:: IT Security Neophyte Investigator's MEMO ::: 11月 2020

2020年11月30日月曜日

30日月曜日、先勝

+ JVNVU#98890246 トレンドマイクロ株式会社製 InterScan Messaging Security シリーズにおける複数の脆弱性

http://jvn.jp/vu/JVNVU98890246/index.html

+ Linux KernelにDoSの脆弱性(Moderate: CVE-2020-28941)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201130.html

CVE-2020-28941

+ Linux Kernel (Red Hatのみ) のBluetoothでDoSまたは任意のコード実行の脆弱性(Important: CVE-2020-25661, CVE-2020-25662)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201129.html

CVE-2020-25661

CVE-2020-25662

月間10億人が訪れるWebサイトに罠

引退間近のIEとFlashを狙う

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800013/111800035/?ST=nxt_thmit_security

Windows Serverに危険な脆弱性「Zerologon」

ドメイン管理者権限が盗まれる　パッチの適用が進まない緊急事態

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800124/?ST=nxt_thmit_security

2020年11月27日金曜日

27日金曜日、仏滅

+ PHP 8.0.0, 7.4.13, 7.3.25 released

https://www.php.net/ChangeLog-8.php#8.0.0

https://www.php.net/ChangeLog-7.php#7.4.13

https://www.php.net/ChangeLog-7.php#7.3.25

Maker Faire Tokyoで「可視化」が盛況

パケットの流れを光で見せる　通信を水で体感させるデモも

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800122/?ST=nxt_thmit_security

独禁法違反訴訟だけではない、嫌なところがマイクロソフトに似てきたグーグル

https://xtech.nikkei.com/atcl/nxt/column/18/00692/112600043/?ST=nxt_thmit_security

暗号化と暴露で11億円を要求、カプコン襲った「二重脅迫型」ランサムウエアの脅威

https://xtech.nikkei.com/atcl/nxt/column/18/00989/112400040/?ST=nxt_thmit_security

楽天が法人向けに新型コロナPCR検査キット提供へ、自宅で唾液を採取

https://xtech.nikkei.com/atcl/nxt/news/18/09208/?ST=nxt_thmit_security

日本企業の32％がランサムウエアの身代金を支払い、米クラウドストライク調査

https://xtech.nikkei.com/atcl/nxt/news/18/09205/?ST=nxt_thmit_security

行政向けクラウド強化急ぐ日本MS、本部長が明かすAWS対抗策

https://xtech.nikkei.com/atcl/nxt/column/18/00001/04881/?ST=nxt_thmit_security

2020年11月26日木曜日

26日木曜日、先負

+ Gpg4win 3.1.14 released

https://www.gpg4win.org/change-history.html

+ ISC BIND 9.17.7, 9.16.9, 9.11.25 released

https://downloads.isc.org/isc/bind9/9.17.7/doc/arm/html/notes.html#notes-for-bind-9-17-7

https://downloads.isc.org/isc/bind9/9.16.9/doc/arm/html/notes.html#notes-for-bind-9-16-9

https://downloads.isc.org/isc/bind9/9.11.25/RELEASE-NOTES-bind-9.11.25.html

JVNVU#98689901 Rockwell Automation 製 FactoryTalk Linx に複数の脆弱性

http://jvn.jp/vu/JVNVU98689901/index.html

JVNVU#97620058 富士電機製 V-Server Lite における境界外書き込みの脆弱性

http://jvn.jp/vu/JVNVU97620058/index.html

JVNTA#94494000 改ざんチェックのない CBC モードで暗号化された実行ファイルにおいて任意のコードを埋め込まれる問題

http://jvn.jp/ta/JVNTA94494000/index.html

JVN#56450373 GROWI における複数の脆弱性

http://jvn.jp/jp/JVN56450373/index.html

ボットネット潰しに新たな切り札

ランサムウエアの感染拡大を防ぐ　著作権法違反で差し止め申請

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/111800123/?ST=nxt_thmit_security

平井大臣が宣言した「脱PPAP」がベンチャーで加速、パスワード別送と決別なるか

https://xtech.nikkei.com/atcl/nxt/column/18/00001/04878/?ST=nxt_thmit_security

2020年11月25日水曜日

25日水曜日、友引

+ Linux kernel 5.9.11, 5.4.80,4.19.160, 4.14.209, 4.9.246, 4.4.246 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.11

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.80

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.160

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.209

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.246

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.246

+ Apache Tomcat 7.0.107 Released

http://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.107_(violetagg)

+ JVNVU#97472624 複数の VMware 製品に OS コマンドインジェクションの脆弱性

http://jvn.jp/vu/JVNVU97472624/index.html

CVE-2020-4006

+ JVN#27806339 NETGEAR GS108Ev3 におけるクロスサイトリクエストフォージェリの脆弱性

http://jvn.jp/jp/JVN27806339/index.html

CVE-2020-5641

+ JVNVU#94694991 トレンドマイクロ株式会社製ウイルスバスター for Mac に複数の脆弱性

http://jvn.jp/vu/JVNVU94694991/index.html

CVE-2020-25778

CVE-2020-25779

CVE-2020-27013

CVE-2020-27014

CVE-2020-27015

What is CPE up to: CentOS Stream

https://blog.centos.org/2020/11/what-is-cpe-up-to-centos-stream/

iPhoneの画面が大変なことに　実は危ない「構成プロファイル」

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/111200043/?ST=nxt_thmit_security

ゼネコンがランサムウエアに感染　窃取された情報を公開される

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/031800050/111800021/?ST=nxt_thmit_security

2020年11月24日火曜日

24日火曜日、先勝

+ CESA-2020:5083 Moderate CentOS 7 microcode_ctl Security Update

https://lwn.net/Articles/837743/

+ CESA-2020:5099 Critical CentOS 7 firefox Security Update

https://lwn.net/Articles/837876/

+ VMware Workstation 15.5.7

https://my.vmware.com/jp/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_workstation_player/15_0#product_downloads

+ VU#724367 VMware Workspace ONE Access and related components are vulnerable to command injection

https://www.kb.cert.org/vuls/id/724367

CVE-2020-4006

+Linux kernel 5.9.10, 5.4.79, 4.19.159, 4.14.208, 4.9.245, 4.4.245 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.10

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.79

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.159

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.208

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.245

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.245

+ VMSA-2020-0027 VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability

https://www.vmware.com/security/advisories/VMSA-2020-0027.html

CVE-2020-4006

+ VMSA-2020-0026 VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

CVE-2020-4004

CVE-2020-4005

+ VMSA-2020-0025 VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)

https://www.vmware.com/security/advisories/VMSA-2020-0025.html

CVE-2020-3984

CVE-2020-3985

CVE-2020-4000

CVE-2020-4001

CVE-2020-4002

CVE-2020-4003

+ Linux Kernelのfbconでバッファオーバー読み込みの脆弱性(CVE-2020-28974)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201124.html

CVE-2020-28974

+ Linux Kernelのfbconでのバッファオーバー読み込みの脆弱性(Moderate: CVE-2020-28915)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201118.html

