2018年5月7日月曜日

7日 月曜日、赤口

+ MantisBT 2.14.0, 2.13.2, and 1.13.15 Released
https://mantisbt.org/blog/archives/mantisbt/595

+ Gpg4win 3.1.1 released
https://www.gpg4win.org/change-history.html

+ RHSA-2018:1321 Critical: chromium-browser security update
https://access.redhat.com/errata/RHSA-2018:1321
CVE-2018-6118

+ RHSA-2018:1270 Important: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2018:1270
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815

+ RHSA-2018:1268 Important: glusterfs security update
https://access.redhat.com/errata/RHSA-2018:1268
CVE-2018-1112

+ RHSA-2018:1278 Important: java-1.7.0-openjdk security update
https://access.redhat.com/errata/RHSA-2018:1278
CVE-2018-2790
CVE-2018-2794
CVE-2018-2795
CVE-2018-2796
CVE-2018-2797
CVE-2018-2798
CVE-2018-2799
CVE-2018-2800
CVE-2018-2814
CVE-2018-2815

+ RHSA-2018:1269 Important: glusterfs security update
https://access.redhat.com/errata/RHSA-2018:1269
CVE-2018-1112

+ About the security content of Security Update 2018-001 Swift 4.1.1 for Ubuntu 14.04
https://support.apple.com/ja-jp/HT208804
CVE-2018-4220

+ Google Chrome 66.0.3359.139 released
https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop_26.html

+ Mozilla Firefox 59.0.3 released
https://www.mozilla.org/en-US/firefox/59.0.3/releasenotes/

+ CESA-2018:1098 Important CentOS 6 firefox Security Update
https://lwn.net/Articles/753438/

+ CESA-2018:1188 Critical CentOS 6 java-1.8.0-openjdk Security Update
https://lwn.net/Articles/753440/

+ CESA-2018:1270 Important CentOS 6 java-1.7.0-openjdk Security Update
https://lwn.net/Articles/753439/

+ CESA-2018:1225 Critical CentOS 6 librelp Security Update
https://lwn.net/Articles/753441/

+ CESA-2018:1124 Critical CentOS 6 python-paramiko Security Update
https://lwn.net/Articles/753443/

+ CESA-2018:1199 Important CentOS 6 patch Security Update
https://lwn.net/Articles/753442/

+ Ubuntu 18.04 LTS released
https://wiki.ubuntu.com/BionicBeaver/ReleaseNotes?_ga=2.50739562.211255650.1525651272-1131072083.1524095763

+ UPDATE: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

+ UPDATE: Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi

+ UPDATE: Cisco Wireless LAN Controller 802.11 Management Frame Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-mfdos

+ Cisco WebEx Advanced Recording Format Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-war
CVE-2018-0264

+ Cisco Prime File Upload Servlet Path Traversal and Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload
CVE-2018-0258

+ Cisco Secure Access Control System Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1
CVE-2018-0253

+ UPDATE: Cisco WebEx Clients Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-wbs

+ Cisco Wireless LAN Controller IP Fragment Reassembly Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip
CVE-2018-0252

+ Cisco Meeting Server Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-cms-cx
CVE-2018-0262

+ Cisco Aironet 1810, 1830, and 1850 Series Access Points Point-to-Point Tunneling Protocol Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-ptp
CVE-2018-0234

+ Cisco Aironet 1800, 2800, and 3800 Series Access Points Secure Shell Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-ssh
CVE-2018-0226

+ UPDATE: Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
CVE-2018-0167
CVE-2018-0175

+ UPDATE: Cisco Aironet 1800 Series Access Point 802.11 Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-dos
CVE-2018-0249

+ Cisco 5500 and 8500 Series Wireless LAN Controller Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-id
CVE-2018-0245

+ Cisco WebEx Advanced Recording Format Player Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-rce
CVE-2018-0287

+ Cisco WebEx Recording Format Player Information Disclosure Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-webex-id
CVE-2018-0288

+ Cisco Prime Service Catalog User Interface Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc
CVE-2018-0285

+ Cisco IOS XR Software netconf Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr
CVE-2018-0286

+ Cisco Firepower System Software Transport Layer Security Extensions Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos
CVE-2018-0281

+ Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-dos
CVE-2018-0278

+ Cisco Firepower System Software Transport Layer Security Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-fpwr-codp
CVE-2018-0283

+ Cisco Aironet Access Points Central Web Authentication FlexConnect Client ACL Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-ap-acl
CVE-2018-0250

+ Cisco Wireless LAN Controller and Aironet Access Points IOS WebAuth Client Authentication Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-aironet-auth
CVE-2018-0247

+ UPDATE: Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

+ UPDATE: Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1

+ UPDATE: Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-sip1

+ Linux kernel 4.16.7, 4.14.39, 4.14.39, 4.4.131, 3.18.108 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.39
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.98
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.131
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.108

