2026年7月1日水曜日

1日 水曜日、先負

+ PowerDNS Recursorの脆弱性情報が公開されました
https://jprs.jp/tech/security/2026-06-30-powerdns-recursor.html
CVE-2026-33612
CVE-2026-40012
CVE-2026-42005
CVE-2026-42390
CVE-2026-42389
CVE-2026-42388
CVE-2026-42387
CVE-2026-52690

+ RHSA-2026:33743 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:33743
CVE-2026-23216
CVE-2026-45984
CVE-2026-46189
> CVE-2026-55957, Moderate: CVE-2026-55956, Low: CVE-2026-55955, CVE-2026-55276, CVE-2026-53434, CVE-2026-53404, CVE-2026-50229
+ RHSA-2026:33722 Important: container-tools:rhel8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:33722
CVE-2026-25679
CVE-2026-32280
CVE-2026-32281
CVE-2026-32283
CVE-2026-34986

+ RHSA-2026:33503 Important: giflib security update
https://access.redhat.com/errata/RHSA-2026:33503
CVE-2026-26740

+ RHSA-2026:33464 Important: mariadb:10.11 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:33464
CVE-2026-49261

+ RHSA-2026:33445 Important: thunderbird security update
https://access.redhat.com/errata/RHSA-2026:33445
CVE-2026-12289
CVE-2026-12290
CVE-2026-12291
CVE-2026-12292
CVE-2026-12294
CVE-2026-12295
CVE-2026-12296
CVE-2026-12297
CVE-2026-12298
CVE-2026-12299
CVE-2026-12302
CVE-2026-12304
CVE-2026-12305
CVE-2026-12306
CVE-2026-12307
CVE-2026-12308
CVE-2026-12309
CVE-2026-12310
CVE-2026-12311
CVE-2026-12312
CVE-2026-12313
CVE-2026-12314
CVE-2026-12315
CVE-2026-12324
CVE-2026-12325
CVE-2026-12327
CVE-2026-12328
CVE-2026-12329
CVE-2026-12330

+ RHSA-2026:33220 Important: kpatch-patch-4_18_0-553_109_1, kpatch-patch-4_18_0-553_125_1, kpatch-patch-4_18_0-553_53_1, kpatch-patch-4_18_0-553_72_1, and kpatch-patch-4_18_0-553_85_1 security update
https://access.redhat.com/errata/RHSA-2026:33220
CVE-2026-46243
CVE-2026-46331

+ RHSA-2026:33126 Moderate: glibc security update
https://access.redhat.com/errata/RHSA-2026:33126
CVE-2026-5450

+ RHSA-2026:32992 Important: python3.12-urllib3 security update
https://access.redhat.com/errata/RHSA-2026:32992
CVE-2026-44431
CVE-2026-44432

+ RHSA-2026:30858 Important: perl-IO-Compress security update
https://access.redhat.com/errata/RHSA-2026:30858
CVE-2026-48962

+ RHSA-2026:30853 Important: git-lfs security update
https://access.redhat.com/errata/RHSA-2026:30853
CVE-2026-39821

+ RHSA-2026:30852 Important: perl-Archive-Tar security update
https://access.redhat.com/errata/RHSA-2026:30852
CVE-2026-42496

+ RHSA-2026:33512 Important: ruby security update
https://access.redhat.com/errata/RHSA-2026:33512
CVE-2026-42246
CVE-2026-42258

+ RHSA-2026:33501 Important: giflib security update
https://access.redhat.com/errata/RHSA-2026:33501
CVE-2026-26740

+ RHSA-2026:33481 Important: mariadb:11.8 security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:33481
CVE-2026-49261

+ RHSA-2026:33285 Important: kernel security, bug fix, and enhancement update
https://access.redhat.com/errata/RHSA-2026:33285
CVE-2026-31411
CVE-2026-43198

+ RHSA-2026:33224 Important: kpatch-patch-5_14_0-687_10_1 security update
https://access.redhat.com/errata/RHSA-2026:33224
CVE-2026-46243
CVE-2026-46331

+ RHSA-2026:30859 Important: perl-IO-Compress security update
https://access.redhat.com/errata/RHSA-2026:30859
CVE-2026-48962

+ Google Chrome 150.0.7871.46/.47 released
https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html

+ Mozill Firefox 152.0.4 released
https://www.firefox.com/en-US/firefox/152.0.4/releasenotes/

+ Mozilla Foundation Security Advisory 2026-62 Security Vulnerabilities fixed in Firefox 152.0.4
https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/
CVE-2026-14241

+ FreeBSD-SA-26:49.iconv Multiple vulnerabilities in iconv(3)
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:49.iconv.asc
CVE-2026-58081
CVE-2026-58082

+ FreeBSD-SA-26:48.compat32 Kernel stack disclosure in 32-bit compatibility support
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:48.compat32.asc
CVE-2026-49425

