$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Mon Feb 27 20:16:13 2012 +0900 (JST)
$BC;=L(B URL: http://goo.gl/pwSG$B!!(BQR $B%3!<%I(B: http://goo.gl/pwSG.qr

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B45$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B109$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B172$BI<(B)
$B2f$i9_Iz$;$:!]%5%$%Q%s6L:U@o$N685$$H?? ($B8=:_(B136$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2012.02.27

$B"#(B DNS Changer$B%^%k%&%'%"46@w$K4X$9$kCm0U4-5/(B
(IIJ-SECT, 2012.02.27)

$B!!BP1~$7$^$;$&!#(B

DCWG (DNS Changer Working Group) $B$K$h$k$H!"(B1$B7nKv;~E@$GLs(B45$BK|$N46@wCA02r7h$,$G$-$J$/$J$j$^$9!#(B

$B!!@_Dj$5$l$F$$$k(B DNS $B%5!<%P$,$^$H$b$J$N$+$I$&$J$N$+!"(B$B$3$N%Z!<%8(B$B$G%A%'%C%/$G$-$k$=$&$G!#(B

$B"#(B $BDI5-(B

SYM12-002: Security Advisories Relating to Symantec Products - Symantec pcAnywhere Remote Code Execution, Local Access File Tampering

$B!!4XO"(B:

$B"#(B 2012.02.24

$B"#(B [$B=EMW(B] Movable Type 5.13 $B$*$h$S!"(B5.07$B!"(B4.38 $B%;%-%e%j%F%#!<%"%C%W%G!<%H$NDs6!$r3+;O(B
(movabletype.jp, 2012.02.22)

$B!!(BMovable Type 4.38 / 5.07 / 5.13 $BEP>l!#(BXSS$B!"%;%C%7%g%s%O%$%8%c%C%/!"(BCSRF$B!"(BOS $B%3%^%s%I%$%s%8%'%/%7%g%s$H!"$F$s$3$b$j$J7g4Y$r=$@5!#(B

$B!!%F%s%W%l!<%H$NJQ99$r4^$`$?$a!"(B$B%"%C%W%0%l!<%I(B$B8e$K%F%s%W%l!<%H$N=i4|2=$r9T$&I,MW$,$"$k!#(B $B>\:Y$O!"(B5.13$B!"(B5.07$B!"(B4.38 $B$X$N%"%C%W%0%l!<%I8e$KI,MW$J:n6H(B $B$r;2>H!#(B

$B"#(B 2012.02.22

$B"#(B 2012.02.21

$B"#(B 2012.02.20

$B"#(B libpng $B2hA|%i%$%V%i%j$N@H
(mozilla.jp, 2012.02.18)

$B!!(BFirefox / Firefox ESR 10.0.2$B!"(BFirefox 3.6.27$B!"(BThunderbird / Thunderbird ESR 10.0.2$B!"(BThunderbird 3.1.19$B!"(BSeaMonkey 2.7.2 $BEP>l!#(B Firefox / Thunderbird / SeaMonkey $B$,;HMQ$7$F$$$k(B libpng $B$N7g4Y(B$B$r=$@5!#(B

$B"#(B 2012.02.17

$B"#(B $BDI5-(B

Ghost Domain Names: Revoked Yet Still Resolvable

$B!!(B$B!V(Bghost domain names$B!JM)Nn%I%a%$%sL>!K!W@H (JPRS, 2012.02.17)$B!#aZ$$$H$3$m$K

$B"#(B 2012.02.16

  • $B!U(B RADEON HD7700$B$ND6@d%o%C%H%Q%U%)!<%^%s%9$K6C$-!*(B ($B%I%9%Q%i(B $B%Q!<%D$N8$(B, 2/16)$B!#Dc>CHqEENO$+$D9b@-G=$N$h$&$G!#(B

  • $B!U(B $B86H/5;=Q ($BKhF|(B, 2/16)

  • $B!U(B OATH Toolkit (nongnu.org)$B!#(B2011.05.24 $B$N(B 1.10.0 $B$G(B PAM $B$,(B TOTP $B$K$bBP1~$7$F$$$?$N$G$9$M!#(B

    $B!!4XO"(B: apache BASIC$BG'>Z$K(BOTP(oath)$B$r;H$C$F$_$?(B (knol, 2011.04.14)