CVE-2020-28915

+ Apache Tomcat AJP Ghostcat File Read/Inclusion (Metasploit)

https://cxsecurity.com/issue/WLB-2020110171

JVN#26835001 セイコーエプソン製の複数製品のインストーラにおける DLL 読み込みに関する脆弱性

http://jvn.jp/jp/JVN26835001/index.html

JVNVU#95980140 三菱電機製 MELSEC iQ-R シリーズにおけるリソース枯渇の脆弱性

http://jvn.jp/vu/JVNVU95980140/index.html

JVN#90729322 Hibernate ORM における SQL インジェクションの脆弱性

http://jvn.jp/jp/JVN90729322/index.html

著名人アカウントなど130件乗っ取り　リモートワークの隙を突かれる

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600011/111600068/?ST=nxt_thmit_security

ドメイン登録事業者へのサイバー攻撃が仮想通貨交換所に影響、メールの盗聴被害

https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600089/?ST=nxt_thmit_security

パスワード付きファイルの何が問題なのか、今こそ「PPAP」との決別を

https://xtech.nikkei.com/atcl/nxt/column/18/00676/112100065/?ST=nxt_thmit_security

ネット中傷被害者を早期に救え、新たな裁判手続きには期待と慎重論が交差

https://xtech.nikkei.com/atcl/nxt/column/18/00001/04864/?ST=nxt_thmit_security

三菱電機のMicrosoft 365に不正アクセス、取引先情報8635件流出

https://xtech.nikkei.com/atcl/nxt/news/18/09168/?ST=nxt_thmit_security

「パスワード別送」は推奨していない、JIPDECが声明

https://xtech.nikkei.com/atcl/nxt/news/18/09164/?ST=nxt_thmit_security

イベント管理のPeatixに不正アクセス、最大677万件の顧客情報が流出

https://xtech.nikkei.com/atcl/nxt/news/18/09162/?ST=nxt_thmit_security

2020年11月20日金曜日

20日金曜日、先負

+ Postgresql ODBC Driver 13.00 released

https://www.postgresql.org/ftp/odbc/versions/msi/

+ CESA-2020:5083 Moderate CentOS 7 microcode_ctl Security Update

https://lwn.net/Articles/837743/

+ CESA-2020:5003 Low CentOS 7 fence-agents Security Update

https://lwn.net/Articles/837739/

+ CESA-2020:5021 Moderate CentOS 7 qt Security Update

https://lwn.net/Articles/837746/

+ CESA-2020:5021 Moderate CentOS 7 qt5-qtbase Security Update

https://lwn.net/Articles/837747/

+ CESA-2020:5011 Moderate CentOS 7 bind Security Update

https://lwn.net/Articles/837737/

+ CESA-2020:5023 Moderate CentOS 7 kernel Security Update

https://lwn.net/Articles/837740/

+ CESA-2020:5020 Low CentOS 7 tomcat Security Update

https://lwn.net/Articles/837749/

+ CESA-2020:5004 Low CentOS 7 resource-agents Security Update

https://lwn.net/Articles/837748/

+ CESA-2020:5040 Moderate CentOS 7 libvirt Security Update

https://lwn.net/Articles/837742/

+ CESA-2020:5009 Moderate CentOS 7 python Security Update

https://lwn.net/Articles/837744/

+ CESA-2020:5002 Moderate CentOS 7 curl Security Update

https://lwn.net/Articles/837738/

+ CESA-2020:5012 Moderate CentOS 7 librepo Security Update

https://lwn.net/Articles/837741/

+ CESA-2020:5010 Moderate CentOS 7 python3 Security Update

https://lwn.net/Articles/837745/

JVNVU#95980140 三菱電機製 MELSEC iQ-R シリーズにおけるリソース枯渇の脆弱性

http://jvn.jp/vu/JVNVU95980140/index.html

JVN#90729322 Hibernate ORM における SQL インジェクションの脆弱性

http://jvn.jp/jp/JVN90729322/index.html

国内DX投資は2030年度に3兆円超　けん引役は交通・運輸業界

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600010/111000075/?ST=nxt_thmit_security

著名人アカウントなど130件乗っ取り、知られざるツイッターハックの全容

https://xtech.nikkei.com/atcl/nxt/column/18/01157/111700023/?ST=nxt_thmit_security

freeeがパスワード付きファイルのメール受信廃止を宣言

https://xtech.nikkei.com/atcl/nxt/news/18/09154/?ST=nxt_thmit_security

マイナンバーカードのパスワード初期化、2021年秋にコンビニで可能に

https://xtech.nikkei.com/atcl/nxt/column/18/00001/04856/?ST=nxt_thmit_security

2020年11月19日木曜日

19日木曜日、友引

+ RHSA-2020:5146 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2020:5146

CVE-2020-26950

+ Mozilla Thunderbird 78.5.0 released

https://www.thunderbird.net/en-US/thunderbird/78.5.0/releasenotes/

+ Linux kernel 5.9.9, 5.4.78, 4.19.158, 4.14.207, 4.9.244, 4.4.244 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.9

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.78

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.158

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.207

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.244

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.244

+ Apache Tomcat 9.0.40, 8.5.60 released

http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.40_(markt)

http://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.60_(markt)

+ JVNVU#96249940 トレンドマイクロ株式会社製ウイルスバスタークラウドにおける任意のファイルが削除可能な脆弱性

http://jvn.jp/vu/JVNVU96249940/index.html

CVE-2020-25775

+ Linux Kernelのfbconでのバッファオーバー読み込みの脆弱性(Moderate: CVE-2020-28915)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201118.html

CVE-2020-28915

An update on our Gitforge

https://blog.centos.org/2020/11/an-update-on-our-gitforge/

JVNVU#94180712 複数の Sensormatic Electronics 製品に不適切な認可処理の脆弱性

http://jvn.jp/vu/JVNVU94180712/index.html

JVNVU#91732260 Paradox 製 IP150 に複数の脆弱性

http://jvn.jp/vu/JVNVU91732260/index.html

JVNVU#96484028 Real Time Automation 製 499ES EtherNet/IP Adaptor Source Code にスタックベースのバッファオーバーフローの脆弱性

http://jvn.jp/vu/JVNVU96484028/index.html

JVNVU#99979220 Schneider Electric 製 Interactive Graphical SCADA System (IGSS) に複数の脆弱性

http://jvn.jp/vu/JVNVU99979220/index.html

JVN#94245475 Movable Type Premium におけるクロスサイトスクリプティングの脆弱性

http://jvn.jp/jp/JVN94245475/index.html

東建コーポレーションで不正アクセス被害、個人情報65万件が流出か

https://xtech.nikkei.com/atcl/nxt/news/18/09143/?ST=nxt_thmit_security

2020年11月18日水曜日

18日水曜日、先勝

+ About the security content of iTunes 12.11 for Windows

https://support.apple.com/ja-jp/HT211933

CVE-2020-10002

CVE-2020-27912

CVE-2020-27917

CVE-2020-27911

CVE-2020-27918

CVE-2020-27895

+ Google Chrome 87.0.4280.66 released

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html

+ Mozilla Firefox 83.0 released

https://www.mozilla.org/en-US/firefox/83.0/releasenotes/

+ Mozilla Foundation Security Advisory 2020-50 Security Vulnerabilities fixed in Firefox 83

