:: IT Security Neophyte Investigator's MEMO ::

2026年6月10日水曜日

10日水曜日、仏滅

+ RHSA-2026:24545 Important: libyang security update

https://access.redhat.com/errata/RHSA-2026:24545

CVE-2026-44673

+ RHSA-2026:24365 Important: unbound security update

https://access.redhat.com/errata/RHSA-2026:24365

CVE-2026-42944

CVE-2026-42959

+ RHSA-2026:24340 Important: frr security update

https://access.redhat.com/errata/RHSA-2026:24340

CVE-2026-37457

+ RHSA-2026:24369 Important: unbound security update

https://access.redhat.com/errata/RHSA-2026:24369

CVE-2026-33278

CVE-2026-42944

CVE-2026-42959

+ RHSA-2026:24367 Important: bind security update

https://access.redhat.com/errata/RHSA-2026:24367

CVE-2026-3039

CVE-2026-5946

+ Mozilla Firefox 151.0.4 released

https://www.firefox.com/en-US/firefox/151.0.4/releasenotes/

+ FreeBSD-SA-26:36.ldns Insufficient response validation in the ldns stub resolver

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:36.ldns.asc

CVE-2026-10846

+ FreeBSD-SA-26:35.openssl Multiple vulnerabilities in OpenSSL

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:35.openssl.asc

CVE-2026-7383

CVE-2026-9076

CVE-2026-34180

CVE-2026-34181

CVE-2026-34182

CVE-2026-34183

CVE-2026-42764

CVE-2026-42766

CVE-2026-42767

CVE-2026-42768

CVE-2026-42769

CVE-2026-42770

CVE-2026-45445

CVE-2026-45446

CVE-2026-45447

+ FreeBSD-SA-26:34.vt Integer overflow in vt(4) CONS_HISTORY ioctl

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:34.vt.asc

CVE-2026-49416

+ FreeBSD-SA-26:33.unbound Multiple vulnerabilities in unbound

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:33.unbound.asc

CVE-2026-32792

CVE-2026-33278

CVE-2026-40622

CVE-2026-41292

CVE-2026-42534

CVE-2026-42923

CVE-2026-42944

CVE-2026-42959

CVE-2026-42960

CVE-2026-44390

CVE-2026-44608

+ FreeBSD-SA-26:32.elf ASLR bypass for setuid executables via procctl(2)

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:32.elf.asc

CVE-2026-49414

+ FreeBSD-SA-26:31.arm64 Arm CPU errata may bypass page table permission changes

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:31.arm64.asc

CVE-2025-10263

+ FreeBSD-SA-26:30.linux law in Linuxulator execution of setugid binaries

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:30.linux.asc

CVE-2026-49413

+ FreeBSD-SA-26:29.ip6_multicast Use-after-free bug in the IPV6_MSFILTER socket option handler

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:29.ip6_multicast.asc

CVE-2026-49412

+ FreeBSD-SA-26:28.capsicum sigqueue(2) missing capability mode restriction

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:28.capsicum.asc

CVE-2026-45259

+ FreeBSD-SA-26:27.sound Multiple vulnerabilities in the sound(4) mmap path

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:27.sound.asc

CVE-2026-45258

CVE-2026-49417

+ FreeBSD-SA-26:26.ktls Arbitrary file overwrite via the KTLS receive path

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:26.ktls.asc

CVE-2026-45257

+ FreeBSD-SA-26:25.thr Missing permission check in thr_kill2(2)

