2026年1月29日木曜日

29日 木曜日、仏滅

+ RHSA-2026:1518 Important: grafana-pcp security update
https://access.redhat.com/errata/RHSA-2026:1518
CVE-2025-61729

+ RHSA-2026:1509 Important: spice-client-win security update
https://access.redhat.com/errata/RHSA-2026:1509
CVE-2025-14523

+ RHSA-2026:1478 Moderate: python3.9 security update
https://access.redhat.com/errata/RHSA-2026:1478
CVE-2025-12084

+ About the security content of Keynote 15.1
https://support.apple.com/en-us/126254
CVE-2025-46306

+ About the security content of Pages 15.1
https://support.apple.com/en-us/126255
CVE-2025-46316

+ Google Chrome 145.0.7632.26/.27 released
https://chromereleases.googleblog.com/2026/01/early-stable-update-for-desktop_28.html

+ Mozilla Firefox 147.0.2 released
https://www.firefox.com/en-US/firefox/147.0.2/releasenotes/

+ Mozilla Foundation Security Advisory 2026-07 Security Vulnerabilities fixed in Thunderbird 147.0.1
https://www.mozilla.org/en-US/security/advisories/mfsa2026-07/
CVE-2026-0818

+ Mozilla Foundation Security Advisory 2026-08 Security Vulnerabilities fixed in Thunderbird 140.7.1
https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/

+ Mozilla Thunderbird 147.0.1 released
https://www.thunderbird.net/en-US/thunderbird/147.0.1/releasenotes/

+ Apache Tomcat 10.1.52 Released
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.52_(schultz)

+ GnuPGの脆弱性(High: CVE-2026-24881, CVE-2026-24882, Low: CVE-2026-24883)
https://security.sios.jp/vulnerability/gnupg-security-vulnerability-20260129/
CVE-2026-24881
CVE-2026-24882
CVE-2026-24883

育て「明日のセキュリティー人材」
大学や高専の教育現場を取材
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/011900238/011900001/?ST=nxt_thmit_security

NEWS close-up
2026年の脅威予測が続々公表
攻撃者は「スループット重視」に向かう 守る側の勝利条件は「人×AI」に
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/011900314/?ST=nxt_thmit_security

ソフトバンクの会員サービスで他人の情報が表示される不具合、延べ8600件
https://xtech.nikkei.com/atcl/nxt/news/24/03061/?ST=nxt_thmit_security

JVNVU#97726449 libheifにおける境界外読み取りの脆弱性
https://jvn.jp/vu/JVNVU97726449/index.html

0 件のコメント:
ラベル:

2026年1月28日水曜日

28日 水曜日、先負

+ Gpg4win 5.0.1 released
https://www.gpg4win.org/change-history.html

+ RHSA-2026:1380 Moderate: osbuild-composer security update
https://access.redhat.com/errata/RHSA-2026:1380
CVE-2025-58183

+ RHSA-2026:1374 Moderate: python3.11 security update
https://access.redhat.com/errata/RHSA-2026:1374
CVE-2025-12084
CVE-2025-13836

+ RHSA-2026:1344 Important: grafana security update
https://access.redhat.com/errata/RHSA-2026:1344
CVE-2025-61729

+ RHSA-2026:1254 Important: python-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1254
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ RHSA-2026:1226 Important: python3.12-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1226
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ RHSA-2026:1224 Important: python3.11-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1224
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ RHSA-2026:0932 Important: java-1.8.0-openjdk security update
https://access.redhat.com/errata/RHSA-2026:0932
CVE-2025-64720
CVE-2025-65018
CVE-2026-21925
CVE-2026-21933
CVE-2026-21945

+ RHSA-2026:1142 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:1142
CVE-2023-53673
CVE-2025-40154
CVE-2025-40248
CVE-2025-40277

+ RHSA-2026:1429 Important: php:8.3 security update
https://access.redhat.com/errata/RHSA-2026:1429
CVE-2025-14177
CVE-2025-14178
CVE-2025-14180

