$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Fri Dec 16 21:35:43 2011 +0900 (JST)
$BC;=L(B URL: http://goo.gl/pwSG$B!!(BQR $B%3!<%I(B: http://goo.gl/pwSG.qr

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B45$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B109$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B172$BI<(B)
$B2f$i9_Iz$;$:!]%5%$%Q%s6L:U@o$N685$$H?? ($B8=:_(B136$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2011.12.16

$B"#(B $BDI5-(B

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!(BAdvisory $B$,2~D{$5$l$^$7$?!#(BAdobe Reader / Acrobat 9.x $B$N99?7$O(B 2011.12.16 (US $B;~4V(B) $B$K8x3+$5$l$k$=$&$G$9!#$D$^$jL@F|!#(B

$B"#(B $B!ZCm0U4-5/![(BphpMyAdmin$B$N@H
(LAC, 2011.12.16)

$B!!(BphpMyAdmin $B$N7g4Y(B CVE-2011-2505 CVE-2011-2506 $B$rA@$C$?967b$,N.9T$C$F$$$k$=$&$G$9!#(B $B$3$N967b$r2sHr$9$k$K$O!"(BphpMyAdmin $B$r(B 3.3.10.2 / 3.4.3.1 $B0J9_$K99?7$7$F$/$@$5$$!#(B ($BB>$K$b%;%-%e%j%F%#7g4Y$,$"$j=$@5$5$l$F$$$k$N$G!":G?7$N(B 3.3.10.5 / 3.4.8 $B$K99?7$7$F$/$@$5$$(B)

$B!!(BphpMyAdmin $B$r30It$+$i$O%"%/%;%9$G$-$J$$$h$&@_Dj$9$k$N$b8z2LE*$G$9!#(B

$B!!4XO"(B:

$B"#(B 2011.12.15

$B"#(B $B%;%-%e%j%F%#%"%C%W%G!<%H!'(BColdFusion$BMQ%[%C%H%U%#%C%/%98x3+(B
(Adobe, 2011.12.13)

$B!!(BColdFusion 9.0.1 $B0JA0$K(B 2 $B$D$N(B XSS $B7g4Y(B CVE-2011-2463 CVE-2011-4368 $B!#(B $B99?7%U%!%$%k(B$B$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!1Q8lHG(B Advisory: APSB11-29: Security update: Hotfix available for ColdFusion (Adobe, 2011.12.13)

$B"#(B $BDI5-(B

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!4XO"(B:

$B"#(B 2011.12.14

$B"#(B $BDI5-(B

PuTTY version 0.62 is released

$B!!(Bhdk $B$5$s$N(B PuTTYjp $B$,(B 0.62 $B%Y!<%9$K$J$C$F$^$9!#(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!(BMS11-087 - $B6[5^(B: Windows $B%+!<%M%k%b!<%I(B $B%I%i%$%P!<$N@H $B$G=$@5$5$l$^$7$?!#(B

$B"#(B Microsoft 2011 $BG/(B 12 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2011.12.14)

$B!!$b$&(B 1 $B8D$"$l$P(B 3 $B7e$@$C$?$N$K(B ($B$=$&$$$&LdBj$8$c$J$$(B)$B!#(B

MS11-087 - $B6[5^(B: Windows $B%+!<%M%k%b!<%I(B $B%I%i%$%P!<$N@H

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B TrueType $B%U%)%s%H(B $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,J8=q%U%!%$%k$d96N,(B Web $B%Z!<%8$r1\Mw$9$k$HG$0U$N%3!<%I$,CVE-2011-3402$B!#(BExploitability Index: 1

$B!!(B$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B $B$N7o!#(B

$B!!4XO"(B: More information on MS11-087 (Microsoft Security Research & Defense, 2011.12.13)

MS11-088 - $B=EMW(B: Microsoft Office IME ($BCf9q8lHG(B) $B$N@H:3J$5$l$k(B (2652016)