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:25.thr.asc

CVE-2026-45256

+ OpenSSL 4.0.1 released

https://github.com/openssl/openssl/releases/tag/openssl-4.0.1

+ Heap Buffer Over-read in ASN.1 Content Parsing

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-34180

CVE-2026-34180

+ PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-34181

CVE-2026-34181

+ CMS AuthEnvelopedData Processing May Accept Forged Messages

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-34182

CVE-2026-34182

+ Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-34183

CVE-2026-34183

+ Double-free When Checking OCSP Stapled Response

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-35188

CVE-2026-35188

+ NULL Pointer Dereference in QUIC Server Initial Packet Handling

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42764

CVE-2026-42764

+ NULL Dereference in Certificate Verification with OCSP Checking

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42765

CVE-2026-42765

+ Possible NULL Dereference in Password-Based CMS Decryption

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42766

CVE-2026-42766

+ NULL Pointer Dereference in CRMF EncryptedValue Decryption

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42767

CVE-2026-42767

+ Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42768

CVE-2026-42768

+ Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42769

CVE-2026-42769

+ FFC-DH Peer Validation Uses Attacker-Supplied q

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42770

CVE-2026-42770

+ Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-42771

CVE-2026-42771

+ AES-OCB IV Ignored on EVP_Cipher() Path

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-45445

CVE-2026-45445

+ Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-45446

CVE-2026-45446

+ Heap Use-After-Free in the PKCS7_verify() Function

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-45447

CVE-2026-45447

+ Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-7383

CVE-2026-7383

+ Out-of-Bounds Read in CMS Password-Based Decryption

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-9076

CVE-2026-9076

+ VU#616257 Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

https://www.kb.cert.org/vuls/id/616257

CVE-2026-8863

+ JVNVU#99913823 Apache HTTP Server 2.4における複数の脆弱性に対するアップデート（2026年6月8日）

https://jvn.jp/vu/JVNVU99913823/index.html

+ OpenSSLの脆弱性(High: CVE-2026-45447, Moderate: 5件,Low:12件)と 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh ,1.0.2zqのリリース

https://security.sios.jp/vulnerability/openssl-security-vulnerability-20260610/

CVE-2026-45447

CVE-2026-34182

CVE-2026-34183

CVE-2026-35188

CVE-2026-42764

CVE-2026-45445

CVE-2026-7383

CVE-2026-9076

CVE-2026-34180

CVE-2026-34181

CVE-2026-42765

CVE-2026-42766

CVE-2026-42767

CVE-2026-42768

CVE-2026-42769

CVE-2026-42770

CVE-2026-42771

CVE-2026-45446

日経コンピュータ「ITが危ない」

TLS証明書の有効期間が短縮　2029年3月には最長47日へ

更新漏れで深刻なシステム障害となる恐れ

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/092400133/060300196/?ST=nxt_thmit_security

データは語る

顔認証の利用経験は50％　66％が手ぶらでの本人確認に期待

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/020600010/060400226/?ST=nxt_thmit_security

最新セキュリティ事情と対策第7回

アカウント乗っ取りを防ぐ基本、「パスキー」と多要素認証を使う

https://xtech.nikkei.com/atcl/nxt/column/18/03598/042000007/?ST=nxt_thmit_security

勝村幸博の「今日も誰かが狙われる」

2025年の脆弱性は4万8000件、本当に危険なのは58件　優先順位付けが重要に

https://xtech.nikkei.com/atcl/nxt/column/18/00676/060500226/?ST=nxt_thmit_security

九州電力送配電、最大1090万件の顧客情報漏洩か　データを保存したSSD紛失

https://xtech.nikkei.com/atcl/nxt/news/24/03260/?ST=nxt_thmit_security

JVN#27656135 CamViewのインストーラにおけるDLL読み込みに関する脆弱性

https://jvn.jp/jp/JVN27656135/index.html

2026年6月9日火曜日

9日火曜日、先負

+ Google Chrome 149.0.7827.102/.103, 148.0.7778.254 released

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html

https://chromereleases.googleblog.com/2026/06/extended-stable-updates-for-desktop_01900035594.html

+ Apache httpd 2.4.68 Released

https://downloads.apache.org/httpd/Announcement2.4.html

https://downloads.apache.org/httpd/CHANGES_2.4.68

最新セキュリティ事情と対策第6回

怪しいメールは「ドメイン名」を確認、リンクを開く前に詐欺を見破る

https://xtech.nikkei.com/atcl/nxt/column/18/03598/042000006/?ST=nxt_thmit_security

piyokangoの週刊システムトラブル

アソビューで不正ログイン、狙われた事業者アカウント　1万4000件超に影響

https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900367/?ST=nxt_thmit_security

ニュース解説

YCC情報システム、個人情報100万件に漏洩のおそれ　契約後20年超のデータも

https://xtech.nikkei.com/atcl/nxt/column/18/00001/11806/?ST=nxt_thmit_security

2026年6月8日月曜日

8日月曜日、友引

アスクルが社長交代へ、ランサム攻撃踏まえ経営体制刷新

https://xtech.nikkei.com/atcl/nxt/news/24/03255/?ST=nxt_thmit_security

JVN#70631953 複数のTP-LINK製品における重要情報の平文送信の脆弱性

https://jvn.jp/jp/JVN70631953/index.html

JVNVU#91429317 CISA ICS Advisory / ICS Medical Advisory（2026年06月04日）

https://jvn.jp/vu/JVNVU91429317/index.html

登録: 投稿 (Atom)

2026年6月10日水曜日

10日 水曜日、仏滅

2026年6月9日火曜日

9日 火曜日、先負

2026年6月8日月曜日

8日 月曜日、友引

10日水曜日、仏滅

9日火曜日、先負

8日月曜日、友引