+ Sudo 1.8.23 released
https://www.sudo.ws/stable.html#1.8.23

+ Apache Tomcat 9.0.8, 8.5.31 Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.8_(markt)
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.31_(markt)

+ GCC 8.1 released
https://gcc.gnu.org/gcc-8/

+ UPDATE: JVNVU#91991349 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU91991349/index.html

+ UPDATE: JVNVU#95420726 Apache Tomcat にセキュリティ制限回避の脆弱性
http://jvn.jp/vu/JVNVU95420726/index.html

+ UPDATE: JVNVU#90211511 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU90211511/index.html

+ UPDATE: JVNVU#95366887 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU95366887/index.html

+ UPDATE: JVNVU#92250735 Apache Tomcat の複数の脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92250735/index.html

AWS Database Migration Service と AWS Schema Conversion Tool がソースとしての IBM Db2 LUW をサポート開始
https://aws.amazon.com/jp/blogs/news/aws-database-migration-service-and-aws-schema-conversion-tool-now-support-ibm-db2-as-a-source/

異常検出にビルトイン Amazon SageMaker Random Cut Forest アルゴリズムを使用する
https://aws.amazon.com/jp/blogs/news/use-the-built-in-amazon-sagemaker-random-cut-forest-algorithm-for-anomaly-detection/

ノートブックインスタンスのトレーニングに Amazon SageMaker のローカルモードを使用する
https://aws.amazon.com/jp/blogs/news/use-the-amazon-sagemaker-local-mode-to-train-on-your-notebook-instance/

クライアントデバイスからのポート443でのTLSクライアント認証によるMQTTの実装方法(Python)
https://aws.amazon.com/jp/blogs/news/how-to-implement-mqtt-with-tls-client-authentication-on-port-443-from-client-devices-python/

Amazon EC2 インスタンスでのより高いパフォーマンスのために最適化された Chainer 4 と Microsoft Cognitive Toolkit (CNTK) 2.5.1
https://aws.amazon.com/jp/blogs/news/aws-deep-learning-amis-now-with-optimized-chainer-4-and-cntk-2-5-1-to-accelerate-deep-learning-on-amazon-ec2-instances/

[AWS White Belt Online Seminar] クラウドジャーニー (AWSへの移行プロセスと移行ツール) 資料及び QA 公開
https://aws.amazon.com/jp/blogs/news/webinar-bb-migration-2018/

【開催報告】第12回 AWS Startup Tech Meetup
https://aws.amazon.com/jp/blogs/news/aws-startup-tech-meetup-012/

VU#283803 Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")
https://www.kb.cert.org/vuls/id/283803

JVN#08386386 WordPress 用プラグイン Open Graph for Facebook, Google+ and Twitter Card Tags におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN08386386/index.html

JVN#61081552 WordPress 用プラグイン PixelYourSite におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN61081552/index.html

JVN#01040170 WordPress 用プラグイン WP Google Map Plugin におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN01040170/index.html

JVN#85531148 WordPress 用プラグイン Events Manager におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN85531148/index.html

JVN#68345747 株式会社セルシス製の複数の製品のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN68345747/index.html

設計書の欠陥を見抜く
スマートホームの暗黙的な保証内容を探す
http://tech.nikkeibp.co.jp/atcl/nxt/mag/sys/18/032300015/042000002/?ST=nxt_thmit_security

NEWS close-up
ウイルスサイトに勝手に誘導される セキュリティ設定の不備が原因か
http://tech.nikkeibp.co.jp/atcl/nxt/mag/nnw/18/041800012/042300010/?ST=nxt_thmit_security

ニュース解説
テレワークのセキュリティ対策、総務省の新指針を賢く読み解く
http://tech.nikkeibp.co.jp/atcl/nxt/column/18/00001/00401/?ST=nxt_thmit_security

米ツイッターがパスワード変更を呼びかけ、ハッシュ化せずにログに保存
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/01110/?ST=nxt_thmit_security

デジタルヘルス用語
Kwampirs
http://tech.nikkeibp.co.jp/dm/atcl/word/15/327920/050200056/?ST=nxt_thmit_security

米フェイスブック、プライバシー保護策と同時に「出会い系サービス」も発表
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/01096/?ST=nxt_thmit_security

きらぼし銀行のシステム障害解消へ、1万6000件の振り込みが遅延
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/01095/?ST=nxt_thmit_security

Windows 10の大型更新始まる、名称はWindows 10 April 2018 Update
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/01091/?ST=nxt_thmit_security

Ubuntu 18.04 LTSが公開、最小インストールが可能に
http://tech.nikkeibp.co.jp/atcl/nxt/news/18/01071/?ST=nxt_thmit_security

0 件のコメント:

コメントを投稿