+ RHSA-2019:0218 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2019:0218
CVE-2018-18500
CVE-2018-18501
CVE-2018-18505
+ UPDATE: Oracle Critical Patch Update Advisory - January 2019
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
UPDATE: JVNVU#99147082 複数の横河製品のライセンスマネージャサービスにアクセス制限不備の脆弱性
http://jvn.jp/vu/JVNVU99147082/index.html
2019年1月31日木曜日
2019年1月30日水曜日
30日 水曜日、赤口
+ Google Chrome 72.0.3626.8 released
https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
+ Mozilla Firefox 65.0 released
https://www.mozilla.org/en-US/firefox/65.0/releasenotes/
+ Mozilla Foundation Security Advisory 2019-01 Security vulnerabilities fixed in Firefox 65
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
CVE-2018-18500
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2011-3079
CVE-2018-18506
CVE-2018-18502
CVE-2018-18501
+ Mozilla Thunderbird 60.5.0 released
https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/
+ Mozilla Foundation Security Advisory 2019-03 Security vulnerabilities fixed in Thunderbird 60.5
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/
CVE-2018-18500
CVE-2018-18505
CVE-2011-3079
CVE-2016-5824
CVE-2018-18501
+ JVNVU#97449410 Microsoft Exchange 2013 およびそれ以降における NTLM 中継攻撃が可能な脆弱性
http://jvn.jp/vu/JVNVU97449410/index.html
https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html
+ Mozilla Firefox 65.0 released
https://www.mozilla.org/en-US/firefox/65.0/releasenotes/
+ Mozilla Foundation Security Advisory 2019-01 Security vulnerabilities fixed in Firefox 65
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
CVE-2018-18500
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2011-3079
CVE-2018-18506
CVE-2018-18502
CVE-2018-18501
+ Mozilla Thunderbird 60.5.0 released
https://www.thunderbird.net/en-US/thunderbird/60.5.0/releasenotes/
+ Mozilla Foundation Security Advisory 2019-03 Security vulnerabilities fixed in Thunderbird 60.5
https://www.mozilla.org/en-US/security/advisories/mfsa2019-03/
CVE-2018-18500
CVE-2018-18505
CVE-2011-3079
CVE-2016-5824
CVE-2018-18501
+ JVNVU#97449410 Microsoft Exchange 2013 およびそれ以降における NTLM 中継攻撃が可能な脆弱性
http://jvn.jp/vu/JVNVU97449410/index.html
2019年1月29日火曜日
29日 火曜日、大安
+ (緊急)米国国土安全保障省によるDNS設定の改ざんに関する緊急指令の公開について
https://jprs.jp/tech/security/2019-01-28-cisa-emergency-directive.html
+ Zabbix 3.0.25 released
https://www.zabbix.com/rn/rn3.0.25
+ VU#465632 Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
https://www.kb.cert.org/vuls/id/465632/
https://jprs.jp/tech/security/2019-01-28-cisa-emergency-directive.html
+ Zabbix 3.0.25 released
https://www.zabbix.com/rn/rn3.0.25
+ VU#465632 Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks
https://www.kb.cert.org/vuls/id/465632/
2019年1月28日月曜日
28日 月曜日、仏滅
+ Linux kernel 4.20.5, 4.19.18, 4.14.96, 4.9.153, 4.4.172, 3.18.133 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.18
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.96
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.172
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.133
+ hitachi-sec-2019-104 Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-104/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-103 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-103/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-104 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-104/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-103 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-103/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
JVNVU#99147082 複数の横河製品のライセンスマネージャサービスにアクセス制限不備の脆弱性
https://jvn.jp/vu/JVNVU99147082/
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.5
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.18
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.96
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.153
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.172
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.133
+ hitachi-sec-2019-104 Multiple Vulnerabilities in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-104/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-103 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-103/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-104 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-104/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
+ hitachi-sec-2019-103 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-103/index.html
CVE-2018-11212
CVE-2019-2422
CVE-2019-2426
JVNVU#99147082 複数の横河製品のライセンスマネージャサービスにアクセス制限不備の脆弱性
https://jvn.jp/vu/JVNVU99147082/
2019年1月25日金曜日
25日 金曜日、先勝
+ RHSA-2019:0159 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2019:0159
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ RHSA-2019:0160 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2019:0160
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ CESA-2019:0109 Important CentOS 7 perl Security Update
https://lwn.net/Articles/777467/
JVN#98505783 iOS アプリ「HOUSE GATE」におけるディレクトリトラバーサルの脆弱性
https://jvn.jp/jp/JVN98505783/
https://access.redhat.com/errata/RHSA-2019:0159
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ RHSA-2019:0160 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2019:0160
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18498
+ CESA-2019:0109 Important CentOS 7 perl Security Update
https://lwn.net/Articles/777467/
JVN#98505783 iOS アプリ「HOUSE GATE」におけるディレクトリトラバーサルの脆弱性
https://jvn.jp/jp/JVN98505783/
2019年1月24日木曜日
24日 木曜日 赤口
+ PowerDNS Recursorの脆弱性情報が公開されました
https://jprs.jp/tech/security/2019-01-23-powerdns-recursor.html
CVE-2019-3806
CVE-2019-3807
+ About the security content of iCloud for Windows 7.10
https://support.apple.com/ja-jp/HT209451
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
+ About the security content of Safari 12.0.3
https://support.apple.com/ja-jp/HT209449
CVE-2019-6228
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
+ About the security content of watchOS 5.1.3
https://support.apple.com/ja-jp/HT209448
CVE-2019-6235
CVE-2019-6202
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6210
CVE-2019-6213
CVE-2019-6209
CVE-2019-6219
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6227
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
+ About the security content of tvOS 12.1.2
https://support.apple.com/ja-jp/HT209447
CVE-2019-6235
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6218
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
+ About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
https://support.apple.com/ja-jp/HT209446
CVE-2019-6235
CVE-2019-6200
CVE-2019-6202
CVE-2019-6221
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2018-4467
CVE-2018-4452
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6218
CVE-2019-6219
CVE-2019-6220
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6211
+ About the security content of iOS 12.1.3
https://support.apple.com/ja-jp/HT209443
CVE-2019-6235
CVE-2019-6200
CVE-2019-6202
CVE-2019-6221
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6206
CVE-2019-6218
CVE-2019-6219
CVE-2019-6228
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6229
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6211
+ Linux kernel 4.14.95, 4.9.152 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.95
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152
+ important: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2019-0190
+ low: mod_session_cookie does not respect expiry time
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-17199
https://jprs.jp/tech/security/2019-01-23-powerdns-recursor.html
CVE-2019-3806
CVE-2019-3807
+ About the security content of iCloud for Windows 7.10
https://support.apple.com/ja-jp/HT209451
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
+ About the security content of Safari 12.0.3
https://support.apple.com/ja-jp/HT209449
CVE-2019-6228
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
+ About the security content of watchOS 5.1.3
https://support.apple.com/ja-jp/HT209448
CVE-2019-6235
CVE-2019-6202
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6210
CVE-2019-6213
CVE-2019-6209
CVE-2019-6219
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6227
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
+ About the security content of tvOS 12.1.2
https://support.apple.com/ja-jp/HT209447
CVE-2019-6235
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6218
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6227
CVE-2019-6233
CVE-2019-6234
CVE-2019-6229