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/

CVE-2020-26951

CVE-2020-26952

CVE-2020-16012

CVE-2020-26953

CVE-2020-26954

CVE-2020-26955

CVE-2020-26956

CVE-2020-26957

CVE-2020-26958

CVE-2020-26959

CVE-2020-26960

CVE-2020-15999

CVE-2020-26961

CVE-2020-26962

CVE-2020-26963

CVE-2020-26964

CVE-2020-26965

CVE-2020-26966

CVE-2020-26967

CVE-2020-26968

CVE-2020-26969

+ Mozilla Foundation Security Advisory 2020-52 Security Vulnerabilities fixed in Thunderbird 78.5

https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/

CVE-2020-26951

CVE-2020-16012

CVE-2020-26953

CVE-2020-26956

CVE-2020-26958

CVE-2020-26959

CVE-2020-26960

CVE-2020-15999

CVE-2020-26961

CVE-2020-26965

CVE-2020-26966

CVE-2020-26968

+ UPDATE: Oracle Critical Patch Update Advisory - October 2020

https://www.oracle.com/security-alerts/cpuoct2020.html

+ 2020 年 11 月のセキュリティ更新プログラム

https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov

+ GnuPG 2.2.24 released

https://lists.gnupg.org/pipermail/gnupg-announce/2020q4/000449.html

+ Apache Struts 2.5.20 Double OGNL evaluation

https://cxsecurity.com/issue/WLB-2020110136

CVE-2019-0230

CVE-2020-0230

Announcing RHEL for the Edge

https://access.redhat.com/announcements/5580401

iPhoneに「ウイルス感染」の警告を表示、だましの手口を知らず慌てると窮地に

https://xtech.nikkei.com/atcl/nxt/column/18/00676/111400064/?ST=nxt_thmit_security

バイデン政権発足で「ファーウェイ排除」はどうなる、日本も蚊帳の外ではない

https://xtech.nikkei.com/atcl/nxt/column/18/01474/111700003/?ST=nxt_thmit_security

JVNVU#99880454 KonaWiki3 における複数の脆弱性

http://jvn.jp/vu/JVNVU99880454/index.html

2020年11月17日火曜日

17日火曜日、赤口

+ Mozilla Firefox 82.0.3 released

https://www.mozilla.org/en-US/firefox/82.0.3/releasenotes/

+ PostgreSQLの脆弱性情報(CVE-2020-25694, CVE-2020-25695, CVE-2020-25696)と新バージョン(9.5.24, 9.6.20, 10.15, 11.10, 12.5, 13.1)

https://security.sios.com/vulnerability/postgresql-security-vulnerability-20201116.html

CVE-2020-25694

CVE-2020-25695

CVE-2020-25696

+ Intel製CPUの脆弱性("Platypus": INTEL-SA-00389)

https://security.sios.com/vulnerability/misc-security-vulnerability-20201116.html

CVE-2020-8694

CVE-2020-8695

UPDATE: JVNVU#94736763 Treck 製 IP スタックに複数の脆弱性

http://jvn.jp/vu/JVNVU94736763/index.html

カプコンから最大35万件の個人情報流出の可能性、サイバー犯罪集団から身代金要求も

https://xtech.nikkei.com/atcl/nxt/news/18/09133/?ST=nxt_thmit_security

ITを核とした「技術覇権」競う米中、バイデン政権下で日本の重要性が増す理由

https://xtech.nikkei.com/atcl/nxt/column/18/01474/111400002/?ST=nxt_thmit_security

2020年11月16日月曜日

16日月曜日、大安

+ Safari 14.0.1 のセキュリティコンテンツについて

https://support.apple.com/ja-jp/HT211934

CVE-2020-9945

CVE-2020-27918

+ UPDATE: JVNVU#99462952 複数の Apple 製品における脆弱性に対するアップデート

http://jvn.jp/vu/JVNVU99462952/index.html

JVNVU#98911990 BD 製 Alaris 8015 PC Unit および Alaris Systems Manager に不適切な認証の脆弱性

http://jvn.jp/vu/JVNVU98911990/index.html

JVN#44764844 MELSEC iQ-R シリーズシーケンサ CPU ユニットにおけるリソース枯渇の脆弱性

http://jvn.jp/jp/JVN44764844/index.html

JVNVU#97690270 Replay Protected Memory Block (RPMB) プロトコルにリプレイ攻撃対策が不十分な問題

http://jvn.jp/vu/JVNVU97690270/index.html

メルカリの配送サービスでセブンイレブンから発送できない障害、復旧時期は未定

https://xtech.nikkei.com/atcl/nxt/news/18/09128/?ST=nxt_thmit_security

カプコンがランサムウエア被害か、脅迫文や攻撃に使われたとするマルウエアが見つかる

https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600088/?ST=nxt_thmit_security

バイデン政権はどう動く、「ねじれ議会」でもGAFA規制が進む可能性

https://xtech.nikkei.com/atcl/nxt/column/18/01474/111300001/?ST=nxt_thmit_security

カプコンから給与明細やパスポートなどのデータ流出か、ランサムウエア被害で

https://xtech.nikkei.com/atcl/nxt/news/18/09120/?ST=nxt_thmit_security

2020年11月13日金曜日

13日金曜日、赤口

+ RHSA-2020:5099 Critical: firefox security update

https://access.redhat.com/errata/RHSA-2020:5099

CVE-2020-26950

+ RHSA-2020:5100 Critical: firefox security update

https://access.redhat.com/errata/RHSA-2020:5100

CVE-2020-26950

+ About the security content of Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave

https://support.apple.com/ja-jp/HT211946

CVE-2020-27930

CVE-2020-27932

CVE-2020-27950

+ PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, & 9.5.24 Released!

https://www.postgresql.org/docs/13/release-13-1.html

https://www.postgresql.org/docs/12/release-12-5.html

https://www.postgresql.org/docs/11/release-11-10.html

https://www.postgresql.org/docs/10/release-10-15.html

https://www.postgresql.org/docs/9.6/release-9-6-20.html

https://www.postgresql.org/docs/9.5/release-9-5-24.html

+ Log4j 2.14.0 Released

http://logging.apache.org/log4j/2.x/changes-report.html#a2.14.0

JVN#44764844 MELSEC iQ-R シリーズシーケンサ CPU ユニットにおけるリソース枯渇の脆弱性

http://jvn.jp/jp/JVN44764844/index.html

ルーターとファイアウオールの利用実態、首位に立ったのはあのベンダー

https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500003/?ST=nxt_thmit_security

パソコン大手が力を注ぐ独自セキュリティーソフト、対抗馬はあの会社

https://xtech.nikkei.com/atcl/nxt/column/18/01470/111100003/?ST=nxt_thmit_security

2020年11月12日木曜日

12日木曜日、大安

+ RHSA-2020:5084 Moderate: microcode_ctl security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:5084