+ RHSA-2026:1410 Moderate: python3.11 security update
https://access.redhat.com/errata/RHSA-2026:1410
CVE-2025-12084
CVE-2025-13836

+ RHSA-2026:1408 Moderate: python3.12 security update
https://access.redhat.com/errata/RHSA-2026:1408
CVE-2025-12084
CVE-2025-13836

+ RHSA-2026:1381 Moderate: osbuild-composer security update
https://access.redhat.com/errata/RHSA-2026:1381
CVE-2025-58183

+ RHSA-2026:1350 Moderate: curl security update
https://access.redhat.com/errata/RHSA-2026:1350
CVE-2025-9086

+ RHSA-2026:0933 Important: java-25-openjdk security update
https://access.redhat.com/errata/RHSA-2026:0933
CVE-2025-64720
CVE-2025-65018
CVE-2026-21925
CVE-2026-21933
CVE-2026-21945

+ RHSA-2026:1143 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:1143
CVE-2025-38141
CVE-2025-38349
CVE-2025-38731
CVE-2025-40248
CVE-2025-40258
CVE-2025-40294
CVE-2025-68301
CVE-2025-68305

+ RHSA-2026:1089 Important: python3.11-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1089
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ RHSA-2026:1088 Important: python3.12-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1088
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ RHSA-2026:1087 Important: python-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:1087
CVE-2025-66418
CVE-2025-66471
CVE-2026-21441

+ Google Chrome 144.0.7559.109/.110 released
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

+ Mozilla Foundation Security Advisory 2026-06 Security Vulnerabilities fixed in Firefox 147.0.2
https://www.mozilla.org/en-US/security/advisories/mfsa2026-06/
CVE-2026-24868
CVE-2026-24869

+ FreeBSD-SA-26:02.jail Jail escape by a privileged user via nullfs
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:02.jail.asc
CVE-2025-15547

+ FreeBSD-SA-26:01.openssl Multiple vulnerabilities in OpenSSL
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:01.openssl.asc
CVE-2025-11187
CVE-2025-15467
CVE-2025-15468
CVE-2025-15469
CVE-2025-66199
CVE-2025-68160
CVE-2025-69418
CVE-2025-69419
CVE-2025-69420
CVE-2025-69421
CVE-2026-22795
CVE-2026-22796

+ OpenSSL 3.6.1 released
https://github.com/openssl/openssl/releases/tag/openssl-3.6.1

+ Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-11187
CVE-2025-11187

+ Stack buffer overflow in CMS AuthEnvelopedData parsing
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15467
CVE-2025-15467

+ NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15468
CVE-2025-15468

+ 'openssl dgst' one-shot codepath silently truncates inputs >16MB
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15469
CVE-2025-15469

+ TLS 1.3 CompressedCertificate excessive memory allocation
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-66199
CVE-2025-66199

+ Heap out-of-bounds write in BIO_f_linebuffer on short writes
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-68160
CVE-2025-68160

+ Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69418
CVE-2025-69418

+ Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69419
CVE-2025-69419

+ Missing ASN1_TYPE validation in TS_RESP_verify_response() function
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69420
CVE-2025-69420

+ NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69421
CVE-2025-69421

+ Missing ASN1_TYPE validation in PKCS#12 parsing
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-22795
CVE-2026-22795

+ ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-22796
CVE-2026-22796

+ OpenSSLの脆弱性(High: CVE-2025-15467, Moderate: CVE-2025-11187, Low: CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)と新バージョン(3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19)
https://security.sios.jp/vulnerability/openssl-security-vulnerability-20260128/
CVE-2025-15467
CVE-2025-11187
CVE-2025-15468
CVE-2025-15469
CVE-2025-66199
CVE-2025-68160
CVE-2025-69418
CVE-2025-69419
CVE-2025-69420
CVE-2025-69421
CVE-2026-22795
CVE-2026-22796

JVN#03776126 beat-access Windows版におけるDLL読み込みに関する脆弱性
https://jvn.jp/jp/JVN03776126/index.html

