+ Prenotification Security Advisory for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
2018年12月28日金曜日
2018年12月27日木曜日
2018年12月26日水曜日
26日 水曜日、赤口
+ hitachi-sec-2018-137 Clickjacking Vulnerability in Hitachi Automation Director
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-137/index.html
+ hitachi-sec-2018-137 Hitachi Automation Directorにおけるクリックジャッキングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-137/index.html
JVN#33677949 マッピングツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN33677949/index.html
JVN#27052429 WordPress 用プラグイン Google XML Sitemaps におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN27052429/index.html
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-137/index.html
+ hitachi-sec-2018-137 Hitachi Automation Directorにおけるクリックジャッキングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-137/index.html
JVN#33677949 マッピングツールのインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN33677949/index.html
JVN#27052429 WordPress 用プラグイン Google XML Sitemaps におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN27052429/index.html
2018年12月25日火曜日
25日 火曜日、大安
+ CESA-2018:3833 Critical CentOS 7 firefox Security Update
https://lwn.net/Articles/775512/
+ CESA-2018:3831 Critical CentOS 6 firefox Security Update
https://lwn.net/Articles/775511/
+ Linux kernel 4.19.12, 4.14.90, 4.9.147, 4.4.169, 3.18.131 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.12
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.90
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.147
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.169
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.131
+ Microsoft Edge 42.17134.1.0 Tree::ANode::DocumentLayout Denial of Service
https://cxsecurity.com/issue/WLB-2018120216
JVNVU#97284298 ファイルシステムドライバ Dokan におけるスタックバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU97284298/index.html
JVNVU#92357871 MsiAdvertiseProduct における権限昇格の脆弱性
http://jvn.jp/vu/JVNVU92357871/index.html
JVN#13199224 PgpoolAdmin におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN13199224/index.html
JVN#69812763 cordova-plugin-ionic-webview におけるパストラバーサルの脆弱性
http://jvn.jp/jp/JVN69812763/index.html
JVNVU#93652047 横河電機製 Vnet/IP オープン通信ドライバにサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU93652047/index.html
2018年12月21日金曜日
21日 金曜日、先勝
+ Zabbix 4.0.3 released
https://www.zabbix.com/rn/rn4.0.3
+ CESA-2018:3854 Low CentOS 6 ntp Security Update
https://lwn.net/Articles/775320/
+ Mozilla Thunderbird 60.4.0 released
https://www.thunderbird.net/en-US/thunderbird/60.4.0/releasenotes/
+ VU#228297 Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition
https://www.kb.cert.org/vuls/id/228297/
+ Samba 4.9.4 Available for Download
https://www.samba.org/samba/history/samba-4.9.4.html
+ SA86719 Microsoft Internet Explorer Memory Corruption Vulnerability
https://secuniaresearch.flexerasoftware.com/advisories/86719/
CVE-2018-8653
+ UPDATE: JVNVU#91880486 Internet Explorer の JScript スクリプトエンジンにおけるメモリ破損の脆弱性
http://jvn.jp/vu/JVNVU91880486/index.html
VU#741315 A Dokan file driver contains a stack-based buffer overflow
https://www.kb.cert.org/vuls/id/741315/
2018年12月20日木曜日
20日 木曜日、赤口
+ RHSA-2018:3854 Low: ntp security update
https://access.redhat.com/errata/RHSA-2018:3854
CVE-2018-12327
+ CESA-2018:3834 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/775217/
+ VU#573168 Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability
https://www.kb.cert.org/vuls/id/573168/
CVE-2018-8653
+ FreeBSD-SA-18:15.bootpd bootpd buffer overflow
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc
CVE-2018-17161
+ Linux kernel 4.19.11 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.11
+ Apache Tomcat 8.5.37 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.37_(markt)
+ OpenLDAP 2.4.47 released
http://www.openldap.org/software/release/
+ Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write
https://cxsecurity.com/issue/WLB-2018120178
CVE-2018-8631
JVN#99810718 東芝ライテック製ホームゲートウェイにおける複数の脆弱性
https://jvn.jp/jp/JVN99810718/
https://access.redhat.com/errata/RHSA-2018:3854
CVE-2018-12327
+ CESA-2018:3834 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/775217/
+ VU#573168 Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability
https://www.kb.cert.org/vuls/id/573168/
CVE-2018-8653
+ FreeBSD-SA-18:15.bootpd bootpd buffer overflow
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:15.bootpd.asc
CVE-2018-17161
+ Linux kernel 4.19.11 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.11
+ Apache Tomcat 8.5.37 Released
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.37_(markt)
+ OpenLDAP 2.4.47 released
http://www.openldap.org/software/release/
+ Microsoft Windows jscript!JsArrayFunctionHeapSort Out-Of-Bounds Write
https://cxsecurity.com/issue/WLB-2018120178
CVE-2018-8631
JVN#99810718 東芝ライテック製ホームゲートウェイにおける複数の脆弱性
https://jvn.jp/jp/JVN99810718/
2018年12月19日水曜日
2018年12月18日火曜日
18日 火曜日、仏滅
+ RHSA-2018:3831 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2018:3831
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ RHSA-2018:3834 Important: ghostscript security and bug fix update
https://access.redhat.com/errata/RHSA-2018:3834
CVE-2018-15911
CVE-2018-16541
CVE-2018-16802
CVE-2018-17183
CVE-2018-17961
CVE-2018-18073
CVE-2018-18284
CVE-2018-19134
CVE-2018-19409
+ RHSA-2018:3833 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2018:3833
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ Linux kernel 4.19.10, 4.14.89, 4.9.146, 4.4.168, 3.18.130, 3.16.62 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.168
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.130
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.62
https://access.redhat.com/errata/RHSA-2018:3831
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ RHSA-2018:3834 Important: ghostscript security and bug fix update
https://access.redhat.com/errata/RHSA-2018:3834
CVE-2018-15911
CVE-2018-16541
CVE-2018-16802
CVE-2018-17183
CVE-2018-17961
CVE-2018-18073
CVE-2018-18284
CVE-2018-19134
CVE-2018-19409
+ RHSA-2018:3833 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2018:3833
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ Linux kernel 4.19.10, 4.14.89, 4.9.146, 4.4.168, 3.18.130, 3.16.62 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.10
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.89
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.146
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.168
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.130
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.62
2018年12月17日月曜日
17日 月曜日、先負
+ CESA-2018:3651 Moderate CentOS 7 kernel Security Update
https://lwn.net/Articles/774929/
+ CESA-2018:3347 Critical CentOS 7 python-paramiko Security Update
https://lwn.net/Articles/774931/
+ CESA-2018:3663 Moderate CentOS 7 sos-collector Security Update
https://lwn.net/Articles/774933/
+ CESA-2018:3650 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/774924/
+ CESA-2018:3350 Important CentOS 7 java-1.7.0-openjdk Security Update
https://lwn.net/Articles/774927/
+ CESA-2018:3408 Important CentOS 7 git Security Update
https://lwn.net/Articles/774926/