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
+ About the security content of macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
https://support.apple.com/ja-jp/HT209446
CVE-2019-6235
CVE-2019-6200
CVE-2019-6202
CVE-2019-6221
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2018-4467
CVE-2018-4452
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6218
CVE-2019-6219
CVE-2019-6220
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6211
+ About the security content of iOS 12.1.3
https://support.apple.com/ja-jp/HT209443
CVE-2019-6235
CVE-2019-6200
CVE-2019-6202
CVE-2019-6221
CVE-2019-6231
CVE-2019-6230
CVE-2019-6224
CVE-2019-6214
CVE-2019-6225
CVE-2019-6210
CVE-2019-6205
CVE-2019-6213
CVE-2019-6209
CVE-2019-6208
CVE-2019-6206
CVE-2019-6218
CVE-2019-6219
CVE-2019-6228
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2018-20346
CVE-2018-20505
CVE-2018-20506
CVE-2019-6229
CVE-2019-6215
CVE-2019-6212
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6211
+ Linux kernel 4.14.95, 4.9.152 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.95
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.152
+ important: mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2019-0190
+ low: mod_session_cookie does not respect expiry time
http://httpd.apache.org/security/vulnerabilities_24.html
CVE-2018-17199
2019年1月23日水曜日
23日 水曜日、大安
+ RHSA-2019:0109 Important: perl security update
https://access.redhat.com/errata/RHSA-2019:0109
CVE-2018-18311
+ Security updates available for Adobe Experience Manager | APSB19-09
https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html
CVE-2018-19726
CVE-2018-19727
+ Security updates available for Adobe Experience Manager Forms | APSB19-03
https://helpx.adobe.com/security/products/aem-forms/apsb19-03.html
CVE-2018-19724
+ Linux kernel 4.20.4, 4.19.17 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.17
https://access.redhat.com/errata/RHSA-2019:0109
CVE-2018-18311
+ Security updates available for Adobe Experience Manager | APSB19-09
https://helpx.adobe.com/security/products/experience-manager/apsb19-09.html
CVE-2018-19726
CVE-2018-19727
+ Security updates available for Adobe Experience Manager Forms | APSB19-03
https://helpx.adobe.com/security/products/aem-forms/apsb19-03.html
CVE-2018-19724
+ Linux kernel 4.20.4, 4.19.17 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.4
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.17
2019年1月22日火曜日
22日 火曜日、仏滅
+ DNS flag dayについてのご質問とその回答
https://jprs.jp/tech/notice/2019-01-21-dns-flag-day-qa.html
+ DNS flag dayに関する文書の公開と対応状況の確認について
https://jprs.jp/tech/notice/2019-01-21-dns-flag-day.html
+ hitachi-sec-2019-102 Information Disclosure Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-102/index.html
+ hitachi-sec-2019-101 Cross-site Scripting Vulnerability in Hitachi Device Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-101/index.html
+ hitachi-sec-2019-102 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける情報露出の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-102/index.html
+ hitachi-sec-2019-101 Hitachi Device Managerにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-101/index.html
+ Apache HTTP Server 2.4.38 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
https://jprs.jp/tech/notice/2019-01-21-dns-flag-day-qa.html
+ DNS flag dayに関する文書の公開と対応状況の確認について
https://jprs.jp/tech/notice/2019-01-21-dns-flag-day.html
+ hitachi-sec-2019-102 Information Disclosure Vulnerability in Hitachi Command Suite and Hitachi Infrastructure Analytics Advisor
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-102/index.html
+ hitachi-sec-2019-101 Cross-site Scripting Vulnerability in Hitachi Device Manager
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-101/index.html
+ hitachi-sec-2019-102 Hitachi Command Suite製品およびHitachi Infrastructure Analytics Advisorにおける情報露出の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-102/index.html
+ hitachi-sec-2019-101 Hitachi Device Managerにおけるクロスサイトスクリプティングの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-101/index.html
+ Apache HTTP Server 2.4.38 Released
http://www.apache.org/dist/httpd/Announcement2.4.html
2019年1月21日月曜日
2019年1月18日金曜日
18日 金曜日、赤口
+ CESA-2019:0059 Important CentOS 7 libvncserver Security Update