CVE-2020-8696

CVE-2020-8698

+ RHSA-2020:5083 Moderate: microcode_ctl security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:5083

CVE-2020-8695

CVE-2020-8696

CVE-2020-8698

+ RHSA-2020:5056 Moderate: podman security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5056

CVE-2020-14040

CVE-2020-14370

+ RHSA-2020:5055 Moderate: buildah security update

https://access.redhat.com/errata/RHSA-2020:5055

CVE-2020-14040

+ RHSA-2020:5085 Moderate: microcode_ctl security, bug fix and enhancement update

https://access.redhat.com/errata/RHSA-2020:5085

CVE-2020-8695

CVE-2020-8696

CVE-2020-8698

+ Google Chrome 86.0.4240.198 released

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html

+ Mozilla Thunderbird 78.4.3 relea

sed

https://www.thunderbird.net/en-US/thunderbird/78.4.3/releasenotes/

+ Linux kernel 5.9.8, 5.4.77, 4.19.157, 4.14.206, 4.9.243, 4.4.243 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.8

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.77

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.157

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.206

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.243

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.243

+ JVNVU#98002571 Intel 製品に複数の脆弱性

http://jvn.jp/vu/JVNVU98002571/index.html

CVE-2019-11121

CVE-2020-0590

CVE-2020-0587

CVE-2020-0591

CVE-2020-0593

CVE-2020-0588

CVE-2020-0592

CVE-2020-0559

CVE-2020-8676

CVE-2020-8693

CVE-2020-8692

CVE-2020-8690

CVE-2020-8691

CVE-2020-8737

CVE-2020-12312

CVE-2020-8764

CVE-2020-8738

CVE-2020-8740

CVE-2020-8739

CVE-2020-8752

CVE-2020-12297

CVE-2020-12304

CVE-2020-8745

CVE-2020-8744

CVE-2020-8705

CVE-2020-8750

CVE-2020-12303

CVE-2020-12354

CVE-2020-8757

CVE-2020-8756

CVE-2020-8760

CVE-2020-12355

CVE-2020-8755

CVE-2020-8749

CVE-2020-12313

CVE-2020-12318

CVE-2020-12321

CVE-2020-12306

CVE-2020-12307

CVE-2020-12315

CVE-2020-12331

CVE-2020-12336

CVE-2020-12337

CVE-2020-24525

CVE-2020-12323

CVE-2020-12330

CVE-2020-12334

CVE-2020-12335

CVE-2020-12333

CVE-2020-12332

CVE-2020-12325

CVE-2020-12324

CVE-2020-12329

CVE-2020-12338

CVE-2020-12350

CVE-2020-12347

CVE-2020-12345

CVE-2020-12346

CVE-2020-0572

CVE-2020-24456

CVE-2020-0592

CVE-2020-0584

CVE-2020-8677

CVE-2020-8693

CVE-2020-8692

CVE-2020-8690

CVE-2020-8691

CVE-2020-8747

CVE-2020-8746

CVE-2020-8766

CVE-2020-8767

CVE-2020-12314

CVE-2020-12317

CVE-2020-12319

CVE-2020-12322

CVE-2020-12353

CVE-2020-24460

CVE-2020-0575

CVE-2020-12309

CVE-2020-12310

CVE-2020-12311

CVE-2020-8698

CVE-2020-8696

CVE-2020-8737

CVE-2020-8694

CVE-2020-8695

CVE-2020-8753

CVE-2020-8751

CVE-2020-8754

CVE-2020-8761

CVE-2020-8747

CVE-2020-12356

CVE-2020-12308

CVE-2020-12316

CVE-2020-12320

CVE-2020-12328

CVE-2020-12327

CVE-2020-12326

CVE-2020-0573

CVE-2020-8669

CVE-2020-12349

CVE-2020-24454

CVE-2017-13080

+ Microsoft Windows Local Spooler Bypass

https://cxsecurity.com/issue/WLB-2020110086

CVE-2020-1337

全PCが乗っ取られる脆弱性　パッチの適用進まず

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020800017/110500453/?ST=nxt_thmit_security

企業内PCのセキュリティー、内蔵チップによるファームウエア防御が必須な理由

https://xtech.nikkei.com/atcl/nxt/column/18/01470/111000002/?ST=nxt_thmit_security

無線LANアクセスポイントとコントローラーの人気調査、あの2社が強かった

https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500002/?ST=nxt_thmit_security

JVNVU#92857198 Schneider Electric 製 PLC Simulator for EcoStruxure Control Expert に複数の脆弱性

http://jvn.jp/vu/JVNVU92857198/index.html

JVNVU#97890337 複数の OSIsoft 製品に脆弱性

http://jvn.jp/vu/JVNVU97890337/index.html

JVNVU#98046719 Siemens 製品に複数の脆弱性

http://jvn.jp/vu/JVNVU98046719/index.html

2020年11月11日水曜日

11日水曜日、仏滅

+ Apache OpenOffice 4.1.8 released

https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.8+Release+Notes

+ RHSA-2020:5056 Moderate: podman security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5056

CVE-2020-14040

CVE-2020-14370

+ RHSA-2020:5055 Moderate: buildah security update

https://access.redhat.com/errata/RHSA-2020:5055

CVE-2020-14040

+ RHSA-2020:5054 Moderate: skopeo security update

https://access.redhat.com/errata/RHSA-2020:5054

CVE-2020-14040

+ RHSA-2020:5050 Important: kpatch-patch security update

https://access.redhat.com/errata/RHSA-2020:5050

CVE-2020-14385

+ RHSA-2020:5040 Moderate: libvirt security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5040

CVE-2020-25637

+ RHSA-2020:5023 Moderate: kernel security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5023

CVE-2019-20811

CVE-2020-14331

+ RHSA-2020:5021 Moderate: qt and qt5-qtbase security update

https://access.redhat.com/errata/RHSA-2020:5021

CVE-2020-17507

+ RHSA-2020:5020 Low: tomcat security update

https://access.redhat.com/errata/RHSA-2020:5020

CVE-2020-1935

+ RHSA-2020:5012 Moderate: librepo security update

https://access.redhat.com/errata/RHSA-2020:5012

CVE-2020-14352

+ RHSA-2020:5011 Moderate: bind security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5011

CVE-2020-8622

CVE-2020-8623

CVE-2020-8624

+ RHSA-2020:5010 Moderate: python3 security update

https://access.redhat.com/errata/RHSA-2020:5010

CVE-2019-20907

CVE-2020-14422

+ RHSA-2020:5009 Moderate: python security update

https://access.redhat.com/errata/RHSA-2020:5009

CVE-2019-20907

+ RHSA-2020:5003 Low: fence-agents security and bug fix update

https://access.redhat.com/errata/RHSA-2020:5003

CVE-2020-11078

+ RHSA-2020:5002 Moderate: curl security update

https://access.redhat.com/errata/RHSA-2020:5002

CVE-2020-8177

+ Security update available for Adobe Reader Mobile | APSB20-71

https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.html

CVE-2020-24441

+ Security updates available for Adobe Connect | APSB20-69

https://helpx.adobe.com/security/products/connect/apsb20-69.html

CVE-2020-24442

CVE-2020-24443

+ Mozilla Thunderbird 78.4.2 released

https://www.thunderbird.net/en-US/thunderbird/78.4.2/releasenotes/

+ Linux kernel 5.9.7, 5.4.76, 4.19.156, 4.14.205, 4.9.242, 4.4.242 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.7

