Red Hat Fedora

ソフト名：Red Hat Fedora 14 (Wireshark 1.6.0〜1.6.1)

回避策：FEDORA-2011-12423にて対応

脆弱性：DoS攻撃, システムアクセス, リソースの浪費, クラッシュ, 無限ループ, 不特定のエラー, DLLの乗っ取り, 不正なパケットトレース

ソース：

http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066140.html

http://secunia.com/advisories/45927/

http://secunia.com/advisories/46074/

http://dvw-j.blogspot.com/2011/09/wireshark.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266

CVE：CVE-2011-3266

危険性：High Risk

Red Hat Fedora

ソフト名：Red Hat Fedora 14 (Avahi Team Avahi 0.6.24以降)

回避策：FEDORA-2011-11588にて対応

脆弱性：DoS攻撃, 無限ループ

ソース：

http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065686.html

http://secunia.com/advisories/43361/

http://secunia.com/advisories/45960/

http://dvw-j.blogspot.com/2011/02/avahi.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1002

CVE：CVE-2011-1002

危険性：Medium Risk

Wireshark

ソフト名：Wireshark 1.6.0〜1.6.1

回避策：1.4.9/1.6.2へのアップデートにて対応

脆弱性：DoS攻撃, システムアクセス, リソースの浪費, クラッシュ, 無限ループ, 不特定のエラー, DLLの乗っ取り, 不正なパケットトレースファイル

ソース：

http://www.wireshark.org/

http://www.wireshark.org/security/wnpa-sec-2011-13.html

http://www.wireshark.org/security/wnpa-sec-2011-14.html

http://www.wireshark.org/security/wnpa-sec-2011-15.html

http://www.wireshark.org/security/wnpa-sec-2011-16.html

http://archives.neohapsis.com/archives/bugtraq/2011-07/0079.html

http://secunia.com/advisories/45927/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3266

CVE：CVE-2011-3266

危険性：High Risk

Novell Identity Manager Analyzer

ソフト名：Novell Identity Manager Analyzer 1.2/Designer 3.5.1/3.6.1/3.6.1 Remote Loader/Roles Based Provisioning Module 3.6.1/Roles Based Provisioning Module 3.7/Designer 4.0 (Sun Java)

回避策：あり

脆弱性：DoS攻撃, 無限ループ

ソース：

http://www.novell.com/products/identitymanager/

http://www.novell.com/support/viewContent.do?externalId=7009249

http://secunia.com/advisories/43262/

http://secunia.com/advisories/45819/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

IBM Tivoli Storage Productivity Center

ソフト名：IBM Tivoli Storage Productivity Center for Replication/Standard Edition 4.x (Sun JAVA)

回避策：4.2.1 Fix Pack 4へのアップデートにて対応

脆弱性：DoS攻撃, 無限ループ

ソース：

http://www-03.ibm.com/systems/storage/software/center/replication/index.html

http://www-03.ibm.com/systems/storage/software/center/standard/index.html

http://www.ibm.com/support/docview.wss?uid=swg24030795

http://secunia.com/advisories/43262/

http://secunia.com/advisories/45700/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

IBM Rational ClearCase, IBM Rational ClearQuest

ソフト名：IBM Rational ClearCase 7.1.1.5未満/7.1.2.2未満, IBM Rational ClearQuest 7.1.1.5未満/7.1.2.2未満

回避策：アップデートにて対応

脆弱性：DoS攻撃, 無限ループ

ソース：

http://www.ibm.com/developerworks/rational/products/clearcase/

http://www-01.ibm.com/software/awdtools/clearquest/

http://www.ibm.com/support/docview.wss?uid=swg21509635

http://www.ibm.com/support/docview.wss?uid=swg21468287

http://secunia.com/advisories/45733/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

Red Hat Enterprise Linux Extras, RHEL Supplementary

ソフト名：Red Hat Enterprise Linux Extras v. 4, RHEL Supplementary (v. 5 server)/Desktop Supplementary (v. 5 client)

回避策：RHSA-2011:1159-1にて対応

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 無限ループ, 整数オーバーフローエラー, メモリ破壊, リモートコード実行, 解放後使用エラー, リモートコマンド実行

ソース：

http://www.redhat.com/

https://rhn.redhat.com/errata/RHSA-2011-1159.html

http://secunia.com/advisories/43295/

http://secunia.com/advisories/45206/

http://secunia.com/advisories/45630/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://dvw-j.blogspot.com/2011/07/ibm-java.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0311

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871

CVE：CVE-2011-0311, CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871

危険性：High Risk

IBM Tivoli Netcool/OMNIbus

ソフト名：IBM Tivoli Netcool/OMNIbus 7.3.1 Fix Pack 2未満

回避策：アップデート, IZ99240にて対応

脆弱性：DoS攻撃, 無限ループ

ソース：

http://www-01.ibm.com/software/tivoli/products/netcool-omnibus/

http://www.ibm.com/support/docview.wss?uid=swg24029827

http://secunia.com/advisories/43262/

http://secunia.com/advisories/45523/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

