2020年11月30日月曜日

30日 月曜日、先勝

+ JVNVU#98890246 トレンドマイクロ株式会社製 InterScan Messaging Security シリーズにおける複数の脆弱性
http://jvn.jp/vu/JVNVU98890246/index.html

+ Linux KernelにDoSの脆弱性(Moderate: CVE-2020-28941)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201130.html
CVE-2020-28941

+ Linux Kernel (Red Hatのみ) のBluetoothでDoSまたは任意のコード実行の脆弱性(Important: CVE-2020-25661, CVE-2020-25662)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201129.html
CVE-2020-25661
CVE-2020-25662

月間10億人が訪れるWebサイトに罠
引退間近のIEとFlashを狙う
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800013/111800035/?ST=nxt_thmit_security

Windows Serverに危険な脆弱性「Zerologon」
ドメイン管理者権限が盗まれる パッチの適用が進まない緊急事態
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800124/?ST=nxt_thmit_security

2020年11月27日金曜日

27日 金曜日、仏滅

+ PHP 8.0.0, 7.4.13, 7.3.25 released
https://www.php.net/ChangeLog-8.php#8.0.0
https://www.php.net/ChangeLog-7.php#7.4.13
https://www.php.net/ChangeLog-7.php#7.3.25

Maker Faire Tokyoで「可視化」が盛況
パケットの流れを光で見せる 通信を水で体感させるデモも
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800122/?ST=nxt_thmit_security

独禁法違反訴訟だけではない、嫌なところがマイクロソフトに似てきたグーグル
https://xtech.nikkei.com/atcl/nxt/column/18/00692/112600043/?ST=nxt_thmit_security

暗号化と暴露で11億円を要求、カプコン襲った「二重脅迫型」ランサムウエアの脅威
https://xtech.nikkei.com/atcl/nxt/column/18/00989/112400040/?ST=nxt_thmit_security

楽天が法人向けに新型コロナPCR検査キット提供へ、自宅で唾液を採取
https://xtech.nikkei.com/atcl/nxt/news/18/09208/?ST=nxt_thmit_security

日本企業の32%がランサムウエアの身代金を支払い、米クラウドストライク調査
https://xtech.nikkei.com/atcl/nxt/news/18/09205/?ST=nxt_thmit_security

行政向けクラウド強化急ぐ日本MS、本部長が明かすAWS対抗策
https://xtech.nikkei.com/atcl/nxt/column/18/00001/04881/?ST=nxt_thmit_security

2020年11月26日木曜日

26日 木曜日、先負

+ Gpg4win 3.1.14 released
https://www.gpg4win.org/change-history.html

+ ISC BIND 9.17.7, 9.16.9, 9.11.25 released
https://downloads.isc.org/isc/bind9/9.17.7/doc/arm/html/notes.html#notes-for-bind-9-17-7
https://downloads.isc.org/isc/bind9/9.16.9/doc/arm/html/notes.html#notes-for-bind-9-16-9
https://downloads.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html

JVNVU#98689901 Rockwell Automation 製 FactoryTalk Linx に複数の脆弱性
http://jvn.jp/vu/JVNVU98689901/index.html

JVNVU#97620058 富士電機製 V-Server Lite における境界外書き込みの脆弱性
http://jvn.jp/vu/JVNVU97620058/index.html

JVNTA#94494000 改ざんチェックのない CBC モードで暗号化された実行ファイルにおいて任意のコードを埋め込まれる問題
http://jvn.jp/ta/JVNTA94494000/index.html

JVN#56450373 GROWI における複数の脆弱性
http://jvn.jp/jp/JVN56450373/index.html

ボットネット潰しに新たな切り札
ランサムウエアの感染拡大を防ぐ 著作権法違反で差し止め申請
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800123/?ST=nxt_thmit_security

平井大臣が宣言した「脱PPAP」がベンチャーで加速、パスワード別送と決別なるか
https://xtech.nikkei.com/atcl/nxt/column/18/00001/04878/?ST=nxt_thmit_security

2020年11月25日水曜日

25日 水曜日、友引

+ Linux kernel 5.9.11, 5.4.80,4.19.160, 4.14.209, 4.9.246, 4.4.246 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.11
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.80
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.209
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.246
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.246

+ Apache Tomcat 7.0.107 Released
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.107_(violetagg)

+ JVNVU#97472624 複数の VMware 製品に OS コマンドインジェクションの脆弱性
http://jvn.jp/vu/JVNVU97472624/index.html
CVE-2020-4006

+ JVN#27806339 NETGEAR GS108Ev3 におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN27806339/index.html
CVE-2020-5641

+ JVNVU#94694991 トレンドマイクロ株式会社製ウイルスバスター for Mac に複数の脆弱性
http://jvn.jp/vu/JVNVU94694991/index.html
CVE-2020-25778
CVE-2020-25779
CVE-2020-27013
CVE-2020-27014
CVE-2020-27015

What is CPE up to: CentOS Stream
https://blog.centos.org/2020/11/what-is-cpe-up-to-centos-stream/

iPhoneの画面が大変なことに 実は危ない「構成プロファイル」
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/111200043/?ST=nxt_thmit_security

ゼネコンがランサムウエアに感染 窃取された情報を公開される
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/031800050/111800021/?ST=nxt_thmit_security

2020年11月24日火曜日

24日 火曜日、先勝

+ CESA-2020:5083 Moderate CentOS 7 microcode_ctl Security Update
https://lwn.net/Articles/837743/

+ CESA-2020:5099 Critical CentOS 7 firefox Security Update
https://lwn.net/Articles/837876/

+ VMware Workstation 15.5.7
https://my.vmware.com/jp/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_workstation_player/15_0#product_downloads

+ VU#724367 VMware Workspace ONE Access and related components are vulnerable to command injection
https://www.kb.cert.org/vuls/id/724367
CVE-2020-4006

+Linux kernel 5.9.10, 5.4.79, 4.19.159, 4.14.208, 4.9.245, 4.4.245 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.10
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.79
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.208
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.245
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.245

+ VMSA-2020-0027 VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0027.html
CVE-2020-4006

+ VMSA-2020-0026 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
CVE-2020-4004
CVE-2020-4005

+ VMSA-2020-0025 VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)
https://www.vmware.com/security/advisories/VMSA-2020-0025.html
CVE-2020-3984
CVE-2020-3985
CVE-2020-4000
CVE-2020-4001
CVE-2020-4002
CVE-2020-4003

+ Linux Kernelのfbconでバッファオーバー読み込みの脆弱性(CVE-2020-28974)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201124.html
CVE-2020-28974

+ Linux Kernelのfbconでのバッファオーバー読み込みの脆弱性(Moderate: CVE-2020-28915)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201118.html
CVE-2020-28915

+ Apache Tomcat AJP Ghostcat File Read/Inclusion (Metasploit)
https://cxsecurity.com/issue/WLB-2020110171

JVN#26835001 セイコーエプソン製の複数製品のインストーラにおける DLL 読み込みに関する脆弱性
http://jvn.jp/jp/JVN26835001/index.html

JVNVU#95980140 三菱電機製 MELSEC iQ-R シリーズにおけるリソース枯渇の脆弱性
http://jvn.jp/vu/JVNVU95980140/index.html

JVN#90729322 Hibernate ORM における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN90729322/index.html

著名人アカウントなど130件乗っ取り リモートワークの隙を突かれる
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600011/111600068/?ST=nxt_thmit_security

ドメイン登録事業者へのサイバー攻撃が仮想通貨交換所に影響、メールの盗聴被害
https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600089/?ST=nxt_thmit_security

パスワード付きファイルの何が問題なのか、今こそ「PPAP」との決別を
https://xtech.nikkei.com/atcl/nxt/column/18/00676/112100065/?ST=nxt_thmit_security

ネット中傷被害者を早期に救え、新たな裁判手続きには期待と慎重論が交差
https://xtech.nikkei.com/atcl/nxt/column/18/00001/04864/?ST=nxt_thmit_security

三菱電機のMicrosoft 365に不正アクセス、取引先情報8635件流出
https://xtech.nikkei.com/atcl/nxt/news/18/09168/?ST=nxt_thmit_security

「パスワード別送」は推奨していない、JIPDECが声明
https://xtech.nikkei.com/atcl/nxt/news/18/09164/?ST=nxt_thmit_security

イベント管理のPeatixに不正アクセス、最大677万件の顧客情報が流出
https://xtech.nikkei.com/atcl/nxt/news/18/09162/?ST=nxt_thmit_security

2020年11月20日金曜日

20日 金曜日、先負

+ Postgresql ODBC Driver 13.00 released
https://www.postgresql.org/ftp/odbc/versions/msi/

+ CESA-2020:5083 Moderate CentOS 7 microcode_ctl Security Update
https://lwn.net/Articles/837743/

+ CESA-2020:5003 Low CentOS 7 fence-agents Security Update
https://lwn.net/Articles/837739/

+ CESA-2020:5021 Moderate CentOS 7 qt Security Update
https://lwn.net/Articles/837746/

+ CESA-2020:5021 Moderate CentOS 7 qt5-qtbase Security Update
https://lwn.net/Articles/837747/

+ CESA-2020:5011 Moderate CentOS 7 bind Security Update
https://lwn.net/Articles/837737/

+ CESA-2020:5023 Moderate CentOS 7 kernel Security Update
https://lwn.net/Articles/837740/

+ CESA-2020:5020 Low CentOS 7 tomcat Security Update
https://lwn.net/Articles/837749/

+ CESA-2020:5004 Low CentOS 7 resource-agents Security Update
https://lwn.net/Articles/837748/

+ CESA-2020:5040 Moderate CentOS 7 libvirt Security Update
https://lwn.net/Articles/837742/

+ CESA-2020:5009 Moderate CentOS 7 python Security Update
https://lwn.net/Articles/837744/

+ CESA-2020:5002 Moderate CentOS 7 curl Security Update
https://lwn.net/Articles/837738/

+ CESA-2020:5012 Moderate CentOS 7 librepo Security Update
https://lwn.net/Articles/837741/

+ CESA-2020:5010 Moderate CentOS 7 python3 Security Update
https://lwn.net/Articles/837745/

JVNVU#95980140 三菱電機製 MELSEC iQ-R シリーズにおけるリソース枯渇の脆弱性
http://jvn.jp/vu/JVNVU95980140/index.html

JVN#90729322 Hibernate ORM における SQL インジェクションの脆弱性
http://jvn.jp/jp/JVN90729322/index.html

国内DX投資は2030年度に3兆円超 けん引役は交通・運輸業界
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600010/111000075/?ST=nxt_thmit_security

著名人アカウントなど130件乗っ取り、知られざるツイッターハックの全容
https://xtech.nikkei.com/atcl/nxt/column/18/01157/111700023/?ST=nxt_thmit_security

freeeがパスワード付きファイルのメール受信廃止を宣言
https://xtech.nikkei.com/atcl/nxt/news/18/09154/?ST=nxt_thmit_security

マイナンバーカードのパスワード初期化、2021年秋にコンビニで可能に
https://xtech.nikkei.com/atcl/nxt/column/18/00001/04856/?ST=nxt_thmit_security

2020年11月19日木曜日

19日 木曜日、友引

+ RHSA-2020:5146 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2020:5146
CVE-2020-26950

+ Mozilla Thunderbird 78.5.0 released
https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/

+ Linux kernel 5.9.9, 5.4.78, 4.19.158, 4.14.207, 4.9.244, 4.4.244 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.9
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.78
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.207
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.244
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.244

+ Apache Tomcat 9.0.40, 8.5.60 released
http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.60_(markt)

+ JVNVU#96249940 トレンドマイクロ株式会社製ウイルスバスター クラウドにおける任意のファイルが削除可能な脆弱性
http://jvn.jp/vu/JVNVU96249940/index.html
CVE-2020-25775

+ Linux Kernelのfbconでのバッファオーバー読み込みの脆弱性(Moderate: CVE-2020-28915)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201118.html
CVE-2020-28915

An update on our Gitforge
https://blog.centos.org/2020/11/an-update-on-our-gitforge/

JVNVU#94180712 複数の Sensormatic Electronics 製品に不適切な認可処理の脆弱性
http://jvn.jp/vu/JVNVU94180712/index.html

JVNVU#91732260 Paradox 製 IP150 に複数の脆弱性
http://jvn.jp/vu/JVNVU91732260/index.html

JVNVU#96484028 Real Time Automation 製 499ES EtherNet/IP Adaptor Source Code にスタックベースのバッファオーバーフローの脆弱性
http://jvn.jp/vu/JVNVU96484028/index.html

JVNVU#99979220 Schneider Electric 製 Interactive Graphical SCADA System (IGSS) に複数の脆弱性
http://jvn.jp/vu/JVNVU99979220/index.html

JVN#94245475 Movable Type Premium におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN94245475/index.html

東建コーポレーションで不正アクセス被害、個人情報65万件が流出か
https://xtech.nikkei.com/atcl/nxt/news/18/09143/?ST=nxt_thmit_security

2020年11月18日水曜日

18日 水曜日、先勝

+ About the security content of iTunes 12.11 for Windows
https://support.apple.com/ja-jp/HT211933
CVE-2020-10002
CVE-2020-27912
CVE-2020-27917
CVE-2020-27911
CVE-2020-27918
CVE-2020-27895

