3.2.5, 3.1.8, 3.0.12, 2.11.11 released
http://mirror.postfix.jp/postfix-release/official/postfix-3.2.5.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.1.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.0.12.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.11.11.HISTORY
ユニシスメインフレームからAWSへの5ステップでの移行
https://aws.amazon.com/jp/blogs/news/migrating-unisys-mainframe-to-aws-in-5-steps/
UPDATE: JVN#89379547 Apache Commons FileUpload におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN89379547/
仮想通貨流出問題、コインチェックが自己資金での返金を決定
http://itpro.nikkeibp.co.jp/atcl/news/17/012803041/?ST=security&itp_list_theme
580億円分の仮想通貨が流出、大手取引所への不正アクセスで
http://itpro.nikkeibp.co.jp/atcl/news/17/012703040/?ST=security&itp_list_theme
「サイバー攻撃者がもうけ方をビジネスメール詐欺に変えてくる」、パロアルトが脅威予測
http://itpro.nikkeibp.co.jp/atcl/news/17/012603037/?ST=security&itp_list_theme
GMOペパボで不正アクセス、最大7万7385件の個人情報流出
http://itpro.nikkeibp.co.jp/atcl/news/17/012603031/?ST=security&itp_list_theme
2018年1月26日金曜日
26日 金曜日、先負
+ RHSA-2018:0169 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2018:0169
CVE-2017-7542
CVE-2017-9074
CVE-2017-11176
+ RHSA-2018:0223 Moderate: nautilus security update
https://access.redhat.com/errata/RHSA-2018:0223
CVE-2017-14604
+ RHSA-2018:0163 Important: 389-ds-base security and bug fix update
https://access.redhat.com/errata/RHSA-2018:0163
CVE-2017-15134
+ RHSA-2018:0158 Moderate: dhcp security update
https://access.redhat.com/errata/RHSA-2018:0158
CVE-2017-3144
+ RHSA-2018:0151 Important: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2018:0151
CVE-2015-8539
CVE-2017-7472
CVE-2017-12192
CVE-2017-12193
CVE-2017-15649
+ CESA-2018:0122 Critical CentOS 6 firefox Security Update
https://lwn.net/Articles/745340/
+ CESA-2018:0122 Critical CentOS 7 firefox Security Update
https://lwn.net/Articles/745341/
+ Mozilla Thunderbird 52.6.0 released
https://www.mozilla.org/en-US/thunderbird/52.6.0/releasenotes/
+ curl 7.58.0 released
https://curl.haxx.se/changes.html#7_58_0
+ GCC 7.3 released
https://gcc.gnu.org/gcc-7/changes.html
【開催報告】Gaming Tech Night #2 re:Born(再始動)
https://aws.amazon.com/jp/blogs/news/gaming-tech-night-2/
AWS Glue がScala をサポートしました
https://aws.amazon.com/jp/blogs/news/aws-glue-now-supports-scala-scripts/
高い可用性を持つ IBM Db2 データベースをAWS上に構築する
https://aws.amazon.com/jp/blogs/news/creating-highly-available-ibm-db2-databases-in-aws/
東京リージョンに新たにアベイラビリティゾーンを追加
https://aws.amazon.com/jp/blogs/news/the-fourth-new-availability-zone-tokyo-region/
PostgreSQL JDBC 42.2.1 released
https://www.postgresql.org/about/news/1827/
カード決済はこう変わる
待ったなしの改正割販法対応、6ステップで進めよう
http://itpro.nikkeibp.co.jp/atcl/column/17/010400600/012400003/?ST=security&itp_list_theme
シマンテックからWeb証明書事業を継承したデジサート、日本に認証局新設へ
http://itpro.nikkeibp.co.jp/atcl/news/17/012503024/?ST=security&itp_list_theme
2018年1月25日木曜日
25日 木曜日、友引
+ RHSA-2018:0122 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2018:0122
CVE-2018-5089
CVE-2018-5091
CVE-2018-5095
CVE-2018-5096
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5117
+ Google Chrome 64.0.3282.119 released
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
CVE-2018-6031
CVE-2018-6032
CVE-2018-6033
CVE-2018-6034
CVE-2018-6035
CVE-2018-6036
CVE-2018-6037
CVE-2018-6038
CVE-2018-6039
CVE-2018-6040
CVE-2018-6041
CVE-2018-6042
CVE-2018-6043
CVE-2018-6045
CVE-2018-6046
CVE-2018-6047
CVE-2018-6048
CVE-2017-15420
CVE-2018-6049
CVE-2018-6050
CVE-2018-6051
CVE-2018-6052
CVE-2018-6053
CVE-2018-6054
+ About the security content of iTunes 12.7.3 for Windows
https://support.apple.com/ja-jp/HT208474
CVE-2018-4088
CVE-2018-4096
+ About the security content of iCloud for Windows 7.3
https://support.apple.com/ja-jp/HT208473
CVE-2018-4088
CVE-2018-4096
+ About the security content of Safari 11.0.3
https://support.apple.com/ja-jp/HT208475
CVE-2018-4088
CVE-2018-4089
CVE-2018-4096
+ About the security content of watchOS 4.2.2
https://support.apple.com/ja-jp/HT208464
CVE-2018-4094
CVE-2018-4087
CVE-2018-4095
CVE-2018-4090
CVE-2018-4092
CVE-2018-4082
CVE-2018-4093
CVE-2018-4100
CVE-2018-4085
CVE-2018-4086
CVE-2018-4088
CVE-2018-4096
+ About the security content of iOS 11.2.5
https://support.apple.com/ja-jp/HT208463
CVE-2018-4094
CVE-2018-4087
CVE-2018-4095
CVE-2018-4090
CVE-2018-4092
CVE-2018-4082
CVE-2018-4093
CVE-2018-4100
CVE-2018-4085
CVE-2018-4086
CVE-2018-4088
CVE-2018-4089
CVE-2018-4096
+ About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan
https://support.apple.com/ja-jp/HT208465
CVE-2018-4094
CVE-2017-8817
CVE-2018-4098
CVE-2017-5754
CVE-2018-4090
CVE-2018-4092
CVE-2018-4082
CVE-2018-4097
CVE-2018-4093
CVE-2018-4100
CVE-2018-4085
CVE-2018-4091
CVE-2018-4086
CVE-2018-4088
CVE-2018-4089
CVE-2018-4096
CVE-2018-4084
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ JVNVU#99446427 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99446427/index.html
NNPACK ライブラリを使用した Apache MXNet の高速化
https://aws.amazon.com/jp/blogs/news/speeding-up-apache-mxnet-using-the-nnpack-library/
新規 ? リージョン間 VPC ピアリング
https://aws.amazon.com/jp/blogs/news/new-almost-inter-region-vpc-peering/
マイクロソフト、法執行機関などとの連携により Gamarue (Andromeda) を撲滅
https://blogs.technet.microsoft.com/jpsecurity/2018/01/24/microsoft-teams-up-with-law-enforcement-and-other-partners-to-disrupt-gamarue-andromeda/
カード決済はこう変わる
期限迫る改正割販法対応に不可欠、PCI DSS準拠を押さえる
http://itpro.nikkeibp.co.jp/atcl/column/17/010400600/011600002/?ST=security&itp_list_theme
2018年1月24日水曜日
24日 水曜日、先勝
+ マイクロソフト テクニカル セキュリティ通知のご案内
https://technet.microsoft.com/ja-jp/security/dd252948
+ マイクロソフト セキュリティ脆弱性情報(CVE-2018-0746 ほか複数)を更新
https://portal.msrc.microsoft.com/ja-jp/
+ ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ Mozilla Firefox 58.0 released
https://www.mozilla.org/en-US/firefox/58.0/releasenotes/
+ Mozilla Foundation Security Advisory 2018-02 Security vulnerabilities fixed in Firefox 58
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
CVE-2018-5091
CVE-2018-5092
CVE-2018-5093
CVE-2018-5094
CVE-2018-5095
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5100
CVE-2018-5101
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5105
CVE-2018-5106
CVE-2018-5107
CVE-2018-5108
CVE-2018-5109
CVE-2018-5110
CVE-2018-5111
CVE-2018-5112
CVE-2018-5113
CVE-2018-5114
CVE-2018-5115
CVE-2018-5116
CVE-2018-5117
CVE-2018-5118
CVE-2018-5119
CVE-2018-5121
CVE-2018-5122
CVE-2018-5090
CVE-2018-5089
+ Mozilla Foundation Security Advisory 2018-03 Security vulnerabilities fixed in Firefox ESR 52.6