$B!!(BMicrosoft Pinyin IME 2010 $B$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(BCVE-2011-2010 $B!#(BExploitability Index: 1

MS11-089 - $B=EMW(B: Microsoft Office $B$N@H

$B!!(BOffice 2007 / 2010$B!"(BOffice for Mac 2011 $B$K7g4Y!#(B Word $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,(B Word $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2011-1983$B!#(BExploitability Index: 1

MS11-090 - $B6[5^(B: ActiveX $B$N(B Kill Bit $B$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (2618451)

$B!!(BWindows XP / Server 2003 $B$K7g4Y!#(BMicrosoft Time $B$N%3%s%]!<%M%s%H(B (DATIME.DLL) $B$N(B Active X $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B Web $B%5%$%H$r1\Mw$9$k$HG$0U$N%3!<%I$,CVE-2011-3397$B!#(B Exploitability Index: 1

$B!!$"$o$;$F!"(B3rd party $B@=(B Active X $B%3%s%H%m!<%k(B 4 $B$D$K(B kill bit $B$,@_Dj$5$l$k!#(B

$B!!4XO"(B: More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090) (Microsoft Security Research & Defense, 2011.12.13)

MS11-091 - $B=EMW(B: Microsoft Publisher $B$N@H

$B!!(BPublisher 2003 / 2007 $B$K(B 4 $B$D$N7g4Y!#(B

  • Publisher $B$N4X?t%]%$%s%?!<>e=q$-$N@HCVE-2011-1508

    $B@H2A$5$l$F$$$^$9!#(B

    $B$I$s$JA`:n$J$s$@$m$&!D!D!#(B Exploitability Index: N/A

  • Publisher $B$N6-3&30$NG[Ns$N%$%s%G%C%/%9$N@HCVE-2011-3410

    Exploitability Index: 1

  • Publisher $B$NL58z$J%]%$%s%?!<$N@HCVE-2011-3411

    Exploitability Index: 1

  • Publisher $B$N%a%b%jGKB;$N@HCVE-2011-3412

    Exploitability Index: 2

MS11-092 - $B6[5^(B: Windows Media $B$N@H

$B!!(BWindows XP / Vista / 7 $B$K7g4Y!#(BWindow Media Player / Windows Media Center $B$K7g4Y$,$"$j!"96N,(B Digital Video Recording (.dvr-ms) $B%U%!%$%k$r3+$/$HG$0U$N%3!<%I$,CVE-2011-3401$B!#(BExploitability Index: 1

MS11-093 - $B=EMW(B: OLE $B$N@H

$B!!(BWindows XP / Server 2003 $B$K7g4Y!#(BOLE $B%*%V%8%'%/%H$N07$$$K7g4Y$,$"$j!"96N,(B OLE $B%*%V%8%'%/%H$r3+$/$3$H$GG$0U$N%3!<%I$,CVE-2011-3400$B!#(BExploitability Index: 1

MS11-094 - $B=EMW(B: Microsoft PowerPoint $B$N@H

$B!!(BPowerPoint 2007 SP2 / 2010 gold$B!"(BOffice 2008 for Mac$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B SP2$B!"(BPowerPoint Viewer 2007 SP2 $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(BPowerPoint 2007 SP3 / 2010 SP1$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/(B SP3$B!"(BPowerPoint Viewer 2007 SP3 $B$K$O$3$N7g4Y$O$J$$!#(B

MS11-095 - $B=EMW(B: Active Directory $B$N@H

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 (Itanium-based $B$r=|$/(B) $B$K7g4Y!#(BActive Directory$B!"(BActive Directory Application Mode (ADAM)$B!"(BActive Directory Lightweight Directory Service (AD LDS) $B$K7g4Y$,$"$j!"%I%a%$%s%m%0%*%s8e$K96N,%"%W%j%1!<%7%g%s$rCVE-2011-3406$B!#(BExploitability Index: 1

MS11-096 - $B=EMW(B: Microsoft Excel $B$N@H

$B!!(BExcel 2003$B!"(BOffice 2004 for Mac $B$K7g4Y!#(BExcel $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,CVE-2011-3403$B!#(BExploitability Index: 1

MS11-097 - $B=EMW(B: Windows $B%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`$N@H:3J$5$l$k(B (2620712)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`(B (CSRSS) $B$N(B Csrsrv.dll $B$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B CVE-2011-3408$B!#(BExploitability Index: 1

MS11-098 - $B=EMW(B: Windows $B%+!<%M%k$N@H:3J$5$l$k(B (2633171)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 $B$N!"$$$:$l$b(B 32bit $BHG$K7g4Y!#(BWindows $B%+!<%M%k$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B64bit $BHG$K$O$3$N7g4Y$O$J$$!#(BCVE-2011-2018$B!#(BExploitability Index: 1

MS11-099 - $B=EMW(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (2618444)

$B!!(BIE 6 / 7 / 8 / 9 $B$K(B 3 $B$D$N7g4Y!#(B

$B!!4XO"(B: MS11-099: Cumulative Security Update for Internet Explorer: December 13, 2011 (Microsoft KB 2618444)$B!#(B $BK\99?7%W%m%0%i%`$K$*$1$k!"4{CN$NIT6q9g$d!"Hs%;%-%e%j%F%#$J=$@50lMw$,7G:\$5$l$F$$$k!#(B

$B!!4XO"(B:

$B"#(B Google Chrome Stable Channel Update
(Google, 2011.12.12)

$B!!(BChrome 16.0.912.63 $B=P$F$^$9!#(B15 $B7o=$@5!#(BPDF $B$,$i$_$N=$@5$,(B 4 $B$D$G$9$+!#(B

$B"#(B 2011.12.13

$B"#(B $B$$$m$$$m(B (2011.12.13)
(various)

$B"#(B PuTTY version 0.62 is released
(Simon Tatham, 2011.12.10)

$B!!(BPuTTY 0.59$B!A(B0.61 $B$K7g4Y!#(BSSH keyboard-interactive $BG'>Z$K$*$$$F!"%Q%9%o!<%I$,%a%b%jFb$KJ]B8$5(Bl$F$7$^$&$?$a!"%a%b%j%"%/%;%92DG=$J%W%m%0%i%`$+$i

$B!!(BPuTTY 0.62 $B$G=$@5$5$l$F$$$k!#$?$@$7!"(BPuTTY vulnerability password-not-wiped $B$K$O$3$s$J5-:\$b$"$k!#(B

However, it is still unavoidably very dangerous if malicious software is in a position to read the memory of your PuTTY processes: there is still a lot of sensitive data in there which cannot be wiped because it's still being used, e.g. session keys. If you're using public-key authentication and malware can read a Pageant process, that's even worse, because the decrypted private keys are stored in Pageant! This fix somewhat mitigates the risks, but no fix can eliminate them completely.

$B!!(BPuTTY 0.62 $B$K$*$$$F$b!"%;%C%7%g%s80$r$O$8$a$H$7$F!"BgNL$N%;%s%7%F%#%V>pJs$,%a%b%j>e$KB8:_$9$k!#$^$?(B Pageant $B$r;H$C$F8x3+80G'>Z$r9T$&>l9g$K$O!"I|9f$5$l$?%W%i%$%Y!<%H80$,(B Pageant $B%W%m%;%9Fb$KJ]B8$5$l$k!#(B

$B!!$J$*!"M-;V$K$h$kF|K\8lHG$N>u67$O$3$&$J$C$F$^$9(B:

2011.12.14 $BDI5-(B:

$B!!(Bhdk $B$5$s$N(B PuTTYjp $B$,(B 0.62 $B%Y!<%9$K$J$C$F$^$9!#(B

$B"#(B Secunia Research: Winamp AVI Parsing Two Integer Overflow Vulnerabilities
(secunia, 2011.12.12)