+ Google Chrome 87.0.4280.66 released
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

+ Mozilla Firefox 83.0 released
https://www.mozilla.org/en-US/firefox/83.0/releasenotes/

+ Mozilla Foundation Security Advisory 2020-50 Security Vulnerabilities fixed in Firefox 83
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
CVE-2020-26951
CVE-2020-26952
CVE-2020-16012
CVE-2020-26953
CVE-2020-26954
CVE-2020-26955
CVE-2020-26956
CVE-2020-26957
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-15999
CVE-2020-26961
CVE-2020-26962
CVE-2020-26963
CVE-2020-26964
CVE-2020-26965
CVE-2020-26966
CVE-2020-26967
CVE-2020-26968
CVE-2020-26969

+ Mozilla Foundation Security Advisory 2020-52 Security Vulnerabilities fixed in Thunderbird 78.5
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/
CVE-2020-26951
CVE-2020-16012
CVE-2020-26953
CVE-2020-26956
CVE-2020-26958
CVE-2020-26959
CVE-2020-26960
CVE-2020-15999
CVE-2020-26961
CVE-2020-26965
CVE-2020-26966
CVE-2020-26968

+ UPDATE: Oracle Critical Patch Update Advisory - October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html

+ 2020 年 11 月のセキュリティ更新プログラム
https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov

+ GnuPG 2.2.24 released
https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000449.html

+ Apache Struts 2.5.20 Double OGNL evaluation
https://cxsecurity.com/issue/WLB-2020110136
CVE-2019-0230
CVE-2020-0230

Announcing RHEL for the Edge
https://access.redhat.com/announcements/5580401

iPhoneに「ウイルス感染」の警告を表示、だましの手口を知らず慌てると窮地に
https://xtech.nikkei.com/atcl/nxt/column/18/00676/111400064/?ST=nxt_thmit_security

バイデン政権発足で「ファーウェイ排除」はどうなる、日本も蚊帳の外ではない
https://xtech.nikkei.com/atcl/nxt/column/18/01474/111700003/?ST=nxt_thmit_security

JVNVU#99880454 KonaWiki3 における複数の脆弱性
http://jvn.jp/vu/JVNVU99880454/index.html

2020年11月17日火曜日

17日 火曜日、赤口

+ Mozilla Firefox 82.0.3 released
https://www.mozilla.org/en-US/firefox/82.0.3/releasenotes/

+ PostgreSQLの脆弱性情報(CVE-2020-25694, CVE-2020-25695, CVE-2020-25696)と新バージョン(9.5.24, 9.6.20, 10.15, 11.10, 12.5, 13.1)
https://security.sios.com/vulnerability/postgresql-security-vulnerability-20201116.html
CVE-2020-25694
CVE-2020-25695
CVE-2020-25696

+ Intel製CPUの脆弱性("Platypus": INTEL-SA-00389)
https://security.sios.com/vulnerability/misc-security-vulnerability-20201116.html
CVE-2020-8694
CVE-2020-8695

UPDATE: JVNVU#94736763 Treck 製 IP スタックに複数の脆弱性
http://jvn.jp/vu/JVNVU94736763/index.html

カプコンから最大35万件の個人情報流出の可能性、サイバー犯罪集団から身代金要求も
https://xtech.nikkei.com/atcl/nxt/news/18/09133/?ST=nxt_thmit_security

ITを核とした「技術覇権」競う米中、バイデン政権下で日本の重要性が増す理由
https://xtech.nikkei.com/atcl/nxt/column/18/01474/111400002/?ST=nxt_thmit_security

2020年11月16日月曜日

16日 月曜日、大安

+ Safari 14.0.1 のセキュリティコンテンツについて
https://support.apple.com/ja-jp/HT211934
CVE-2020-9945
CVE-2020-27918

+ UPDATE: JVNVU#99462952 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99462952/index.html

JVNVU#98911990 BD 製 Alaris 8015 PC Unit および Alaris Systems Manager に不適切な認証の脆弱性
http://jvn.jp/vu/JVNVU98911990/index.html

JVN#44764844 MELSEC iQ-R シリーズシーケンサ CPU ユニットにおけるリソース枯渇の脆弱性
http://jvn.jp/jp/JVN44764844/index.html

JVNVU#97690270 Replay Protected Memory Block (RPMB) プロトコルにリプレイ攻撃対策が不十分な問題
http://jvn.jp/vu/JVNVU97690270/index.html

メルカリの配送サービスでセブンイレブンから発送できない障害、復旧時期は未定
https://xtech.nikkei.com/atcl/nxt/news/18/09128/?ST=nxt_thmit_security

カプコンがランサムウエア被害か、脅迫文や攻撃に使われたとするマルウエアが見つかる
https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600088/?ST=nxt_thmit_security

バイデン政権はどう動く、「ねじれ議会」でもGAFA規制が進む可能性
https://xtech.nikkei.com/atcl/nxt/column/18/01474/111300001/?ST=nxt_thmit_security

カプコンから給与明細やパスポートなどのデータ流出か、ランサムウエア被害で
https://xtech.nikkei.com/atcl/nxt/news/18/09120/?ST=nxt_thmit_security

2020年11月13日金曜日

13日 金曜日、赤口

+ RHSA-2020:5099 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2020:5099
CVE-2020-26950

+ RHSA-2020:5100 Critical: firefox security update
https://access.redhat.com/errata/RHSA-2020:5100
CVE-2020-26950

+ About the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave
https://support.apple.com/ja-jp/HT211946
CVE-2020-27930
CVE-2020-27932
CVE-2020-27950

+ PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, & 9.5.24 Released!
https://www.postgresql.org/docs/13/release-13-1.html
https://www.postgresql.org/docs/12/release-12-5.html
https://www.postgresql.org/docs/11/release-11-10.html
https://www.postgresql.org/docs/10/release-10-15.html
https://www.postgresql.org/docs/9.6/release-9-6-20.html
https://www.postgresql.org/docs/9.5/release-9-5-24.html

+ Log4j 2.14.0 Released
http://logging.apache.org/log4j/2.x/changes-report.html#a2.14.0

JVN#44764844 MELSEC iQ-R シリーズシーケンサ CPU ユニットにおけるリソース枯渇の脆弱性
http://jvn.jp/jp/JVN44764844/index.html

ルーターとファイアウオールの利用実態、首位に立ったのはあのベンダー
https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500003/?ST=nxt_thmit_security

パソコン大手が力を注ぐ独自セキュリティーソフト、対抗馬はあの会社
https://xtech.nikkei.com/atcl/nxt/column/18/01470/111100003/?ST=nxt_thmit_security