+ CESA-2018:3738 Important CentOS 7 ruby Security Update
https://lwn.net/Articles/774932/
+ CESA-2018:3410 Important CentOS 7 xorg-x11-server Security Update
https://lwn.net/Articles/774935/
+ CESA-2018:3521 Critical CentOS 7 java-11-openjdk Security Update
https://lwn.net/Articles/774928/
+ CESA-2018:3665 Important CentOS 7 NetworkManager Security Update
https://lwn.net/Articles/774930/
+ CESA-2018:3532 Important CentOS 7 thunderbird Security Update
https://lwn.net/Articles/774934/
+ CESA-2018:3761 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/774925/
+ Apache Tomcat 9.0.14 Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)
UPDATE: JVNVU#90382644 Pixar Tractor におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU90382644/index.html
https://lwn.net/Articles/774929/
+ CESA-2018:3347 Critical CentOS 7 python-paramiko Security Update
https://lwn.net/Articles/774931/
+ CESA-2018:3663 Moderate CentOS 7 sos-collector Security Update
https://lwn.net/Articles/774933/
+ CESA-2018:3650 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/774924/
+ CESA-2018:3350 Important CentOS 7 java-1.7.0-openjdk Security Update
https://lwn.net/Articles/774927/
+ CESA-2018:3408 Important CentOS 7 git Security Update
https://lwn.net/Articles/774926/
+ CESA-2018:3738 Important CentOS 7 ruby Security Update
https://lwn.net/Articles/774932/
+ CESA-2018:3410 Important CentOS 7 xorg-x11-server Security Update
https://lwn.net/Articles/774935/
+ CESA-2018:3521 Critical CentOS 7 java-11-openjdk Security Update
https://lwn.net/Articles/774928/
+ CESA-2018:3665 Important CentOS 7 NetworkManager Security Update
https://lwn.net/Articles/774930/
+ CESA-2018:3532 Important CentOS 7 thunderbird Security Update
https://lwn.net/Articles/774934/
+ CESA-2018:3761 Important CentOS 7 ghostscript Security Update
https://lwn.net/Articles/774925/
+ Apache Tomcat 9.0.14 Released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.14_(markt)
UPDATE: JVNVU#90382644 Pixar Tractor におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/vu/JVNVU90382644/index.html
2018年12月14日金曜日
14日 金曜日、赤口
+ Windows DNS Serverの脆弱性情報が公開されました(CVE-2018-8626)
https://jprs.jp/tech/security/2018-12-13-windowsdnsserver.html
+ ISC BIND 9.13.5, 9.12.3-P1, 9.11.5-P1 released
https://jprs.jp/tech/index.html#dns-software-update-info
https://ftp.isc.org/isc/bind9/9.13.5/RELEASE-NOTES-bind-9.13.5.html
https://ftp.isc.org/isc/bind9/9.12.3-P1/RELEASE-NOTES-bind-9.12.3-P1.html
https://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html
+ curl 7.63.0 released
https://curl.haxx.se/changes.html#7_63_0
+ Linux kernel 4.19.9, 4.14.88, 4.9.145, 4.4.167, 3.18.129 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.167
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.129
+ Samba 4.8.8 Available for Download
https://www.samba.org/samba/history/samba-4.8.8.html
VU#756913 Pixars Tractor contains a stored cross-site scripting vulnerability
https://www.kb.cert.org/vuls/id/756913/
https://jprs.jp/tech/security/2018-12-13-windowsdnsserver.html
+ ISC BIND 9.13.5, 9.12.3-P1, 9.11.5-P1 released
https://jprs.jp/tech/index.html#dns-software-update-info
https://ftp.isc.org/isc/bind9/9.13.5/RELEASE-NOTES-bind-9.13.5.html
https://ftp.isc.org/isc/bind9/9.12.3-P1/RELEASE-NOTES-bind-9.12.3-P1.html
https://ftp.isc.org/isc/bind9/9.11.5-P1/RELEASE-NOTES-bind-9.11.5-P1.html
+ curl 7.63.0 released
https://curl.haxx.se/changes.html#7_63_0
+ Linux kernel 4.19.9, 4.14.88, 4.9.145, 4.4.167, 3.18.129 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.88
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.145