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/
+ Windows システム上の Spectre および Meltdown に対する緩和策のパフォーマンスへの影響について
https://blogs.technet.microsoft.com/jpsecurity/2018/01/23/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
+ UPDATE: Cisco Integrated Management Controller Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
+ UPDATE: Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma
+ UPDATE: Cisco Integrated Management Controller Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
+ Linux kernel 4.14.15, 4.9.78, 4.4.113, 4.1.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.113
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49
+ ISC BIND 9.12.0 released
http://ftp.isc.org/isc/bind9/9.12.0/RELEASE-NOTES-bind-9.12.0.html
+ Apache Tomcat 9.0.4, 8.5.27 Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.4_(markt)
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.27_(markt)
プロセッサの投機的実行 ? オペレーティングシステムの更新
https://aws.amazon.com/jp/blogs/news/speculative-execution-os-updates/
2018年2月のAWS Black Belt オンラインセミナーのご案内
https://aws.amazon.com/jp/blogs/news/201802-aws-black-belt/
Amazon Aurora under the hood: Z-order curvesを用いたgeospatial indexの作成
https://aws.amazon.com/jp/blogs/news/amazon-aurora-under-the-hood-indexing-geospatial-data-using-z-order-curves/
Amazon RDS for PostgreSQL から Amazon Aurora PostgreSQL リードレプリカを作成可能になりました
https://aws.amazon.com/jp/blogs/news/announcing-amazon-aurora-postgresql-read-replica-for-amazon-rds-for-postgresql/
暗号化されたスナップショットを Amazon Aurora PostgreSQL へ移行可能になりました
https://aws.amazon.com/jp/blogs/news/announcing-encrypted-snapshot-import-for-amazon-aurora-postgresql/
AWS データセンターのセキュアな設計について
https://aws.amazon.com/jp/blogs/news/take-a-digital-tour-of-an-aws-data-center-to-see-how-aws-secures-aws-data-centers-around-the-world/
Microsoft Azure SQL Database から Amazon Aurora への移行
https://aws.amazon.com/jp/blogs/news/migrate-microsoft-azure-sql-database-to-amazon-aurora/
最新 EC2 Goodies ? 起動テンプレートとスプレッドプレイスメント
https://aws.amazon.com/jp/blogs/news/recent-ec2-goodies-launch-templates-and-spread-placement/
Amazon SageMaker BlazingText: 複数の CPU または GPU での Word2Vec の並列化
https://aws.amazon.com/jp/blogs/news/amazon-sagemaker-blazingtext-parallelizing-word2vec-on-multiple-cpus-or-gpus/
Call for Papers and Call for Workshops - PGDay.IT 2018 - June 29h, Garda Lake, Italy
https://www.postgresql.org/about/news/1826/
カード決済はこう変わる
間違い多発?落とし穴の多い改正割販法対応
http://itpro.nikkeibp.co.jp/atcl/column/17/010400600/010400001/?ST=security&itp_list_theme
記者の眼
CPU脆弱性で性能低下、ラズパイ/LattePandaはどうなる?
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011900996/?ST=security&itp_list_theme
AIで困っている人を見つける、新丸の内ビルで実証実験開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012202995/?ST=security&itp_list_theme
https://technet.microsoft.com/ja-jp/security/dd252948
+ マイクロソフト セキュリティ脆弱性情報(CVE-2018-0746 ほか複数)を更新
https://portal.msrc.microsoft.com/ja-jp/
+ ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ Mozilla Firefox 58.0 released
https://www.mozilla.org/en-US/firefox/58.0/releasenotes/
+ Mozilla Foundation Security Advisory 2018-02 Security vulnerabilities fixed in Firefox 58
https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
CVE-2018-5091
CVE-2018-5092
CVE-2018-5093
CVE-2018-5094
CVE-2018-5095
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5100
CVE-2018-5101
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5105
CVE-2018-5106
CVE-2018-5107
CVE-2018-5108
CVE-2018-5109
CVE-2018-5110
CVE-2018-5111
CVE-2018-5112
CVE-2018-5113
CVE-2018-5114
CVE-2018-5115
CVE-2018-5116
CVE-2018-5117
CVE-2018-5118
CVE-2018-5119
CVE-2018-5121
CVE-2018-5122
CVE-2018-5090
CVE-2018-5089
+ Mozilla Foundation Security Advisory 2018-03 Security vulnerabilities fixed in Firefox ESR 52.6
https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/
+ Windows システム上の Spectre および Meltdown に対する緩和策のパフォーマンスへの影響について
https://blogs.technet.microsoft.com/jpsecurity/2018/01/23/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
+ UPDATE: Cisco Integrated Management Controller Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc3
+ UPDATE: Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma
+ UPDATE: Cisco Integrated Management Controller Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc
+ Linux kernel 4.14.15, 4.9.78, 4.4.113, 4.1.49 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.78
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.113
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49
+ ISC BIND 9.12.0 released
http://ftp.isc.org/isc/bind9/9.12.0/RELEASE-NOTES-bind-9.12.0.html
+ Apache Tomcat 9.0.4, 8.5.27 Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.4_(markt)
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.27_(markt)
プロセッサの投機的実行 ? オペレーティングシステムの更新
https://aws.amazon.com/jp/blogs/news/speculative-execution-os-updates/
2018年2月のAWS Black Belt オンラインセミナーのご案内
https://aws.amazon.com/jp/blogs/news/201802-aws-black-belt/
Amazon Aurora under the hood: Z-order curvesを用いたgeospatial indexの作成
https://aws.amazon.com/jp/blogs/news/amazon-aurora-under-the-hood-indexing-geospatial-data-using-z-order-curves/
Amazon RDS for PostgreSQL から Amazon Aurora PostgreSQL リードレプリカを作成可能になりました
https://aws.amazon.com/jp/blogs/news/announcing-amazon-aurora-postgresql-read-replica-for-amazon-rds-for-postgresql/
暗号化されたスナップショットを Amazon Aurora PostgreSQL へ移行可能になりました
https://aws.amazon.com/jp/blogs/news/announcing-encrypted-snapshot-import-for-amazon-aurora-postgresql/
AWS データセンターのセキュアな設計について
https://aws.amazon.com/jp/blogs/news/take-a-digital-tour-of-an-aws-data-center-to-see-how-aws-secures-aws-data-centers-around-the-world/
Microsoft Azure SQL Database から Amazon Aurora への移行
https://aws.amazon.com/jp/blogs/news/migrate-microsoft-azure-sql-database-to-amazon-aurora/
最新 EC2 Goodies ? 起動テンプレートとスプレッドプレイスメント
https://aws.amazon.com/jp/blogs/news/recent-ec2-goodies-launch-templates-and-spread-placement/
Amazon SageMaker BlazingText: 複数の CPU または GPU での Word2Vec の並列化
https://aws.amazon.com/jp/blogs/news/amazon-sagemaker-blazingtext-parallelizing-word2vec-on-multiple-cpus-or-gpus/
Call for Papers and Call for Workshops - PGDay.IT 2018 - June 29h, Garda Lake, Italy
https://www.postgresql.org/about/news/1826/
カード決済はこう変わる
間違い多発?落とし穴の多い改正割販法対応
http://itpro.nikkeibp.co.jp/atcl/column/17/010400600/010400001/?ST=security&itp_list_theme
記者の眼
CPU脆弱性で性能低下、ラズパイ/LattePandaはどうなる?