$B!!(BWinamp 5.622 $B$K7g4Y!#(Binteger overflow $B$K$h$C$F(B heap-based buffer overflow $B$,H/@8!"96N,(B AVI $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2011-3834

$B!!(BWinamp 5.623 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2011.12.12

$B"#(B $BDI5-(B

Android$B7HBSEy$NA4MzNr!"%W%j%$%s%9%H!<%k$GL5CG<}=8!J(BWIRED.jp$B!K(B

$B!!4XO"(B:

JVN#94002296: FFFTP $B$K$*$1$k

$B!!$3$A$i$NJ}$,>\$7$$(B: FFFTP 1.98c$B0JA0$KB8:_$9$k@H (sourceforge.jp, 2011.12.09)

$B8x=0L5@~(BLAN$B$N(BConnectFree$B!"MxMQ$9$k$H(BTwitter ID$B$H(BFacebook$B$r(BMAC$B%"%I%l%9$HI3$E$1$i$l!"$$$D$I$3$G$I$N%5%$%H$r1\Mw$7$?$+<}=8$5$l$k$i$7$$(B

$B!!(B$B8x=0L5@~(BLAN$B$K$h$kDL?.K5 ($B?eL57n$P$1$i$N$($SF|5-(B, 2011.12.11)

$B"#(B ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
(TippingPoint, 2011.12.08)

$B!!(BTrendMicro Control Manager 5.5 $B$K7g4Y!#(BCmdProcessor.exe $B%5!<%S%9$K7g4Y$,$"$j!"96N,(B IPC $B%Q%1%C%H$K$h$C$F(B buffer overflow $B$,H/@8!"(Bremote $B$+$iG$0U$N%3!<%I$r

$B!!(BTrend Micro Control Manager 5.5 $B$N(B Critical Patch - Build 1613 (trendmicro, 2011.11.10) $B$G=$@5$5$l$F$$$k$N$,$3$N7g4Y$N$h$&$J$N$@$,!"(B$BF|K\$N%@%&%s%m!<%I%Z!<%8(B$B$K$O(B Build 1613 $B$O$^$@B8:_$7$J$$$h$&$@!#(B

$B"#(B 2011.12.11

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2011.11.10)

$B!!Ccd%$N7o!"(B2.4.4 $BMQ$N(B patch $B$,=P$F$$$^$9!#$^$?(B Debian $B$G$O(B Advisory $B=P$F$^$9(B: DSA-2361-1 chasen -- $B%P%C%U%!%*!<%P%U%m!<(B$B!#$d$^$M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2011.12.09

$B"#(B Newest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
(SANS ISC, 2011.12.08)

$B!!(BFlash Player 11.1.102.55 $B0JA0$K(B 0-day $B7g4Y!#4{$K(B PoC $B$b8x3+$5$l$F$$$k!#(B Adobe $B$+$i$N>pJs$O$^$@$J$$!#(B

$B"#(B 2011 $BG/(B 12 $B7n(B 14 $BF|$N%;%-%e%j%F%#(B $B%j%j!<%9M=Dj(B ($B7nNc(B)
($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2011.12.09)

$B!!(B14 $B7o(B ($B6[5^(B x 3$B!"=EMW(B x 11) $B$rM=Dj!#(B IE $B$"$j!"(BOffice $B$"$j!#(B SA 2639658: TrueType $B%U%)%s%H2r@O$N@H:3J$5$l$k(B$B$N7o!"(B SA2588513: SSL/TLS $B$N@HpJsO3$($$$,5/$3$k(B$B$N7o$b=$@5$5$l$kM=Dj!#(B

$B"#(B $BDI5-(B

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!(BSykipot $B$K$h$k967b$N>\:Y(B ($B%7%^%s%F%C%/(B, 2011.12.09)

C|Net Download.Com is now bundling Nmap with malware!