Red Hat Fedora

ソフト名：Red Hat Fedora 14 (Wireshark 1.2.0～1.2.17/1.4.0～1.4.7/1.6.0)

回避策：FEDORA-2011-9640にて対応

脆弱性：DoS攻撃, パーサのエラー, 無限ループ

ソース：

http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063591.html

http://secunia.com/advisories/45086/

http://secunia.com/advisories/45574/

http://dvw-j.blogspot.com/2011/07/wireshark.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2597

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2698

CVE：CVE-2011-2597, CVE-2011-2698

危険性：Medium Risk

IBM Tivoli Integrated Portal, IBM Tivoli Federated Identity Manager

ソフト名：IBM Tivoli Integrated Portal 1.1.1.15未満, IBM Tivoli Federated Identity Manager/Federated Identity Manager Business Gateway 6.2.0 Fix Pack 9未満 (Sun JAVA)

回避策：eWAS version 6.1.0.39, TIP version 1.1.1.15へのアップデートにて対応, IV03048, IV03050, IV03074, アップデートにて対応

脆弱性：DoS攻撃, 無限ループ, 不明なエラー

ソース：

https://www.ibm.com/developerworks/mydeveloperworks/groups/service/

http://www-01.ibm.com/software/tivoli/products/federated-identity-mgr/

http://www-01.ibm.com/software/tivoli/products/federated-identity-mgr-bg/

html/communityview?communityUuid=26d4aa47-4fd6-460d-a93b-3ee8945324d6

http://www.ibm.com/support/docview.wss?uid=swg21508061

http://www.ibm.com/support/docview.wss?uid=swg24029497

http://www.ibm.com/support/docview.wss?uid=swg24029498

http://secunia.com/advisories/43262/

http://secunia.com/advisories/43295/

http://secunia.com/advisories/45555/

http://secunia.com/advisories/45556/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

Novell openSUSE

ソフト名：Novell openSUSE 11.3/11.4 (Apache APR, Apache APR-util 1.x)

回避策：openSUSE-SU-2011:0859-1にて対応

脆弱性：DoS攻撃, メモリの浪費, 無限再帰エラー, スタックオーバーフロー, 無限ループ

ソース：

http://www.opensuse.org/en/

https://hermes.opensuse.org/messages/10420089

http://secunia.com/advisories/41701/

http://secunia.com/advisories/44490/

http://secunia.com/advisories/44558/

http://secunia.com/advisories/45465/

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-red-hat-desktop-red.html

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-debian-gnulinux.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928

CVE：CVE-2010-1623, CVE-2011-0419, CVE-2011-1928

危険性：Medium Risk

IBM System Storage

ソフト名：IBM System Storage DS8000 Series

回避策：あり

脆弱性：DoS攻撃, 無限ループ

ソース：

http://www-03.ibm.com/systems/storage/news/center/disk/enterprise/

http://www.ibm.com/support/docview.wss?uid=ssg1S1003877

http://secunia.com/advisories/43262/

http://secunia.com/advisories/45484/

http://dvw-j.blogspot.com/2011/02/sun-java-ibm-java-ibm-websphere.html

危険性：Medium Risk

Novell openSUSE

ソフト名：Novell openSUSE 11.3/11.4 (MySQL 5.1.51未満)

回避策：openSUSE-SU-2011:0774-1, openSUSE-SU-2011:0799-1にて対応

脆弱性：権限の昇格, DoS攻撃, サーバのクラッシュ, 無限ループ, スタックオーバーフロー

ソース：http://www.opensuse.org/en/

https://hermes.opensuse.org/messages/9594384

https://hermes.opensuse.org/messages/9594601

http://secunia.com/advisories/41716/

http://secunia.com/advisories/45305/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840

CVE：CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840

危険性：Medium Risk

Novell SUSE Linux Enterprise Server

ソフト名：Novell SUSE Linux Enterprise Server (SLES) 10/11 (Apache APR 1.4.4以下)

回避策：SUSE-SU-2011:0763-1, SUSE-SU-2011:0797-1にて対応

脆弱性：DoS攻撃, 無限再帰エラー, スタックオーバーフロー, 無限ループ, メモリの浪費

ソース：http://www.novell.com/products/server/

http://www.novell.com/promo/home/sle11.html

https://hermes.opensuse.org/messages/9594430

http://secunia.com/advisories/41701/

http://secunia.com/advisories/44490/

http://secunia.com/advisories/44558/

http://secunia.com/advisories/45304/

http://secunia.com/advisories/45309/

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-red-hat-desktop-red.html

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-debian-gnulinux.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1623