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011900996/?ST=security&itp_list_theme
AIで困っている人を見つける、新丸の内ビルで実証実験開始
http://itpro.nikkeibp.co.jp/atcl/news/17/012202995/?ST=security&itp_list_theme
2018年1月23日火曜日
23日 火曜日、赤口
+ RHSA-2018:0101 Important: bind security update
https://access.redhat.com/errata/RHSA-2018:0101
CVE-2017-3145
+ RHSA-2018:0102 Important: bind security update
https://access.redhat.com/errata/RHSA-2018:0102
CVE-2017-3145
+ CESA-2018:0101 Important CentOS 6 bind Security Update
https://lwn.net/Articles/745026/
+ CESA-2018:0102 Important CentOS 7 bind Security Update
https://lwn.net/Articles/745027/
+ CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
+ UPDATE: JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
+ UPDATE: JVNVU#93823979 CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/index.html
JVN#26255241 「フレッツ・ウイルスクリア 申込・設定ツール」および「フレッツ・ウイルスクリアv6 申込・設定ツール」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN26255241/index.html
Close Up Keyword
WannaCry
http://itpro.nikkeibp.co.jp/atcl/keyword/15/050900002/010400106/?ST=security&itp_list_theme
記者の眼
CPU脆弱性問題、現場への影響を独自調査で明らかにしたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011900995/?ST=security&itp_list_theme
NTTデータ、社内システムが「WannaCry 2.0」亜種に感染するも駆除完了と公表
http://itpro.nikkeibp.co.jp/atcl/news/17/012202996/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2018:0101
CVE-2017-3145
+ RHSA-2018:0102 Important: bind security update
https://access.redhat.com/errata/RHSA-2018:0102
CVE-2017-3145
+ CESA-2018:0101 Important CentOS 6 bind Security Update
https://lwn.net/Articles/745026/
+ CESA-2018:0102 Important CentOS 7 bind Security Update
https://lwn.net/Articles/745027/
+ CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
+ UPDATE: JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
+ UPDATE: JVNVU#93823979 CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/index.html
JVN#26255241 「フレッツ・ウイルスクリア 申込・設定ツール」および「フレッツ・ウイルスクリアv6 申込・設定ツール」のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN26255241/index.html
Close Up Keyword
WannaCry
http://itpro.nikkeibp.co.jp/atcl/keyword/15/050900002/010400106/?ST=security&itp_list_theme
記者の眼
CPU脆弱性問題、現場への影響を独自調査で明らかにしたい
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011900995/?ST=security&itp_list_theme
NTTデータ、社内システムが「WannaCry 2.0」亜種に感染するも駆除完了と公表
http://itpro.nikkeibp.co.jp/atcl/news/17/012202996/?ST=security&itp_list_theme
2018年1月22日月曜日
22日 月曜日、大安
+ CESA-2018:0095 Important CentOS 7 java-1.8.0-openjdk Security Update
https://lwn.net/Articles/744781/
+ UPDATE: Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ macOS 10.13 (17A365) Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability
https://cxsecurity.com/issue/WLB-2018010189
+ glibc getcwd() Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2018010186
AWS KMS ベースの暗号化を Amazon SageMaker のトレーニングおよびホスティングに使用できるようになりました
https://aws.amazon.com/jp/blogs/news/aws-kms-based-encryption-is-now-available-for-training-and-hosting-in-amazon-sagemaker/
機械学習と BI サービスを使用してソーシャルメディアダッシュボードを構築する
https://aws.amazon.com/jp/blogs/news/build-a-social-media-dashboard-using-machine-learning-and-bi-services/
Amazon RDS for PostgreSQL が新しいマイナーバージョン 9.6.6, 9.5.10, 9.4.15, 9.3.20 をサポート
https://aws.amazon.com/jp/blogs/news/amazon-rds-for-postgresql-supports-new-minor-versions-9-6-6-9-5-10-9-4-15-and-9-3-20/
【開催報告】第11回 AWS Startup Tech Meetup
https://aws.amazon.com/jp/blogs/news/aws-startup-tech-meetup-011/
JVN#10103841 Android アプリ「Nootka」における OS コマンドインジェクションの脆弱性
http://jvn.jp/jp/JVN10103841/index.html
JVN#26200083 GroupSession におけるオープンリダイレクトの脆弱性
http://jvn.jp/jp/JVN26200083/index.html
ニュース解説
脆弱なWPA2は消える、WPA3登場で進化する無線LANセキュリティ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011901279/?ST=security&itp_list_theme
2018年1月19日金曜日
19日 金曜日、友引
+ CESA-2018:0094 Important CentOS 7 linux-firmware Security Update
https://lwn.net/Articles/744699/
+ CESA-2018:0093 Important CentOS 7 microcode_ctl Security Update
https://lwn.net/Articles/744701/
+ CESA-2018:0093 Important CentOS 6 microcode_ctl Security Update
https://lwn.net/Articles/744700/
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
+ UPDATE: JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
Amazon RDS for MySQLとMariaDBのログをAmazon CloudWatchで監視出来るようになりました
https://aws.amazon.com/jp/blogs/news/monitor-amazon-rds-for-mysql-and-mariadb-logs-with-amazon-cloudwatch/
新しい AWS Auto Scaling ? クラウドアプリケーションのための統合スケーリング
https://aws.amazon.com/jp/blogs/news/aws-auto-scaling-unified-scaling-for-your-cloud-applications/
Microsoft Excel を使った Amazon Lex チャットボットの構築
https://aws.amazon.com/jp/blogs/news/build-an-amazon-lex-chatbot-with-microsoft-excel/
Announcing The Release Of repmgr 4.0.2
https://www.postgresql.org/about/news/1823/
pg_back 1.4 released
https://www.postgresql.org/about/news/1824/
JDBC 42.2.0 Released
https://www.postgresql.org/about/news/1825/
都道府県CIOフォーラム報告 第15回年次総会
政策立案・決定にAIは使えるか、自治体担当者の議論白熱
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500005/?ST=security&itp_list_theme
https://lwn.net/Articles/744699/
+ CESA-2018:0093 Important CentOS 7 microcode_ctl Security Update
https://lwn.net/Articles/744701/
+ CESA-2018:0093 Important CentOS 6 microcode_ctl Security Update
https://lwn.net/Articles/744700/
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
+ UPDATE: JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
Amazon RDS for MySQLとMariaDBのログをAmazon CloudWatchで監視出来るようになりました
https://aws.amazon.com/jp/blogs/news/monitor-amazon-rds-for-mysql-and-mariadb-logs-with-amazon-cloudwatch/
新しい AWS Auto Scaling ? クラウドアプリケーションのための統合スケーリング
https://aws.amazon.com/jp/blogs/news/aws-auto-scaling-unified-scaling-for-your-cloud-applications/
Microsoft Excel を使った Amazon Lex チャットボットの構築
https://aws.amazon.com/jp/blogs/news/build-an-amazon-lex-chatbot-with-microsoft-excel/
Announcing The Release Of repmgr 4.0.2
https://www.postgresql.org/about/news/1823/
pg_back 1.4 released
https://www.postgresql.org/about/news/1824/
JDBC 42.2.0 Released
https://www.postgresql.org/about/news/1825/
都道府県CIOフォーラム報告 第15回年次総会
政策立案・決定にAIは使えるか、自治体担当者の議論白熱
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500005/?ST=security&itp_list_theme
2018年1月18日木曜日
18日 木曜日、先勝
+ ADV180002 | 投機的実行のサイドチャネルの脆弱性を緩和するガイダンス
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV180002
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ RHSA-2018:0095 Important: java-1.8.0-openjdk security update
https://access.redhat.com/errata/RHSA-2018:0095
CVE-2018-2579
CVE-2018-2582
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2641
CVE-2018-2663
CVE-2018-2677
CVE-2018-2678
+ CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash
https://kb.isc.org/article/AA-01542
CVE-2017-3145
+ CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://kb.isc.org/article/AA-01541
CVE-2017-3144
+ Cisco NX-OS Software Pong Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os
CVE-2018-0102
+ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma
CVE-2018-0095
+ Cisco Unified Customer Voice Portal Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp
CVE-2018-0086
+ CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wsa1
CVE-2018-0093