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.167
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.129
+ Samba 4.8.8 Available for Download
https://www.samba.org/samba/history/samba-4.8.8.html
VU#756913 Pixars Tractor contains a stored cross-site scripting vulnerability
https://www.kb.cert.org/vuls/id/756913/
2018年12月13日木曜日
13日 木曜日、大安
+ Google Chrome 71.0.3578.98 released
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html
+ WinSCP 5.13.6 released
https://ja.osdn.net/projects/sfnet_winscp/downloads/WinSCP/5.13.6/WinSCP-5.13.6-ReadMe.txt/
+ 2018 年 12 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2018/12/12/201812-security-updates/
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html
+ WinSCP 5.13.6 released
https://ja.osdn.net/projects/sfnet_winscp/downloads/WinSCP/5.13.6/WinSCP-5.13.6-ReadMe.txt/
+ 2018 年 12 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2018/12/12/201812-security-updates/
2018年12月12日水曜日
12日 水曜日、仏滅
+ Mozilla Firefox 64.0 released
https://www.mozilla.org/en-US/firefox/64.0/releasenotes/
+ Mozilla Foundation Security Advisory 2018-29 Security vulnerabilities fixed in Firefox 64
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
CVE-2018-12406
CVE-2018-12405
+ Security Bulletin for Adobe Acrobat and Reader | APSB18-41
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
CVE-2018-15998
CVE-2018-15987
CVE-2018-16004
CVE-2018-19720
CVE-2018-16045
CVE-2018-16044
CVE-2018-16018
CVE-2018-19715
CVE-2018-19713
CVE-2018-19708
CVE-2018-19707
CVE-2018-19700
CVE-2018-19698
CVE-2018-16046
CVE-2018-16040
CVE-2018-16039
CVE-2018-16037
CVE-2018-16036
CVE-2018-16029
CVE-2018-16027
CVE-2018-16026
CVE-2018-16025
CVE-2018-16014
CVE-2018-16011
CVE-2018-16008
CVE-2018-16003
CVE-2018-15994
CVE-2018-15993
CVE-2018-15992
CVE-2018-15991
CVE-2018-15990
CVE-2018-19702
CVE-2018-16016
CVE-2018-16000
CVE-2018-15999
CVE-2018-15988
CVE-2018-19716
CVE-2018-16021
CVE-2018-12830
CVE-2018-19717
CVE-2018-19714
CVE-2018-19712
CVE-2018-19711
CVE-2018-19710
CVE-2018-19709
CVE-2018-19706
CVE-2018-19705
CVE-2018-19704
CVE-2018-19703
CVE-2018-19701
CVE-2018-19699
CVE-2018-16047
CVE-2018-16043
CVE-2018-16041
CVE-2018-16038
CVE-2018-16035
CVE-2018-16034
CVE-2018-16033
CVE-2018-16032
CVE-2018-16031
CVE-2018-16030
CVE-2018-16028
CVE-2018-16024
CVE-2018-16023
CVE-2018-16022
CVE-2018-16020
CVE-2018-16019
CVE-2018-16017
CVE-2018-16015
CVE-2018-16013
CVE-2018-16012
CVE-2018-16010
CVE-2018-16006
CVE-2018-16005
CVE-2018-16002
CVE-2018-16001
CVE-2018-15997
CVE-2018-15996
CVE-2018-15989
CVE-2018-15985
CVE-2018-15984
CVE-2018-19719
CVE-2018-16009
CVE-2018-16007
CVE-2018-15995
CVE-2018-15986
CVE-2018-16042
+ Security fix: phpMyAdmin 4.8.4 is released
https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/
+ Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle
https://cxsecurity.com/issue/WLB-2018120097
https://www.mozilla.org/en-US/firefox/64.0/releasenotes/
+ Mozilla Foundation Security Advisory 2018-29 Security vulnerabilities fixed in Firefox 64
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
CVE-2018-12406
CVE-2018-12405
+ Security Bulletin for Adobe Acrobat and Reader | APSB18-41
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
CVE-2018-15998
CVE-2018-15987
CVE-2018-16004
CVE-2018-19720
CVE-2018-16045
CVE-2018-16044
CVE-2018-16018
CVE-2018-19715
CVE-2018-19713
CVE-2018-19708
CVE-2018-19707
CVE-2018-19700
CVE-2018-19698
CVE-2018-16046
CVE-2018-16040
CVE-2018-16039
CVE-2018-16037
CVE-2018-16036
CVE-2018-16029
CVE-2018-16027
CVE-2018-16026
CVE-2018-16025
CVE-2018-16014
CVE-2018-16011
