2026年7月17日金曜日

17日 金曜日、先負

+ RHSA-2026:40894 Important: hplip security update
https://access.redhat.com/errata/RHSA-2026:40894
CVE-2026-14544

+ RHSA-2026:40841 Important: maven:3.8 security update
https://access.redhat.com/errata/RHSA-2026:40841
CVE-2025-67030

+ RHSA-2026:40895 Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
https://access.redhat.com/errata/RHSA-2026:40895
CVE-2026-54512
CVE-2026-54513

+ RHSA-2026:40831 Important: hplip security update
https://access.redhat.com/errata/RHSA-2026:40831
CVE-2026-14544

+ RHSA-2026:40751 Important: gimp security update
https://access.redhat.com/errata/RHSA-2026:40751
CVE-2026-58380
CVE-2026-58384

+ Google Chrome 150.0.7871.128/.129 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_049796704.html

+ Oracle Critical Patch Update Pre-Release Announcement - July 2026
https://www.oracle.com/security-alerts/cpujul2026.html

+ JVN#65294474 Tera TermのTTSSH2プラグインにおける複数の脆弱性
https://jvn.jp/jp/JVN65294474/index.html
CVE-2026-58317
CVE-2026-60060

+ JVNVU#95286373 Apache Tomcatにおける複数の脆弱性(2026年7月14日)
https://jvn.jp/vu/JVNVU95286373/index.html
CVE-2026-59083
CVE-2026-59084

VU#885548 Denial-of-service vulnerability in HTTP/2 servers via stalled flow-control conditions
https://www.kb.cert.org/vuls/id/885548

VU#326070 SGLang contains a vulnerable pickle deserialization vulnerability through the expert-parallel subsystem
https://www.kb.cert.org/vuls/id/326070

JVNVU#90340653 Pegatron製Windows Driver Model (WDM) ドライバー「Tdelo64.sys」における複数の脆弱性
https://jvn.jp/vu/JVNVU90340653/index.html

JVNVU#98998987 JavaScriptライブラリ「Forge」における複数の署名検証不備の脆弱性
https://jvn.jp/vu/JVNVU98998987/index.html

日経コンピュータ 勝村幸博の「今日も誰かが狙われる」
「AI駆動型ワーム」の脅威 自律的に脆弱性を見つけて感染
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/070700190/?ST=nxt_thmit_security

基礎から分かる、AIエージェントのセキュリティー設計 第3回
何をどう判断しどう行動したのか、AIエージェントを「追跡」するログ設計
https://xtech.nikkei.com/atcl/nxt/column/18/03687/071000003/?ST=nxt_thmit_security

2026年7月16日木曜日

16日 木曜日、友引

+ RHSA-2026:39893 Important: python3.12 security update
https://access.redhat.com/errata/RHSA-2026:39893
CVE-2026-15308

+ RHSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39868
CVE-2026-6733
CVE-2026-6734
CVE-2026-9678
CVE-2026-9697
CVE-2026-11525
CVE-2026-12151
CVE-2026-42338
CVE-2026-48615
CVE-2026-48618
CVE-2026-48619
CVE-2026-48928
CVE-2026-48930
CVE-2026-48933
CVE-2026-48934
CVE-2026-48935

+ RHSA-2026:39575 Important: cifs-utils security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39575
CVE-2026-12505

+ RHSA-2026:40416 Low: php:8.2 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:40416
CVE-2026-14355

+ RHSA-2026:39879 Important: rhc security update
https://access.redhat.com/errata/RHSA-2026:39879
CVE-2026-27145
CVE-2026-39821

+ RHSA-2026:39810 Important: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update
https://access.redhat.com/errata/RHSA-2026:39810
CVE-2025-61726
CVE-2025-61729
CVE-2026-25679
CVE-2026-27137
CVE-2026-32280
CVE-2026-32281
CVE-2026-32282
CVE-2026-32283
CVE-2026-33810
CVE-2026-33811

+ RHSA-2026:39798 Important: python3.9 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39798
CVE-2026-15308

+ RHSA-2026:39771 Important: python3.12 security update
https://access.redhat.com/errata/RHSA-2026:39771
CVE-2026-15308

+ RHSA-2026:39576 Important: cifs-utils security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:39576
CVE-2026-12505

+ Google Chrome 151.0.7922.34/.35 released
https://chromereleases.googleblog.com/2026/07/early-stable-update-for-desktop.html

+ Mozilla Firefox 152.0.6 released
https://www.firefox.com/en-US/firefox/152.0.6/releasenotes/

+ nginx 1.31.3. 1.30.4 released
https://nginx.org/en/CHANGES
https://nginx.org/en/CHANGES-1.30

+ K000162097: NGINX map directive and regex matching vulnerability CVE-2026-42533
https://my.f5.com/manage/s/article/K000162097
CVE-2026-42533