$B!!(BDownload.com "apologises" for bundling (H Online, 2011.12.08)

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!4XO"(B:

About the security content of iTunes 10.5.1

$B!!(BFinFisher $B4XO"(B:

$B"#(B $B$$$m$$$m(B (2011.12.09)
(various)

$B"#(B Pwning Java update process 2007-Today
(infobytesec.com, 2011.12.07)

$B!!(BiTunes 10.5.1 $B$G=$@5$5$l$?(B$B$b$N$HF1MM$N7g4Y$,(B Java $B$K$b$"$j!"$3$A$i$O$^$@=$@5$5$l$F$$$J$$!"$H$$$&;XE&!#(B

$B"#(B JVN#94002296: FFFTP $B$K$*$1$k
(JVN, 2011.12.09)

$B!!(BFFFTP 1.98c $B0JA0$N%U%!%$%kFI$_9~$_=hM}$K7g4Y$,$"$j!"G$0U$N%3!<%I$rCVE-2011-4266

$B!!(BFFFTP 1.98d $B$G=$@5$5$l$F$$$k!#(B

2011.12.12 $BDI5-(B:

$B!!$3$A$i$NJ}$,>\$7$$(B: FFFTP 1.98c$B0JA0$KB8:_$9$k@H (sourceforge.jp, 2011.12.09)

$B"#(B 2011.12.08

$B"#(B Security Advisory - DHCP Regular Expressions Segfault
(ISC, 2011.12.07)

$B!!(BISC DHCP 4.x $B$K7g4Y!#(BDHCP $B%5!<%P$K$*$1$k@55,I=8=$NI>2A$K7g4Y$,$"$j!"(B DHCP $B%5!<%P$K$*$$$F@55,I=8=$K$h$kI>2A$r9T$&$h$&@_Dj$7$F$$$k$H!"(B $B96N,(B DHCP Request $B%Q%1%C%H$K$h$j(B ISC DHCP $B%5!<%P$r(B crash $B$5$;$i$l$k!#(B

$B!!(BISC DHCP 4.1-ESV-R4 / 4.2.3-P1 $B$G=$@5$5$l$F$$$k!#$*$*$+$o$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B C|Net Download.Com is now bundling Nmap with malware!
(seclists.org, 2011.12.05)

$B!!(BCNET $B$,1?1D$9$k(B download.com $B$+$i(B Nmap $B$r%@%&%s%m!<%I$9$k$H!"$J$<$+(B download.com $BFH<+$N%$%s%9%H!<%i$,>!

2011.12.09 $BDI5-(B:

$B!!(BDownload.com "apologises" for bundling (H Online, 2011.12.08)

$B"#(B TLS1.2$B$K$*$1$k(BTruncated HMAC$BMxMQ;~$N@H
(IIJ-SECT, 2011.12.07)

$B!!%W%m%H%3%k$N7g4Y$@$=$&$G$9!#(BCBC $B%b!<%I;~$N$_H/8=!#(B

$B"#(B $BDI5-(B

BIND 9 Resolver crashes after logging an error in query.c

$B!!(BISC $B$N%"%I%P%$%6%j(B$B$,2~D{$5$l$F$$$k!#(B

  • $B4QB,$5$l$?;v>](B (named $B%/%i%C%7%e(B) $B$O!"967b$G$O$J$/;v8N$G$"$C$?!#(B

  • named $B$r%-%c%C%7%e(B DNS $B%5!<%P$H$7$F$N$_1?MQ$7$F$$$k>l9g$K$O!"(Bnamed.conf $B$K(B minimal-responses yes; $B$rDI2C$9$k$3$H$G2sHr$G$-$k$3$H$,H=L@$7$?!#(B CVE-2011-4313 FAQ and Supplemental Information $B$r;2>H!#(B $B%"%C%W%G!<%H$,?d>)$5$l$F$$$k$N$OJQ$o$i$J$$!#(B