CVE-2018-16008
CVE-2018-16003
CVE-2018-15994
CVE-2018-15993
CVE-2018-15992
CVE-2018-15991
CVE-2018-15990
CVE-2018-19702
CVE-2018-16016
CVE-2018-16000
CVE-2018-15999
CVE-2018-15988
CVE-2018-19716
CVE-2018-16021
CVE-2018-12830
CVE-2018-19717
CVE-2018-19714
CVE-2018-19712
CVE-2018-19711
CVE-2018-19710
CVE-2018-19709
CVE-2018-19706
CVE-2018-19705
CVE-2018-19704
CVE-2018-19703
CVE-2018-19701
CVE-2018-19699
CVE-2018-16047
CVE-2018-16043
CVE-2018-16041
CVE-2018-16038
CVE-2018-16035
CVE-2018-16034
CVE-2018-16033
CVE-2018-16032
CVE-2018-16031
CVE-2018-16030
CVE-2018-16028
CVE-2018-16024
CVE-2018-16023
CVE-2018-16022
CVE-2018-16020
CVE-2018-16019
CVE-2018-16017
CVE-2018-16015
CVE-2018-16013
CVE-2018-16012
CVE-2018-16010
CVE-2018-16006
CVE-2018-16005
CVE-2018-16002
CVE-2018-16001
CVE-2018-15997
CVE-2018-15996
CVE-2018-15989
CVE-2018-15985
CVE-2018-15984
CVE-2018-19719
CVE-2018-16009
CVE-2018-16007
CVE-2018-15995
CVE-2018-15986
CVE-2018-16042
+ Security fix: phpMyAdmin 4.8.4 is released
https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/
+ Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle
https://cxsecurity.com/issue/WLB-2018120097
2018年12月11日火曜日
11日 火曜日、先負
+ RHSA-2018:3803 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2018:3803
CVE-2018-17480
CVE-2018-17481
CVE-2018-18335
CVE-2018-18336
CVE-2018-18337
CVE-2018-18338
CVE-2018-18339
CVE-2018-18340
CVE-2018-18341
CVE-2018-18342
CVE-2018-18343
CVE-2018-18344
CVE-2018-18345
CVE-2018-18346
CVE-2018-18347
CVE-2018-18348
CVE-2018-18349
CVE-2018-18350
CVE-2018-18351
CVE-2018-18352
CVE-2018-18353
CVE-2018-18354
CVE-2018-18355
CVE-2018-18356
CVE-2018-18357
CVE-2018-18358
CVE-2018-18359
+ Mozilla Thunderbird 60.3.3 released
https://www.thunderbird.net/en-US/thunderbird/60.3.3/releasenotes/
AWS re:Invent 2018 Management Tools セッションのまとめ
https://aws.amazon.com/jp/blogs/news/reinvent-2018-management-tools-sessions-summary/
JVN#25385698 サイボウズ Garoon におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN25385698/index.html
JVN#23161885 サイボウズ リモートサービスにおける複数の脆弱性
http://jvn.jp/jp/JVN23161885/index.html
https://access.redhat.com/errata/RHSA-2018:3803
CVE-2018-17480
CVE-2018-17481
CVE-2018-18335
CVE-2018-18336
CVE-2018-18337
CVE-2018-18338
CVE-2018-18339
CVE-2018-18340
CVE-2018-18341
CVE-2018-18342
CVE-2018-18343
CVE-2018-18344
CVE-2018-18345
CVE-2018-18346
CVE-2018-18347
CVE-2018-18348
CVE-2018-18349
CVE-2018-18350
CVE-2018-18351
CVE-2018-18352
CVE-2018-18353
CVE-2018-18354
CVE-2018-18355
CVE-2018-18356
CVE-2018-18357
CVE-2018-18358
CVE-2018-18359
+ Mozilla Thunderbird 60.3.3 released
https://www.thunderbird.net/en-US/thunderbird/60.3.3/releasenotes/
AWS re:Invent 2018 Management Tools セッションのまとめ
https://aws.amazon.com/jp/blogs/news/reinvent-2018-management-tools-sessions-summary/
JVN#25385698 サイボウズ Garoon におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN25385698/index.html
JVN#23161885 サイボウズ リモートサービスにおける複数の脆弱性
http://jvn.jp/jp/JVN23161885/index.html
2018年12月10日月曜日
10日 月曜日、友引
+ About the security content of watchOS 5.1.2
https://support.apple.com/ja-jp/HT209343
+ CESA-2018:3760 Important CentOS 6 ghostscript Security Update
https://lwn.net/Articles/774240/
+ VMware Workstation Player 14.1.5 released
https://docs.vmware.com/jp/VMware-Workstation-Player/14/rn/player-1415-release-notes.html
+ Linux kernel 4.19.8, 4.14.87, 4.9.144 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144
JVN#32155106 i-FILTER における複数の脆弱性
https://jvn.jp/jp/JVN32155106/
https://support.apple.com/ja-jp/HT209343
+ CESA-2018:3760 Important CentOS 6 ghostscript Security Update
