Feb 20, 2016

脆弱性

Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) (2016/02/14)
http://seclists.org/oss-sec/2016/q1/339

Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (2016/02/10-16)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Vulnerability Note VU#457759
glibc vulnerable to stack buffer overflow in DNS resolver (2016/02/17)
http://www.kb.cert.org/vuls/id/457759
←2048バイトを超えるDNS answerによるbuffer overflow

Our suggested mitigation is to limit the response (i.e., via DNSMasq or similar programs) sizes accepted by the DNS resolver locally as well as to ensure that DNS queries are sent only to DNS servers which limit the response size for UDP responses with the truncation bit set.
Squid Proxy Cache Security Update Advisory SQUID-2016:1 (2016/02/15)
http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
> the bug is exploitable only if Squid is built
> using the --with-openssl option.

No comments: