2026年7月9日木曜日

9日 木曜日、大安

+ RHSA-2026:36774 Important: gstreamer1-plugins-good security update
https://access.redhat.com/errata/RHSA-2026:36774
CVE-2026-53705

+ RHSA-2026:36732 Moderate: python-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:36732
CVE-2026-44431

+ RHSA-2026:36734 Low: libxml2 security update
https://access.redhat.com/errata/RHSA-2026:36734
CVE-2025-6170

+ RHSA-2026:36733 Moderate: cups security update
https://access.redhat.com/errata/RHSA-2026:36733
CVE-2026-34980

+ RHSA-2026:36728 Low: libtasn1 security update
https://access.redhat.com/errata/RHSA-2026:36728
CVE-2025-13151

+ RHSA-2026:36530 Important: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update
https://access.redhat.com/errata/RHSA-2026:36530
CVE-2026-23401
CVE-2026-31402
CVE-2026-31419

+ RHSA-2026:36879 Important: tomcat security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:36879
CVE-2026-29146
CVE-2026-34486

+ RHSA-2026:36832 Important: libreoffice security update
https://access.redhat.com/errata/RHSA-2026:36832
CVE-2026-8357

+ RHSA-2026:36777 Important: unbound security update
https://access.redhat.com/errata/RHSA-2026:36777
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390

+ RHSA-2026:36674 Moderate: gstreamer1-plugins-ugly-free security update
https://access.redhat.com/errata/RHSA-2026:36674
CVE-2026-53703
CVE-2026-53704

+ RHSA-2026:36617 Important: oci-seccomp-bpf-hook security update
https://access.redhat.com/errata/RHSA-2026:36617
CVE-2026-33811

+ Google Chrome 150.0.7871.114/.115 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html

+ Apache Tomcat 11.0.24, 10.1.57 Released
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.24_(markt)
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.57_(schultz)

+ ProFTPD 1.3.9c released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.9c
http://www.proftpd.org/docs/NEWS-1.3.9c

+ OpenSSHの脆弱性(Moderate: CVE-2026-59995, CVE-2026-59996, CVE-2026-59997, CVE-2026-59998, CVE-2026-59999)とOpenSSH 10.4/10.4p1リリース
https://security.sios.jp/vulnerability/openssh-security-vulnerability-20260709/
CVE-2026-59995
CVE-2026-59996
CVE-2026-59997
CVE-2026-59998
CVE-2026-59999

VU#849433 Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls
https://www.kb.cert.org/vuls/id/849433

JVN#62347140 富士電機製Pupsmanのインストーラにおける複数の脆弱性
https://jvn.jp/jp/JVN62347140/index.html

JVNVU#92734392 CISA ICS Advisory / ICS Medical Advisory(2026年07月07日)
https://jvn.jp/vu/JVNVU92734392/index.html

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第1回
出光は36億円を損失か、ランサム並みに深刻な「サイバー詐欺」の実態
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800001/?ST=nxt_thmit_security

3分でわかる必修ワード IT
万全の対策は難しい「シャドーAI」、企業はガバナンスやルール整備を進める
https://xtech.nikkei.com/atcl/nxt/keyword/18/00002/070600320/?ST=nxt_thmit_security

2026年7月8日水曜日

8日 水曜日、仏滅

+ RHSA-2026:36366 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:36366
CVE-2026-43112

+ RHSA-2026:36349 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:36349
CVE-2025-10263
CVE-2026-43198
CVE-2026-43450
CVE-2026-46209
CVE-2026-46227
CVE-2026-46259

+ RHSA-2026:36307 Moderate: freeipmi security update
https://access.redhat.com/errata/RHSA-2026:36307
CVE-2026-50031

+ RHSA-2026:36215 Important: compat-openssl10 security update
https://access.redhat.com/errata/RHSA-2026:36215
CVE-2026-45447

+ RHSA-2026:36201 Important: 389-ds:1.4 security update
https://access.redhat.com/errata/RHSA-2026:36201
CVE-2026-11610
CVE-2026-11774

+ RHSA-2026:36315 Important: python3.14-pip security update
https://access.redhat.com/errata/RHSA-2026:36315
CVE-2026-8643

+ RHSA-2026:36210 Moderate: freeipmi security update
https://access.redhat.com/errata/RHSA-2026:36210
CVE-2026-50031

+ RHSA-2026:36195 Important: 389-ds-base security update
https://access.redhat.com/errata/RHSA-2026:36195
CVE-2026-11610
CVE-2026-11774

+ RHSA-2026:36172 Important: kpatch-patch-5_14_0-687_10_1 security update
https://access.redhat.com/errata/RHSA-2026:36172
CVE-2026-31419

+ Google Chrome 150.0.7871.100/.101 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop.html

+ Mozilla Firefox 152.0.5 released
https://www.firefox.com/en-US/firefox/152.0.5/releasenotes/

+ Zabbix 7.0.28, 6.0.47 released
https://www.zabbix.com/rn/rn7.0.28
https://www.zabbix.com/rn/rn6.0.47

+ Apache Tomcat 9.0.120 Released
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.120_(remm)

+ Linux Kernelの脆弱性(Januscape: CVE-2026-53359)
https://security.sios.jp/vulnerability/kernel-security-vulnerability-20260707/
CVE-2026-53359

UPDATE: JVN#90566559 Apache Jena Fusekiにおけるパストラバーサルの脆弱性
https://jvn.jp/jp/JVN90566559/index.html

JVN#87285119 複数のセイコーエプソン製プリンターおよびスキャナーのWeb Configにおけるクロスサイトリクエストフォージェリの脆弱性
https://jvn.jp/jp/JVN87285119/index.html

JVNVU#93316066 Tenda製品の複数のファームウェアにおけるセキュリティ上問題のある隠し機能の脆弱性
https://jvn.jp/vu/JVNVU93316066/index.html

JVNVU#90409906 HP Deskjet 2800プリンターシリーズにおける認証不備の脆弱性
https://jvn.jp/vu/JVNVU90409906/index.html

日経コンピュータ「ITが危ない」
シャドーAIのリスクが顕在化 国内企業の7割超が対策できず
放置で情報漏洩・法令違反のリスクも
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/092400133/070100198/?ST=nxt_thmit_security

勝村幸博の「今日も誰かが狙われる」
「AI駆動型ワーム」の脅威 自律的に脆弱性を見つけて感染、特定率は8割超
https://xtech.nikkei.com/atcl/nxt/column/18/00676/070100228/?ST=nxt_thmit_security

KDDIメール基盤から1223万人分のアドレス漏洩、ソフト会社も脆弱性認識せず
https://xtech.nikkei.com/atcl/nxt/news/24/03297/?ST=nxt_thmit_security

2026年7月7日火曜日

7日 火曜日、先負

+ OpenSSH 10.4 released
https://www.openssh.org/releasenotes.html#10.4

+ Postfix stable release 3.11.5 and legacy releases 3.10.12, 3.9.13, 3.8.19, 3.7.21, 3.6.19, 3.5.26
https://www.postfix.org/announcements/postfix-3.11.5.html

+ PostgreSQL JDBC Driver 42.7.13 released
https://jdbc.postgresql.org/changelogs/2026-07-06-42.7.13-release/

VU#213560 Tenda firmware (multiple versions) contains hidden authentication backdoor
https://www.kb.cert.org/vuls/id/213560

VU#828543 HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability
https://www.kb.cert.org/vuls/id/828543

piyokangoの週刊システムトラブル
BitStar、引き継いだBoka nii事業のXアカウントを奪われる 管理不備で
https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900371/?ST=nxt_thmit_security