JVNVU#94651499 Archer MR600におけるOSコマンドインジェクションの脆弱性
https://jvn.jp/vu/JVNVU94651499/index.html

NEWS close-up
ランサム攻撃者が使う「EDR回避」に注意
EDRを封じられたアサヒやアスクル 回避手法は「すり抜け」と「無効化」の2つ
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/011900312/?ST=nxt_thmit_security

0 件のコメント:
ラベル:

2026年1月27日火曜日

27日 火曜日、友引

+ iOS 26.2.1 and iPadOS 26.2.1 released
https://support.apple.com/en-us/100100

+ iOS 18.7.4 and iPadOS 18.7.4 released
https://support.apple.com/en-us/100100

+ iOS 16.7.13 and iPadOS 16.7.13 released
https://support.apple.com/en-us/100100

+ iOS 15.8.6 and iPadOS 15.8.6 released
https://support.apple.com/en-us/100100

+ iOS 12.5.8 and iPadOS 12.5.8 released
https://support.apple.com/en-us/100100

+ Apache Tomcat 11.0.18 Released
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.18_(markt)

JVNVU#90741268 dr_flacにおける整数オーバーフローの脆弱性
https://jvn.jp/vu/JVNVU90741268/index.html

JVNVU#93876539 Schneider Electric製EcoStruxure Process Expertにおけるインストール時のファイルアクセス権の設定が不適切な脆弱性
https://jvn.jp/vu/JVNVU93876539/index.html

JVNVU#97468797 AutomationDirect製CLICK Programmable Logic Controllerにおける複数の脆弱性
https://jvn.jp/vu/JVNVU97468797/index.html

JVNVU#97460460 Rockwell Automation製CompactLogix 5370における数値の入力に対する不適切な検証の脆弱性
https://jvn.jp/vu/JVNVU97460460/index.html

JVNVU#98567776 Johnson Controls製iSTAR Configuration Utility (ICU) toolにおけるスタックベースのバッファオーバーフローの脆弱性
https://jvn.jp/vu/JVNVU98567776/index.html

JVNVU#99334362 複数のWeintek製品における複数の脆弱性
https://jvn.jp/vu/JVNVU99334362/index.html

JVNVU#91030585 Hubitat製Elevation Hubsにおけるユーザー識別情報操作による権限チェック回避の脆弱性
https://jvn.jp/vu/JVNVU91030585/index.html

JVNVU#96221257 Delta Electronics製DIAViewにおけるコマンドインジェクションの脆弱性
https://jvn.jp/vu/JVNVU96221257/index.html

JVNVU#98614980 EVMAPAにおける複数の脆弱性
https://jvn.jp/vu/JVNVU98614980/index.html

JVNVU#97184092 複数のAxis Communications製品における複数の脆弱性
https://jvn.jp/vu/JVNVU97184092/index.html

NEWS close-up
内部不正が招く情報漏洩危機
退職者や現職者の正規アクセス権が盲点に 生成AI活用も合わさり完全防御は困難
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/011900313/?ST=nxt_thmit_security

北郷達郎のテクノロジー温故知新
絶好調のNVIDIA、だが本当にGPUは生成AIと相性がよいのか
https://xtech.nikkei.com/atcl/nxt/column/18/02598/012000029/?ST=nxt_thmit_security

記者の眼
被害に遭っても補償が当たり前でない フィッシング時代のアカウント防衛術
https://xtech.nikkei.com/atcl/nxt/column/18/00138/012101939/?ST=nxt_thmit_security

piyokangoの週刊システムトラブル
都立学校で利用するシステムにプログラムミス、提供するNTT東日本が調査結果
https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900349/?ST=nxt_thmit_security

吉川孝志のマルウエア徹底解剖 第24回
ランサム攻撃者と身代金を交渉すべきか、観点や考え方を客観的に整理する
https://xtech.nikkei.com/atcl/nxt/column/18/02805/012000025/?ST=nxt_thmit_security

0 件のコメント:
ラベル:
登録: コメント (Atom)