2020年11月12日木曜日

12日 木曜日、大安

+ RHSA-2020:5084 Moderate: microcode_ctl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:5084
CVE-2020-8696
CVE-2020-8698

+ RHSA-2020:5083 Moderate: microcode_ctl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:5083
CVE-2020-8695
CVE-2020-8696
CVE-2020-8698

+ RHSA-2020:5056 Moderate: podman security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5056
CVE-2020-14040
CVE-2020-14370

+ RHSA-2020:5055 Moderate: buildah security update
https://access.redhat.com/errata/RHSA-2020:5055
CVE-2020-14040

+ RHSA-2020:5085 Moderate: microcode_ctl security, bug fix and enhancement update
https://access.redhat.com/errata/RHSA-2020:5085
CVE-2020-8695
CVE-2020-8696
CVE-2020-8698

+ Google Chrome 86.0.4240.198 released
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

+ Mozilla Thunderbird 78.4.3 relea
sed
https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/

+ Linux kernel 5.9.8, 5.4.77, 4.19.157, 4.14.206, 4.9.243, 4.4.243 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.8
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.77
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.206
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.243
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.243

+ JVNVU#98002571 Intel 製品に複数の脆弱性
http://jvn.jp/vu/JVNVU98002571/index.html
CVE-2019-11121
CVE-2020-0590
CVE-2020-0587
CVE-2020-0591
CVE-2020-0593
CVE-2020-0588
CVE-2020-0592
CVE-2020-0559
CVE-2020-8676
CVE-2020-8693
CVE-2020-8692
CVE-2020-8690
CVE-2020-8691
CVE-2020-8737
CVE-2020-12312
CVE-2020-8764
CVE-2020-8738
CVE-2020-8740
CVE-2020-8739
CVE-2020-8752
CVE-2020-12297
CVE-2020-12304
CVE-2020-8745
CVE-2020-8744
CVE-2020-8705
CVE-2020-8750
CVE-2020-12303
CVE-2020-12354
CVE-2020-8757
CVE-2020-8756
CVE-2020-8760
CVE-2020-12355
CVE-2020-8755
CVE-2020-8749
CVE-2020-12313
CVE-2020-12318
CVE-2020-12321
CVE-2020-12306
CVE-2020-12307
CVE-2020-12315
CVE-2020-12331
CVE-2020-12336
CVE-2020-12337
CVE-2020-24525
CVE-2020-12323
CVE-2020-12330
CVE-2020-12334
CVE-2020-12335
CVE-2020-12333
CVE-2020-12332
CVE-2020-12325
CVE-2020-12324
CVE-2020-12329
CVE-2020-12338
CVE-2020-12350
CVE-2020-12347
CVE-2020-12345
CVE-2020-12346
CVE-2020-0572
CVE-2020-24456
CVE-2020-0592
CVE-2020-0584
CVE-2020-8677
CVE-2020-8693
CVE-2020-8692
CVE-2020-8690
CVE-2020-8691
CVE-2020-8747
CVE-2020-8746
CVE-2020-8766
CVE-2020-8767
CVE-2020-12314
CVE-2020-12317
CVE-2020-12319
CVE-2020-12322
CVE-2020-12353
CVE-2020-24460
CVE-2020-0575
CVE-2020-12309
CVE-2020-12310
CVE-2020-12311
CVE-2020-8698
CVE-2020-8696
CVE-2020-8737
CVE-2020-8694
CVE-2020-8695
CVE-2020-8753
CVE-2020-8751
CVE-2020-8754
CVE-2020-8761
CVE-2020-8747
CVE-2020-12356
CVE-2020-12308
CVE-2020-12316
CVE-2020-12320
CVE-2020-12328
CVE-2020-12327
CVE-2020-12326
CVE-2020-0573
CVE-2020-8669
CVE-2020-12349
CVE-2020-24454
CVE-2017-13080

+ Microsoft Windows Local Spooler Bypass
https://cxsecurity.com/issue/WLB-2020110086
CVE-2020-1337

全PCが乗っ取られる脆弱性 パッチの適用進まず
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020800017/110500453/?ST=nxt_thmit_security

企業内PCのセキュリティー、内蔵チップによるファームウエア防御が必須な理由
https://xtech.nikkei.com/atcl/nxt/column/18/01470/111000002/?ST=nxt_thmit_security

無線LANアクセスポイントとコントローラーの人気調査、あの2社が強かった
https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500002/?ST=nxt_thmit_security

JVNVU#92857198 Schneider Electric 製 PLC Simulator for EcoStruxure Control Expert に複数の脆弱性
http://jvn.jp/vu/JVNVU92857198/index.html

JVNVU#97890337 複数の OSIsoft 製品に脆弱性
http://jvn.jp/vu/JVNVU97890337/index.html

JVNVU#98046719 Siemens 製品に複数の脆弱性
http://jvn.jp/vu/JVNVU98046719/index.html

2020年11月11日水曜日

11日 水曜日、仏滅

+ Apache OpenOffice 4.1.8 released
https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.8+Release+Notes

+ RHSA-2020:5056 Moderate: podman security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5056
CVE-2020-14040
CVE-2020-14370

+ RHSA-2020:5055 Moderate: buildah security update
https://access.redhat.com/errata/RHSA-2020:5055
CVE-2020-14040

+ RHSA-2020:5054 Moderate: skopeo security update
https://access.redhat.com/errata/RHSA-2020:5054
CVE-2020-14040

+ RHSA-2020:5050 Important: kpatch-patch security update
https://access.redhat.com/errata/RHSA-2020:5050
CVE-2020-14385

+ RHSA-2020:5040 Moderate: libvirt security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5040
CVE-2020-25637

+ RHSA-2020:5023 Moderate: kernel security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5023
CVE-2019-20811
CVE-2020-14331

+ RHSA-2020:5021 Moderate: qt and qt5-qtbase security update
https://access.redhat.com/errata/RHSA-2020:5021
CVE-2020-17507

+ RHSA-2020:5020 Low: tomcat security update
https://access.redhat.com/errata/RHSA-2020:5020
CVE-2020-1935

+ RHSA-2020:5012 Moderate: librepo security update
https://access.redhat.com/errata/RHSA-2020:5012
CVE-2020-14352

+ RHSA-2020:5011 Moderate: bind security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5011
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624

+ RHSA-2020:5010 Moderate: python3 security update
https://access.redhat.com/errata/RHSA-2020:5010
CVE-2019-20907
CVE-2020-14422

+ RHSA-2020:5009 Moderate: python security update
https://access.redhat.com/errata/RHSA-2020:5009
CVE-2019-20907