+ FreeBSD-SA-26:47.linux Kernel stack disclosure in Linux compatibility layer
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:47.linux.asc
CVE-2026-49424

+ FreeBSD-SA-26:46.ktls Remote DOS via uninitialized memory access in KTLS receive
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:46.ktls.asc
CVE-2026-49423

+ FreeBSD-SA-26:45.audit Incorrect audit records for ptrace(2) syscall requests
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:45.audit.asc
CVE-2026-49426

+ FreeBSD-SA-26:44.posixshm Multiple vulnerabilities in POSIX largepage objects
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:44.posixshm.asc
CVE-2026-49427
CVE-2026-49428

+ FreeBSD-SA-26:43.tcp Use-after-free in TCP RACK stack option handler
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:43.tcp.asc
CVE-2026-49422

+ FreeBSD-SA-26:42.unlinkat unlinkat(2) ignores AT_RESOLVE_BENEATH flag
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:42.unlinkat.asc
CVE-2026-49421

+ FreeBSD-SA-26:41.libalias Buffer overflow in libalias RTSP handler
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:41.libalias.asc
CVE-2026-49420

+ FreeBSD-SA-26:40.zfs Multiple vulnerabilities in OpenZFS
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:40.zfs.asc
CVE-2026-49429
CVE-2026-49430
CVE-2026-49431

+ FreeBSD-SA-26:39.execve Local privilege escalation via execve(2) TOCTOU race
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:39.execve.asc
CVE-2026-49415

+ FreeBSD-SA-26:38.jail Jail reference count underflow
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:38.jail.asc
CVE-2026-49419

+ FreeBSD-SA-26:37.vm Use-after-free in device pager page list
https://www.freebsd.org/security/advisories/FreeBSD-SA-26:37.vm.asc
CVE-2026-49418

+ JVNVU#95990609 三菱電機製MELSOFT Update Managerに7-Zipに起因する複数の脆弱性
https://jvn.jp/vu/JVNVU95990609/index.html
CVE-2025-53816
CVE-2025-53817
CVE-2025-55188
CVE-2025-11001

+ Apache Tomcatの脆弱性(Important: CVE-2026-55957, Moderate: CVE-2026-55956, Low: CVE-2026-55955, CVE-2026-55276, CVE-2026-53434, CVE-2026-53404, CVE-2026-50229)
https://security.sios.jp/vulnerability/tomcat-security-vulnerability-20260630/
CVE-2026-55957
CVE-2026-55956
CVE-2026-55955
CVE-2026-55276
CVE-2026-53434
CVE-2026-53404
CVE-2026-50229

CDN利用の新常識
権威DNSサーバーでの設定が第一歩 キャッシュからの情報流出に要注意 Part4 導入
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/061600248/061600004/?ST=nxt_thmit_security

CDN利用の新常識
DDoS攻撃対策やエッジAI、PQC 「仲介」機能を新たな局面にフル活用 Part3 転換
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/061600248/061600003/?ST=nxt_thmit_security

CDN利用の新常識
DNSなどで「近い」サーバーに誘導 オリジンシールドで負荷を軽減 Part2 技術
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/061600248/061600002/?ST=nxt_thmit_security

CDN利用の新常識
30年続くコンテンツ配信の仕組み ネットの役割拡大により多機能化 Part1 変貌
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/061600248/061600001/?ST=nxt_thmit_security

月刊ランサムリポート
世界の被害件数は減少傾向もまだ高水準 「Coinbase Cartel」の攻撃が活発に
https://xtech.nikkei.com/atcl/nxt/mag/nnw/18/041600214/061700017/?ST=nxt_thmit_security

デジタルインフラの地政学、サイバー空間の主権めぐる攻防 第4回
進む商業クラウドの軍事化、データセンターが攻撃目標になるリスク
https://xtech.nikkei.com/atcl/nxt/column/18/03661/062300004/?ST=nxt_thmit_security

月刊ランサムリポート 第19回
「NightSpire」の被害増、ファイアウオールを悪用 26年5月のランサム被害
https://xtech.nikkei.com/atcl/nxt/column/18/03053/062900020/?ST=nxt_thmit_security

アフラック生命保険に不正アクセス、438万人分の個人情報漏洩
https://xtech.nikkei.com/atcl/nxt/news/24/03280/?ST=nxt_thmit_security

JVN#48718197 リコー製Web Image Monitorを実装している複数のレーザープリンタおよび複合機(MFP)における反射型クロスサイトスクリプティングの脆弱性
https://jvn.jp/jp/JVN48718197/index.html

JVN#69681784 RPGツクールMVおよびMZにおけるOSコマンドインジェクションの脆弱性
https://jvn.jp/jp/JVN69681784/index.html

JVN#28979424 DGM3103SCTにおけるOSコマンドインジェクションの脆弱性
https://jvn.jp/jp/JVN28979424/index.html

0 件のコメント:

コメントを投稿