https://lwn.net/Articles/774240/
+ VMware Workstation Player 14.1.5 released
https://docs.vmware.com/jp/VMware-Workstation-Player/14/rn/player-1415-release-notes.html
+ Linux kernel 4.19.8, 4.14.87, 4.9.144 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.8
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.87
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.144
JVN#32155106 i-FILTER における複数の脆弱性
https://jvn.jp/jp/JVN32155106/
2018年12月7日金曜日
7日 金曜日、大安
+ RHSA-2018:3795 Critical: flash-plugin security update
https://access.redhat.com/errata/RHSA-2018:3795
CVE-2018-15982
+ PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 released
http://www.php.net/ChangeLog-7.php#7.0.33
http://www.php.net/ChangeLog-7.php#7.2.13
http://www.php.net/ChangeLog-7.php#7.1.25
http://www.php.net/ChangeLog-5.php#5.6.39
+ Prenotification Security Advisory for Adobe Acrobat and Reader | APSB18-41
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
+ Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
CVE-2018-15982
+ About the security content of iCloud for Windows 7.9
https://support.apple.com/ja-jp/HT209346
CVE-2018-4440
CVE-2018-4439
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of Safari 12.0.2
https://support.apple.com/ja-jp/HT209344
CVE-2018-4440
CVE-2018-4439
CVE-2018-4445
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of iTunes 12.9.2 for Windows
https://support.apple.com/ja-jp/HT209345
CVE-2018-4440
CVE-2018-4439
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
https://support.apple.com/ja-jp/HT209341
CVE-2018-4303
CVE-2018-4462
CVE-2018-4463
CVE-2018-4465
CVE-2018-4434
CVE-2018-4427
CVE-2018-4460
CVE-2018-4431
CVE-2018-4447
CVE-2018-4435
CVE-2018-4461
CVE-2018-4449
CVE-2018-4450
+ About the security content of Shortcuts 2.1.2 for iOS
https://support.apple.com/ja-jp/HT209347
+ About the security content of tvOS 12.1.1
https://support.apple.com/ja-jp/HT209342
CVE-2018-4303
CVE-2018-4427
CVE-2018-4460
CVE-2018-4431
CVE-2018-4435
CVE-2018-4447
CVE-2018-4461
CVE-2018-4436
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
CVE-2018-4437
CVE-2018-4464
+ About the security content of iOS 12.1.1
https://support.apple.com/ja-jp/HT209340
CVE-2018-4303
CVE-2018-4465
CVE-2018-4430
CVE-2018-4446
CVE-2018-4460
CVE-2018-4431
CVE-2018-4435
CVE-2018-4447
CVE-2018-4461
CVE-2018-4429
CVE-2018-4436
CVE-2018-4440
CVE-2018-4445
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
CVE-2018-4437
CVE-2018-4464
+ GCC 7.4 released
https://gcc.gnu.org/gcc-7/changes.html
+ JVNVU#92431031 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92431031/index.html
+ macOS 10.14.1 Carbon Core Memory corruption
https://cxsecurity.com/issue/WLB-2018120051
CVE-2018-4463
Oracle から PostgreSQL へ移行する際によく直面する課題を解決する方法
https://aws.amazon.com/jp/blogs/news/how-to-solve-some-common-challenges-faced-while-migrating-from-oracle-to-postgresql/
JVN#89767228 セイコーエプソン製の複数のプリンタおよびスキャナにおける複数の脆弱性
http://jvn.jp/jp/JVN89767228/index.html
JVNVU#99727863 Adobe Flash Player および Flash Player Installer に脆弱性
http://jvn.jp/vu/JVNVU99727863/index.html
https://access.redhat.com/errata/RHSA-2018:3795
CVE-2018-15982
+ PHP 7.3.0, 7.2.13, 7.1.25, 7.0.33, 5.6.39 released
http://www.php.net/ChangeLog-7.php#7.0.33
http://www.php.net/ChangeLog-7.php#7.2.13
http://www.php.net/ChangeLog-7.php#7.1.25
http://www.php.net/ChangeLog-5.php#5.6.39
+ Prenotification Security Advisory for Adobe Acrobat and Reader | APSB18-41
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
+ Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
CVE-2018-15982
+ About the security content of iCloud for Windows 7.9
