2026年7月10日金曜日

10日 金曜日、赤口

+ gawk 5.4.1 released
https://ftp.gnu.org/gnu/gawk/?C=M;O=D

+ RHSA-2026:37282 Important: unbound security update
https://access.redhat.com/errata/RHSA-2026:37282
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390

+ RHSA-2026:37130 Important: gstreamer1-plugins-bad-free security update
https://access.redhat.com/errata/RHSA-2026:37130
CVE-2026-52720
CVE-2026-52722

+ RHSA-2026:37435 Important: golang security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:37435
CVE-2026-39821
CVE-2026-39822

+ RHSA-2026:37410 Important: buildah security update
https://access.redhat.com/errata/RHSA-2026:37410
CVE-2026-39832
CVE-2026-39835

+ RHSA-2026:37207 Important: freerdp security update
https://access.redhat.com/errata/RHSA-2026:37207
CVE-2026-45700

+ RHSA-2026:37123 Important: podman security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:37123
CVE-2026-25681
CVE-2026-27136
CVE-2026-39829
CVE-2026-39832
CVE-2026-39835
CVE-2026-42508
CVE-2026-57231

+ RHSA-2026:36957 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:36957
CVE-2025-71066
CVE-2026-46113
CVE-2026-53359

+ Wireshark 4.6.7, 4.4.17 released
https://www.wireshark.org/docs/relnotes/wireshark-4.6.7.html
https://www.wireshark.org/docs/relnotes/wireshark-4.4.17.html

VU#152953 PayRange Android app version 7.0.7 contains multiple vulnerabilities
https://www.kb.cert.org/vuls/id/152953

VU#734812 Xerte Online Toolkit contains an authentication bypass that allows for RCE
https://www.kb.cert.org/vuls/id/734812

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第2回
サイバー詐欺で18社が損失を計上 海外拠点で頻発、支払い統制がカギか
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800002/?ST=nxt_thmit_security

JVNVU#99220646 Adalo App Builderにおける複数の脆弱性
https://jvn.jp/vu/JVNVU99220646/index.html

JVN#48718197 リコー製Web Image Monitorを実装している複数のレーザープリンタおよび複合機(MFP)における反射型クロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN48718197/index.html

2026年7月9日木曜日

9日 木曜日、大安

+ RHSA-2026:36774 Important: gstreamer1-plugins-good security update
https://access.redhat.com/errata/RHSA-2026:36774
CVE-2026-53705

+ RHSA-2026:36732 Moderate: python-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:36732
CVE-2026-44431

+ RHSA-2026:36734 Low: libxml2 security update
https://access.redhat.com/errata/RHSA-2026:36734
CVE-2025-6170

+ RHSA-2026:36733 Moderate: cups security update
https://access.redhat.com/errata/RHSA-2026:36733
CVE-2026-34980

+ RHSA-2026:36728 Low: libtasn1 security update
https://access.redhat.com/errata/RHSA-2026:36728
CVE-2025-13151

+ RHSA-2026:36530 Important: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update
https://access.redhat.com/errata/RHSA-2026:36530
CVE-2026-23401
CVE-2026-31402
CVE-2026-31419

+ RHSA-2026:36879 Important: tomcat security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:36879
CVE-2026-29146
CVE-2026-34486

+ RHSA-2026:36832 Important: libreoffice security update
https://access.redhat.com/errata/RHSA-2026:36832
CVE-2026-8357

+ RHSA-2026:36777 Important: unbound security update
https://access.redhat.com/errata/RHSA-2026:36777
CVE-2026-40622
CVE-2026-41292
CVE-2026-42534
CVE-2026-44390

+ RHSA-2026:36674 Moderate: gstreamer1-plugins-ugly-free security update
https://access.redhat.com/errata/RHSA-2026:36674
CVE-2026-53703
CVE-2026-53704

+ RHSA-2026:36617 Important: oci-seccomp-bpf-hook security update
https://access.redhat.com/errata/RHSA-2026:36617
CVE-2026-33811

+ Google Chrome 150.0.7871.114/.115 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html

+ Apache Tomcat 11.0.24, 10.1.57 Released
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.24_(markt)
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.57_(schultz)

+ ProFTPD 1.3.9c released
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.9c
http://www.proftpd.org/docs/NEWS-1.3.9c

+ OpenSSHの脆弱性(Moderate: CVE-2026-59995, CVE-2026-59996, CVE-2026-59997, CVE-2026-59998, CVE-2026-59999)とOpenSSH 10.4/10.4p1リリース
https://security.sios.jp/vulnerability/openssh-security-vulnerability-20260709/
CVE-2026-59995
CVE-2026-59996
CVE-2026-59997
CVE-2026-59998
CVE-2026-59999

VU#849433 Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls
https://www.kb.cert.org/vuls/id/849433

JVN#62347140 富士電機製Pupsmanのインストーラにおける複数の脆弱性
https://jvn.jp/jp/JVN62347140/index.html

JVNVU#92734392 CISA ICS Advisory / ICS Medical Advisory(2026年07月07日)
https://jvn.jp/vu/JVNVU92734392/index.html

決算調査で判明、企業を襲うサイバー詐欺とサイバー攻撃 第1回
出光は36億円を損失か、ランサム並みに深刻な「サイバー詐欺」の実態
https://xtech.nikkei.com/atcl/nxt/column/18/03678/070800001/?ST=nxt_thmit_security

3分でわかる必修ワード IT
万全の対策は難しい「シャドーAI」、企業はガバナンスやルール整備を進める
https://xtech.nikkei.com/atcl/nxt/keyword/18/00002/070600320/?ST=nxt_thmit_security

2026年7月8日水曜日

8日 水曜日、仏滅

+ RHSA-2026:36366 Important: kernel security update
https://access.redhat.com/errata/RHSA-2026:36366
CVE-2026-43112

+ RHSA-2026:36349 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:36349
CVE-2025-10263
CVE-2026-43198
CVE-2026-43450
CVE-2026-46209
CVE-2026-46227
CVE-2026-46259

+ RHSA-2026:36307 Moderate: freeipmi security update
https://access.redhat.com/errata/RHSA-2026:36307
CVE-2026-50031

+ RHSA-2026:36215 Important: compat-openssl10 security update
https://access.redhat.com/errata/RHSA-2026:36215
CVE-2026-45447

+ RHSA-2026:36201 Important: 389-ds:1.4 security update
https://access.redhat.com/errata/RHSA-2026:36201
CVE-2026-11610
CVE-2026-11774

+ RHSA-2026:36315 Important: python3.14-pip security update
https://access.redhat.com/errata/RHSA-2026:36315
CVE-2026-8643

+ RHSA-2026:36210 Moderate: freeipmi security update
https://access.redhat.com/errata/RHSA-2026:36210
CVE-2026-50031

+ RHSA-2026:36195 Important: 389-ds-base security update
https://access.redhat.com/errata/RHSA-2026:36195
CVE-2026-11610
CVE-2026-11774

+ RHSA-2026:36172 Important: kpatch-patch-5_14_0-687_10_1 security update
https://access.redhat.com/errata/RHSA-2026:36172
CVE-2026-31419

+ Google Chrome 150.0.7871.100/.101 released
https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop.html

+ Mozilla Firefox 152.0.5 released
https://www.firefox.com/en-US/firefox/152.0.5/releasenotes/

+ Zabbix 7.0.28, 6.0.47 released
https://www.zabbix.com/rn/rn7.0.28
https://www.zabbix.com/rn/rn6.0.47

+ Apache Tomcat 9.0.120 Released
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.120_(remm)

+ Linux Kernelの脆弱性(Januscape: CVE-2026-53359)
https://security.sios.jp/vulnerability/kernel-security-vulnerability-20260707/
CVE-2026-53359

UPDATE: JVN#90566559 Apache Jena Fusekiにおけるパストラバーサルの脆弱性
https://jvn.jp/jp/JVN90566559/index.html

JVN#87285119 複数のセイコーエプソン製プリンターおよびスキャナーのWeb Configにおけるクロスサイトリクエストフォージェリの脆弱性
https://jvn.jp/jp/JVN87285119/index.html

JVNVU#93316066 Tenda製品の複数のファームウェアにおけるセキュリティ上問題のある隠し機能の脆弱性
https://jvn.jp/vu/JVNVU93316066/index.html

JVNVU#90409906 HP Deskjet 2800プリンターシリーズにおける認証不備の脆弱性
https://jvn.jp/vu/JVNVU90409906/index.html

日経コンピュータ「ITが危ない」
シャドーAIのリスクが顕在化 国内企業の7割超が対策できず
放置で情報漏洩・法令違反のリスクも
https://xtech.nikkei.com/atcl/nxt/mag/nc/18/092400133/070100198/?ST=nxt_thmit_security

勝村幸博の「今日も誰かが狙われる」
「AI駆動型ワーム」の脅威 自律的に脆弱性を見つけて感染、特定率は8割超
https://xtech.nikkei.com/atcl/nxt/column/18/00676/070100228/?ST=nxt_thmit_security

KDDIメール基盤から1223万人分のアドレス漏洩、ソフト会社も脆弱性認識せず
https://xtech.nikkei.com/atcl/nxt/news/24/03297/?ST=nxt_thmit_security