Daily Vuln Watch Japan

Scull

ソフト名：Puppet Labs Puppet 2.6.10/2.7.4未満, Puppet Labs Puppet Enterprise 1.0/1.1/1.2.x未満, Canonical Ltd. Ubuntu Linux 10.04/10.10

回避策：アップデートにて対応, USN-1217-1にて対応

脆弱性：データ操作, システムアクセス, ディレクトリトラバーサル, 入力サニタイズエラー, ファイル操作

ソース：

http://puppetlabs.com/mcollective/introduction/

http://puppetlabs.com/puppet/puppet-enterprise/

http://www.ubuntu.com/

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

http://www.ubuntu.com/usn/usn-1217-1

http://secunia.com/advisories/46188/

http://secunia.com/advisories/46223/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848

CVE：CVE-2011-3848

危険性：Medium Risk

Scull

ソフト名：Mozilla Firefox 3.6.23未満/6.x, Mozilla SeaMonkey 2.4未満, Mozilla Thunderbird 6.x, Red Hat Desktop 4.x, Red Hat Enterprise Linux AS 4/ES 4/WS 4/5 (Server)/Desktop 5/Desktop Workstation 5/Desktop 6/HPC Node 6/Server 6/Workstation 6, Canonical Ltd. Ubuntu Linux 10.04/10.10

回避策：アップデート, 7.0へのアップグレードにて対応, アップデートにて対応, 7.0へのアップグレードにて対応, RHSA-2011:1341-01, RHSA-2011:1342-01, RHSA-2011:1343-1, RHSA-2011:1344-1にて対応, USN-1210-1, USN-1213-1にて対応

脆弱性：セキュリティ制限の回避, システムアクセス, 不特定のエラー, メモリ破壊, XSS保護の回避, 不正アプリケーションのダウンロード, 不正アプリケーションの実行, バッファオーバーフロー, 不正プラグインのインストール, リモートコード実行, 解放後使用エラー, キーストロークの閲覧, レスポンス分割攻撃, 整数アンダーフローエラー

ソース：

http://www.mozilla.org/en-US/firefox/new/

http://mozilla.jp/firefox/

http://www.seamonkey-project.org/

http://www.mozilla.org/en-US/thunderbird/

http://www.redhat.com/rhel/

http://www.redhat.com/rhel/desktop/

http://www.redhat.com/rhel/server/

http://www.ubuntu.com/

http://www.mozilla.org/security/announce/2011/mfsa2011-36.html

http://www.mozilla.org/security/announce/2011/mfsa2011-37.html

http://www.mozilla.org/security/announce/2011/mfsa2011-38.html

http://www.mozilla.org/security/announce/2011/mfsa2011-39.html

http://www.mozilla.org/security/announce/2011/mfsa2011-40.html

http://www.mozilla.org/security/announce/2011/mfsa2011-41.html

http://www.mozilla.org/security/announce/2011/mfsa2011-42.html

http://www.mozilla.org/security/announce/2011/mfsa2011-43.html

http://www.mozilla.org/security/announce/2011/mfsa2011-44.html

http://www.mozilla.org/security/announce/2011/mfsa2011-45.html

http://www.usenix.org/events/hotsec11/tech/final_files/Cai.pdf

https://rhn.redhat.com/errata/RHSA-2011-1341.html

https://rhn.redhat.com/errata/RHSA-2011-1342.html

https://rhn.redhat.com/errata/RHSA-2011-1343.html

https://rhn.redhat.com/errata/RHSA-2011-1344.html

http://www.ubuntu.com/usn/usn-1210-1/

http://www.ubuntu.com/usn/usn-1213-1/

http://secunia.com/advisories/46171/

http://secunia.com/advisories/46184/

http://secunia.com/advisories/46190/

http://secunia.com/advisories/46192/

http://secunia.com/advisories/46194/

http://secunia.com/advisories/46196/

http://secunia.com/advisories/46203/

http://secunia.com/advisories/46204/

http://secunia.com/advisories/46205/

http://secunia.com/advisories/46217/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2997

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2998

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3001

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3002

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3003

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3004

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3005

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3232

CVE：CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2997, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001, CVE-2011-3002, CVE-2011-3003, CVE-2011-3004, CVE-2011-3005, CVE-2011-3232

危険性：High Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04 (Kernel.org Linux Kernel 2.6.x)

回避策：USN-1216-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, カーネルスタックメモリの曝露, プロセス設定の操作, 不正パケット, メモリの浪費, メモリ破壊, メモリリーク, クラッシュ, イベントオーバーフローエラー, 不正アプリケーション

