:: IT Security Neophyte Investigator's MEMO ::: 8日水曜日、仏滅

2026年4月8日水曜日

8日水曜日、仏滅

+ RHSA-2026:6918 Important: freerdp security update

https://access.redhat.com/errata/RHSA-2026:6918

CVE-2026-22852

CVE-2026-22854

CVE-2026-22856

CVE-2026-23732

CVE-2026-23948

CVE-2026-24491

CVE-2026-24675

CVE-2026-24676

CVE-2026-24679

CVE-2026-24681

CVE-2026-24683

CVE-2026-24684

CVE-2026-31806

+ RHSA-2026:6915 Important: vim security update

https://access.redhat.com/errata/RHSA-2026:6915

CVE-2026-28417

CVE-2026-28421

CVE-2026-33412

+ RHSA-2026:6907 Important: nginx:1.24 security update

https://access.redhat.com/errata/RHSA-2026:6907

CVE-2026-27651

CVE-2026-27654

CVE-2026-27784

CVE-2026-32647

+ RHSA-2026:6750 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

https://access.redhat.com/errata/RHSA-2026:6750

CVE-2026-2920

CVE-2026-2921

CVE-2026-2923

CVE-2026-3082

CVE-2026-3083

CVE-2026-3085

+ RHSA-2026:6923 Important: nginx:1.24 security update

https://access.redhat.com/errata/RHSA-2026:6923

CVE-2026-27651

CVE-2026-27654

CVE-2026-27784

CVE-2026-32647

+ RHSA-2026:6766 Important: python3.9 security update

https://access.redhat.com/errata/RHSA-2026:6766

CVE-2026-4519

+ Google Chrome 147.0.7727.55/56 released

https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html

+ Mozilla Firefox 149.0.2 released

https://www.firefox.com/en-US/firefox/149.0.2/releasenotes/

+ Mozilla Foundation Security Advisory 2026-25 Security Vulnerabilities fixed in Firefox 149.0.2

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/

CVE-2026-5732

CVE-2026-5733

CVE-2026-5731

CVE-2026-5734

CVE-2026-5735

+ nginx 1.29.8 released

https://nginx.org/en/CHANGES

+ Mozilla Foundation Security Advisory 2026-28 Security Vulnerabilities fixed in Thunderbird 149.0.2

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/

CVE-2026-5732

CVE-2026-5733

CVE-2026-5731

CVE-2026-5734

CVE-2026-5735

+ Mozilla Foundation Security Advisory 2026-29 Security Vulnerabilities fixed in Thunderbird 140.9.1

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/

+ Mozilla Foundation Security Advisory 2026-27 Security Vulnerabilities fixed in Firefox ESR 140.9.1

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/

+ Mozilla Foundation Security Advisory 2026-26 Security Vulnerabilities fixed in Firefox ESR 115.34.1

https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/

+ OpenSSL 3.6.2, 3.5.6, 3.4.5, 3.3.7, 3.0.20 released

https://github.com/openssl/openssl/releases/tag/openssl-3.6.2

https://github.com/openssl/openssl/releases/tag/openssl-3.5.6

https://github.com/openssl/openssl/releases/tag/openssl-3.4.5

https://github.com/openssl/openssl/releases/tag/openssl-3.3.7

https://github.com/openssl/openssl/releases/tag/openssl-3.0.20

+ Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-28386

CVE-2026-28386

+ Potential Use-after-free in DANE Client Code

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-28387

CVE-2026-28387

+ NULL Pointer Dereference When Processing a Delta CRL

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-28388

CVE-2026-28388

+ Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-28389

CVE-2026-28389

+ Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-28390

CVE-2026-28390

+ Heap Buffer Overflow in Hexadecimal Conversion

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-31789

CVE-2026-31789

+ Incorrect Failure Handling in RSA KEM RSASVE Encapsulation

https://openssl-library.org/news/vulnerabilities/index.html#CVE-2026-31790

CVE-2026-31790

密着、未来のセキュリティー人材育成現場第3回

セキュリティー「も」分かる人材を育てる、コース新設した木更津高専の狙い

https://xtech.nikkei.com/atcl/nxt/column/18/03567/040100003/?ST=nxt_thmit_security

ニュース解説

フォーティネットがSSL-VPNの「廃止」期限を1年延長、5月の終了目前に

https://xtech.nikkei.com/atcl/nxt/column/18/00001/11649/?ST=nxt_thmit_security

JVNVU#90646130 複数の三菱電機製品における重要情報の平文保存の脆弱性

https://jvn.jp/vu/JVNVU90646130/index.html

JVNVU#96364629 三菱電機製複数製品の複数のプロセスにWindowsショートカットの不適切な扱いの脆弱性

https://jvn.jp/vu/JVNVU96364629/index.html

JVNVU#93838985 三菱電機製複数製品の複数のサービス実行時に必要以上に高い権限が割り当てられている脆弱性

https://jvn.jp/vu/JVNVU93838985/index.html

JVNVU#93891820 三菱電機製複数製品における複数の脆弱性

https://jvn.jp/vu/JVNVU93891820/index.html

JVNVU#98894016 三菱電機製複数製品における複数の脆弱性

https://jvn.jp/vu/JVNVU98894016/index.html

:: IT Security Neophyte Investigator's MEMO ::

2026年4月8日水曜日

8日水曜日、仏滅

0 件のコメント:

コメントを投稿

2026年4月8日水曜日

8日 水曜日、仏滅

0 件のコメント:

コメントを投稿

8日水曜日、仏滅