https://lwn.net/Articles/777004/
+ Microsoft Windows .contact Arbitrary Code Execution
https://cxsecurity.com/issue/WLB-2019010181
https://lwn.net/Articles/777004/
+ Microsoft Windows .contact Arbitrary Code Execution
https://cxsecurity.com/issue/WLB-2019010181
2019年1月17日木曜日
17日 木曜日、大安
+ ルートゾーンKSKロールオーバーについてのご質問とその回答
https://jprs.jp/tech/notice/2017-08-10-root-zone-ksk-rollover-qa.html
+ ルートゾーンKSKロールオーバーによる影響とその確認方法について
https://jprs.jp/tech/notice/2017-07-10-root-zone-ksk-rollover.html
+ RHSA-2019:0085 Moderate: pyOpenSSL security and bug fix update
https://access.redhat.com/errata/RHSA-2019:0085
CVE-2018-1000807
CVE-2018-1000808
+ Linux kernel 4.20.3, 4.19.16, 4.14.94, 4.9.151, 4.4.171 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.94
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.171
https://jprs.jp/tech/notice/2017-08-10-root-zone-ksk-rollover-qa.html
+ ルートゾーンKSKロールオーバーによる影響とその確認方法について
https://jprs.jp/tech/notice/2017-07-10-root-zone-ksk-rollover.html
+ RHSA-2019:0085 Moderate: pyOpenSSL security and bug fix update
https://access.redhat.com/errata/RHSA-2019:0085
CVE-2018-1000807
CVE-2018-1000808
+ Linux kernel 4.20.3, 4.19.16, 4.14.94, 4.9.151, 4.4.171 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.3
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.94
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.151
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.171
2019年1月16日水曜日
16日 水曜日、仏滅
+ RHSA-2019:0059 Important: libvncserver security update
https://access.redhat.com/errata/RHSA-2019:0059
CVE-2018-15127
+ TortoiseSVN 1.11.1 released
https://tortoisesvn.net/tsvn_1.11_releasenotes.html
+ CESA-2019:0049 Important CentOS 7 systemd Security Update
https://lwn.net/Articles/776756/
+ Oracle Critical Patch Update Advisory - January 2019
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+ SA87007 Bootstrap Multiple Cross-Site Scripting Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/87007/
CVE-2016-10735
CVE-2018-14040
CVE-2018-14042
CVE-2018-20676
CVE-2018-20677
https://access.redhat.com/errata/RHSA-2019:0059
CVE-2018-15127
+ TortoiseSVN 1.11.1 released
https://tortoisesvn.net/tsvn_1.11_releasenotes.html
+ CESA-2019:0049 Important CentOS 7 systemd Security Update
https://lwn.net/Articles/776756/
+ Oracle Critical Patch Update Advisory - January 2019
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+ SA87007 Bootstrap Multiple Cross-Site Scripting Vulnerabilities
https://secuniaresearch.flexerasoftware.com/advisories/87007/
CVE-2016-10735
CVE-2018-14040
CVE-2018-14042
CVE-2018-20676
CVE-2018-20677
2019年1月15日火曜日
15日 火曜日、先負
+ RHSA-2019:0049 Important: systemd security update
https://access.redhat.com/errata/RHSA-2019:0049
CVE-2018-15688
CVE-2018-16864
CVE-2018-16865
+ Linux kernel 4.20.2, 4.19.15, 4.14.93, 4.9.150, 4.4.170, 3.18.132 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.132
+ sudo 1.8.27 released
https://www.sudo.ws/stable.html#1.8.27
JVNVU#97716739 オムロン製 CX-One に任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU97716739/index.html
https://access.redhat.com/errata/RHSA-2019:0049
CVE-2018-15688
CVE-2018-16864
CVE-2018-16865
+ Linux kernel 4.20.2, 4.19.15, 4.14.93, 4.9.150, 4.4.170, 3.18.132 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.132
+ sudo 1.8.27 released
https://www.sudo.ws/stable.html#1.8.27
JVNVU#97716739 オムロン製 CX-One に任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU97716739/index.html
2019年1月11日金曜日
11日 金曜日、大安
+ WinSCP 5.14.4 released
https://ja.osdn.net/projects/winscp/
+ Oracle Critical Patch Update Pre-Release Announcement - January 2019
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+ PHP 7.3.1, 7.2.14, 7.1.26, 5.6.40 released
http://www.php.net/ChangeLog-7.php#7.3.1
http://www.php.net/ChangeLog-7.php#7.2.14
http://www.php.net/ChangeLog-7.php#7.1.26
http://www.php.net/ChangeLog-5.php#5.6.40
JVN#58010349 WordPress 用プラグイン spam-byebye におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN58010349/index.html
https://ja.osdn.net/projects/winscp/
+ Oracle Critical Patch Update Pre-Release Announcement - January 2019
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
+ PHP 7.3.1, 7.2.14, 7.1.26, 5.6.40 released
http://www.php.net/ChangeLog-7.php#7.3.1
http://www.php.net/ChangeLog-7.php#7.2.14
http://www.php.net/ChangeLog-7.php#7.1.26
http://www.php.net/ChangeLog-5.php#5.6.40
JVN#58010349 WordPress 用プラグイン spam-byebye におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN58010349/index.html
2019年1月10日木曜日
10日 木曜日、仏滅
+ Mozilla Firefox 64.0.2 released
https://www.mozilla.org/en-US/firefox/64.0.2/releasenotes/
+ Linux kernel 4.20.1, 4.19.14, 4.14.92, 4.9.149 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.92
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149
+ JVNVU#92720005 Intel 製品に複数の脆弱性
https://jvn.jp/vu/JVNVU92720005/
+ Mantis 2.11.1 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2019010074
CVE-2018-13055
https://www.mozilla.org/en-US/firefox/64.0.2/releasenotes/
+ Linux kernel 4.20.1, 4.19.14, 4.14.92, 4.9.149 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.1
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.14
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.92
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.149
+ JVNVU#92720005 Intel 製品に複数の脆弱性
https://jvn.jp/vu/JVNVU92720005/
+ Mantis 2.11.1 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2019010074
CVE-2018-13055
2019年1月9日水曜日
9日 水曜日、先負
+ WinSCP 5.13.7 released
https://ja.osdn.net/projects/winscp/
+ Wireshar 2.6.6, 2.4.12 released
https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html
https://www.wireshark.org/docs/relnotes/wireshark-2.4.12.html
+ 2019 年 1 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2019/01/09/201901-security-updates/
https://ja.osdn.net/projects/winscp/
+ Wireshar 2.6.6, 2.4.12 released
https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html
https://www.wireshark.org/docs/relnotes/wireshark-2.4.12.html
+ 2019 年 1 月のセキュリティ更新プログラム (月例)
https://blogs.technet.microsoft.com/jpsecurity/2019/01/09/201901-security-updates/
2019年1月8日火曜日
8日 火曜日、友引
+ CESA-2019:0022 Important CentOS 7 keepalived Security Update
https://lwn.net/Articles/776135/
+ JVNVU#90683334 Windows DNS サーバにおけるヒープベースのバッファオーバーフローの脆弱性
https://jvn.jp/vu/JVNVU90683334/
CVE-2018-8626
+ JVNVU#92038183 Windows Kernel Transaction Manager (KTM) における競合状態に関する脆弱性
https://jvn.jp/vu/JVNVU92038183/
CVE-2018-8611
+ Microsoft Edge 44.17763.1.0 NULL Pointer Dereference
https://cxsecurity.com/issue/WLB-2019010048
https://lwn.net/Articles/776135/
+ JVNVU#90683334 Windows DNS サーバにおけるヒープベースのバッファオーバーフローの脆弱性
https://jvn.jp/vu/JVNVU90683334/
CVE-2018-8626
+ JVNVU#92038183 Windows Kernel Transaction Manager (KTM) における競合状態に関する脆弱性
https://jvn.jp/vu/JVNVU92038183/
CVE-2018-8611
+ Microsoft Edge 44.17763.1.0 NULL Pointer Dereference
https://cxsecurity.com/issue/WLB-2019010048
2019年1月7日月曜日
7日 月曜日、先勝
+ MantisBT 2.19.0, 2.18.1 and 1.3.17 released
https://mantisbt.org/blog/archives/mantisbt/618
+ RHSA-2019:0022 Important: keepalived security update
https://access.redhat.com/errata/RHSA-2019:0022
CVE-2018-19115
+ Security Bulletin for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
CVE-2018-16011
CVE-2018-16018
+ Squid 4.5 released
http://www.squid-cache.org/Versions/v4/squid-4.5-RELEASENOTES.html
+ VU#531281 Microsoft Windows DNS servers are vulnerable to heap overflow
https://www.kb.cert.org/vuls/id/531281/
CVE-2018-8626
+ VU#289907 Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition
https://www.kb.cert.org/vuls/id/289907/
CVE-2018-8611
+ Linux kernel 4.19.13, 4.14.91, 4.9.148 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148
https://mantisbt.org/blog/archives/mantisbt/618
+ RHSA-2019:0022 Important: keepalived security update
https://access.redhat.com/errata/RHSA-2019:0022
CVE-2018-19115
+ Security Bulletin for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
CVE-2018-16011
CVE-2018-16018
+ Squid 4.5 released
http://www.squid-cache.org/Versions/v4/squid-4.5-RELEASENOTES.html
+ VU#531281 Microsoft Windows DNS servers are vulnerable to heap overflow
https://www.kb.cert.org/vuls/id/531281/
CVE-2018-8626
+ VU#289907 Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition
https://www.kb.cert.org/vuls/id/289907/
CVE-2018-8611
+ Linux kernel 4.19.13, 4.14.91, 4.9.148 released
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.13
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.91
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.148
登録:
投稿 (Atom)