https://support.apple.com/ja-jp/HT209346
CVE-2018-4440
CVE-2018-4439
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of Safari 12.0.2
https://support.apple.com/ja-jp/HT209344
CVE-2018-4440
CVE-2018-4439
CVE-2018-4445
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of iTunes 12.9.2 for Windows
https://support.apple.com/ja-jp/HT209345
CVE-2018-4440
CVE-2018-4439
CVE-2018-4437
CVE-2018-4464
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
+ About the security content of macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
https://support.apple.com/ja-jp/HT209341
CVE-2018-4303
CVE-2018-4462
CVE-2018-4463
CVE-2018-4465
CVE-2018-4434
CVE-2018-4427
CVE-2018-4460
CVE-2018-4431
CVE-2018-4447
CVE-2018-4435
CVE-2018-4461
CVE-2018-4449
CVE-2018-4450
+ About the security content of Shortcuts 2.1.2 for iOS
https://support.apple.com/ja-jp/HT209347
+ About the security content of tvOS 12.1.1
https://support.apple.com/ja-jp/HT209342
CVE-2018-4303
CVE-2018-4427
CVE-2018-4460
CVE-2018-4431
CVE-2018-4435
CVE-2018-4447
CVE-2018-4461
CVE-2018-4436
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
CVE-2018-4437
CVE-2018-4464
+ About the security content of iOS 12.1.1
https://support.apple.com/ja-jp/HT209340
CVE-2018-4303
CVE-2018-4465
CVE-2018-4430
CVE-2018-4446
CVE-2018-4460
CVE-2018-4431
CVE-2018-4435
CVE-2018-4447
CVE-2018-4461
CVE-2018-4429
CVE-2018-4436
CVE-2018-4440
CVE-2018-4445
CVE-2018-4441
CVE-2018-4442
CVE-2018-4443
CVE-2018-4438
CVE-2018-4437
CVE-2018-4464
+ GCC 7.4 released
https://gcc.gnu.org/gcc-7/changes.html
+ JVNVU#92431031 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU92431031/index.html
+ macOS 10.14.1 Carbon Core Memory corruption
https://cxsecurity.com/issue/WLB-2018120051
CVE-2018-4463
Oracle から PostgreSQL へ移行する際によく直面する課題を解決する方法
https://aws.amazon.com/jp/blogs/news/how-to-solve-some-common-challenges-faced-while-migrating-from-oracle-to-postgresql/
JVN#89767228 セイコーエプソン製の複数のプリンタおよびスキャナにおける複数の脆弱性
http://jvn.jp/jp/JVN89767228/index.html
JVNVU#99727863 Adobe Flash Player および Flash Player Installer に脆弱性
http://jvn.jp/vu/JVNVU99727863/index.html
2018年12月6日木曜日
6日 木曜日、友引
+ Linux kernel 4.19.7, 4.14.86, 4.9.143 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143
+ SA86561 Microsoft Windows Adobe Flash Player Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/86561/
CVE-2018-15982
CVE-2018-15983
+ Wireshark 2.6.5, 2.4.11 released
https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html
+ OpenSSH < 7.7 User Enumeration (2)
https://cxsecurity.com/issue/WLB-2018120038
CVE-2018-15473
JVNVU#90473043 オムロン製 CX-One に複数の脆弱性
http://jvn.jp/vu/JVNVU90473043/index.html
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.7
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.86
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.143
+ SA86561 Microsoft Windows Adobe Flash Player Multiple Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/86561/
CVE-2018-15982
CVE-2018-15983
+ Wireshark 2.6.5, 2.4.11 released
https://www.wireshark.org/docs/relnotes/wireshark-2.6.5.html
https://www.wireshark.org/docs/relnotes/wireshark-2.4.11.html
+ OpenSSH < 7.7 User Enumeration (2)
https://cxsecurity.com/issue/WLB-2018120038
CVE-2018-15473
JVNVU#90473043 オムロン製 CX-One に複数の脆弱性
http://jvn.jp/vu/JVNVU90473043/index.html
2018年12月5日水曜日
5日 水曜日、先勝
Happy Coding Dojo 開催のお知らせ ~オンラインで気軽に視聴できます~
https://aws.amazon.com/jp/blogs/news/happy-coding-dojo-for-developer/
Amazon SageMaker で、セマンティックセグメンテーションアルゴリズムが利用可能になりました
https://aws.amazon.com/jp/blogs/news/semantic-segmentation-algorithm-is-now-available-in-amazon-sagemaker/