+ RHSA-2020:5003 Low: fence-agents security and bug fix update
https://access.redhat.com/errata/RHSA-2020:5003
CVE-2020-11078

+ RHSA-2020:5002 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2020:5002
CVE-2020-8177

+ Security update available for Adobe Reader Mobile | APSB20-71
https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html
CVE-2020-24441

+ Security updates available for Adobe Connect | APSB20-69
https://helpx.adobe.com/security/products/connect/apsb20-69.html
CVE-2020-24442
CVE-2020-24443

+ Mozilla Thunderbird 78.4.2 released
https://www.thunderbird.net/en-US/thunderbird/78.4.2/releasenotes/

+ Linux kernel 5.9.7, 5.4.76, 4.19.156, 4.14.205, 4.9.242, 4.4.242 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.76
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.242
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.242

+ OpenLDAP 2.4.56 released
https://www.openldap.org/software/release/changes.html

VU#231329 Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks
https://www.kb.cert.org/vuls/id/231329

米大統領選狙ったランサムウエア ボットネットを潰したMSの「秘策」
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/103000042/?ST=nxt_thmit_security

グーグルとMS、盟主はどちらか 盛り上がる「ゼロトラスト」同盟
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100111/103000037/?ST=nxt_thmit_security

大手パソコンメーカーのセキュリティー競争が激化、製品選びの新基準とは
https://xtech.nikkei.com/atcl/nxt/column/18/01470/111000001/?ST=nxt_thmit_security

恒例のネット機器利用実態調査、スイッチ部門でまさかの首位交代
https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500001/?ST=nxt_thmit_security

2020年11月10日火曜日

10日 火曜日、先負

+ RHSA-2020:4974 Important: chromium-browser security update
https://access.redhat.com/errata/RHSA-2020:4974
CVE-2020-16004
CVE-2020-16005
CVE-2020-16006
CVE-2020-16008
CVE-2020-16009

+ Google Chrome 86.0.4240.193 released
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

+ Mozilla Foundation Security Advisory 2020-49 Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
CVE-2020-26950

+ Zabbix 5.2.1 released
https://www.zabbix.com/rn/rn5.2.1

+ CESA-2020:4056 Important CentOS 6 qemu-kvm Security Update
https://lwn.net/Articles/836620/

+ CESA-2020:4946 Important CentOS 6 libX11 Security Update
https://lwn.net/Articles/836619/

+ CESA-2020:4953 Important CentOS 6 xorg-x11-server Security Update
https://lwn.net/Articles/836622/

+ CESA-2020:4330 Important CentOS 6 firefox Security Update
https://lwn.net/Articles/836616/

+ CESA-2020:4182 Important CentOS 6 kernel Security Update
https://lwn.net/Articles/836618/

+ CESA-2020:4348 Moderate CentOS 6 java-1.8.0-openjdk Security Update
https://lwn.net/Articles/836617/

+ CESA-2020:4183 Moderate CentOS 6 bind Security Update
https://lwn.net/Articles/836615/

オラクル製品に緊急対応が必要な脆弱性、管理コンソールを公開したJPサーバーを確認
https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600087/?ST=nxt_thmit_security

ゆうちょ銀が不正出金の点検結果を公表、mijicaで14項目のセキュリティー不備
https://xtech.nikkei.com/atcl/nxt/news/18/09092/?ST=nxt_thmit_security

2020年11月9日月曜日

9日 月曜日、友引

+ Mozilla Thunderbird 78.4.1 released
https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/

+ Postfix stable release 3.5.8 and legacy releases 3.4.18, 3.3.15, 3.2.20
http://www.postfix.org/announcements/postfix-3.5.8.html
http://mirror.postfix.jp/postfix-release/official/postfix-3.5.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.4.18.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.3.15.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-3.2.20.HISTORY

+ JVNVU#99462952 複数の Apple 製品における脆弱性に対するアップデート
http://jvn.jp/vu/JVNVU99462952/index.html

+ JVNVU#92053563 XOOPS 用モジュール XooNIps における複数の脆弱性
http://jvn.jp/vu/JVNVU92053563/index.html

JVNVU#95897894 WECON 製 PLC Editor に複数の脆弱性
http://jvn.jp/vu/JVNVU95897894/index.html

JVNVU#99562395 三菱電機製 GOT1000 シリーズ GT14 モデルにおける複数の脆弱性
http://jvn.jp/vu/JVNVU99562395/index.html

2020年11月6日金曜日

6日 金曜日、大安

+ RHSA-2020:4947 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2020:4947
CVE-2020-15683
CVE-2020-15969

+ RHSA-2020:4952 Important: freetype security update
https://access.redhat.com/errata/RHSA-2020:4952
CVE-2020-15999

+ RHSA-2020:4913 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2020:4913
CVE-2020-15683
CVE-2020-15969

+ About the security content of watchOS 7.1
https://support.apple.com/ja-jp/HT211928
CVE-2020-27910
CVE-2020-27916
CVE-2020-10017
CVE-2020-27909
CVE-2020-10003
CVE-2020-27930
CVE-2020-27927
CVE-2020-10002
CVE-2020-27912
CVE-2020-27905
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27917
CVE-2020-27911
CVE-2020-10010
CVE-2020-27918

+ About the security content of watchOS 6.2.9
https://support.apple.com/ja-jp/HT211944
CVE-2020-27930
CVE-2020-27950
CVE-2020-27932

+ About the security content of watchOS 5.3.9
https://support.apple.com/ja-jp/HT211945
CVE-2020-27930
CVE-2020-27950
CVE-2020-27932

+ About the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update
https://support.apple.com/ja-jp/HT211947
CVE-2020-27930
CVE-2020-27932
CVE-2020-27950

+ About the security content of tvOS 14.2
https://support.apple.com/ja-jp/HT211930
CVE-2020-27910
CVE-2020-27916
CVE-2020-10017
CVE-2020-27909
CVE-2020-10003
CVE-2020-27927
CVE-2020-10002
CVE-2020-27912
CVE-2020-27905
CVE-2020-9974
CVE-2020-10016
CVE-2020-27917
CVE-2020-27911
CVE-2020-10010
CVE-2020-27918

+ About the security content of iOS 14.2 and iPadOS 14.2
https://support.apple.com/ja-jp/HT211929
CVE-2020-27910
CVE-2020-27916
CVE-2020-27925
CVE-2020-10017
CVE-2020-27909
CVE-2020-10003
CVE-2020-27930
CVE-2020-27927
CVE-2020-10002
CVE-2020-27912
CVE-2020-27905
CVE-2020-27950
CVE-2020-9974
CVE-2020-10016
CVE-2020-27932
CVE-2020-27902
CVE-2020-27917
CVE-2020-27911
CVE-2020-27926
CVE-2020-10010
CVE-2020-10004
CVE-2020-13524
CVE-2020-10011
CVE-2020-27918