  • $B!U(B $BCf9q$K$*$1$k(BiPad$B>&I8LdBj$K$D$$$F(B (ZDNet, 2/16)

    $B!!%a%G%#%"5-;v$N%?%$%H%k$@$18+$k$H!"Cf9q$N>&I8%4%m$K(BiPad$B>&I8$r@h&I88"Mx&I8EPO?$7$F$$$^$9!J$J$*!"(BiPod$B$NEP>l$O(B2001$BG/$J$N$G(BiPod$B$NL>A0$r%Q%/$C$?$H$$$&$3$H$G$b$"$j$^$;$s!K!#(B
    $B!!LdBj$O!"(BApple$B$O(BProview Technology$B&I88"$r>yEO$9$k$H$$$&7@Ls$r7k$s$G$$$?$H;W$C$F$$$?$N$G$9$,!"$=$3$K$OCf9q$G$N8"Mx$O4^$^$l$F$$$J$+$C$?!JBfOQ$G$N8"Mx$@$1$@$C$?!K$H$$$&$3$H$N$h$&$G$9!#Ev;v&I88"$r=jM-$7$F$$$J$$$3$H$,G'Dj$5$l$F$$$^$9!#(B

    $B!!$=$&$$$&$3$H$@$C$?$N$+!D!D!#$($i$$$3$C$A$c!#(B

    $B!!:G=*E*$K$O6b$G2r7h$9$k$3$H$K$J$k$H$O;W$$$^$9$,!"8@$($k$3$H$O!J(B1$B!K>&I88"$O$$$C$?$s

  • $B!U(B $B%"%C%W%k$H(BFacebook$B$NHK1I!"$=$7$F!V%*!<%W%s!W$,GQ$l$?M}M3(B (CNET, 2/16)

    $B!!$7$+$7!"CmL\$r=8$a$F$$$k%F%/%N%m%8!<6H3&$N(B2$B$D$N4k6H$O!"(B1$B$DBg$-$J6&DLE@$r;}$C$F$$$k!#$I$A$i$b!"%F%/%N%m%8!<$N@$3&$G8E$/$+$i7Q>5$5$l$F$$$k%*!<%W%s%(%3%7%9%F%`$r5q@d$7!"0O$$9~$_%"%W%m!<%A$re$2$k2DG=@-$,$"$k$,!"Bg=0$rL%N;$9$k$3$H$O$J$/!"Bg$-$/$O0i$?$J$$$H$$$&$N$,0lHLE*$J8+2r$@$C$?!#(BApple$B$H(BFacebook$B$O$I$A$i$b!"$3$N0lHLE*$J8+2r$K??$C8~$+$iD)$_!"6/0z$K2!$7@Z$C$?!#H`$i$OC1=c$K!"$h$jBg$-$/!"$h$jJ=$N9b$$0O$$$r:n$C$?$N$@!#(B

  • $B!U(B $B@6>t@-G=$K$3$@$o$C$?%9%&%'!<%G%s$N6u5$@6>t5!!V%V%k!<%(%"!W$H$O!=!=(BCEO$B%$%s%?%S%e!<(B ($B2HEE(B Watch, 2/16)$B!#%$!<%8!<%a%s%F%J%s%9$OL%NO$@$J$"!#$=$NJ,$*6b$,$+$+$k$o$1$@$1$I!#(B

    $B!=!=0lJ}!"F|K\$N6u5$@6>t5!$O!"%V%k!<%(%"$H$OA4$/0c$C$?%"%W%m!<%A$G@=IJ$r:n$C$F$$$^$9!#$?$H$($P!"=|6]!&C&=-8z2L$N$"$k%$%*%s$rJ|=P$9$k$H$$$&$N$b$=$N(B1$B$D$G$9$,!"$=$l$K$D$$$F$O$I$&$*9M$($G$9$+!#(B