$B!!4XO"(B:

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!(BU3D ($B%f%K%P!<%5%k(B 3D) $B$H$$$&$N$O!"(B3D $B%G!<%?$N$?$a$N%U%!%$%k7A<0$N(B 1 $B$D$J$N$G$9$M!#$3$l$r(B PDF $B%U%!%$%k$KKd$a9~$a$k$H!#(B

$B!!$=$NB>(B:

$B"#(B 2011.12.07

$B"#(B $BDI5-(B

Android$B7HBSEy$NA4MzNr!"%W%j%$%s%9%H!<%k$GL5CG<}=8!J(BWIRED.jp$B!K(B

$B!!4XO"(B:

$B"#(B APSA11-04: Security Advisory for Adobe Reader and Acrobat
(Adobe, 2011.12.06)

$B!!(BAdobe Reader / Acrobat 9.x / 10.x $B$KG$0U$N%3!<%I$N7$/(B 0-day $B7g4Y!#I8E*7?967b$K0-MQ$5$l$k;vNc$,3NG'$5$l$F$$$k!#3NG'$5$l$F$$$kI8E*$O(B Windows $BHG(B Adobe Reader 9.x$B!#(B CVE-2011-2462

$B!!(Bpatch $B$O$^$@$J$$!#(BWindows $BHG(B Adobe Reader / Acrobat 9.x $B$K$D$$$F$O!"(B2011.12.12 $B$N=5$,=*$k$^$G$K$O(B patch $B$,MQ0U$5$l$k!#(BAdobe Reader 10.x (Adobe Reader X) $B$NJ]8n%b!<%I!"(BAcrobat 10.x (Acrobat X) $B$NJ]8n$5$l$?%S%e!<$O$3$N7g4Y$rFM$$$?967b$rKI8f$G$-$F$$$k$?$a!"$3$l$i$K$D$$$F$O

$B!!$H$$$&$o$1$J$N$G!"(BWindows $BHG(B Adobe Reader / Acrobat 9.x $B$O!"2DG=$G$"$l$P:#$9$0(B 10.x ($B:G?7$O(B 10.1.1) $B$K99?7$9$k$N$,$h$$$@$m$&!#4XO"(B:

2011.12.08 $BDI5-(B:

$B!!(BU3D ($B%f%K%P!<%5%k(B 3D) $B$H$$$&$N$O!"(B3D $B%G!<%?$N$?$a$N%U%!%$%k7A<0$N(B 1 $B$D$J$N$G$9$M!#$3$l$r(B PDF $B%U%!%$%k$KKd$a9~$a$k$H!#(B

$B!!$=$NB>(B:

2011.12.09 $BDI5-(B:

$B!!(BSykipot $B$K$h$k967b$N>\:Y(B ($B%7%^%s%F%C%/(B, 2011.12.09)

2011.12.15 $BDI5-(B:

$B!!4XO"(B:

2011.12.16 $BDI5-(B:

$B!!(BAdvisory $B$,2~D{$5$l$^$7$?!#(BAdobe Reader / Acrobat 9.x $B$N99?7$O(B 2011.12.16 (US $B;~4V(B) $B$K8x3+$5$l$k$=$&$G$9!#$D$^$jL@F|!#(B

$B"#(B 2011.12.06

$B"#(B $B0lIt$N(B Android $BC
(engadget, 2011.12.03)

$B!!(BAndroid $B%"%W%j$OL@<(E*$KF@$i$l$?8"8B$NHO0O$N$_$GF0:n$r5v2D$5$l$k!D!D$O$:$J$N$@$,!"