+ About the security content of iOS 12.4.9
https://support.apple.com/ja-jp/HT211940
CVE-2020-27929
CVE-2020-27930
CVE-2020-27950
CVE-2020-27932

+ Linux kernel 5.9.6, 5.4.75, 4.19.155, 4.14.204 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.6
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.75
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.204

+ Samba 4.12.10, 4.11.16 released
https://www.samba.org/samba/history/samba-4.12.10.html
https://www.samba.org/samba/history/samba-4.11.16.html

+ Linux Kernelのvt(virtual console)での脆弱性情報(Moderate: CVE-2020-25668)
https://security.sios.com/vulnerability/kernel-security-vulnerability-20201105.html
CVE-2020-25668

+ Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure
https://cxsecurity.com/issue/WLB-2020110030
CVE-2020-27019
CVE-2020-27694
CVE-2020-27016
CVE-2020-27017
CVE-2020-27018
CVE-2020-27693

UPDATE: JVNVU#99562395 三菱電機製 GOT1000 シリーズ GT14 モデルにおける複数の脆弱性
http://jvn.jp/vu/JVNVU99562395/index.html

JVN#57942454 サイボウズ Garoon における不適切な入力確認の脆弱性
http://jvn.jp/jp/JVN57942454/index.html

JVNVU#90224831 複数の三菱電機製 FA 製品における複数の脆弱性
http://jvn.jp/vu/JVNVU90224831/index.html

UPDATE: JVNVU#97662844 三菱電機製 MELSEC iQ-R シリーズの Ethernet ポートにおけるリソース枯渇の脆弱性
http://jvn.jp/vu/JVNVU97662844/index.html

JVN#00414047 スマートフォンアプリ「Studyplus(スタディプラス)」に外部サービスの API キーがハードコードされている問題
http://jvn.jp/jp/JVN00414047/index.html

2020年11月5日木曜日

5日 木曜日、仏滅

+ RHSA-2020:4910 Important: xorg-x11-server security update
https://access.redhat.com/errata/RHSA-2020:4910
CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362

+ RHSA-2020:4909 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2020:4909
CVE-2020-15683
CVE-2020-15969

+ RHSA-2020:4908 Important: libX11 security update
https://access.redhat.com/errata/RHSA-2020:4908
CVE-2020-14363

+ RHSA-2020:4907 Important: freetype security update
https://access.redhat.com/errata/RHSA-2020:4907
CVE-2020-15999

+ RHSA-2020:4913 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2020:4913
CVE-2020-15683
CVE-2020-15969

+ RHSA-2020:4685 Important: kernel security update
https://access.redhat.com/errata/RHSA-2020:4685
CVE-2020-24490
CVE-2020-25661
CVE-2020-25662

+ RHSA-2020:4827 Moderate: oniguruma security update
https://access.redhat.com/errata/RHSA-2020:4827
CVE-2019-13225

+ RHSA-2020:4820 Moderate: file-roller security update
https://access.redhat.com/errata/RHSA-2020:4820
CVE-2019-16680
CVE-2020-11736

+ RHSA-2020:4807 Moderate: prometheus-jmx-exporter security update
https://access.redhat.com/errata/RHSA-2020:4807
CVE-2017-18640

+ RHSA-2020:4806 Important: dpdk security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4806
CVE-2020-10722
CVE-2020-10723
CVE-2020-10725
CVE-2020-10726

+ RHSA-2020:4805 Moderate: edk2 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4805
CVE-2019-14559

+ RHSA-2020:4799 Moderate: freeradius:3.0 security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4799
CVE-2019-17185

+ RHSA-2020:4766 Moderate: libexif security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4766
CVE-2019-9278
CVE-2020-0093
CVE-2020-0181
CVE-2020-0182
CVE-2020-0198
CVE-2020-12767
CVE-2020-13113
CVE-2020-13114

+ RHSA-2020:4763 Moderate: dovecot security update
https://access.redhat.com/errata/RHSA-2020:4763
CVE-2020-10958
CVE-2020-10967

+ RHSA-2020:4760 Moderate: tcpdump security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4760
CVE-2018-10103
CVE-2018-10105
CVE-2018-14461
CVE-2018-14462
CVE-2018-14463
CVE-2018-14464
CVE-2018-14465
CVE-2018-14466
CVE-2018-14467
CVE-2018-14468
CVE-2018-14469
CVE-2018-14470
CVE-2018-14879
CVE-2018-14880
CVE-2018-14881
CVE-2018-14882
CVE-2018-16227
CVE-2018-16228
CVE-2018-16229
CVE-2018-16230
CVE-2018-16300
CVE-2018-16451
CVE-2018-16452
CVE-2019-15166

+ RHSA-2020:4756 Moderate: varnish:6 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4756
CVE-2019-15892
CVE-2019-20637
CVE-2020-11653

+ RHSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4751
CVE-2018-17189
CVE-2019-0196
CVE-2019-0197
CVE-2019-10081
CVE-2019-10082
CVE-2019-10092
CVE-2019-10097
CVE-2019-10098
CVE-2020-1927
CVE-2020-1934

+ RHSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4743
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12526
CVE-2019-12528
CVE-2019-12529
CVE-2019-12854
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2019-18860
CVE-2020-8449
CVE-2020-8450
CVE-2020-14058
CVE-2020-15049
CVE-2020-24606

+ RHSA-2020:4847 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4847
CVE-2015-9251
CVE-2016-10735
CVE-2018-14040
CVE-2018-14042
CVE-2019-8331
CVE-2019-10146
CVE-2019-10179
CVE-2019-10221
CVE-2019-11358
CVE-2020-1721
CVE-2020-11022
CVE-2020-11023
CVE-2020-15720

+ RHSA-2020:4712 Moderate: subversion:1.10 security update
https://access.redhat.com/errata/RHSA-2020:4712
CVE-2018-11782

+ RHSA-2020:4709 Moderate: librsvg2 security update
https://access.redhat.com/errata/RHSA-2020:4709
CVE-2019-20446

+ CVE-2019-20446 Moderate: targetcli security and enhancement update
https://access.redhat.com/errata/RHSA-2020:4697
CVE-2020-13867

+ RHSA-2020:4694 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4694
CVE-2020-10749
CVE-2020-10756
CVE-2020-14040

+ RHSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4690
CVE-2015-9541
CVE-2018-21035
CVE-2020-0569
CVE-2020-0570
CVE-2020-13962

