2026年7月16日木曜日

16日 木曜日、友引

+ RHSA-2026:39893 Important: python3.12 security update
https://access.redhat.com/errata/RHSA-2026:39893
CVE-2026-15308

+ RHSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39868
CVE-2026-6733
CVE-2026-6734
CVE-2026-9678
CVE-2026-9697
CVE-2026-11525
CVE-2026-12151
CVE-2026-42338
CVE-2026-48615
CVE-2026-48618
CVE-2026-48619
CVE-2026-48928
CVE-2026-48930
CVE-2026-48933
CVE-2026-48934
CVE-2026-48935

+ RHSA-2026:39575 Important: cifs-utils security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39575
CVE-2026-12505

+ RHSA-2026:40416 Low: php:8.2 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:40416
CVE-2026-14355

+ RHSA-2026:39879 Important: rhc security update
https://access.redhat.com/errata/RHSA-2026:39879
CVE-2026-27145
CVE-2026-39821

+ RHSA-2026:39810 Important: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update
https://access.redhat.com/errata/RHSA-2026:39810
CVE-2025-61726
CVE-2025-61729
CVE-2026-25679
CVE-2026-27137
CVE-2026-32280
CVE-2026-32281
CVE-2026-32282
CVE-2026-32283
CVE-2026-33810
CVE-2026-33811

+ RHSA-2026:39798 Important: python3.9 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39798
CVE-2026-15308

+ RHSA-2026:39771 Important: python3.12 security update
https://access.redhat.com/errata/RHSA-2026:39771
CVE-2026-15308

+ RHSA-2026:39576 Important: cifs-utils security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39576
CVE-2026-12505

+ Google Chrome 151.0.7922.34/.35 released
https://chromereleases.googleblog.com/2026/07/early-stable-update-for-desktop.html

+ Mozilla Firefox 152.0.6 released
https://www.firefox.com/en-US/firefox/152.0.6/releasenotes/

+ nginx 1.31.3. 1.30.4 released
https://nginx.org/en/CHANGES
https://nginx.org/en/CHANGES-1.30

+ K000162097: NGINX map directive and regex matching vulnerability CVE-2026-42533
https://my.f5.com/manage/s/article/K000162097
CVE-2026-42533

+ K000162100: NGINX ngx_http_slice_module vulnerability CVE-2026-60005
https://my.f5.com/manage/s/article/K000162100
CVE-2026-60005

+ K000162098: NGINX ngx_http_ssi_module vulnerability CVE-2026-56434
https://my.f5.com/manage/s/article/K000162098
CVE-2026-56434

+ Apache PDFBox 2.0.37 released
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12356771

VU#529388 Privilege escalation vulnerability via unprotected IOCTL interface in Pegatron Tdelo64.sys
https://www.kb.cert.org/vuls/id/529388

VU#725167 node-forge Signature Forgery Vulnerabilities in RSA-PKCS and ED25519 Implementations
https://www.kb.cert.org/vuls/id/725167

基礎から分かる、AIエージェントのセキュリティー設計 第2回
AIエージェントのID管理に4つの課題、過剰な権限を持たせず「小さく」設計
https://xtech.nikkei.com/atcl/nxt/column/18/03687/071000002/?ST=nxt_thmit_security

ニュース解説
ニチレイ不正アクセス「東西両センターで障害」、井村屋は15日分納品を中止
https://xtech.nikkei.com/atcl/nxt/column/18/00001/11899/?ST=nxt_thmit_security

JVN#59875262 HYPER SBI 2のインストーラにおけるDLL読み込みに関する脆弱性
https://jvn.jp/jp/JVN59875262/index.html

JVNVU#91295052 Siemens製品に対するアップデート(2026年7月)
https://jvn.jp/vu/JVNVU91295052/index.html

JVNVU#91675472 CISA ICS Advisory / ICS Medical Advisory(2026年07月14日)
https://jvn.jp/vu/JVNVU91675472/index.html