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928

CVE：CVE-2010-1623, CVE-2011-0419, CVE-2011-1928

危険性：Medium Risk

IBM HTTP Server

ソフト名：IBM HTTP Server 6.1.x/7.0.x

回避策：APAR PM38826, 6.1.0.39/7.0.0.19へのアップデートにて対応

脆弱性：DoS攻撃, 無限再帰エラー, スタックオーバーフロー, 無限ループ

ソース：http://www-01.ibm.com/software/webservers/httpservers/

http://www.ibm.com/support/docview.wss?uid=swg1PM38826

http://secunia.com/advisories/44574/

http://secunia.com/advisories/44661/

http://secunia.com/advisories/45280/

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-red-hat-desktop-red.html

http://dvw-j.blogspot.com/2011/05/apache-apache-apr-debian-gnulinux.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1928

CVE：CVE-2011-0419, CVE-2011-1928

危険性：Medium Risk

Canonical Ltd. Ubuntu Linux

ソフト名：Canonical Ltd. Ubuntu Linux 8.04 (Kernel.org Linux Kernel 2.6.x)

回避策：USN-1170-1にて対応

脆弱性：機密情報の奪取, 権限の昇格, DoS攻撃, バッファオーバーフロー, アロケーションエラー, OOPS, ゲストシステムのクラッシュ, 無限ループ, カーネルスタックメモリの曝露

ソース：http://www.ubuntu.com/

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-July/001374.html

http://secunia.com/advisories/35093/

http://secunia.com/advisories/42061/

http://secunia.com/advisories/43435/

http://secunia.com/advisories/44248/

http://secunia.com/advisories/45259/

http://dvw-j.blogspot.com/2011/03/canonical-ltd-ubuntu-linux_322.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4076

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4077

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4247

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1747

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

CVE：CVE-2010-4076, CVE-2010-4077, CVE-2010-4247, CVE-2010-4526, CVE-2011-0726, CVE-2011-1163, CVE-2011-1577, CVE-2011-1745, CVE-2011-1746, CVE-2011-1747, CVE-2011-2022

危険性：Medium Risk

HP Business Availability Center

ソフト名：HP Business Availability Center 7.55

回避策：HPSBMU02690 SSRT100569にて対応

脆弱性：DoS攻撃, 無限ループ

ソース：http://www8.hp.com/us/en/software/software-solution.html?compURI=tcm:245-937043

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02906075

http://secunia.com/advisories/45172/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476

CVE：CVE-2010-4476

危険性：Medium Risk

MariaDB, Novell openSUSE

ソフト名：MariaDB 5.x, Novell openSUSE 11.3/11.4

回避策：5.1.53へのアップデートにて対応, openSUSE-SU-2011:0743-1にて対応

脆弱性：権限の昇格, DoS攻撃, サーバのクラッシュ, 無限ループ, スタックオーバーフロー

ソース：http://mariadb.org/

http://www.opensuse.org/en/

http://kb.askmonty.org/en/mariadb-5150-release-notes

http://kb.askmonty.org/en/mariadb-5151-release-notes

http://kb.askmonty.org/en/mariadb-5153-release-notes

http://lists.opensuse.org/opensuse-updates/2011-07/msg00005.html

http://secunia.com/advisories/41716/

http://secunia.com/advisories/42097/

http://secunia.com/advisories/45134/

http://secunia.com/advisories/45192/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3833

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3834

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3835

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3836

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3837

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3838

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3839

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3840

CVE：CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840

危険性：Medium Risk

Debian GNU/Linux

ソフト名：Debian GNU/Linux 5.0/6.0 (Wireshark 1.2.x/1.4.x)

回避策：DSA-2274-1にて対応

脆弱性：DoS攻撃, システムアクセス, バッファオーバーフロー, 解放後使用エラー, クラッシュ, データ型不一致エラー, リモートコード実行, 無限ループ

ソース：http://www.debian.org/

http://lists.debian.org/debian-security-announce/2011/msg00146.html

http://secunia.com/advisories/44172/

http://secunia.com/advisories/44449/

http://secunia.com/advisories/45149/

http://dvw-j.blogspot.com/2011/04/wireshark.html

http://dvw-j.blogspot.com/2011/06/wireshark.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1590

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1957

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1958

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175

CVE：CVE-2011-1590, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175

危険性：Medium Risk

Red Hat Fedora

ソフト名：Red Hat Fedora 14 (Apache Subversion 1.5.0～1.6.16)

回避策：FEDORA-2011-8341にて対応

脆弱性：DoS攻撃, NULLポインタ参照エラー, クラッシュ, 無限ループ, メモリの浪費

ソース：http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062211.html

http://secunia.com/advisories/44681/

http://secunia.com/advisories/45162/

http://dvw-j.blogspot.com/2011/06/apache-subversion-debian-gnulinux.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921

CVE：CVE-2011-1752, CVE-2011-1783, CVE-2011-1921

危険性：Medium Risk