+ RHSA-2020:4689 Moderate: openwsman security update
https://access.redhat.com/errata/RHSA-2020:4689
CVE-2019-3833

+ RHSA-2020:4687 Moderate: oddjob security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4687
CVE-2020-10737

+ RHSA-2020:4682 Moderate: grafana security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4682
CVE-2018-18624
CVE-2019-19499
CVE-2020-11110
CVE-2020-12052
CVE-2020-12245
CVE-2020-12458
CVE-2020-12459
CVE-2020-13430

+ RHSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4676
CVE-2019-15890
CVE-2019-20485
CVE-2020-1983
CVE-2020-10703
CVE-2020-14301
CVE-2020-14339

+ RHSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4670
CVE-2015-9251
CVE-2016-10735
CVE-2018-14040
CVE-2018-14042
CVE-2018-20676
CVE-2018-20677
CVE-2019-8331
CVE-2019-11358
CVE-2020-1722
CVE-2020-11022

+ RHSA-2020:4667 Moderate: mailman:2.1 security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4667
CVE-2020-12137

+ RHSA-2020:4659 Moderate: gd security update
https://access.redhat.com/errata/RHSA-2020:4659
CVE-2018-14553
CVE-2019-6977
CVE-2019-6978

+ RHSA-2020:4655 Moderate: cyrus-imapd security update
https://access.redhat.com/errata/RHSA-2020:4655
CVE-2019-18928
CVE-2019-19783

+ RHSA-2020:4654 Moderate: python27:2.7 security update
https://access.redhat.com/errata/RHSA-2020:4654
CVE-2019-20907
CVE-2019-20916

+ RHSA-2020:4650 Moderate: cloud-init security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4650
CVE-2020-8631
CVE-2020-8632

+ RHSA-2020:4649 Low: evolution security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4649
CVE-2020-14928

+ RHSA-2020:4647 Moderate: freerdp and vinagre security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4647
CVE-2020-11018
CVE-2020-11019
CVE-2020-11038
CVE-2020-11039
CVE-2020-11040
CVE-2020-11041
CVE-2020-11042
CVE-2020-11043
CVE-2020-11044
CVE-2020-11045
CVE-2020-11046
CVE-2020-11047
CVE-2020-11048
CVE-2020-11049
CVE-2020-11058
CVE-2020-11085
CVE-2020-11086
CVE-2020-11087
CVE-2020-11088
CVE-2020-11089
CVE-2020-11522
CVE-2020-11525
CVE-2020-11526
CVE-2020-13396
CVE-2020-13397

+ RHSA-2020:4643 Low: poppler security update
https://access.redhat.com/errata/RHSA-2020:4643
CVE-2019-14494

+ RHSA-2020:4641 Moderate: python38:3.8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4641
CVE-2019-20477
CVE-2019-20907
CVE-2020-1747
CVE-2020-8492
CVE-2020-14422

+ RHSA-2020:4638 Low: sysstat security update
https://access.redhat.com/errata/RHSA-2020:4638
CVE-2019-16167

+ RHSA-2020:4634 Moderate: libtiff security update
https://access.redhat.com/errata/RHSA-2020:4634
CVE-2019-17546

+ RHSA-2020:4629 Moderate: libvpx security update
https://access.redhat.com/errata/RHSA-2020:4629
CVE-2019-2126
CVE-2019-9232
CVE-2019-9371
CVE-2019-9433

+ RHSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4628
CVE-2020-12802
CVE-2020-12803

+ RHSA-2020:4627 Moderate: SDL security update
https://access.redhat.com/errata/RHSA-2020:4627
CVE-2019-7572
CVE-2019-7573
CVE-2019-7574
CVE-2019-7575
CVE-2019-7576
CVE-2019-7577
CVE-2019-7578
CVE-2019-7635
CVE-2019-7636
CVE-2019-7637
CVE-2019-7638

+ RHSA-2020:4625 Moderate: spamassassin security update
https://access.redhat.com/errata/RHSA-2020:4625
CVE-2018-11805
CVE-2019-12420
CVE-2020-1930
CVE-2020-1931

+ RHSA-2020:4619 Moderate: frr security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4619
CVE-2020-12831

+ RHSA-2020:4599 Moderate: curl security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4599
CVE-2020-8177

+ RHSA-2020:4568 Moderate: libldb security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4568
CVE-2020-10730

+ RHSA-2020:4553 Low: systemd security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4553
CVE-2019-20386

+ RHSA-2020:4547 Low: libpcap security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4547
CVE-2019-15165

+ RHSA-2020:4545 Moderate: libssh security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4545
CVE-2019-14889
CVE-2020-1730

+ RHSA-2020:4542 Moderate: cryptsetup security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4542
CVE-2020-14382

+ RHSA-2020:4539 Moderate: pcre2 security and enhancement update
https://access.redhat.com/errata/RHSA-2020:4539
CVE-2019-20454

+ RHSA-2020:4514 Low: openssl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4514
CVE-2019-1551

+ RHSA-2020:4508 Moderate: libsolv security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4508
CVE-2019-20387

+ RHSA-2020:4500 Moderate: bind security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4500
CVE-2020-8619
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624

+ RHSA-2020:4497 Moderate: cyrus-sasl security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4497
CVE-2019-19906

+ RHSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4490
CVE-2019-13050

+ RHSA-2020:4484 Moderate: expat security update
https://access.redhat.com/errata/RHSA-2020:4484
CVE-2018-20843
CVE-2019-15903

+ RHSA-2020:4483 Moderate: opensc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4483
CVE-2019-15945
CVE-2019-15946
CVE-2019-19479
CVE-2019-19481
CVE-2019-20792

+ RHSA-2020:4482 Moderate: libgcrypt security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4482
CVE-2019-13627

+ RHSA-2020:4481 Moderate: bluez security update
https://access.redhat.com/errata/RHSA-2020:4481
CVE-2020-0556

+ RHSA-2020:4479 Moderate: libxml2 security update
https://access.redhat.com/errata/RHSA-2020:4479
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595

+ RHSA-2020:4469 Low: cups security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4469
CVE-2020-3898

+ RHSA-2020:4465 Low: binutils security update
https://access.redhat.com/errata/RHSA-2020:4465
CVE-2019-17450

+ RHSA-2020:4464 Moderate: libxslt security update
https://access.redhat.com/errata/RHSA-2020:4464
CVE-2019-11068
CVE-2019-18197

+ RHSA-2020:4453 Moderate: vim security update
https://access.redhat.com/errata/RHSA-2020:4453
CVE-2019-20807

+ RHSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4451
CVE-2019-8625
CVE-2019-8710
CVE-2019-8720
CVE-2019-8743
CVE-2019-8764
CVE-2019-8766
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8823
CVE-2019-8835
CVE-2019-8844
CVE-2019-8846
CVE-2020-3862
CVE-2020-3864
CVE-2020-3865
CVE-2020-3867
CVE-2020-3868
CVE-2020-3885
CVE-2020-3894
CVE-2020-3895
CVE-2020-3897
CVE-2020-3899
CVE-2020-3900
CVE-2020-3901
CVE-2020-3902
CVE-2020-9802
CVE-2020-9803
CVE-2020-9805
CVE-2020-9806
CVE-2020-9807
CVE-2020-9843
CVE-2020-9850
CVE-2020-9862
CVE-2020-9893
CVE-2020-9894
CVE-2020-9895
CVE-2020-9915
CVE-2020-9925
CVE-2020-10018
CVE-2020-11793
CVE-2020-14391
CVE-2020-15503

+ RHSA-2020:4445 Moderate: librabbitmq security update
https://access.redhat.com/errata/RHSA-2020:4445
CVE-2019-18609

+ RHSA-2020:4444 Moderate: glibc security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4444
CVE-2020-1751
CVE-2020-1752
CVE-2020-10029

+ RHSA-2020:4443 Moderate: libarchive security update
https://access.redhat.com/errata/RHSA-2020:4443
CVE-2019-19221

+ RHSA-2020:4442 Moderate: sqlite security update
https://access.redhat.com/errata/RHSA-2020:4442
CVE-2019-5018
CVE-2019-16168
CVE-2019-20218
CVE-2020-6405
CVE-2020-9327
CVE-2020-13630
CVE-2020-13631
CVE-2020-13632

+ RHSA-2020:4436 Low: gnome-software and fwupd security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4436
CVE-2020-10759

+ RHSA-2020:4433 Moderate: python3 security and bug fix update
https://access.redhat.com/errata/RHSA-2020:4433
CVE-2019-16935
CVE-2019-20907
CVE-2020-8492
CVE-2020-14422

+ RHSA-2020:4432 Moderate: python-pip security update
https://access.redhat.com/errata/RHSA-2020:4432
CVE-2019-20916

+ RHSA-2020:4431 Moderate: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2020:4431
CVE-2019-9455
CVE-2019-9458
CVE-2019-12614
CVE-2019-15917
CVE-2019-15925
CVE-2019-16231
CVE-2019-16233
CVE-2019-18808
CVE-2019-18809
CVE-2019-19046
CVE-2019-19056
CVE-2019-19062
CVE-2019-19063
CVE-2019-19068
CVE-2019-19072
CVE-2019-19319
CVE-2019-19332
CVE-2019-19447
CVE-2019-19524
CVE-2019-19533
CVE-2019-19537
CVE-2019-19543
CVE-2019-19767
CVE-2019-19770
CVE-2019-20054
CVE-2019-20636
CVE-2020-0305
CVE-2020-8647
CVE-2020-8648
CVE-2020-8649
CVE-2020-10732
CVE-2020-10751
CVE-2020-10773
CVE-2020-10774
CVE-2020-10942
CVE-2020-11565
CVE-2020-11668
CVE-2020-12465
CVE-2020-12655
CVE-2020-12659
CVE-2020-12770
CVE-2020-12826
CVE-2020-14381
CVE-2020-25641

+ Red Hat Enterprise Linux 8.3 released
https://access.redhat.com/announcements/5532381

+ Mozilla Foundation Security Advisory 2020-48 OAuth session fixation vulnerability in Mozilla VPN
https://www.mozilla.org/en-US/security/advisories/mfsa2020-48/
CVE-2020-15679

+ Linux kernel 5.9.4 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.4

CentOS Community Newsletter, November 2020 (#2011)
https://blog.centos.org/2020/11/centos-community-newsletter-november-2020-2011/

JVNVU#99899290 WAGO 製の 750-88x および 750-352 シリーズにリソース枯渇の脆弱性
http://jvn.jp/vu/JVNVU99899290/index.html

JVNVU#99139582 NEXCOM 製 NIO 50 に複数の脆弱性
http://jvn.jp/vu/JVNVU99139582/index.html

JVNVU#95679259 ARC Informatique 製 PcVue に複数の脆弱性
http://jvn.jp/vu/JVNVU95679259/index.html

JVN#57942454 サイボウズ Garoon における不適切な入力確認の脆弱性
http://jvn.jp/jp/JVN57942454/index.html

2020年11月4日水曜日

4日 水曜日、先負

+ Samba 4.13.2 Available for Download
https://www.samba.org/samba/history/samba-4.13.2.html

マルウエアのサンドボックス回避術
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/111900071/102100012/?ST=nxt_thmit_security

iPhone画面がアイコンで埋め尽くされる、実は危ない「構成プロファイル」
https://xtech.nikkei.com/atcl/nxt/column/18/00676/102900062/?ST=nxt_thmit_security

仮想通貨を狙う攻撃者がクラウドストレージを装ったフィッシングを発信する理由
https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600086/?ST=nxt_thmit_security

2020年11月2日月曜日

2日 月曜日、先勝

+ Linux kernel 5.9.3, 5.8.18, 5.4.74, 4.19.154 released
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.18
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.74
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154

+ UPDATE: Oracle Critical Patch Update Advisory - October 2020
https://www.oracle.com/security-alerts/cpuoct2020.html

+ hitachi-sec-2020-134 Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-134/index.html
+ hitachi-sec-2020-134 Hitachi Command Suite製品, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics AdvisorおよびHitachi Ops Center製品における複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-134/index.html
CVE-2020-14779
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803

+ hitachi-sec-2020-133 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-133/index.html
+ hitachi-sec-2020-133 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-133/index.html
CVE-2020-14779
CVE-2020-14781
CVE-2020-14782
CVE-2020-14792
CVE-2020-14796
CVE-2020-14797
CVE-2020-14798
CVE-2020-14803

+ hitachi-sec-2020-132 Vulnerability in JP1/Data Highway
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-132/index.html
+ hitachi-sec-2020-132 JP1/Data Highwayにおける脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-132/index.html
CVE-2019-10092

WANの通信を最適化するSD-WANの正体
[第2回]
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/091700094/102100002/?ST=nxt_thmit_security

UPDATE: JVNVU#94736763 Treck 製 IP スタックに複数の脆弱性
http://jvn.jp/vu/JVNVU94736763/index.html

JVNVU#96558207 三菱電機製 MELSEC iQ-R、Q および L シリーズにおけるリソース枯渇の脆弱性
http://jvn.jp/vu/JVNVU96558207/index.html

JVNVU#92513419 三菱電機製 MELSEC iQ-R シリーズにおける複数の脆弱性
http://jvn.jp/vu/JVNVU92513419/index.html