ソース：

http://www.ubuntu.com/

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001426.html

http://secunia.com/advisories/39080/

http://secunia.com/advisories/42061/

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43846/

http://secunia.com/advisories/44466/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45420/

http://secunia.com/advisories/45533/

http://secunia.com/advisories/46147/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_23.html

http://dvw-j.blogspot.com/2011/05/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://dvw-j.blogspot.com/2011/08/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/08/kernelorg-linux-kernel_19.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4076

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4077

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4805

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918

CVE：CVE-2010-4076, CVE-2010-4077, CVE-2010-4251, CVE-2010-4805, CVE-2011-1020, CVE-2011-1493, CVE-2011-1577, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918

危険性：Medium Risk

Scull

ソフト名：Debian apt 0.x, Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10

回避策：未対応, USN-1215-1にて対応

脆弱性：セキュリティ制限の回避, スプーフィング, マンインミドル攻撃，

ソース：

http://packages.debian.org/search?searchon=sourcenames&keywords=apt

http://www.ubuntu.com/

http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0256.html

http://www.ubuntu.com/usn/usn-1215-1/

http://secunia.com/advisories/46046/

http://secunia.com/advisories/46149/

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10 (GIMP 2.6.11)

回避策：USN-1214-1にて対応

脆弱性：システムアクセス, バッファオーバーフロー, 不正GIFファイル

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1214-1

http://secunia.com/advisories/45621/

http://secunia.com/advisories/46151/

http://dvw-j.blogspot.com/2011/08/gimp.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896

CVE：CVE-2011-2896

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10 (FFmpeg 0.x)

回避策：USN-1209-1にて対応

脆弱性：DoS攻撃, システムアクセス, メモリ破壊, クラッシュ, 不正中国語AVSファイル

ソース：

http://www.ubuntu.com/

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001419.html

http://secunia.com/advisories/43197/

http://secunia.com/advisories/43683/

http://secunia.com/advisories/44378/

http://secunia.com/advisories/45532/

http://secunia.com/advisories/46062/

http://dvw-j.blogspot.com/2011/02/ffmpeg.html

http://dvw-j.blogspot.com/2011/03/google-chrome_11.html

http://dvw-j.blogspot.com/2011/05/ffmpeg.html

http://dvw-j.blogspot.com/2011/08/ffmpeg.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1196

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1931

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362

CVE：CVE-2011-1196, CVE-2011-1931, CVE-2011-2161, CVE-2011-3362

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10 (Common Unix Printing System 1.4.6/1.4.8)

回避策：USN-1207-1にて対応

脆弱性：システムアクセス, バッファオーバーフロー, 不正GIFファイル

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1207-1/

http://secunia.com/advisories/45713/

http://secunia.com/advisories/45796/

http://secunia.com/advisories/46024/

http://dvw-j.blogspot.com/2011/08/common-unix-printing-system.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2896

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3170

CVE：CVE-2011-2896, CVE-2011-3170

危険性：Medium Risk

Scull

ソフト名：Red Hat Fedora 14 (Canonical Ltd. Ubuntu Linux 10.04/10.10)

回避策：FEDORA-2011-11979にて対応

脆弱性：権限の昇格, 不正アクションの実行

ソース：

http://fedoraproject.org/

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065952.html

http://secunia.com/advisories/45747/

http://secunia.com/advisories/46026/

http://dvw-j.blogspot.com/2011/08/canonical-ltd-ubuntu-linux_26.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3145

CVE：CVE-2011-3145

危険性：Low Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10 (Kernel.org Linux Kernel 2.6.x)

回避策：USN-1201-1, USN-1202-1, USN-1203-1, USN-1204-1, USN-1205-1, USN-1208-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, DoS攻撃, システムアクセス, メモリ情報の曝露, プロセス設定の操作, メモリ破壊, メモリリーク, クラッシュ, イベントオーバーフローエラー, 不正アプリケーション, 不正パケット, メモリの浪費, 整数切り捨てエラー, バウンダリエラー, 権限の昇格, CPUリソースの浪費, デリファレンスエラー, NULLポインタ参照エラー, 解放後使用エラー, 入力検証エラー, 無限ループ, ゼロ除算エラー, システムコール

