:: IT Security Neophyte Investigator's MEMO ::: 28日水曜日、先負

2026年1月28日水曜日

28日水曜日、先負

+ Gpg4win 5.0.1 released

https://www.gpg4win.org/change-history.html

+ RHSA-2026:1380 Moderate: osbuild-composer security update

https://access.redhat.com/errata/RHSA-2026:1380

CVE-2025-58183

+ RHSA-2026:1374 Moderate: python3.11 security update

https://access.redhat.com/errata/RHSA-2026:1374

CVE-2025-12084

CVE-2025-13836

+ RHSA-2026:1344 Important: grafana security update

https://access.redhat.com/errata/RHSA-2026:1344

CVE-2025-61729

+ RHSA-2026:1254 Important: python-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1254

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ RHSA-2026:1226 Important: python3.12-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1226

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ RHSA-2026:1224 Important: python3.11-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1224

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ RHSA-2026:0932 Important: java-1.8.0-openjdk security update

https://access.redhat.com/errata/RHSA-2026:0932

CVE-2025-64720

CVE-2025-65018

CVE-2026-21925

CVE-2026-21933

CVE-2026-21945

+ RHSA-2026:1142 Important: kernel security update

https://access.redhat.com/errata/RHSA-2026:1142

CVE-2023-53673

CVE-2025-40154

CVE-2025-40248

CVE-2025-40277

+ RHSA-2026:1429 Important: php:8.3 security update

https://access.redhat.com/errata/RHSA-2026:1429

CVE-2025-14177

CVE-2025-14178

CVE-2025-14180

+ RHSA-2026:1410 Moderate: python3.11 security update

https://access.redhat.com/errata/RHSA-2026:1410

CVE-2025-12084

CVE-2025-13836

+ RHSA-2026:1408 Moderate: python3.12 security update

https://access.redhat.com/errata/RHSA-2026:1408

CVE-2025-12084

CVE-2025-13836

+ RHSA-2026:1381 Moderate: osbuild-composer security update

https://access.redhat.com/errata/RHSA-2026:1381

CVE-2025-58183

+ RHSA-2026:1350 Moderate: curl security update

https://access.redhat.com/errata/RHSA-2026:1350

CVE-2025-9086

+ RHSA-2026:0933 Important: java-25-openjdk security update

https://access.redhat.com/errata/RHSA-2026:0933

CVE-2025-64720

CVE-2025-65018

CVE-2026-21925

CVE-2026-21933

CVE-2026-21945

+ RHSA-2026:1143 Important: kernel security update

https://access.redhat.com/errata/RHSA-2026:1143

CVE-2025-38141

CVE-2025-38349

CVE-2025-38731

CVE-2025-40248

CVE-2025-40258

CVE-2025-40294

CVE-2025-68301

CVE-2025-68305

+ RHSA-2026:1089 Important: python3.11-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1089

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ RHSA-2026:1088 Important: python3.12-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1088

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ RHSA-2026:1087 Important: python-urllib3 security update

https://access.redhat.com/errata/RHSA-2026:1087

CVE-2025-66418

CVE-2025-66471

CVE-2026-21441

+ Google Chrome 144.0.7559.109/.110 released

https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

+ Mozilla Foundation Security Advisory 2026-06 Security Vulnerabilities fixed in Firefox 147.0.2

https://www.mozilla.org/en-US/security/advisories/mfsa2026-06/

CVE-2026-24868

CVE-2026-24869

+ FreeBSD-SA-26:02.jail Jail escape by a privileged user via nullfs

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:02.jail.asc

CVE-2025-15547

+ FreeBSD-SA-26:01.openssl Multiple vulnerabilities in OpenSSL

https://www.freebsd.org/security/advisories/FreeBSD-SA-26:01.openssl.asc

CVE-2025-11187

CVE-2025-15467

CVE-2025-15468

CVE-2025-15469

CVE-2025-66199

CVE-2025-68160

CVE-2025-69418

CVE-2025-69419

CVE-2025-69420

CVE-2025-69421

CVE-2026-22795

CVE-2026-22796

+ OpenSSL 3.6.1 released

https://github.com/openssl/openssl/releases/tag/openssl-3.6.1

+ Improper validation of PBMAC1 parameters in PKCS#12 MAC verification

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-11187

CVE-2025-11187

+ Stack buffer overflow in CMS AuthEnvelopedData parsing

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15467

CVE-2025-15467

+ NULL dereference in SSL_CIPHER_find() function on unknown cipher ID

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15468

CVE-2025-15468

+ 'openssl dgst' one-shot codepath silently truncates inputs >16MB

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15469

CVE-2025-15469

+ TLS 1.3 CompressedCertificate excessive memory allocation

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-66199

CVE-2025-66199

+ Heap out-of-bounds write in BIO_f_linebuffer on short writes

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-68160

CVE-2025-68160

+ Unauthenticated/unencrypted trailing bytes with low-level OCB function calls

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69418

CVE-2025-69418

+ Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69419

CVE-2025-69419

+ Missing ASN1_TYPE validation in TS_RESP_verify_response() function

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69420

CVE-2025-69420

+ NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-69421

CVE-2025-69421

+ Missing ASN1_TYPE validation in PKCS#12 parsing

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-22795

CVE-2026-22795

+ ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-22796

CVE-2026-22796

+ OpenSSLの脆弱性(High: CVE-2025-15467, Moderate: CVE-2025-11187, Low: CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)と新バージョン(3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19)

https://security.sios.jp/vulnerability/openssl-security-vulnerability-20260128/

CVE-2025-15467

CVE-2025-11187

CVE-2025-15468

CVE-2025-15469

CVE-2025-66199

CVE-2025-68160

CVE-2025-69418

CVE-2025-69419

CVE-2025-69420

CVE-2025-69421

CVE-2026-22795

CVE-2026-22796

JVN#03776126 beat-access Windows版におけるDLL読み込みに関する脆弱性

https://jvn.jp/jp/JVN03776126/index.html

JVNVU#94651499 Archer MR600におけるOSコマンドインジェクションの脆弱性

https://jvn.jp/vu/JVNVU94651499/index.html

NEWS close-up

ランサム攻撃者が使う「EDR回避」に注意

EDRを封じられたアサヒやアスクル　回避手法は「すり抜け」と「無効化」の2つ

https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041800012/011900312/?ST=nxt_thmit_security

:: IT Security Neophyte Investigator's MEMO ::

2026年1月28日水曜日

28日水曜日、先負

0 件のコメント:

コメントを投稿

2026年1月28日水曜日

28日 水曜日、先負

0 件のコメント:

コメントを投稿

28日水曜日、先負