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
CVE-2018-0111
+ Cisco WebEx Meetings Server Remote Account Disabling Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
CVE-2018-0110
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
CVE-2018-0109
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
CVE-2018-0108
+ Cisco WAP150 Wireless Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap
CVE-2018-0098
+ Cisco UCS Central Software IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs
CVE-2018-0094
+ Cisco Unified Communications Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm
CVE-2018-0105
+ Cisco StarOS CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros
CVE-2018-0115
+ Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc
CVE-2018-0107
+ Cisco Prime Infrastructure Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure
CVE-2018-0097
+ Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1
CVE-2018-0092
+ Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos
CVE-2018-0090
+ Cisco D9800 Network Transport Receiver OS Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ntr
CVE-2018-0099
+ Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ise
CVE-2018-0091
+ Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command Arbitrary Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-iess
CVE-2018-0088
Cisco Elastic Services Controller Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esc
CVE-2018-0106
+ Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cps
CVE-2018-0089
+ Cisco Prime Infrastructure Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi
CVE-2018-0096
+ Cisco AnyConnect Profile Editor XML External Entity Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe
CVE-2018-0100
+ Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2
CVE-2017-12308
+ Cisco Small Business 300 and 500 Series Managed Switches Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1
CVE-2017-12307
+ Linux kernel 4.14.14, 4.9.77, 4.4.112, 3.18.92 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.112
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.92
+ hitachi-sec-2018-101 Multiple Vulnerabilities in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-101/index.html
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2018-101 Hitachi Command Suite製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-101/index.html
CVE-2017-7668
CVE-2017-7679
+ JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
CVE-2017-3145
+ JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
CVE-2017-3144
ロンドンに 3 番目の AWS アベイラビリティーゾーンを開設
https://aws.amazon.com/jp/blogs/news/now-open-third-aws-availability-zone-in-london/
都道府県CIOフォーラム報告 第15回年次総会
「まずは抵抗があまりないところから」、デジタル化やAIは行政をどう変える?
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500004/?ST=security&itp_list_theme
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV180002
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ RHSA-2018:0095 Important: java-1.8.0-openjdk security update
https://access.redhat.com/errata/RHSA-2018:0095
CVE-2018-2579
CVE-2018-2582
CVE-2018-2588
CVE-2018-2599
CVE-2018-2602
CVE-2018-2603
CVE-2018-2618
CVE-2018-2629
CVE-2018-2633
CVE-2018-2634
CVE-2018-2637
CVE-2018-2641
CVE-2018-2663
CVE-2018-2677
CVE-2018-2678
+ CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash
https://kb.isc.org/article/AA-01542
CVE-2017-3145
+ CVE-2017-3144: Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://kb.isc.org/article/AA-01541
CVE-2017-3144
+ Cisco NX-OS Software Pong Packet Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os
CVE-2018-0102
+ Cisco Email Security and Content Security Management Appliance Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esasma
CVE-2018-0095
+ Cisco Unified Customer Voice Portal Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cvp
CVE-2018-0086
+ CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ Cisco Web Security Appliance Reflected Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wsa1
CVE-2018-0093
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms3
CVE-2018-0111
+ Cisco WebEx Meetings Server Remote Account Disabling Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms2
CVE-2018-0110
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms1
CVE-2018-0109
+ Cisco WebEx Meetings Server Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wms
CVE-2018-0108
+ Cisco WAP150 Wireless Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap
CVE-2018-0098
+ Cisco UCS Central Software IPv6 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucs
CVE-2018-0094
+ Cisco Unified Communications Manager Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ucm
CVE-2018-0105
+ Cisco StarOS CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-staros
CVE-2018-0115
+ Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-psc
CVE-2018-0107
+ Cisco Prime Infrastructure Open Redirect Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure
CVE-2018-0097
+ Cisco NX-OS System Software Unauthorized User Account Deletion Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1
CVE-2018-0092
+ Cisco NX-OS System Software Management Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos
CVE-2018-0090
+ Cisco D9800 Network Transport Receiver OS Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ntr
CVE-2018-0099
+ Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-ise
CVE-2018-0091
+ Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command Arbitrary Code Execution and Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-iess
CVE-2018-0088
Cisco Elastic Services Controller Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-esc
CVE-2018-0106
+ Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cps
CVE-2018-0089
+ Cisco Prime Infrastructure Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi
CVE-2018-0096
+ Cisco AnyConnect Profile Editor XML External Entity Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe
CVE-2018-0100
+ Cisco Small Business 300 and 500 Series Managed Switches HTTP Response Splitting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2
CVE-2017-12308
+ Cisco Small Business 300 and 500 Series Managed Switches Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1
CVE-2017-12307
+ Linux kernel 4.14.14, 4.9.77, 4.4.112, 3.18.92 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.77
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.112
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.92
+ hitachi-sec-2018-101 Multiple Vulnerabilities in Hitachi Command Suite
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-101/index.html
CVE-2017-7668
CVE-2017-7679
+ hitachi-sec-2018-101 Hitachi Command Suite製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-101/index.html
CVE-2017-7668
CVE-2017-7679
+ JVNVU#94160143 ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94160143/index.html
CVE-2017-3145
+ JVNVU#94629912 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU94629912/index.html
CVE-2017-3144
ロンドンに 3 番目の AWS アベイラビリティーゾーンを開設
https://aws.amazon.com/jp/blogs/news/now-open-third-aws-availability-zone-in-london/
都道府県CIOフォーラム報告 第15回年次総会
「まずは抵抗があまりないところから」、デジタル化やAIは行政をどう変える?
