$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Tue Nov 10 16:51:50 2009 +0900 (JST)


$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B


$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998


[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B


www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2009.11.10

$B"#(B $B%;%-%e%j%F%#%"%C%W%G!<%H(B 2009-006 / Mac OS X v10.6.2 $B$K$D$$$F(B
(Apple, 2009.11.09)

$B!!(BMac OS X 10.5.8 $BMQ(B patch $B$*$h$S(B Mac OS X 10.6.2 $BEP>l!#(B $B$I$&$d$i(B Mac OS X 10.4.x $B$N%5%]!<%H$O=*N;$7$?$h$&$G$9!#(B $B$"$$$+$o$i$:%5%]!<%H%]%j%7!<$,$h$/$o$+$i$J$$!#(B


$B"#(B 2009.11.09

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!(B$B%<%m$N%W%l%9%j%j!<%9(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.11.07)

Renegotiating TLS

$B!!4XO"(B:

$B"#(B LAN$B@\B3%O!<%I%G%#%9%/!V(BHDL-GT$B!?(BGTR$B!?(BGTR2U$B!W%7%j!<%:!!$40&MQ$N$*5RMM$X$N$40FFb(B
(IO DATA, 2009.11.09)

$B!!(BIO DATA $B$N(B LAN $B@\B3%O!<%I%G%#%9%/!V(BHDL-GT$B!?(BGTR$B!?(BGTR2U$B!W%7%j!<%:$N0lIt$NEE8;$K7g4Y$,$"$j!"H/1l$9$k>l9g$,$"$k$=$&$@!#MxMQ$B%7%j%"%kHV9f$r3NG'(B$B$7!"3:Ev$9$k>l9g$O(B$B%U%!!<%`%&%'%"$r99?7(B$B$7$h$&!#(B


$B"#(B 2009.11.07


$B"#(B 2009.11.06

$B"#(B Renegotiating TLS
(extendedsubset.com, 2009.11.04 (v1.1))

$B!!(BSSL / TLS $B$N:F%M%4%7%(!<%7%g%s=hM}$K%W%m%H%3%k>e$N7g4Y$,$"$j!"(B HTTPS $B$K$*$$$FCf4V2pF~967b(B (Man-In-The-Middle $B967b(B) $B$rKI$2$J$$!"$H$$$&;XE&!#(B $B$&$%$`!D!D!#(B

2009.11.09 $BDI5-(B:

$B!!4XO"(B:

$B"#(B Vulnerability in the BlackBerry Desktop Manager allows remote code execution
(BlackBerry, 2009.11.04)

$B!!(BBlackBerry Desktop Manager $B$,;HMQ$9$k(B Lotus Notes Intellisync DLL $B$K7g4Y!#(B ActiveX $B$M$?!#(B CVE-2009-0306

$B!!(BBlackBerry Desktop Software version 5.0.1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Stable Channel Update: Google Chrome 3.0.195.32
(Google Chrome Releases blog, 2009.11.05)

$B!!(BGoogle Chrome 3.0.195.32 $BEP>l!#0J2<$,=$@5$5$l$F$$$k!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2009 $BG/(B 11 $B7n(B
(Microsoft, 2009.11.06)

$B!!$b$&$=$s$J5(@a$G$9!#6[5^(B x 3$B!"=EMW(B x 3$B!#=EMW$NCf$K(B Office $B$,(B 2 $B$DF~$C$F$^$9(B (Excel $B$H(B Word)$B!#(B

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:


$B"#(B 2009.11.05

$B"#(B $B$$$m$$$m(B (2009.11.05)
(various)

$B"#(B APSB09-16: Security updates available for Shockwave Player
(Adobe, 2009.11.03)

$B!!(BShockwave Player 11.5.1.601 $B0JA0$K(B 5 $B$D$N7g4Y(B ($BG$0U$N%3!<%I$NCVE-2009-3463 CVE-2009-3464 CVE-2009-3465 CVE-2009-3466 $B!"(BDoS x 1 - CVE-2009-3244 )$B!#(B

$B!!(BShockwave Player 11.5.2.602 $B$G=$@5$5$l$F$$$k!#(B http://get.adobe.com/shockwave/ $B$+$iF~http://www.adobe.com/jp/shockwave/welcome $B$G3NG'$G$-$k$_$?$$(B

$B"#(B $BDI5-(B

F-Secure / Symantec / McAfee Generic PDF detection bypass

$B!!(BF-Secure $B8x<0(B: Security Advisory FSC-2009-3 (F-Secure, 2009.10.29)$B!#<+F099?7$K$FBP1~!#(B

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!(B2009.11.03$B!A(B04 $B$K%^%9%4%_3F

$B!!4XO"(B:

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)

$B!!4XO"(B:

Advance notification of Security Updates for Java SE

$B!!(BJDK and JRE 6 Update 17 / 5.0 Update 22 $B=P$?$_$?$$$G$9!#(BSDK and JRE 1.4.2_24 / 1.3.1_27 $B$O(B EOL $B2a$.$F$^$9$+$i!"0lHL8x3+$O$5$l$^$;$s!#(B


$B"#(B 2009.11.04

$B"#(B $BDI5-(B

Microsoft 2009 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BYou receive a VBScript "Type Mismatch" script error message in Internet Explorer after you install cumulative security update 974455 (Microsoft KB976749) $B$,2~D{$5$l$?!#(BMS09-054 $B$NI{:nMQ$X$N=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B


$B"#(B 2009.11.02

$B"#(B $BDI5-(B

$B9u$$2hLL$K%^%&%9%+!<%=%k(B (Win32/Daonol)


$B"#(B 2009.11.01

$B"#(B $BDI5-(B

APSB09-15: Security Advisory for Adobe Reader and Acrobat

$B!!F|K\8lHG(B: APSB09-15: Adobe Reader$B$*$h$S(BAcrobat$BMQ%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe, 2009.10.30)$B!#$7$+$7!"KhEYKhEY!"F|K\8lHG$N%j%j!<%9$K$I$&$7$F$3$s$J$K;~4V$,$+$+$k$s$G$7$g$&!#F|K\$N%f!<%6$rGO

Microsoft 2009 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS09-056 patch $B$K$O(B Communications Server 2005 / 2007 $BJ}LL$GI{:nMQ$,$"$k$=$&$G!"=$@5%W%m%0%i%`$,8x3+$5$l$F$^$9!#(B

$B%5%s%7%c%$%sKR>l(B $B%"%$%F%`2]6b(B

$B!!4XO"(B: $B%5%s%7%c%$%sKR>l!&2]6b%7%9%F%`$NLdBj$K$D$$$F$N%"%J%&%s%9(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2009.10.31)

$B"#(B US-CERT$B!"!V(BBlackBerry$B!W$NDLOC$rEpD0$9$k%"%W%j$r7Y9p(B
(CNET, 2009.10.28)

$B!!$3$NOC(B:


$B2a5n$N5-;v(B: 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998


[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]