Amazon SageMaker ノートブックが Git 統合への対応開始により、持続性、コラボレーション、再現性を強化
https://aws.amazon.com/jp/blogs/news/amazon-sagemaker-notebooks-now-support-git-integration-for-increased-persistence-collaboration-and-reproducibility/
https://aws.amazon.com/jp/blogs/news/happy-coding-dojo-for-developer/
Amazon SageMaker で、セマンティックセグメンテーションアルゴリズムが利用可能になりました
https://aws.amazon.com/jp/blogs/news/semantic-segmentation-algorithm-is-now-available-in-amazon-sagemaker/
Amazon SageMaker ノートブックが Git 統合への対応開始により、持続性、コラボレーション、再現性を強化
https://aws.amazon.com/jp/blogs/news/amazon-sagemaker-notebooks-now-support-git-integration-for-increased-persistence-collaboration-and-reproducibility/
2018年12月4日火曜日
4日 火曜日、赤口
+ RHSA-2018:3760 Important: ghostscript security update
https://access.redhat.com/errata/RHSA-2018:3760
CVE-2018-16509
+ Mozilla Thunderbird 60.3.2 released
https://www.thunderbird.net/en-US/thunderbird/60.3.2/releasenotes/
+ hitachi-sec-2018-136 Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-136/index.html
CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2018-12536
+ hitachi-sec-2018-135 Problem with directory permissions in JP1/Operations Analytics
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-135/index.html
+ hitachi-sec-2018-134 Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-134/index.html
+ hitachi-sec-2018-136 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-136/index.html
CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2018-12536
+ hitachi-sec-2018-135 JP1/Operations Analyticsにおけるディレクトリパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-135/index.html
+ hitachi-sec-2018-134 Hitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-134/index.html
+ libpng 1.6.36 released
http://www.libpng.org/pub/png/src/libpng-1.6.36-README.txt
+ UPDATE: JVNVU#91510483 複数の TCP 実装にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91510483/index.html
https://access.redhat.com/errata/RHSA-2018:3760
CVE-2018-16509
+ Mozilla Thunderbird 60.3.2 released
https://www.thunderbird.net/en-US/thunderbird/60.3.2/releasenotes/
+ hitachi-sec-2018-136 Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-136/index.html
CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2018-12536
+ hitachi-sec-2018-135 Problem with directory permissions in JP1/Operations Analytics
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-135/index.html
+ hitachi-sec-2018-134 Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-134/index.html
+ hitachi-sec-2018-136 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-136/index.html
CVE-2017-7656
CVE-2017-7657
CVE-2017-7658
CVE-2018-12536
+ hitachi-sec-2018-135 JP1/Operations Analyticsにおけるディレクトリパーミッションの問題
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-135/index.html
+ hitachi-sec-2018-134 Hitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2018-134/index.html
+ libpng 1.6.36 released
http://www.libpng.org/pub/png/src/libpng-1.6.36-README.txt
+ UPDATE: JVNVU#91510483 複数の TCP 実装にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU91510483/index.html
2018年12月3日月曜日
3日 月曜日、大安
+ Linux kernel 4.19.6, 4.14.85, 4.9.142, 4.4.166, 3.18.128 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.166
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.128
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.6
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.85
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.142
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.166
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.128
登録:
投稿 (Atom)