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500004/?ST=security&itp_list_theme
2018年1月17日水曜日
17日 水曜日、赤口
+ RHSA-2018:0093 Important: microcode_ctl security update
https://access.redhat.com/errata/RHSA-2018:0093
+ RHSA-2018:0094 Important: linux-firmware security update
https://access.redhat.com/errata/RHSA-2018:0094
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ Sudo 1.8.22 released
https://www.sudo.ws/stable.html#1.8.22
+ ISC BIND 9.11.2-P1, 9.10.6-P1, 9.9.11-P1 released
http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
https://ftp.isc.org/isc/bind9/9.10.6-P1/RELEASE-NOTES-bind-9.10.6-P1.html
https://ftp.isc.org/isc/bind9/9.9.11-P1/RELEASE-NOTES-bind-9.9.11-P1.html
+ Java SE 9.0.4, 8u161/162 released
http://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html
http://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html
http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html
AWS DMS と Amazon Kinesis Data Firehose を利用した Aurora PostgreSQL データベースへのストリームデータのロード
https://aws.amazon.com/jp/blogs/news/stream-data-into-an-aurora-postgresql-database-using-aws-dms-and-amazon-kinesis-data-firehose/
Announcing the Release of OmniDB 2.4.1
https://www.postgresql.org/about/news/1822/
記者の眼
空港は怪しい人だらけ、本物のテロリストをあぶり出すIT競争
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122300985/?ST=security&itp_list_theme
IPA、Oracle WebLogic Serverの脆弱性を突く攻撃を注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/011602960/?ST=security&itp_list_theme
サイバーリーズン・ジャパン、EDRとNGAVを統合したセキュリティソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/011602957/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2018:0093
+ RHSA-2018:0094 Important: linux-firmware security update
https://access.redhat.com/errata/RHSA-2018:0094
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ Sudo 1.8.22 released
https://www.sudo.ws/stable.html#1.8.22
+ ISC BIND 9.11.2-P1, 9.10.6-P1, 9.9.11-P1 released
http://ftp.isc.org/isc/bind9/9.11.2-P1/RELEASE-NOTES-bind-9.11.2-P1.html
https://ftp.isc.org/isc/bind9/9.10.6-P1/RELEASE-NOTES-bind-9.10.6-P1.html
https://ftp.isc.org/isc/bind9/9.9.11-P1/RELEASE-NOTES-bind-9.9.11-P1.html
+ Java SE 9.0.4, 8u161/162 released
http://www.oracle.com/technetwork/java/javase/9-0-4-relnotes-4021191.html
http://www.oracle.com/technetwork/java/javase/8u162-relnotes-4021436.html
http://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html
AWS DMS と Amazon Kinesis Data Firehose を利用した Aurora PostgreSQL データベースへのストリームデータのロード
https://aws.amazon.com/jp/blogs/news/stream-data-into-an-aurora-postgresql-database-using-aws-dms-and-amazon-kinesis-data-firehose/
Announcing the Release of OmniDB 2.4.1
https://www.postgresql.org/about/news/1822/
記者の眼
空港は怪しい人だらけ、本物のテロリストをあぶり出すIT競争
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/122300985/?ST=security&itp_list_theme
IPA、Oracle WebLogic Serverの脆弱性を突く攻撃を注意喚起
http://itpro.nikkeibp.co.jp/atcl/news/17/011602960/?ST=security&itp_list_theme
サイバーリーズン・ジャパン、EDRとNGAVを統合したセキュリティソフト
http://itpro.nikkeibp.co.jp/atcl/news/17/011602957/?ST=security&itp_list_theme
2018年1月16日火曜日
16日 火曜日、仏滅
+ Zabbix 3.4.6 released
https://www.zabbix.com/rn3.4.6
+ Oracle Critical Patch Update Pre-Release Announcement - January 2018
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
AWS CloudTrail が Amazon SageMaker で利用可能に
https://aws.amazon.com/jp/blogs/news/aws-cloudtrail-integration-is-now-available-in-amazon-sagemaker/
都道府県CIOフォーラム報告 第15回年次総会
ファイル無害化の方法、佐賀や奈良など各自治体が披露
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500002/?ST=security&itp_list_theme
サイバー攻撃を読み解く
サプライチェーンアタックが新たな脅威になる
http://itpro.nikkeibp.co.jp/atcl/column/17/110800501/010500003/?ST=security&itp_list_theme
ニュース解説
最大2割の性能低下も、大手ITがCPU脆弱性対策のテスト結果を公表
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011501274/?ST=security&itp_list_theme
幻冬舎のサイトから最大9万3000人の情報が流出、会員の指摘まで気づかず
http://itpro.nikkeibp.co.jp/atcl/news/17/011502952/?ST=security&itp_list_theme
2018年1月15日月曜日
15日 月曜日、先負
+ Gpg4win 3.0.3 released
https://www.gpg4win.org/change-history.html
+ RHSA-2018:0081 Important: flash-plugin security update
https://access.redhat.com/errata/RHSA-2018:0081
CVE-2017-11305
CVE-2018-4871
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ Sysstat 11.6.2, 11.4.8, 11.2.14 released
http://sebastien.godard.pagesperso-orange.fr/
+ Microsoft Edge Chakra AppendLeftOverItemsFromEndSegment Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2018010121
CVE-2018-0767
+ macOS process_policy Stack Leak Through Uninitialized Field
https://cxsecurity.com/issue/WLB-2018010120
CVE-2017-7154
都道府県CIOフォーラム報告 第15回年次総会
自治体セキュリティのクラウド移行、ネットワーク強じん化の課題は?
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500001/?ST=security&itp_list_theme
「再起動の問題に対処する」、インテルが顧客からの指摘受け
http://itpro.nikkeibp.co.jp/atcl/news/17/011202945/?ST=security&itp_list_theme
ヴイエムウェアがCPU脆弱性対策を追加、仮想化ソフトの対策進む
http://itpro.nikkeibp.co.jp/atcl/news/17/011202944/?ST=security&itp_list_theme
https://www.gpg4win.org/change-history.html
+ RHSA-2018:0081 Important: flash-plugin security update
https://access.redhat.com/errata/RHSA-2018:0081
CVE-2017-11305
CVE-2018-4871
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ Sysstat 11.6.2, 11.4.8, 11.2.14 released
http://sebastien.godard.pagesperso-orange.fr/
+ Microsoft Edge Chakra AppendLeftOverItemsFromEndSegment Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2018010121
CVE-2018-0767
+ macOS process_policy Stack Leak Through Uninitialized Field
https://cxsecurity.com/issue/WLB-2018010120
CVE-2017-7154
都道府県CIOフォーラム報告 第15回年次総会
自治体セキュリティのクラウド移行、ネットワーク強じん化の課題は?