ソース：

http://www.ubuntu.com/

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001411.html

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001412.html

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001413.html

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001415.html

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001418.html

http://secunia.com/advisories/39080/

http://secunia.com/advisories/41002/

http://secunia.com/advisories/41263/

http://secunia.com/advisories/41440/

http://secunia.com/advisories/41493/

http://secunia.com/advisories/42035/

http://secunia.com/advisories/42061/

http://secunia.com/advisories/42126/

http://secunia.com/advisories/42172/

http://secunia.com/advisories/42176/

http://secunia.com/advisories/42187/

http://secunia.com/advisories/43009/

http://secunia.com/advisories/43435/

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43537/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43594/

http://secunia.com/advisories/43806/

http://secunia.com/advisories/43841/

http://secunia.com/advisories/43846/

http://secunia.com/advisories/44220/

http://secunia.com/advisories/44466/

http://secunia.com/advisories/44754/

http://secunia.com/advisories/45420/

http://secunia.com/advisories/45533/

http://secunia.com/advisories/45993/

http://secunia.com/advisories/45996/

http://secunia.com/advisories/45997/

http://secunia.com/advisories/46003/

http://secunia.com/advisories/46007/

http://dvw-j.blogspot.com/2011/01/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/02/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/canonical-ltd-ubuntu-linux_322.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_02.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_08.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_15.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_3101.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_23.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_29.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_22.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_26.html

http://dvw-j.blogspot.com/2011/04/kernelorg-linux-kernel_856.html

http://dvw-j.blogspot.com/2011/05/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/06/kernelorg-linux-kernel_07.html

http://dvw-j.blogspot.com/2011/08/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/08/kernelorg-linux-kernel_19.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3297

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3858

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3859

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3874

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4076

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4077

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4082

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4162

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4169

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4175

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4248

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4256

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4526

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4565

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4668

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4805

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0463

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1010

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1012

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1019

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1082

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1169

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1173

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1833

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2534

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2918

CVE：CVE-2010-3296, CVE-2010-3297, CVE-2010-3858, CVE-2010-3859, CVE-2010-3874, CVE-2010-3880, CVE-2010-4073, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4169, CVE-2010-4175, CVE-2010-4242, CVE-2010-4243, CVE-2010-4248, CVE-2010-4251, CVE-2010-4256, CVE-2010-4526, CVE-2010-4565, CVE-2010-4649, CVE-2010-4668, CVE-2010-4805, CVE-2011-0463, CVE-2011-0521, CVE-2011-0695, CVE-2011-0711, CVE-2011-0712, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1019, CVE-2011-1020, CVE-2011-1044, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1082, CVE-2011-1090, CVE-2011-1093, CVE-2011-1160, CVE-2011-1163, CVE-2011-1169, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1478, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770, CVE-2011-1833, CVE-2011-2022, CVE-2011-2213, CVE-2011-2484, CVE-2011-2492, CVE-2011-2534, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10, Red Hat Enterprise Linux Desktop 6/HPC Node 6/Server 6/Workstation 6 (GNOME Project librsvg 2.34.1未満)

回避策：USN-1206-1にて対応, RHSA-2011:1289-01にて対応

脆弱性：DoS攻撃, システムアクセス, 不正SVG画像, 無効なメモリへの間接参照

ソース：

http://www.ubuntu.com/

http://www.redhat.com/rhel/

http://www.redhat.com/rhel/server/

http://www.redhat.com/rhel/desktop/

http://www.ubuntu.com/usn/usn-1206-1/

https://rhn.redhat.com/errata/RHSA-2011-1289.html

http://secunia.com/advisories/45877/

http://secunia.com/advisories/45992/

http://secunia.com/advisories/46010/

http://dvw-j.blogspot.com/2011/09/gnome-project-librsvg.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146

CVE：CVE-2011-3146

危険性：Medium Risk

Scull

ソフト名：Quassel IRC 0.7.2, Canonical Ltd. Ubuntu Linux 10.04/10.10

回避策：あり, USN-1200-1にて対応

脆弱性：DoS攻撃, プロセスのクラッシュ

ソース：

http://quassel-irc.org/

http://www.ubuntu.com/

http://bugs.quassel-irc.org/issues/1095

http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b

http://www.ubuntu.com/usn/usn-1200-1

http://secunia.com/advisories/45870/

http://secunia.com/advisories/45970/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3354

CVE：CVE-2011-3354

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10, IBM HTTP Server 2.0.42/2.0.47/6.0〜6.0.2.43/6.1〜6.1.0.39/7.0〜7.0.0.17/8.0, Cisco Quad, Novell openSUSE 11.3/11.4, 日立 Web Server 3.x/4.x (Apache 2.2.19)