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.76

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.156

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.205

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.242

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.242

+ OpenLDAP 2.4.56 released

https://www.openldap.org/software/release/changes.html

VU#231329 Replay Protected Memory Block (RPMB) protocol does not adequately defend against replay attacks

https://www.kb.cert.org/vuls/id/231329

米大統領選狙ったランサムウエア　ボットネットを潰したMSの「秘策」

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/103000042/?ST=nxt_thmit_security

グーグルとMS、盟主はどちらか　盛り上がる「ゼロトラスト」同盟

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100111/103000037/?ST=nxt_thmit_security

大手パソコンメーカーのセキュリティー競争が激化、製品選びの新基準とは

https://xtech.nikkei.com/atcl/nxt/column/18/01470/111000001/?ST=nxt_thmit_security

恒例のネット機器利用実態調査、スイッチ部門でまさかの首位交代

https://xtech.nikkei.com/atcl/nxt/column/18/01464/110500001/?ST=nxt_thmit_security

2020年11月10日火曜日

10日火曜日、先負

+ RHSA-2020:4974 Important: chromium-browser security update

https://access.redhat.com/errata/RHSA-2020:4974

CVE-2020-16004

CVE-2020-16005

CVE-2020-16006

CVE-2020-16008

CVE-2020-16009

+ Google Chrome 86.0.4240.193 released

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_9.html

+ Mozilla Foundation Security Advisory 2020-49 Security Vulnerabilities fixed in Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2

https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/

CVE-2020-26950

+ Zabbix 5.2.1 released

https://www.zabbix.com/rn/rn5.2.1

+ CESA-2020:4056 Important CentOS 6 qemu-kvm Security Update

https://lwn.net/Articles/836620/

+ CESA-2020:4946 Important CentOS 6 libX11 Security Update

https://lwn.net/Articles/836619/

+ CESA-2020:4953 Important CentOS 6 xorg-x11-server Security Update

https://lwn.net/Articles/836622/

+ CESA-2020:4330 Important CentOS 6 firefox Security Update

https://lwn.net/Articles/836616/

+ CESA-2020:4182 Important CentOS 6 kernel Security Update

https://lwn.net/Articles/836618/

+ CESA-2020:4348 Moderate CentOS 6 java-1.8.0-openjdk Security Update

https://lwn.net/Articles/836617/

+ CESA-2020:4183 Moderate CentOS 6 bind Security Update

https://lwn.net/Articles/836615/

オラクル製品に緊急対応が必要な脆弱性、管理コンソールを公開したJPサーバーを確認

https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600087/?ST=nxt_thmit_security

ゆうちょ銀が不正出金の点検結果を公表、mijicaで14項目のセキュリティー不備

https://xtech.nikkei.com/atcl/nxt/news/18/09092/?ST=nxt_thmit_security

2020年11月9日月曜日

9日月曜日、友引

+ Mozilla Thunderbird 78.4.1 released

https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/

+ Postfix stable release 3.5.8 and legacy releases 3.4.18, 3.3.15, 3.2.20

http://www.postfix.org/announcements/postfix-3.5.8.html

http://mirror.postfix.jp/postfix-release/official/postfix-3.5.8.HISTORY

http://mirror.postfix.jp/postfix-release/official/postfix-3.4.18.HISTORY

http://mirror.postfix.jp/postfix-release/official/postfix-3.3.15.HISTORY

http://mirror.postfix.jp/postfix-release/official/postfix-3.2.20.HISTORY

+ JVNVU#99462952 複数の Apple 製品における脆弱性に対するアップデート

http://jvn.jp/vu/JVNVU99462952/index.html

+ JVNVU#92053563 XOOPS 用モジュール XooNIps における複数の脆弱性

http://jvn.jp/vu/JVNVU92053563/index.html

JVNVU#95897894 WECON 製 PLC Editor に複数の脆弱性

http://jvn.jp/vu/JVNVU95897894/index.html

JVNVU#99562395 三菱電機製 GOT1000 シリーズ GT14 モデルにおける複数の脆弱性

http://jvn.jp/vu/JVNVU99562395/index.html

2020年11月6日金曜日

6日金曜日、大安

+ RHSA-2020:4947 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2020:4947

CVE-2020-15683

CVE-2020-15969

+ RHSA-2020:4952 Important: freetype security update

https://access.redhat.com/errata/RHSA-2020:4952

CVE-2020-15999

+ RHSA-2020:4913 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2020:4913

CVE-2020-15683

CVE-2020-15969

+ About the security content of watchOS 7.1

https://support.apple.com/ja-jp/HT211928

CVE-2020-27910

CVE-2020-27916

CVE-2020-10017

CVE-2020-27909

CVE-2020-10003

CVE-2020-27930

CVE-2020-27927

CVE-2020-10002

CVE-2020-27912

CVE-2020-27905

CVE-2020-27950

CVE-2020-9974

CVE-2020-10016

CVE-2020-27932

CVE-2020-27917

CVE-2020-27911

CVE-2020-10010

CVE-2020-27918

+ About the security content of watchOS 6.2.9

https://support.apple.com/ja-jp/HT211944

CVE-2020-27930

CVE-2020-27950

CVE-2020-27932

+ About the security content of watchOS 5.3.9

https://support.apple.com/ja-jp/HT211945

CVE-2020-27930

CVE-2020-27950

CVE-2020-27932

+ About the security content of macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update

https://support.apple.com/ja-jp/HT211947

CVE-2020-27930

CVE-2020-27932

CVE-2020-27950

+ About the security content of tvOS 14.2

https://support.apple.com/ja-jp/HT211930

CVE-2020-27910

CVE-2020-27916

CVE-2020-10017

CVE-2020-27909

CVE-2020-10003

CVE-2020-27927

CVE-2020-10002

CVE-2020-27912

CVE-2020-27905

CVE-2020-9974

CVE-2020-10016

CVE-2020-27917

CVE-2020-27911

CVE-2020-10010

CVE-2020-27918

+ About the security content of iOS 14.2 and iPadOS 14.2

https://support.apple.com/ja-jp/HT211929

CVE-2020-27910

CVE-2020-27916

CVE-2020-27925

CVE-2020-10017

CVE-2020-27909

CVE-2020-10003

CVE-2020-27930

CVE-2020-27927

CVE-2020-10002

CVE-2020-27912

CVE-2020-27905

CVE-2020-27950

CVE-2020-9974

CVE-2020-10016

CVE-2020-27932

CVE-2020-27902

CVE-2020-27917

CVE-2020-27911

CVE-2020-27926

CVE-2020-10010

CVE-2020-10004

CVE-2020-13524

CVE-2020-10011

CVE-2020-27918

+ About the security content of iOS 12.4.9

https://support.apple.com/ja-jp/HT211940

CVE-2020-27929

CVE-2020-27930

CVE-2020-27950

CVE-2020-27932

+ Linux kernel 5.9.6, 5.4.75, 4.19.155, 4.14.204 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.6