+ K000162100: NGINX ngx_http_slice_module vulnerability CVE-2026-60005
https://my.f5.com/manage/s/article/K000162100
CVE-2026-60005

+ K000162098: NGINX ngx_http_ssi_module vulnerability CVE-2026-56434
https://my.f5.com/manage/s/article/K000162098
CVE-2026-56434

+ Apache PDFBox 2.0.37 released
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310760&version=12356771

VU#529388 Privilege escalation vulnerability via unprotected IOCTL interface in Pegatron Tdelo64.sys
https://www.kb.cert.org/vuls/id/529388

VU#725167 node-forge Signature Forgery Vulnerabilities in RSA-PKCS and ED25519 Implementations
https://www.kb.cert.org/vuls/id/725167

基礎から分かる、AIエージェントのセキュリティー設計 第2回
AIエージェントのID管理に4つの課題、過剰な権限を持たせず「小さく」設計
https://xtech.nikkei.com/atcl/nxt/column/18/03687/071000002/?ST=nxt_thmit_security

ニュース解説
ニチレイ不正アクセス「東西両センターで障害」、井村屋は15日分納品を中止
https://xtech.nikkei.com/atcl/nxt/column/18/00001/11899/?ST=nxt_thmit_security

JVN#59875262 HYPER SBI 2のインストーラにおけるDLL読み込みに関する脆弱性
https://jvn.jp/jp/JVN59875262/index.html

JVNVU#91295052 Siemens製品に対するアップデート(2026年7月)
https://jvn.jp/vu/JVNVU91295052/index.html

JVNVU#91675472 CISA ICS Advisory / ICS Medical Advisory(2026年07月14日)
https://jvn.jp/vu/JVNVU91675472/index.html

2026年7月15日水曜日

15日 水曜日、先勝

+ RHSA-2026:39320 Important: python3 security update
https://access.redhat.com/errata/RHSA-2026:39320
CVE-2026-15308

+ RHSA-2026:39266 Important: git-lfs security update
https://access.redhat.com/errata/RHSA-2026:39266
CVE-2026-33811

+ RHSA-2026:39127 Important: python-pillow security update
https://access.redhat.com/errata/RHSA-2026:39127
CVE-2026-54059
CVE-2026-54060
CVE-2026-55379
CVE-2026-55380

+ RHSA-2026:39083 Important: kernel update
https://access.redhat.com/errata/RHSA-2026:39083
CVE-2025-71066
CVE-2025-71089
CVE-2026-31411
CVE-2026-43499
CVE-2026-46113
CVE-2026-53166
CVE-2026-53266
CVE-2026-53359

+ RHSA-2026:38995 Important: go-toolset:rhel8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:38995
CVE-2026-27145
CVE-2026-39821
CVE-2026-39822

+ RHSA-2026:38901 Important: perl-DBI:1.641 security update
https://access.redhat.com/errata/RHSA-2026:38901
CVE-2026-9698

+ RHSA-2026:38847 Important: nginx:1.24 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:38847
CVE-2026-42055

+ RHSA-2026:38488 Important: xorg-x11-server-Xwayland security update
https://access.redhat.com/errata/RHSA-2026:38488
CVE-2026-55999

+ RHSA-2026:38485 Important: gegl security update
https://access.redhat.com/errata/RHSA-2026:38485
CVE-2026-2050

+ RHSA-2026:39553 Important: perl-XML-LibXML security update
https://access.redhat.com/errata/RHSA-2026:39553
CVE-2026-8177

+ RHSA-2026:39319 Important: git-lfs security update
https://access.redhat.com/errata/RHSA-2026:39319
CVE-2026-33811

+ RHSA-2026:39309 Low: capstone security update
https://access.redhat.com/errata/RHSA-2026:39309
CVE-2025-68114

+ RHSA-2026:38493 Important: buildah security update
https://access.redhat.com/errata/RHSA-2026:38493
CVE-2026-39822

+ RHSA-2026:38490 Important: xorg-x11-server-Xwayland security update
https://access.redhat.com/errata/RHSA-2026:38490
CVE-2026-55999
CVE-2026-56000

+ Google Chrome 150.0.7871.124/.125 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_0353146366.html

+ Mozilla Foundation Security Advisory 2026-67 Security Vulnerabilities fixed in Firefox 152.0.6
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/
CVE-2026-15718
CVE-2026-15719

+ 2026 年 7 月のセキュリティ更新プログラム (月例)
https://www.microsoft.com/en-us/msrc/blog/2026/07/202607-security-update

基礎から分かる、AIエージェントのセキュリティー設計 第1回
AIエージェントは何が「危ない」のか、自律レベルとリスクの関係を理解する
https://xtech.nikkei.com/atcl/nxt/column/18/03687/071000001/?ST=nxt_thmit_security