回避策：USN-1199-1にて対応, あり, 未対応, openSUSE-SU-2011:0993-1にて対応, HS11-019にて対応

脆弱性：DoS攻撃, 不正HTTPのリクエスト, メモリの浪費

ソース：

http://www.ubuntu.com/

http://www-01.ibm.com/software/webservers/httpservers/

http://www-01.ibm.com/software/webservers/httpservers/library/

http://www.cisco.com/en/US/products/ps10668/index.html

http://www.opensuse.org/en/

http://www.hitachi.com/

http://www.ubuntu.com/usn/usn-1199-1/

http://www.ibm.com/support/docview.wss?uid=swg21512087

http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml

http://lists.opensuse.org/opensuse-updates/2011-09/msg00002.html

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html

http://secunia.com/advisories/45606/

http://secunia.com/advisories/45732/

http://secunia.com/advisories/45824/

http://secunia.com/advisories/45865/

http://secunia.com/advisories/45872/

http://secunia.com/advisories/45892/

http://dvw-j.blogspot.com/2011/08/apache.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192

CVE：CVE-2011-3192

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10, Novell openSUSE 11.3 (Mozilla Thunderbird 3.1.12未満)

回避策：USN-1185-1にて対応, openSUSE-SU-2011:0958-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, システムアクセス, 不特定のエラー, メモリ破壊, 解放後使用エラー, 不正Java Scriptコード実行, ポインタ間接参照エラー, リモートコード実行, 不正ライブラリのロード

ソース：

http://www.ubuntu.com/

http://www.opensuse.org/en/

http://www.ubuntu.com/usn/usn-1185-1/

http://lists.opensuse.org/opensuse-updates/2011-08/msg00040.html

http://secunia.com/advisories/45666/

http://secunia.com/advisories/45776/

http://secunia.com/advisories/45844/

http://dvw-j.blogspot.com/2011/08/mozilla-firefox-mozilla-thunderbird-red.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984

CVE：CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984

危険性：High Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10

回避策：USN-1196-1にて対応

脆弱性：権限の昇格, 不正アクションの実行

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1196-1/

http://secunia.com/advisories/45747/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3145

CVE：CVE-2011-3145

危険性：Low Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10 (libwebkit, Google Chrome 4.x/5.x/6.x/7.x/8.x, Apple Safari 4.x/5.x)

回避策：USN-1195-1にて対応

脆弱性：システムアクセス, DoS攻撃, セキュリティ制限の回避, リモートコード実行, 区域外メモリの使用, 未知の脆弱性, DoS攻撃, ブラウザのクラッシュ, 機密情報の奪取, 不特定のエラー, スプーフィング攻撃, DoS攻撃, セキュリティの強度不足, メモリ破壊, 整数オーバーフロー, ポップアップブロッカーの回避, ページ違反エラー, 解放後使用エラー, アウトオブメモリ, バッファオーバーフロー

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1195-1/

http://secunia.com/advisories/40479/

http://secunia.com/advisories/40743/

http://secunia.com/advisories/41014/

http://secunia.com/advisories/41242/

http://secunia.com/advisories/41390/

http://secunia.com/advisories/41888/

http://secunia.com/advisories/42109/

http://secunia.com/advisories/42264/

http://secunia.com/advisories/42472/

http://secunia.com/advisories/42605/

http://secunia.com/advisories/42850/

http://secunia.com/advisories/43193/

http://secunia.com/advisories/45694/

http://dvw-j.blogspot.com/2010/07/google-chrome.html

http://dvw-j.blogspot.com/2010/07/google-chrome_28.html

http://dvw-j.blogspot.com/2010/08/google-chrome.html

http://dvw-j.blogspot.com/2010/09/google-chrome.html

http://dvw-j.blogspot.com/2010/09/google-chrome_17.html

http://dvw-j.blogspot.com/2010/10/google-chrome.html

http://dvw-j.blogspot.com/2010/11/google-chrome.html

http://dvw-j.blogspot.com/2010/11/apple-safari_23.html

http://dvw-j.blogspot.com/2010/12/google-chrome.html

http://dvw-j.blogspot.com/2010/12/google-chrome_15.html

http://dvw-j.blogspot.com/2011/01/google-chrome.html

http://dvw-j.blogspot.com/2011/02/google-chrome.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1824

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2646

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2651

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2900

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3120

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3254

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4042

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4199

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4492

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4577

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4578

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0482

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0778

CVE：CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900, CVE-2010-3120, CVE-2010-3254, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040, CVE-2010-4042, CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204, CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577, CVE-2010-4578, CVE-2011-0482, CVE-2011-0778