http://itpro.nikkeibp.co.jp/atcl/column/17/121500582/121500001/?ST=security&itp_list_theme
「再起動の問題に対処する」、インテルが顧客からの指摘受け
http://itpro.nikkeibp.co.jp/atcl/news/17/011202945/?ST=security&itp_list_theme
ヴイエムウェアがCPU脆弱性対策を追加、仮想化ソフトの対策進む
http://itpro.nikkeibp.co.jp/atcl/news/17/011202944/?ST=security&itp_list_theme
2018年1月12日金曜日
12日 金曜日、赤口
+ Wireshark 2.4.4, 2.2.12 released
https://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
+ UPDATE: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
+ UPDATE: Cisco Nexus Series Switches CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
+ UPDATE: Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
+ UPDATE: Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
+ UPDATE: Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
+ Oracle Critical Patch Update Pre-Release Announcement - January 2018
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
プロセッサの投機的実行に関する調査の公開について
https://aws.amazon.com/jp/blogs/news/processor_speculative_execution_research_disclosure/
Announcing the Release of pglogical 2.1.1
https://www.postgresql.org/about/news/1821/
ニュース解説
古いCPUで顕著な性能低下も、脆弱性問題で企業は大わらわ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011101270/?ST=security&itp_list_theme
ニュース解説
セーフティ事業に経営資源を集中、NECが23年ぶりに大型買収
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011101271/?ST=security&itp_list_theme
JVN#57842148 Lhaplus の ZIP64 形式のファイル展開における検証不備の脆弱性
http://jvn.jp/jp/JVN57842148/
https://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
+ UPDATE: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-fxnx
+ UPDATE: Cisco Nexus Series Switches CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nss
+ UPDATE: Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos4
+ UPDATE: Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos6
+ UPDATE: Cisco NX-OS System Software CLI Command Injection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-nxos7
+ Oracle Critical Patch Update Pre-Release Announcement - January 2018
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
プロセッサの投機的実行に関する調査の公開について
https://aws.amazon.com/jp/blogs/news/processor_speculative_execution_research_disclosure/
Announcing the Release of pglogical 2.1.1
https://www.postgresql.org/about/news/1821/
ニュース解説
古いCPUで顕著な性能低下も、脆弱性問題で企業は大わらわ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011101270/?ST=security&itp_list_theme
ニュース解説
セーフティ事業に経営資源を集中、NECが23年ぶりに大型買収
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011101271/?ST=security&itp_list_theme
JVN#57842148 Lhaplus の ZIP64 形式のファイル展開における検証不備の脆弱性
http://jvn.jp/jp/JVN57842148/
2018年1月11日木曜日
11日 木曜日、大安
+ RHSA-2018:0081 Important: flash-plugin security update
https://access.redhat.com/errata/RHSA-2018:0081
CVE-2017-11305
CVE-2018-4871
+ CESA-2018:0061 Important CentOS 6 thunderbird Security Update
https://lwn.net/Alerts/743679/
+ VMware Workstation 14.1.1 Player released
https://docs.vmware.com/en/VMware-Workstation-Player/14/rn/player-1411-release-notes.html
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180110-ucm
+ Linux kernel 4.14.13, 4.9.76, 4.4.111 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.76
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.111
Amazon SageMaker でのご利用開始: より正確な時系列予測のための DeepAR アルゴリズム
https://aws.amazon.com/jp/blogs/news/now-available-in-amazon-sagemaker-deepar-algorithm-for-more-accurate-time-series-forecasting/
AWS オンラインテックトーク ? 2018 年 1 月
https://aws.amazon.com/jp/blogs/news/aws-online-tech-talks-january-2018/
Pgpool-II 3.7.1, 3.6.8, 3.5.12, 3.4.15 and 3.3.19 are now officially released.
https://www.postgresql.org/about/news/1820/
2018年1月10日水曜日
10日 水曜日、仏滅
+ UPDATE: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV180002
+ Security updates available for Flash Player | APSB18-01
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
CVE-2018-4871
+ CESA-2018:0061 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/743680/
+ 2018 年 1 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ Linux kernel 3.16.53 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.53
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ UPDATE: JVNVU#93823979 CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/
+ JVNVU#94630516 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU94630516/
CVE-2017-5715
CVE-2017-5753
+ Microsoft Edge Chakra JIT Escape Analysis Bug
https://cxsecurity.com/issue/WLB-2018010093
CVE-2017-11918
+ Microsoft Windows Local XPS Print Spooler Sandbox Escape
https://cxsecurity.com/issue/WLB-2018010092
+ Microsoft Edge Chakra asm.js Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2018010091
CVE-2017-11911
+ Microsoft Edge Chakra JIT BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
https://cxsecurity.com/issue/WLB-2018010090
CVE-2017-11911
今すぐ利用可能: AWS で使用する Machine Learning や人工知能について学べる新しいデジタルトレーニング
https://aws.amazon.com/jp/blogs/news/now-available-new-digital-training-to-help-you-learn-about-machine-learning-and-artificial-intelligence-on-aws/
Amazon EMR での Spark にバックアップされた Amazon SageMaker ノートブックの構築
https://aws.amazon.com/jp/blogs/news/build-amazon-sagemaker-notebooks-backed-by-spark-in-amazon-emr/
ニュース解説
セキュリティ10大脅威を初公表、狙われる人間のスキ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/010901265/?ST=security&itp_list_theme
NECが英ITサービス企業を700億円で買収、過去2番目の規模
http://itpro.nikkeibp.co.jp/atcl/news/17/010902933/?ST=security&itp_list_theme
CPU脆弱性問題の影響か、佐賀県庁で一時Office365が利用できず
http://itpro.nikkeibp.co.jp/atcl/news/17/010902932/?ST=security&itp_list_theme
三井住友カード、パスワード入力で起動する新クレジットカード
http://itpro.nikkeibp.co.jp/atcl/news/17/010902930/?ST=security&itp_list_theme
JVN#79451345 e-Taxソフト (WEB 版) 事前準備セットアップのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN79451345/
https://portal.msrc.microsoft.com/ja-JP/security-guidance/advisory/ADV180002
+ Security updates available for Flash Player | APSB18-01
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
CVE-2018-4871
+ CESA-2018:0061 Important CentOS 7 thunderbird Security Update
https://lwn.net/Alerts/743680/
+ 2018 年 1 月のセキュリティ更新プログラム
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ Linux kernel 3.16.53 released
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.53
+ UPDATE: Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
+ UPDATE: JVNVU#93823979 CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/
+ JVNVU#94630516 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU94630516/
CVE-2017-5715
CVE-2017-5753
+ Microsoft Edge Chakra JIT Escape Analysis Bug
https://cxsecurity.com/issue/WLB-2018010093
CVE-2017-11918
+ Microsoft Windows Local XPS Print Spooler Sandbox Escape
https://cxsecurity.com/issue/WLB-2018010092
+ Microsoft Edge Chakra asm.js Out-of-Bounds Read
https://cxsecurity.com/issue/WLB-2018010091
CVE-2017-11911
+ Microsoft Edge Chakra JIT BackwardPass::RemoveEmptyLoopAfterMemOp Does not Insert Branches
https://cxsecurity.com/issue/WLB-2018010090