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.75

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.155

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.204

+ Samba 4.12.10, 4.11.16 released

https://www.samba.org/samba/history/samba-4.12.10.html

https://www.samba.org/samba/history/samba-4.11.16.html

+ Linux Kernelのvt(virtual console)での脆弱性情報(Moderate: CVE-2020-25668)

https://security.sios.com/vulnerability/kernel-security-vulnerability-20201105.html

CVE-2020-25668

+ Trend Micro IMSVA CSRF / XML Injection / SSRF / File Disclosure

https://cxsecurity.com/issue/WLB-2020110030

CVE-2020-27019

CVE-2020-27694

CVE-2020-27016

CVE-2020-27017

CVE-2020-27018

CVE-2020-27693

UPDATE: JVNVU#99562395 三菱電機製 GOT1000 シリーズ GT14 モデルにおける複数の脆弱性

http://jvn.jp/vu/JVNVU99562395/index.html

JVN#57942454 サイボウズ Garoon における不適切な入力確認の脆弱性

http://jvn.jp/jp/JVN57942454/index.html

JVNVU#90224831 複数の三菱電機製 FA 製品における複数の脆弱性

http://jvn.jp/vu/JVNVU90224831/index.html

UPDATE: JVNVU#97662844 三菱電機製 MELSEC iQ-R シリーズの Ethernet ポートにおけるリソース枯渇の脆弱性

http://jvn.jp/vu/JVNVU97662844/index.html

JVN#00414047 スマートフォンアプリ「Studyplus(スタディプラス)」に外部サービスの API キーがハードコードされている問題

http://jvn.jp/jp/JVN00414047/index.html

2020年11月5日木曜日

5日木曜日、仏滅

+ RHSA-2020:4910 Important: xorg-x11-server security update

https://access.redhat.com/errata/RHSA-2020:4910

CVE-2020-14345

CVE-2020-14346

CVE-2020-14361

CVE-2020-14362

+ RHSA-2020:4909 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2020:4909

CVE-2020-15683

CVE-2020-15969

+ RHSA-2020:4908 Important: libX11 security update

https://access.redhat.com/errata/RHSA-2020:4908

CVE-2020-14363

+ RHSA-2020:4907 Important: freetype security update

https://access.redhat.com/errata/RHSA-2020:4907

CVE-2020-15999

+ RHSA-2020:4913 Important: thunderbird security update

https://access.redhat.com/errata/RHSA-2020:4913

CVE-2020-15683

CVE-2020-15969

+ RHSA-2020:4685 Important: kernel security update

https://access.redhat.com/errata/RHSA-2020:4685

CVE-2020-24490

CVE-2020-25661

CVE-2020-25662

+ RHSA-2020:4827 Moderate: oniguruma security update

https://access.redhat.com/errata/RHSA-2020:4827

CVE-2019-13225

+ RHSA-2020:4820 Moderate: file-roller security update

https://access.redhat.com/errata/RHSA-2020:4820

CVE-2019-16680

CVE-2020-11736

+ RHSA-2020:4807 Moderate: prometheus-jmx-exporter security update

https://access.redhat.com/errata/RHSA-2020:4807

CVE-2017-18640

+ RHSA-2020:4806 Important: dpdk security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4806

CVE-2020-10722

CVE-2020-10723

CVE-2020-10725

CVE-2020-10726

+ RHSA-2020:4805 Moderate: edk2 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4805

CVE-2019-14559

+ RHSA-2020:4799 Moderate: freeradius:3.0 security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4799

CVE-2019-17185

+ RHSA-2020:4766 Moderate: libexif security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4766

CVE-2019-9278

CVE-2020-0093

CVE-2020-0181

CVE-2020-0182

CVE-2020-0198

CVE-2020-12767

CVE-2020-13113

CVE-2020-13114

+ RHSA-2020:4763 Moderate: dovecot security update

https://access.redhat.com/errata/RHSA-2020:4763

CVE-2020-10958

CVE-2020-10967

+ RHSA-2020:4760 Moderate: tcpdump security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4760

CVE-2018-10103

CVE-2018-10105

CVE-2018-14461

CVE-2018-14462

CVE-2018-14463

CVE-2018-14464

CVE-2018-14465

CVE-2018-14466

CVE-2018-14467

CVE-2018-14468

CVE-2018-14469

CVE-2018-14470

CVE-2018-14879

CVE-2018-14880

CVE-2018-14881

CVE-2018-14882

CVE-2018-16227

CVE-2018-16228

CVE-2018-16229

CVE-2018-16230

CVE-2018-16300

CVE-2018-16451

CVE-2018-16452

CVE-2019-15166

+ RHSA-2020:4756 Moderate: varnish:6 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4756

CVE-2019-15892

CVE-2019-20637

CVE-2020-11653

+ RHSA-2020:4751 Moderate: httpd:2.4 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4751

CVE-2018-17189

CVE-2019-0196

CVE-2019-0197

CVE-2019-10081

CVE-2019-10082

CVE-2019-10092

CVE-2019-10097

CVE-2019-10098

CVE-2020-1927

CVE-2020-1934

+ RHSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4743

CVE-2019-12520

CVE-2019-12521

CVE-2019-12523

CVE-2019-12524

CVE-2019-12526

CVE-2019-12528

CVE-2019-12529

CVE-2019-12854

CVE-2019-18676

CVE-2019-18677

CVE-2019-18678

CVE-2019-18679

CVE-2019-18860

CVE-2020-8449

CVE-2020-8450

CVE-2020-14058

CVE-2020-15049

CVE-2020-24606

+ RHSA-2020:4847 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4847

CVE-2015-9251

CVE-2016-10735

CVE-2018-14040

CVE-2018-14042

CVE-2019-8331

CVE-2019-10146

CVE-2019-10179

CVE-2019-10221

CVE-2019-11358

CVE-2020-1721

CVE-2020-11022

CVE-2020-11023

CVE-2020-15720

+ RHSA-2020:4712 Moderate: subversion:1.10 security update

https://access.redhat.com/errata/RHSA-2020:4712

CVE-2018-11782

+ RHSA-2020:4709 Moderate: librsvg2 security update

https://access.redhat.com/errata/RHSA-2020:4709

CVE-2019-20446

+ CVE-2019-20446 Moderate: targetcli security and enhancement update

https://access.redhat.com/errata/RHSA-2020:4697

CVE-2020-13867

+ RHSA-2020:4694 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4694

CVE-2020-10749

CVE-2020-10756

CVE-2020-14040

+ RHSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4690

CVE-2015-9541

CVE-2018-21035

CVE-2020-0569

CVE-2020-0570

CVE-2020-13962

+ RHSA-2020:4689 Moderate: openwsman security update

https://access.redhat.com/errata/RHSA-2020:4689

CVE-2019-3833

+ RHSA-2020:4687 Moderate: oddjob security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4687

