:: IT Security Neophyte Investigator's MEMO ::

2026年6月19日金曜日

19日金曜日、先負

+ RHSA-2026:27076 Important: Satellite 6.16.9 Async Update

https://access.redhat.com/errata/RHSA-2026:27076

CVE-2025-61729

CVE-2026-25679

CVE-2026-32280

CVE-2026-32281

CVE-2026-32282

CVE-2026-32283

CVE-2026-33186

CVE-2026-40192

+ RHSA-2026:26709 Important: xorg-x11-server security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2026:26709

CVE-2026-50256

CVE-2026-50257

CVE-2026-50258

CVE-2026-50259

CVE-2026-50260

CVE-2026-50261

CVE-2026-50262

CVE-2026-50263

CVE-2026-50264

+ RHSA-2026:26562 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2026:26562

CVE-2026-50256

CVE-2026-50257

CVE-2026-50258

CVE-2026-50259

CVE-2026-50260

CVE-2026-50261

CVE-2026-50262

CVE-2026-50263

CVE-2026-50264

+ RHSA-2026:26610 Important: xorg-x11-server security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2026:26610

CVE-2026-50256

CVE-2026-50257

CVE-2026-50258

CVE-2026-50259

CVE-2026-50260

CVE-2026-50261

CVE-2026-50262

CVE-2026-50263

CVE-2026-50264

+ RHSA-2026:26590 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2026:26590

CVE-2026-50256

CVE-2026-50257

CVE-2026-50258

CVE-2026-50259

CVE-2026-50260

CVE-2026-50261

CVE-2026-50262

CVE-2026-50263

CVE-2026-50264

+ RHSA-2026:26455 Important: 389-ds-base security, bug fix, and enhancement update

https://access.redhat.com/errata/RHSA-2026:26455

CVE-2026-9064

+ Mozilla Firefox 152.0.1 released

https://www.firefox.com/en-US/firefox/152.0.1/releasenotes/

+ nginx 1.31.2, 1.30.3 released

https://nginx.org/en/CHANGES

https://nginx.org/en/CHANGES-1.30

+ ISC BIND 9.20.24, 9.18.50 released

https://downloads.isc.org/isc/bind9/9.20.24/doc/arm/html/notes.html

https://downloads.isc.org/isc/bind9/9.18.50/doc/arm/html/notes.html

+ Postfix stable release 3.11.4 and legacy releases 3.10.11, 3.9.12, 3.8.18

https://www.postfix.org/announcements/postfix-3.11.4.html

VU#457458 Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

https://www.kb.cert.org/vuls/id/457458

VU#380058 SignalRGB kernel driver contains improper access control and IOCTL vulnerabilities

https://www.kb.cert.org/vuls/id/380058

JVNVU#95564871 SignalRGBカーネルドライバにおける不適切なアクセス制御およびIOCTLの脆弱性

https://jvn.jp/vu/JVNVU95564871/index.html

JVN#20769211 RadiX AX6600 WiFi 6 Tri-Band Gaming RouterにおけるOSコマンドインジェクションの脆弱性

https://jvn.jp/jp/JVN20769211/index.html

JVNVU#95977590 CISA ICS Advisory / ICS Medical Advisory（2026年06月16日）

https://jvn.jp/vu/JVNVU95977590/index.html

日経コンピュータ勝村幸博の「今日も誰かが狙われる」

2025年の脆弱性は4万8000件　本当に危険なのは58件

https://xtech.nikkei.com/atcl/nxt/mag/nc/18/052100113/061200188/?ST=nxt_thmit_security