2026年7月15日水曜日

15日 水曜日、先勝

+ RHSA-2026:39320 Important: python3 security update
https://access.redhat.com/errata/RHSA-2026:39320
CVE-2026-15308

+ RHSA-2026:39266 Important: git-lfs security update
https://access.redhat.com/errata/RHSA-2026:39266
CVE-2026-33811

+ RHSA-2026:39127 Important: python-pillow security update
https://access.redhat.com/errata/RHSA-2026:39127
CVE-2026-54059
CVE-2026-54060
CVE-2026-55379
CVE-2026-55380

+ RHSA-2026:39083 Important: kernel update
https://access.redhat.com/errata/RHSA-2026:39083
CVE-2025-71066
CVE-2025-71089
CVE-2026-31411
CVE-2026-43499
CVE-2026-46113
CVE-2026-53166
CVE-2026-53266
CVE-2026-53359

+ RHSA-2026:38995 Important: go-toolset:rhel8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:38995
CVE-2026-27145
CVE-2026-39821
CVE-2026-39822

+ RHSA-2026:38901 Important: perl-DBI:1.641 security update
https://access.redhat.com/errata/RHSA-2026:38901
CVE-2026-9698

+ RHSA-2026:38847 Important: nginx:1.24 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:38847
CVE-2026-42055

+ RHSA-2026:38488 Important: xorg-x11-server-Xwayland security update
https://access.redhat.com/errata/RHSA-2026:38488
CVE-2026-55999

+ RHSA-2026:38485 Important: gegl security update
https://access.redhat.com/errata/RHSA-2026:38485
CVE-2026-2050

+ RHSA-2026:39553 Important: perl-XML-LibXML security update
https://access.redhat.com/errata/RHSA-2026:39553
CVE-2026-8177

+ RHSA-2026:39319 Important: git-lfs security update
https://access.redhat.com/errata/RHSA-2026:39319
CVE-2026-33811

+ RHSA-2026:39309 Low: capstone security update
https://access.redhat.com/errata/RHSA-2026:39309
CVE-2025-68114

+ RHSA-2026:38493 Important: buildah security update
https://access.redhat.com/errata/RHSA-2026:38493
CVE-2026-39822

+ RHSA-2026:38490 Important: xorg-x11-server-Xwayland security update
https://access.redhat.com/errata/RHSA-2026:38490
CVE-2026-55999
CVE-2026-56000

+ Google Chrome 150.0.7871.124/.125 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_0353146366.html

+ Mozilla Foundation Security Advisory 2026-67 Security Vulnerabilities fixed in Firefox 152.0.6
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/
CVE-2026-15718
CVE-2026-15719

+ 2026 年 7 月のセキュリティ更新プログラム (月例)
https://www.microsoft.com/en-us/msrc/blog/2026/07/202607-security-update

基礎から分かる、AIエージェントのセキュリティー設計 第1回
AIエージェントは何が「危ない」のか、自律レベルとリスクの関係を理解する
https://xtech.nikkei.com/atcl/nxt/column/18/03687/071000001/?ST=nxt_thmit_security

2026年7月14日火曜日

14日 火曜日、赤口

+ JVNVU#94203999 GNU Wgetにおけるサーバサイドリクエストフォージェリの脆弱性
https://jvn.jp/vu/JVNVU94203999/index.html
CVE-2026-15146

JVNVU#94039788 iOS版LINEにおけるサービス運用妨害(DoS)につながる脆弱性
https://jvn.jp/vu/JVNVU94039788/index.html

piyokangoの週刊システムトラブル
オーミケンシ、有価証券報告書の提出延期 VPN経由侵入で基幹システム停止
https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900372/?ST=nxt_thmit_security

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第4回
アサヒなど被害企業20社超の再発防止策を分析、レジリエンス重視が鮮明に
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800004/?ST=nxt_thmit_security