$B8&5f

$B!!(BGoogle Nexus One (Android 2.3.3) / Nexus S (Android 2.3.3) $B$b4^$^$l$F$$$k$3$H$KCm0U!#(B

$B!!86O@J8(B: Systematic Detection of Capability Leaks in Stock Android Smartphone (ncsu.edu)$B!#(BWoodpecker $B$H$$$&%D!<%k$r:n@.$7$F8!::$7$?$=$&$G!#(B

$B"#(B $B$$$m$$$m(B (2011.12.06)
(various)

$B"#(B Opera 11.60 for Windows changelog
(Opera, 2011.12.06)

$B!!(BOpera 11.60 ($B%^%0%m(B) $B=P$^$7$?!#%;%-%e%j%F%#=$@5$b4^$^$l$F$$$^$9!#(B

  • Fixed a moderately severe issue; details will be disclosed at a later date
  • Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory
  • Improved handling of certificate revocation corner cases
  • Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory
  • Fixed an issue where the JavaScript "in" operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

$B!!(BCVE-2011-4687 CVE-2011-4686 CVE-2011-4685 CVE-2011-4684 CVE-2011-4683 CVE-2011-4682 CVE-2011-4681

$B!!4XO"(B: 11.60 goes final (MyOpera, 2011.12.06)

$B"#(B $BDI5-(B

$B8x=0L5@~(BLAN$B$N(BConnectFree$B!"MxMQ$9$k$H(BTwitter ID$B$H(BFacebook$B$r(BMAC$B%"%I%l%9$HI3$E$1$i$l!"$$$D$I$3$G$I$N%5%$%H$r1\Mw$7$?$+<}=8$5$l$k$i$7$$(B

$B!!(B$B$*5RMM>pJs$N ($B%3%M%/%H%U%j!<(B, 2011.12.05)

$B"#(B 2011.12.05

$B"#(B $BDI5-(B

Android$B7HBSEy$NA4MzNr!"%W%j%$%s%9%H!<%k$GL5CG<}=8!J(BWIRED.jp$B!K(B

$B!!4XO"(B:

Oracle Java SE Critical Patch Update Advisory - October 2011

$B!!4XO"(B:

$B"#(B $B8x=0L5@~(BLAN$B$N(BConnectFree$B!"MxMQ$9$k$H(BTwitter ID$B$H(BFacebook$B$r(BMAC$B%"%I%l%9$HI3$E$1$i$l!"$$$D$I$3$G$I$N%5%$%H$r1\Mw$7$?$+<}=8$5$l$k$i$7$$(B
(togetter, 2011.12.04)

$B!!%?%@$G;H$($k$N$K$O%o%1$,$"$k!D!D$H$7$F$b!"$a$A$c$/$A$c$9$.$k$J$"!#(B

2011.12.06 $BDI5-(B:

$B!!(B$B$*5RMM>pJs$N ($B%3%M%/%H%U%j!<(B, 2011.12.05)

2011.12.12 $BDI5-(B:

$B!!(B$B8x=0L5@~(BLAN$B$K$h$kDL?.K5 ($B?eL57n$P$1$i$N$($SF|5-(B, 2011.12.11)

$B"#(B 2011.12.03

$B"#(B 2011.12.02

$B"#(B $BJF8&5fZ!=!=>h$C
(ITmedia, 2011.11.30)

$B!!(B2009 $BG/0JA0$N(B HP LaserJet $B%W%j%s%?$O!"%U%!!<%`%&%'%"99?7;~$K%G%8%?%k=pL>$r%A%'%C%/$7$J$$!#$3$l$rMxMQ$7$F96N,%U%!!<%`%&%'%"$r%$%s%9%H!<%k$5$;$k$3$H$G!"%W%j%s%?$r>h$C

  • $B%U%e!<%6!<$r2aG.$5$;$FMQ;f$r>G$,$9(B

  • $B3NDj?=9p=q$r967b

  • $B=qN`$r%9%-%c%s$7$F(BTwitter$B$K8x3+(B

$B!!$3$3$G>R2p$5$l$F$$$k$N$O!V30It$N967b$B:G=i$+$i(B$BF~$C$F$$$?$i!"F1$8$h$&$J$3$H$r$5$lF@$k$s$@$h$M!#(B $B!V%W%j%$%s%9%H!<%k$N(B OS $B$O;H$o$J$$!"A4ItF~$lD>$7$F;H$&!W$H$$$&?M$O$$$k$H;W$&$1$I!"!V%W%j%$%s%9%H!<%k$N%U%!!<%`$O;H$o$J$$!"A4ItF~$lD>$7$F;H$&!W$H$$$&?M$O$I$l$@$1$$$k$N$@$m$&!#(B

$B!!K\7o$N4XO"5-;v(B:

$B"#(B Android$B7HBSEy$NA4MzNr!"%W%j%$%s%9%H!<%k$GL5CG<}=8!J(BWIRED.jp$B!K(B
($BF|7P(B PC Online, 2011.12.02)

$B!!(BAndroid $B7HBS$d(B Nokia $B7HBS!"(BBlackBerry $B$K%W%j%$%s%9%H!<%k$5$l$F$$$k$H$$$&(B Carrier IQ $B$H$$$&%=%U%H$O!"

Carrier IQ$B

$B$3$NF02h$G$O!"%(%C%+!<%H;a$,%*%s%i%$%s$G!V(Bhello world.$B!W$H$$$&8l6g$r8!:w$9$k$N$r!"$3$N%=%U%H$,5-O?$7$F$$$k$3$H$,<($5$l$F$$$k(B[$BF02h$N(B14:25$B$/$i$$$+$i(B]$B!#Cm0U$9$Y$-$O!"F1;a$,(BHTTPS$BHG$N!X(BGoogle$B!Y$rMxMQ$7$F$$$k$3$H$@!#$3$&$9$l$P!"%f!<%6!<$H(BGoogle$B$N$d$j

$BF02h$NCf$G!"%(%C%+!<%H;a$N;X$,EEOCHV9f$rF~NO$9$k$H!"$=$l$,D>$A$K5-O?$5$l$F$$$k$N$r8+$l$P!"4(5$$,$9$k$@$m$&(B[11:31$B$/$i$$$+$i(B]$B!#(B

$B!V%@%$%d%k2hLL$G%\%?%s$r2!$9$H!"$=$l$O$9$Y$F!"DLOC$NH/?.$h$j$bA0$K!"(BIQ$B

Carrier IQ$B$B05NO$r$+$1$?(B$B!#$H$3$m$,(B21$BF|$K!"EE;R%U%m%s%F%#%":bCD!J(BEFF$B!K$,%(%C%+!<%H;a$r;Y;}$9$kN)>l$r(B$BI=L@(B$B$9$k$H!"F1$B$B!#(B

$B!!??$C9u$JLOMM!#$=$N8e(B iOS 3$B!A(B4 $B$K$b4^$^$l$F$$$k$3$H$,L@$i$+$K$J$C$F$$$k(B (iOS 5 $B$O=|5n:Q(B)$B!#4XO"(B:

2011.12.05 $BDI5-(B:

$B!!4XO"(B:

2011.12.07 $BDI5-(B:

$B!!4XO"(B:

2011.12.12 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2011.11.13)

$B!!(BCVE-2011-3607 CVE-2011-4415 Apache HTTPD $B@55,I=8==hM}$N@H (IIJ, 2011.11.03)

Microsoft 2011 $BG/(B 11 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS11-083 TCP/IP $B$N@H (IIJ, 2011.11.09)$B!#(BIIJ $B$G$O:F8=

BIND 9 Resolver crashes after logging an error in query.c

$B!!(BCVE-2011-4313 BIND9 $B%-%c%C%7%e%5!<%P$N@H (IIJ, 2011.11.17)

Oracle Java SE Critical Patch Update Advisory - October 2011

$B!!(BCVE-2011-3544 $B$N(B exploit $B$,=P2s$C$F$$$k$=$&$G$9!#(B

$B2a5n$N5-;v(B: 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]