2026年6月17日水曜日

17日水曜日、先勝

+ RHSA-2026:26355 Moderate: libxslt security update

https://access.redhat.com/errata/RHSA-2026:26355

CVE-2025-10911

+ RHSA-2026:26354 Low: libxml2 security update

https://access.redhat.com/errata/RHSA-2026:26354

CVE-2024-34459

+ RHSA-2026:26352 Moderate: opencryptoki security update

https://access.redhat.com/errata/RHSA-2026:26352

CVE-2026-40253

+ RHSA-2026:26348 Moderate: libpng12 security update

https://access.redhat.com/errata/RHSA-2026:26348

CVE-2026-33416

+ RHSA-2026:26347 Moderate: libpng15 security update

https://access.redhat.com/errata/RHSA-2026:26347

CVE-2026-33416

+ RHSA-2026:26335 Important: hplip security update

https://access.redhat.com/errata/RHSA-2026:26335

CVE-2026-8631

CVE-2026-8632

+ RHSA-2026:26180 Moderate: mysql:8.4 security update

https://access.redhat.com/errata/RHSA-2026:26180

CVE-2026-21998

CVE-2026-22001

CVE-2026-22002

CVE-2026-22004

CVE-2026-22005

CVE-2026-22009

CVE-2026-22015

CVE-2026-22017

CVE-2026-34270

CVE-2026-34271

CVE-2026-34276

CVE-2026-34303

CVE-2026-34304

CVE-2026-34308

CVE-2026-35236

CVE-2026-35237

CVE-2026-35238

CVE-2026-35239

CVE-2026-35240

+ RHSA-2026:26008 Important: redis:6 security update

https://access.redhat.com/errata/RHSA-2026:26008

CVE-2026-25243

+ RHSA-2026:25932 Important: postfix security update

https://access.redhat.com/errata/RHSA-2026:25932

CVE-2026-43964

+ RHSA-2026:25919 Moderate: mysql:8.0 security update

https://access.redhat.com/errata/RHSA-2026:25919

CVE-2026-21998

CVE-2026-22001

CVE-2026-22002

CVE-2026-22004

CVE-2026-22005

CVE-2026-22009

CVE-2026-22015

CVE-2026-22017

CVE-2026-34267

CVE-2026-34270

CVE-2026-34271

CVE-2026-34276

CVE-2026-34278

CVE-2026-34293

CVE-2026-34303

CVE-2026-34304

CVE-2026-34308

CVE-2026-35236

CVE-2026-35237

CVE-2026-35238

CVE-2026-35239

CVE-2026-35240

+ RHSA-2026:25918 Important: webkit2gtk3 security update

https://access.redhat.com/errata/RHSA-2026:25918

CVE-2026-28847

CVE-2026-28883

CVE-2026-28901

CVE-2026-28902

CVE-2026-28903

CVE-2026-28904

CVE-2026-28905

CVE-2026-28907

CVE-2026-28942

CVE-2026-28946

CVE-2026-28947

CVE-2026-28953

CVE-2026-28955

CVE-2026-28958

CVE-2026-43658

CVE-2026-43660

+ RHSA-2026:26447 Important: podman security update

https://access.redhat.com/errata/RHSA-2026:26447

CVE-2026-32280

CVE-2026-32281

CVE-2026-32283

+ RHSA-2026:26410 Important: rsync security update

https://access.redhat.com/errata/RHSA-2026:26410

CVE-2026-29518

CVE-2026-43618

+ RHSA-2026:26323 Important: tomcat security update

https://access.redhat.com/errata/RHSA-2026:26323

CVE-2026-24734

+ RHSA-2026:25927 Important: webkit2gtk3 security update

https://access.redhat.com/errata/RHSA-2026:25927

CVE-2026-28847

CVE-2026-28883

CVE-2026-28901

CVE-2026-28902

CVE-2026-28903

CVE-2026-28904

CVE-2026-28905

CVE-2026-28907

CVE-2026-28942

CVE-2026-28946

CVE-2026-28947

CVE-2026-28953

CVE-2026-28955

CVE-2026-28958

CVE-2026-43658

CVE-2026-43660

+ RHSA-2026:25925 Important: valkey security update

https://access.redhat.com/errata/RHSA-2026:25925

CVE-2026-23479

CVE-2026-23631

CVE-2026-25243

+ About the security content of Beats Firmware Update 1B211

https://support.apple.com/en-us/127557

CVE-2025-20701

+ Google Chrome 149.0.7827.155/.156, 148.0.7778.271 released

https://chromereleases.googleblog.com/2026/06/extended-stable-update-for-desktop.html

https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_01750511403.html

+ Mozill Firefox 152.0 released

https://www.firefox.com/en-US/firefox/152.0/releasenotes/

+ Mozilla Foundation Security Advisory 2026-57 Security Vulnerabilities fixed in Firefox 152

https://www.mozilla.org/en-US/security/advisories/mfsa2026-57/

CVE-2026-12289

CVE-2026-12290

CVE-2026-12291

CVE-2026-12292

CVE-2026-12293

CVE-2026-12294

CVE-2026-12295

CVE-2026-12296

CVE-2026-12297

CVE-2026-12298

CVE-2026-12299

CVE-2026-12300

CVE-2026-12301

CVE-2026-12302

CVE-2026-12303

CVE-2026-12304

CVE-2026-12305

CVE-2026-12306

CVE-2026-12307

CVE-2026-12308

CVE-2026-12309

CVE-2026-12310

CVE-2026-12311

CVE-2026-12312

CVE-2026-12313

CVE-2026-12314

CVE-2026-12315

CVE-2026-12316

CVE-2026-12317

CVE-2026-12318

CVE-2026-12319

CVE-2026-12320

CVE-2026-12321

CVE-2026-12322

CVE-2026-12323

CVE-2026-12324

CVE-2026-12325

CVE-2026-12326

CVE-2026-12327

CVE-2026-12328

+ Mozilla Foundation Security Advisory 2026-60 Security Vulnerabilities fixed in Thunderbird 152

https://www.mozilla.org/en-US/security/advisories/mfsa2026-60/

+ Mozilla Foundation Security Advisory 2026-61 Security Vulnerabilities fixed in Thunderbird 140.12

https://www.mozilla.org/en-US/security/advisories/mfsa2026-61/

+ Mozilla Foundation Security Advisory 2026-58 Security Vulnerabilities fixed in Firefox ESR 140.12

https://www.mozilla.org/en-US/security/advisories/mfsa2026-58/

+ Mozilla Foundation Security Advisory 2026-59 Security Vulnerabilities fixed in Firefox ESR 115.37

https://www.mozilla.org/en-US/security/advisories/mfsa2026-59/

+ Mozilla Thunderbird 152.0 released

https://www.thunderbird.net/en-US/thunderbird/152.0/releasenotes/

+ FreeBSD 15.1-RELEASE released

https://www.freebsd.org/releases/15.1R/relnotes/

ニュース解説

東芝による厚労省のTeamsデータ削除、実は2億件　うち約750万件が復元困難

https://xtech.nikkei.com/atcl/nxt/column/18/00001/11832/?ST=nxt_thmit_security

JVN#16937365 ThingsBoardにおけるプロトタイプ汚染の脆弱性

https://jvn.jp/jp/JVN16937365/index.html

JVN#79926428 Optical Disc Archive Software（Windows版）のインストーラにおけるインストール時の不適切なファイルアクセス権設定の脆弱性

https://jvn.jp/jp/JVN79926428/index.html

JVNVU#98100934 キヤノン製EOS Network Setting Toolにおける複数の脆弱性

https://jvn.jp/vu/JVNVU98100934/index.html

2026年6月16日火曜日

16日火曜日、赤口

+ Apache Tomcat Native 2.0.15, 1.3.8 Released

https://tomcat.apache.org/native-doc/miscellaneous/changelog.html#2.0.15

https://tomcat.apache.org/native-1.3-doc/miscellaneous/changelog.html#1.3.8

+ JVNVU#92116935 OpenSSLにおける脆弱性に対するアップデート（2026年6月9日）

https://jvn.jp/vu/JVNVU92116935/index.html

+ Windows Defender (MsMpEng.exe) Race Condition -> LPE / SYSTEM / Use-After-Free -> Crash

https://cxsecurity.com/issue/WLB-2026060013

JVN#55319858 リコーおよびコニカミノルタジャパン製プリンタドライバーにおける権限昇格の脆弱性

https://jvn.jp/jp/JVN55319858/index.html

JVNVU#99620284 三菱電機製複数の家電製品におけるハードコードされた認証情報の使用に関する脆弱性

https://jvn.jp/vu/JVNVU99620284/index.html

piyokangoの週刊システムトラブル

阿波銀行のテスト環境から顧客データ流出、開発後もAI活用のために保管

https://xtech.nikkei.com/atcl/nxt/column/18/00598/010900368/?ST=nxt_thmit_security

登録: 投稿 (Atom)

2026年6月19日金曜日

19日 金曜日、先負

2026年6月17日水曜日

17日 水曜日、先勝

2026年6月16日火曜日

16日 火曜日、赤口

19日金曜日、先負

17日水曜日、先勝

16日火曜日、赤口