CVE-2017-11911
今すぐ利用可能: AWS で使用する Machine Learning や人工知能について学べる新しいデジタルトレーニング
https://aws.amazon.com/jp/blogs/news/now-available-new-digital-training-to-help-you-learn-about-machine-learning-and-artificial-intelligence-on-aws/
Amazon EMR での Spark にバックアップされた Amazon SageMaker ノートブックの構築
https://aws.amazon.com/jp/blogs/news/build-amazon-sagemaker-notebooks-backed-by-spark-in-amazon-emr/
ニュース解説
セキュリティ10大脅威を初公表、狙われる人間のスキ
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/010901265/?ST=security&itp_list_theme
NECが英ITサービス企業を700億円で買収、過去2番目の規模
http://itpro.nikkeibp.co.jp/atcl/news/17/010902933/?ST=security&itp_list_theme
CPU脆弱性問題の影響か、佐賀県庁で一時Office365が利用できず
http://itpro.nikkeibp.co.jp/atcl/news/17/010902932/?ST=security&itp_list_theme
三井住友カード、パスワード入力で起動する新クレジットカード
http://itpro.nikkeibp.co.jp/atcl/news/17/010902930/?ST=security&itp_list_theme
JVN#79451345 e-Taxソフト (WEB 版) 事前準備セットアップのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN79451345/
2018年1月9日火曜日
9日 火曜日、先負
+ RHSA-2018:0061 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2018:0061
CVE-2017-7829
CVE-2017-7846
CVE-2017-7847
CVE-2017-7848
+ About the security content of macOS High Sierra 10.13.2 Supplemental Update
https://support.apple.com/ja-jp/HT208397
+ About the security content of Safari 11.0.2
https://support.apple.com/ja-jp/HT208403
+ About the security content of iOS 11.2.2
https://support.apple.com/ja-jp/HT208401
CVE-2017-5753
CVE-2017-5715
+ CESA-2018:0029 Important CentOS 7 libvirt Security Update
https://lwn.net/Alerts/743214/
+ CESA-2018:0013 Important CentOS 6 microcode_ctl Security Update
https://lwn.net/Alerts/743215/
+ CESA-2018:0030 Important CentOS 6 libvirt Security Update
https://lwn.net/Alerts/743213/
+ CESA-2018:0008 Important CentOS 6 kernel Security Update
https://lwn.net/Alerts/743212/
+ CESA-RHSA-2018:0024 Important CentOS 6 qemu-kvm Security Update
https://lwn.net/Alerts/743216/
+ CESA-2018:0023 Important CentOS 7 qemu-kvm Security Update
https://lwn.net/Alerts/743217/
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ UPDATE: Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
+ Linux kernel 4.14.12, 4.9.75, 4.4.110, 3.2.98 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.110
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.98
+ SA80842 Microsoft Internet Explorer Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80842/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2018-0762
CVE-2018-0772
+ SA80956 Microsoft Edge Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80956/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2018-0758
CVE-2018-0762
CVE-2018-0766
CVE-2018-0767
CVE-2018-0768
CVE-2018-0769
CVE-2018-0770
CVE-2018-0772
CVE-2018-0773
CVE-2018-0774
CVE-2018-0775
CVE-2018-0776
CVE-2018-0777
CVE-2018-0778
CVE-2018-0780
CVE-2018-0781
CVE-2018-0800
CVE-2018-0803
+ SA80952 Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80952/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2018-0743
CVE-2018-0744
CVE-2018-0745
CVE-2018-0746
CVE-2018-0747
CVE-2018-0748
CVE-2018-0749
CVE-2018-0751
CVE-2018-0752
CVE-2018-0753
CVE-2018-0754
+ SA80843 Microsoft SQL Server 2016 Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80843/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ GNU chown and chgrp (coreutils) privilege escalation via recursive dereferences
https://cxsecurity.com/issue/WLB-2018010056
CVE-2017-18018
Announcing @postgresql
https://www.postgresql.org/about/news/1819/
UPDATE: JVNVU#93823979 投機的実行機能を持つ CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/index.html
iPhoneやFirefoxでもCPU脆弱性問題、更新版の提供始まる
http://itpro.nikkeibp.co.jp/atcl/news/17/010502927/?ST=security&itp_list_theme
2018年1月5日金曜日
5日 金曜日、大安
+ RHSA-2018:0030 Important: libvirt security update
https://access.redhat.com/errata/RHSA-2018:0030
+ RHSA-2018:0024 Important: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2018:0024
+ RHSA-2018:0013 Important: microcode_ctl security update
https://access.redhat.com/errata/RHSA-2018:0013
+ RHSA-2018:0029 Important: libvirt security update
https://access.redhat.com/errata/RHSA-2018:0029
+ RHSA-2018:0023 Important: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2018:0023
+ RHSA-2018:0014 Important: linux-firmware security update
https://access.redhat.com/errata/RHSA-2018:0014
+ Google Chrome 63.0.3239.132 released
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop.html
+ Mozilla Firefox 57.0.4 released
https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
+ Mozilla Foundation Security Advisory 2018-01 Speculative execution side-channel attack ("Spectre")
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
+ CESA-2018:0007 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/742919/
+ CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update
https://lwn.net/Alerts/742921/
+ CESA-2018:0014 Important CentOS 7 linux-firmware Security Update
https://lwn.net/Alerts/742920/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ VU#584653 CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ January 2018 Security Updates
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
+ SA80843: Microsoft Multiple Products Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80843/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ PHP 7.2.1, 7.1.13, 7.0.27, 5.6.33 Released
http://www.php.net/ChangeLog-7.php#7.2.1
http://www.php.net/ChangeLog-7.php#7.1.13
http://www.php.net/ChangeLog-7.php#7.0.27
http://www.php.net/ChangeLog-5.php#5.6.33
AWS Lambda および Tensorflow を使用してディープラーニングモデルをデプロイする方法
https://aws.amazon.com/jp/blogs/news/how-to-deploy-deep-learning-models-with-aws-lambda-and-tensorflow/
AWS Direct Connectアップデート? 2017年後半に追加された新ロケーション10か所
https://aws.amazon.com/jp/blogs/news/aws-direct-connect-update-ten-new-locations-added-in-late-2017/
JVNVU#93823979 投機的実行機能を持つ CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/
ニュース解説
Web検索を信じるな、いまどきの偽サイト
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122701261/?ST=security&itp_list_theme
CPU脆弱性問題でAWSとAzureの対応状況が判明
http://itpro.nikkeibp.co.jp/atcl/news/17/010402926/?ST=security&itp_list_theme
インテル、CPUの脆弱性に「AMDやアームとともに対応」
http://itpro.nikkeibp.co.jp/atcl/news/17/010402925/?ST=security&itp_list_theme
グーグルがCPU脆弱性の詳細を明らかに、Intel・AMD・Armが対象
http://itpro.nikkeibp.co.jp/atcl/news/17/010402924/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2018:0030
+ RHSA-2018:0024 Important: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2018:0024
+ RHSA-2018:0013 Important: microcode_ctl security update
https://access.redhat.com/errata/RHSA-2018:0013
+ RHSA-2018:0029 Important: libvirt security update
https://access.redhat.com/errata/RHSA-2018:0029
+ RHSA-2018:0023 Important: qemu-kvm security update
https://access.redhat.com/errata/RHSA-2018:0023
+ RHSA-2018:0014 Important: linux-firmware security update
https://access.redhat.com/errata/RHSA-2018:0014
+ Google Chrome 63.0.3239.132 released
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop.html
+ Mozilla Firefox 57.0.4 released
https://www.mozilla.org/en-US/firefox/57.0.4/releasenotes/
+ Mozilla Foundation Security Advisory 2018-01 Speculative execution side-channel attack ("Spectre")
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
+ CESA-2018:0007 Important CentOS 7 kernel Security Update
https://lwn.net/Alerts/742919/
+ CESA-2018:0012 Important CentOS 7 microcode_ctl Security Update
https://lwn.net/Alerts/742921/
+ CESA-2018:0014 Important CentOS 7 linux-firmware Security Update
https://lwn.net/Alerts/742920/
+ UPDATE: Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160129-openssl
+ UPDATE: CPU Side-Channel Information Disclosure Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
+ VU#584653 CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653
CVE-2017-5753
CVE-2017-5715
CVE-2017-5754
+ January 2018 Security Updates
https://portal.msrc.microsoft.com/ja-jp/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
+ SA80843: Microsoft Multiple Products Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/80843/
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
+ PHP 7.2.1, 7.1.13, 7.0.27, 5.6.33 Released
http://www.php.net/ChangeLog-7.php#7.2.1
http://www.php.net/ChangeLog-7.php#7.1.13
http://www.php.net/ChangeLog-7.php#7.0.27
http://www.php.net/ChangeLog-5.php#5.6.33
AWS Lambda および Tensorflow を使用してディープラーニングモデルをデプロイする方法
https://aws.amazon.com/jp/blogs/news/how-to-deploy-deep-learning-models-with-aws-lambda-and-tensorflow/
AWS Direct Connectアップデート? 2017年後半に追加された新ロケーション10か所
https://aws.amazon.com/jp/blogs/news/aws-direct-connect-update-ten-new-locations-added-in-late-2017/
JVNVU#93823979 投機的実行機能を持つ CPU に対するサイドチャネル攻撃
http://jvn.jp/vu/JVNVU93823979/
ニュース解説
Web検索を信じるな、いまどきの偽サイト
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/122701261/?ST=security&itp_list_theme
CPU脆弱性問題でAWSとAzureの対応状況が判明
http://itpro.nikkeibp.co.jp/atcl/news/17/010402926/?ST=security&itp_list_theme
インテル、CPUの脆弱性に「AMDやアームとともに対応」
http://itpro.nikkeibp.co.jp/atcl/news/17/010402925/?ST=security&itp_list_theme
グーグルがCPU脆弱性の詳細を明らかに、Intel・AMD・Armが対象
http://itpro.nikkeibp.co.jp/atcl/news/17/010402924/?ST=security&itp_list_theme
2018年1月4日木曜日
4日 木曜日、仏滅
+ RHSA-2018:0008 Important: kernel security update
https://access.redhat.com/errata/RHSA-2018:0008
+ RHSA-2018:0012 Important: microcode_ctl security update
https://access.redhat.com/errata/RHSA-2018:0012
+ Moziila Firefox 57.0.3 released
https://www.mozilla.org/en-US/firefox/57.0.3/releasenotes/
+ Zabbix 3.4.5, 3.2.11, 3.0.14, 2.2.21 released
https://www.zabbix.com/rn3.4.5
https://www.zabbix.com/rn3.2.11
https://www.zabbix.com/rn3.0.14
https://www.zabbix.com/rn2.2.21
+ VMware Workstation 14.1.0 Player released
https://docs.vmware.com/jp/VMware-Workstation-Player/14.0.0/rn/player-141-release-notes.html
+ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp
CVE-2018-0103
+ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp
CVE-2018-0104
+ Linux kernel 4.14.11, 4.9.74, 4.4.109, 3.18.91, 3.16.52, 3.2.97 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.109
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.91
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.52
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.97
+ Windows 7 x86 dwmapi.dll arbitrary code execution leading to privillege escallation
https://cxsecurity.com/issue/WLB-2018010021
+ Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2018010018
CVE-2017-1000112
+ Google Chrome Installer DLL Hijack vulnerability
https://cxsecurity.com/issue/WLB-2018010008
+ Apple macOS IOHIDSystem Kernel Read/Write
https://cxsecurity.com/issue/WLB-2018010004
Amazon Auroraを使用したMagento Content Servicesの構築をAWS Quick Startで加速させる
https://aws.amazon.com/jp/blogs/news/accelerate-magento-content-services-deployment-on-amazon-aurora-with-aws-quick-start/
【開催報告】AWS-HUB
https://aws.amazon.com/jp/blogs/news/aws-hub-report-2017dec/
Apache OpenOffice 4.1.5 is released!
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.5+Release+Notes
pg_chameleon 2.0 released
https://www.postgresql.org/about/news/1818/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
新春 編集長の眼
ランサムウエアとワームがまさかの合体、強力な集金ツールがネットを襲う
http://itpro.nikkeibp.co.jp/atcl/column/17/120500556/121900001/?ST=security&itp_list_theme
インタビュー&トーク
「中小企業のセキュリティをAIで守る」、英ソフォスCEO
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/122700357/?ST=security&itp_list_theme
https://access.redhat.com/errata/RHSA-2018:0008
+ RHSA-2018:0012 Important: microcode_ctl security update
https://access.redhat.com/errata/RHSA-2018:0012
+ Moziila Firefox 57.0.3 released
https://www.mozilla.org/en-US/firefox/57.0.3/releasenotes/
+ Zabbix 3.4.5, 3.2.11, 3.0.14, 2.2.21 released
https://www.zabbix.com/rn3.4.5
https://www.zabbix.com/rn3.2.11
https://www.zabbix.com/rn3.0.14
https://www.zabbix.com/rn2.2.21
+ VMware Workstation 14.1.0 Player released
https://docs.vmware.com/jp/VMware-Workstation-Player/14.0.0/rn/player-141-release-notes.html
+ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-wnrp
CVE-2018-0103
+ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180103-warfp
CVE-2018-0104
+ Linux kernel 4.14.11, 4.9.74, 4.4.109, 3.18.91, 3.16.52, 3.2.97 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.74
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.109
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.91
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.52
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.97
+ Windows 7 x86 dwmapi.dll arbitrary code execution leading to privillege escallation
https://cxsecurity.com/issue/WLB-2018010021
+ Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04 and 16.04) Local Privilege Escalation
https://cxsecurity.com/issue/WLB-2018010018
CVE-2017-1000112
+ Google Chrome Installer DLL Hijack vulnerability
https://cxsecurity.com/issue/WLB-2018010008
+ Apple macOS IOHIDSystem Kernel Read/Write
https://cxsecurity.com/issue/WLB-2018010004
Amazon Auroraを使用したMagento Content Servicesの構築をAWS Quick Startで加速させる
https://aws.amazon.com/jp/blogs/news/accelerate-magento-content-services-deployment-on-amazon-aurora-with-aws-quick-start/
【開催報告】AWS-HUB
https://aws.amazon.com/jp/blogs/news/aws-hub-report-2017dec/
Apache OpenOffice 4.1.5 is released!
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.5+Release+Notes
pg_chameleon 2.0 released
https://www.postgresql.org/about/news/1818/
UPDATE: JVNVU#92438713 複数の TLS 実装において Bleichenbacher 攻撃対策が不十分である問題
http://jvn.jp/vu/JVNVU92438713/index.html
新春 編集長の眼
ランサムウエアとワームがまさかの合体、強力な集金ツールがネットを襲う
http://itpro.nikkeibp.co.jp/atcl/column/17/120500556/121900001/?ST=security&itp_list_theme
インタビュー&トーク
「中小企業のセキュリティをAIで守る」、英ソフォスCEO
http://itpro.nikkeibp.co.jp/atcl/interview/14/262522/122700357/?ST=security&itp_list_theme
登録:
投稿 (Atom)