危険性：High Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10 (The Linux Foundation Foomatic 4.0.6)

回避策：USN-1194-1にて対応

脆弱性：システムアクセス, ローカルコマンド挿入, ローカルコマンド実行

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1194-1/

http://secunia.com/advisories/45196/

http://secunia.com/advisories/45716/

http://dvw-j.blogspot.com/2011/07/linux-foundation-foomatic.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2697

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964

CVE：CVE-2011-2697, CVE-2011-2964

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 8.04 (Kernel.org Linux Kernel 2.6.X)

回避策：USN-1189-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, DoS攻撃, システムアクセス, メモリ情報の曝露, プロセス設定の操作, カーネルメモリの曝露, バッファオーバーフロー, バウンダリエラー, メモリ破壊

ソース：

http://www.ubuntu.com/

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-August/001398.html

http://secunia.com/advisories/43496/

http://secunia.com/advisories/43537/

http://secunia.com/advisories/43576/

http://secunia.com/advisories/43841/

http://secunia.com/advisories/43846/

http://secunia.com/advisories/44466/

http://secunia.com/advisories/45707/

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_02.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_16.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_29.html

http://dvw-j.blogspot.com/2011/03/kernelorg-linux-kernel_23.html

http://dvw-j.blogspot.com/2011/05/kernelorg-linux-kernel.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1160

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492

CVE：CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1493, CVE-2011-2492

危険性：Medium Risk

Scull

ソフト名：Debian GNU/Linux 5.0/6.0, Canonical Ltd. Ubuntu Linux 10.04/10.10 (Mozilla Firefox 3.6.20未満, Mozilla Thunderbird 3.1.12未満)

回避策：DSA-2296-1, DSA-2297-1にて対応, USN-1184-1にて対応

脆弱性：セキュリティ制限の回避, 機密情報の奪取, システムアクセス, 不特定のエラー, メモリ破壊, 解放後使用エラー, 不正Java Scriptコード実行, ポインタ間接参照エラー, リモートコード実行, 不正ライブラリのロード

ソース：

http://www.debian.org/

http://www.ubuntu.com/

http://lists.debian.org/debian-security-announce/2011/msg00170.html

http://lists.debian.org/debian-security-announce/2011/msg00171.html

https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-August/001397.html

http://secunia.com/advisories/45666/

http://secunia.com/advisories/45612/

http://secunia.com/advisories/45647/

http://secunia.com/advisories/45688/

http://secunia.com/advisories/45718/

http://dvw-j.blogspot.com/2011/08/mozilla-firefox-mozilla-thunderbird-red.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984

CVE：CVE-2011-0084, CVE-2011-2378, CVE-2011-2980, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984

危険性：High Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 10.04/10.10 (X.Org libXfont 1.4.4未満)

回避策：USN-1191-1にて対応

脆弱性：権限の昇格, バウンダリエラー, 不正フォントファイル, バッファオーバーフロー

ソース：

http://www.ubuntu.com/

http://www.ubuntu.com/usn/usn-1191-1/

http://secunia.com/advisories/45544/

http://secunia.com/advisories/45638/

http://dvw-j.blogspot.com/2011/08/xorg-libxfont.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895

CVE：CVE-2011-2895

危険性：Medium Risk

Scull

ソフト名：Canonical Ltd. Ubuntu Linux 8.04/10.04/10.10, Red Hat Desktop 4.x, Red Hat Enterprise Linux AS 4/ES 4/WS 4/5 (Server)/Desktop 5/Desktop Workstation 5/Desktop 6/HPC Node 6/Server 6/Workstation 6 (Internet Software Consortium ISC DHCP 3.1.0〜3.1-ESV-R1/4.1.0〜4.1.2rc1/4.1-ESV〜4.1-ESV-R3b1/4.2.0〜4.2.2rc1)

回避策：USN-1190-1にて対応, RHSA-2011:1160-1にて対応

脆弱性：DoS攻撃, 不特定のエラー, サーバの停止

ソース：

http://www.ubuntu.com/

http://www.redhat.com/rhel/

http://www.redhat.com/rhel/desktop/

http://www.redhat.com/rhel/server/

http://www.ubuntu.com/usn/usn-1190-1/

http://rhn.redhat.com/errata/RHSA-2011-1160.html

http://secunia.com/advisories/45582/

http://secunia.com/advisories/45629/

http://secunia.com/advisories/45639/