CVE-2020-10737

+ RHSA-2020:4682 Moderate: grafana security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4682

CVE-2018-18624

CVE-2019-19499

CVE-2020-11110

CVE-2020-12052

CVE-2020-12245

CVE-2020-12458

CVE-2020-12459

CVE-2020-13430

+ RHSA-2020:4676 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4676

CVE-2019-15890

CVE-2019-20485

CVE-2020-1983

CVE-2020-10703

CVE-2020-14301

CVE-2020-14339

+ RHSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4670

CVE-2015-9251

CVE-2016-10735

CVE-2018-14040

CVE-2018-14042

CVE-2018-20676

CVE-2018-20677

CVE-2019-8331

CVE-2019-11358

CVE-2020-1722

CVE-2020-11022

+ RHSA-2020:4667 Moderate: mailman:2.1 security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4667

CVE-2020-12137

+ RHSA-2020:4659 Moderate: gd security update

https://access.redhat.com/errata/RHSA-2020:4659

CVE-2018-14553

CVE-2019-6977

CVE-2019-6978

+ RHSA-2020:4655 Moderate: cyrus-imapd security update

https://access.redhat.com/errata/RHSA-2020:4655

CVE-2019-18928

CVE-2019-19783

+ RHSA-2020:4654 Moderate: python27:2.7 security update

https://access.redhat.com/errata/RHSA-2020:4654

CVE-2019-20907

CVE-2019-20916

+ RHSA-2020:4650 Moderate: cloud-init security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4650

CVE-2020-8631

CVE-2020-8632

+ RHSA-2020:4649 Low: evolution security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4649

CVE-2020-14928

+ RHSA-2020:4647 Moderate: freerdp and vinagre security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4647

CVE-2020-11018

CVE-2020-11019

CVE-2020-11038

CVE-2020-11039

CVE-2020-11040

CVE-2020-11041

CVE-2020-11042

CVE-2020-11043

CVE-2020-11044

CVE-2020-11045

CVE-2020-11046

CVE-2020-11047

CVE-2020-11048

CVE-2020-11049

CVE-2020-11058

CVE-2020-11085

CVE-2020-11086

CVE-2020-11087

CVE-2020-11088

CVE-2020-11089

CVE-2020-11522

CVE-2020-11525

CVE-2020-11526

CVE-2020-13396

CVE-2020-13397

+ RHSA-2020:4643 Low: poppler security update

https://access.redhat.com/errata/RHSA-2020:4643

CVE-2019-14494

+ RHSA-2020:4641 Moderate: python38:3.8 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4641

CVE-2019-20477

CVE-2019-20907

CVE-2020-1747

CVE-2020-8492

CVE-2020-14422

+ RHSA-2020:4638 Low: sysstat security update

https://access.redhat.com/errata/RHSA-2020:4638

CVE-2019-16167

+ RHSA-2020:4634 Moderate: libtiff security update

https://access.redhat.com/errata/RHSA-2020:4634

CVE-2019-17546

+ RHSA-2020:4629 Moderate: libvpx security update

https://access.redhat.com/errata/RHSA-2020:4629

CVE-2019-2126

CVE-2019-9232

CVE-2019-9371

CVE-2019-9433

+ RHSA-2020:4628 Low: libreoffice security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4628

CVE-2020-12802

CVE-2020-12803

+ RHSA-2020:4627 Moderate: SDL security update

https://access.redhat.com/errata/RHSA-2020:4627

CVE-2019-7572

CVE-2019-7573

CVE-2019-7574

CVE-2019-7575

CVE-2019-7576

CVE-2019-7577

CVE-2019-7578

CVE-2019-7635

CVE-2019-7636

CVE-2019-7637

CVE-2019-7638

+ RHSA-2020:4625 Moderate: spamassassin security update

https://access.redhat.com/errata/RHSA-2020:4625

CVE-2018-11805

CVE-2019-12420

CVE-2020-1930

CVE-2020-1931

+ RHSA-2020:4619 Moderate: frr security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4619

CVE-2020-12831

+ RHSA-2020:4599 Moderate: curl security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4599

CVE-2020-8177

+ RHSA-2020:4568 Moderate: libldb security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4568

CVE-2020-10730

+ RHSA-2020:4553 Low: systemd security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4553

CVE-2019-20386

+ RHSA-2020:4547 Low: libpcap security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4547

CVE-2019-15165

+ RHSA-2020:4545 Moderate: libssh security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4545

CVE-2019-14889

CVE-2020-1730

+ RHSA-2020:4542 Moderate: cryptsetup security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4542

CVE-2020-14382

+ RHSA-2020:4539 Moderate: pcre2 security and enhancement update

https://access.redhat.com/errata/RHSA-2020:4539

CVE-2019-20454

+ RHSA-2020:4514 Low: openssl security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4514

CVE-2019-1551

+ RHSA-2020:4508 Moderate: libsolv security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4508

CVE-2019-20387

+ RHSA-2020:4500 Moderate: bind security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4500

CVE-2020-8619

CVE-2020-8622

CVE-2020-8623

CVE-2020-8624

+ RHSA-2020:4497 Moderate: cyrus-sasl security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4497

CVE-2019-19906

+ RHSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4490

CVE-2019-13050

+ RHSA-2020:4484 Moderate: expat security update

https://access.redhat.com/errata/RHSA-2020:4484

CVE-2018-20843

CVE-2019-15903

+ RHSA-2020:4483 Moderate: opensc security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4483

CVE-2019-15945

CVE-2019-15946

CVE-2019-19479

CVE-2019-19481

CVE-2019-20792

+ RHSA-2020:4482 Moderate: libgcrypt security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4482

CVE-2019-13627

+ RHSA-2020:4481 Moderate: bluez security update

https://access.redhat.com/errata/RHSA-2020:4481

CVE-2020-0556

+ RHSA-2020:4479 Moderate: libxml2 security update

https://access.redhat.com/errata/RHSA-2020:4479

CVE-2019-19956

CVE-2019-20388

CVE-2020-7595

+ RHSA-2020:4469 Low: cups security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4469

CVE-2020-3898

+ RHSA-2020:4465 Low: binutils security update

https://access.redhat.com/errata/RHSA-2020:4465

CVE-2019-17450

+ RHSA-2020:4464 Moderate: libxslt security update

https://access.redhat.com/errata/RHSA-2020:4464

CVE-2019-11068

CVE-2019-18197

+ RHSA-2020:4453 Moderate: vim security update

https://access.redhat.com/errata/RHSA-2020:4453

CVE-2019-20807

+ RHSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4451

CVE-2019-8625

CVE-2019-8710

CVE-2019-8720

CVE-2019-8743

CVE-2019-8764

CVE-2019-8766

CVE-2019-8769

CVE-2019-8771

CVE-2019-8782

CVE-2019-8783

CVE-2019-8808

CVE-2019-8811

CVE-2019-8812

CVE-2019-8813

CVE-2019-8814

CVE-2019-8815

CVE-2019-8816

CVE-2019-8819

CVE-2019-8820

CVE-2019-8823

CVE-2019-8835

CVE-2019-8844

CVE-2019-8846

CVE-2020-3862

CVE-2020-3864

CVE-2020-3865

CVE-2020-3867

CVE-2020-3868

CVE-2020-3885

CVE-2020-3894

CVE-2020-3895

CVE-2020-3897

CVE-2020-3899

CVE-2020-3900

CVE-2020-3901

CVE-2020-3902

CVE-2020-9802

CVE-2020-9803

CVE-2020-9805

CVE-2020-9806

CVE-2020-9807

CVE-2020-9843

CVE-2020-9850

CVE-2020-9862

CVE-2020-9893

CVE-2020-9894

CVE-2020-9895

CVE-2020-9915

CVE-2020-9925

CVE-2020-10018

CVE-2020-11793

CVE-2020-14391

CVE-2020-15503

+ RHSA-2020:4445 Moderate: librabbitmq security update

https://access.redhat.com/errata/RHSA-2020:4445

CVE-2019-18609

+ RHSA-2020:4444 Moderate: glibc security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4444

CVE-2020-1751

CVE-2020-1752

CVE-2020-10029

+ RHSA-2020:4443 Moderate: libarchive security update

https://access.redhat.com/errata/RHSA-2020:4443

CVE-2019-19221

+ RHSA-2020:4442 Moderate: sqlite security update

https://access.redhat.com/errata/RHSA-2020:4442

CVE-2019-5018

CVE-2019-16168

CVE-2019-20218

CVE-2020-6405

CVE-2020-9327

CVE-2020-13630

CVE-2020-13631

CVE-2020-13632

+ RHSA-2020:4436 Low: gnome-software and fwupd security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4436

CVE-2020-10759

+ RHSA-2020:4433 Moderate: python3 security and bug fix update

https://access.redhat.com/errata/RHSA-2020:4433

CVE-2019-16935

CVE-2019-20907

CVE-2020-8492

CVE-2020-14422

+ RHSA-2020:4432 Moderate: python-pip security update

https://access.redhat.com/errata/RHSA-2020:4432

CVE-2019-20916

+ RHSA-2020:4431 Moderate: kernel security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2020:4431

CVE-2019-9455

CVE-2019-9458

CVE-2019-12614

CVE-2019-15917

CVE-2019-15925

CVE-2019-16231

CVE-2019-16233

CVE-2019-18808

CVE-2019-18809

CVE-2019-19046

CVE-2019-19056

CVE-2019-19062

CVE-2019-19063

CVE-2019-19068

CVE-2019-19072

CVE-2019-19319

CVE-2019-19332

CVE-2019-19447

CVE-2019-19524

CVE-2019-19533

CVE-2019-19537

CVE-2019-19543

CVE-2019-19767

CVE-2019-19770

CVE-2019-20054

CVE-2019-20636

CVE-2020-0305

CVE-2020-8647

CVE-2020-8648

CVE-2020-8649

CVE-2020-10732

CVE-2020-10751

CVE-2020-10773

CVE-2020-10774

CVE-2020-10942

CVE-2020-11565

CVE-2020-11668

CVE-2020-12465

CVE-2020-12655

CVE-2020-12659

CVE-2020-12770

CVE-2020-12826

CVE-2020-14381

CVE-2020-25641

+ Red Hat Enterprise Linux 8.3 released

https://access.redhat.com/announcements/5532381

+ Mozilla Foundation Security Advisory 2020-48 OAuth session fixation vulnerability in Mozilla VPN

https://www.mozilla.org/en-US/security/advisories/mfsa2020-48/

CVE-2020-15679

+ Linux kernel 5.9.4 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.4

CentOS Community Newsletter, November 2020 (#2011)

https://blog.centos.org/2020/11/centos-community-newsletter-november-2020-2011/

JVNVU#99899290 WAGO 製の 750-88x および 750-352 シリーズにリソース枯渇の脆弱性

http://jvn.jp/vu/JVNVU99899290/index.html

JVNVU#99139582 NEXCOM 製 NIO 50 に複数の脆弱性

http://jvn.jp/vu/JVNVU99139582/index.html

JVNVU#95679259 ARC Informatique 製 PcVue に複数の脆弱性

http://jvn.jp/vu/JVNVU95679259/index.html

JVN#57942454 サイボウズ Garoon における不適切な入力確認の脆弱性

http://jvn.jp/jp/JVN57942454/index.html

2020年11月4日水曜日

4日水曜日、先負

+ Samba 4.13.2 Available for Download

https://www.samba.org/samba/history/samba-4.13.2.html

マルウエアのサンドボックス回避術

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/111900071/102100012/?ST=nxt_thmit_security

iPhone画面がアイコンで埋め尽くされる、実は危ない「構成プロファイル」

https://xtech.nikkei.com/atcl/nxt/column/18/00676/102900062/?ST=nxt_thmit_security

仮想通貨を狙う攻撃者がクラウドストレージを装ったフィッシングを発信する理由

https://xtech.nikkei.com/atcl/nxt/column/18/00598/082600086/?ST=nxt_thmit_security

2020年11月2日月曜日

2日月曜日、先勝

+ Linux kernel 5.9.3, 5.8.18, 5.4.74, 4.19.154 released

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.18

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.74

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.154

+ UPDATE: Oracle Critical Patch Update Advisory - October 2020

https://www.oracle.com/security-alerts/cpuoct2020.html

+ hitachi-sec-2020-134 Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-134/index.html

+ hitachi-sec-2020-134 Hitachi Command Suite製品, Hitachi Automation Director, Hitachi Configuration Manager, Hitachi Infrastructure Analytics AdvisorおよびHitachi Ops Center製品における複数の脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-134/index.html

CVE-2020-14779

CVE-2020-14781

CVE-2020-14782

CVE-2020-14792

CVE-2020-14796

CVE-2020-14797

CVE-2020-14798

CVE-2020-14803

+ hitachi-sec-2020-133 Multiple Vulnerabilities in Cosminexus

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-133/index.html

+ hitachi-sec-2020-133 Cosminexusにおける複数の脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-133/index.html

CVE-2020-14779

CVE-2020-14781

CVE-2020-14782

CVE-2020-14792

CVE-2020-14796

CVE-2020-14797

CVE-2020-14798

CVE-2020-14803

+ hitachi-sec-2020-132 Vulnerability in JP1/Data Highway

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-132/index.html

+ hitachi-sec-2020-132 JP1/Data Highwayにおける脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2020-132/index.html

CVE-2019-10092

WANの通信を最適化するSD-WANの正体

［第2回］

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/091700094/102100002/?ST=nxt_thmit_security

UPDATE: JVNVU#94736763 Treck 製 IP スタックに複数の脆弱性

http://jvn.jp/vu/JVNVU94736763/index.html

JVNVU#96558207 三菱電機製 MELSEC iQ-R、Q および L シリーズにおけるリソース枯渇の脆弱性

http://jvn.jp/vu/JVNVU96558207/index.html

JVNVU#92513419 三菱電機製 MELSEC iQ-R シリーズにおける複数の脆弱性

http://jvn.jp/vu/JVNVU92513419/index.html

登録: 投稿 (Atom)