    $B!!%&%$%k%9$d%P%/%F%j%"$rL5NO2=$5$;$k$H$$$&$N$O!"3N$+$KBg;v$@$H;W$$$^$9$,!"%$%*%s$@$1$G$=$l$i$NF/$-$rL5$K$9$k$3$H$O$G$-$J$$$H;W$$$^$9!#;d$?$A$N@=IJ$O!"2VJ4$d<ZL@:Q$_$G$9!#F|K\$G9T$J$C$F$$$kZ%F%9%H$O!"8&5f<<$NL)JD$5$l$?>.$5$JH"$NCf$G9T$J$C$F$$$^$9$h$M!#$=$NCf$G!"=|6]8z2L$,$"$C$?!"6u5$$,$-$l$$$K$J$C$?$H8@$C$F$b!"$=$l$O $B!!;d$?$A$,l$K$*$$$F$O!"$3$N%F%9%H$G7k2L$r=P$9$3$H$,Hs>o$K=EMW$G$9!#(B
    $B!!;vCHq2A$r2A$N9b$$6u5$@6>t5!%H%C%W(B10$B$NCf$K;d$?$A$N@=IJ$,(B3$B$DF~$C$F$$$^$7$?!#0lJ}!"F|K\@=$N6u5$@6>t5!$O%H%C%W(B15$B$NCf$K$bF~$C$F$$$^$;$s!#$3$N7k2L$,!"@=IJ$N@-G=$rI=$7$F$$$k$H;W$$$^$9!#(B

    $B!=!=$J$k$[$I!#$=$l$G$O%"%a%j%+$K$*$$$F$O%$%*%sJ|=P5!G=$rEk:\$7$?6u5$@6>t5!$H$$$&$N$OB8:_$7$J$$$N$G$9$+(B?

    $B!!$$$d!"2?G/$+A0$K$O$"$j$^$7$?!#%"%a%j%+$N6u5$@6>t5!;T>l$GBg$-$J%7%'%"$r@j$a$k%a!<%+!<$,Gd$j=P$7$F!"0l;~$O(B200$BK|Bf6a$/$rGd$j>e$2$^$7$?!#$7$+$7!"$"$k;(;o$,%$%*%s$NM-8z@-$K5?Ld$r;}$C$?5-;v$r=q$$$?$H$3$m!"%f!<%6!<$+$i$NLd$$9g$o$;$,Aj
    $B!=!=$b$&(B1$B$D!":G6a$NF|K\$N6u5$@6>t5!$NB?$/$O2C<>5!G=$rEk:\$7$F$$$^$9!#%V%k!<%(%"$G$O2C<>5!G=$J$I$rEk:\$9$kM=Dj$J$I$O$J$$$N$G$9$+(B?

    $B!!$H$s$G$b$J$$$G$9$M!#?eJ,$H$$$&$N$O%P%/%F%j%"$NBg9%J*$G$9!#$=$l$r%U%#%k%?!<$H0l=o$K$9$k$J$s$F9M$($i$l$^$;$s!#6u5$@6>t$H2C<>$O!"AjH?$9$k$b$N$G!"6u5$@6>t5!$K2C<>5!G=$r:\$;$k$H$$$&$3$H$OL7=b$7$F$$$^$9!#2C<>%H%l%$$GA}?#$7$?%+%S6]$rIt20Cf$KJ|=P$9$k$3$H$K$J$k!#2C<>$7$?$$$N$G$"$l$P!"6u5$@6>t5!$H$OJL$N@=IJ$r;H$&$Y$-$@$7!"2f!9$N@=IJ$K2C<>5!G=$r%W%i%9$9$k$3$H$b$"$jF@$^$;$s!#(B

$B"#(B $B$$$m$$$m(B (2012.02.16)
(various)

$B"#(B $BDI5-(B

Ghost Domain Names: Revoked Yet Still Resolvable

$B!!(BBIND $B$@$1$G$J$/!"J#?t$N(B DNS $Be$G$N5sF0$,L@5-$5$l$F$$$J$$ItJ,$J$?$a!"

$B!!(BGhost Domain Names: Revoked Yet Still Resolvable (ISC) $B$O(B 2012.02.08 $BIU$G(B 2.0 $B$K2~D{$5$l$F$$$k!#Aa5^$J(B patch $B$OITMW$HH=CG$5$l$?LOMM!#(B

On further review, ISC has determined that this is not an issue which needs an immediate patch. The issue is being reviewed at the protocol level and will be addressed there. Implementing DNSSEC is the safest mitigation measure.

$B$$$m$$$m(B (2012.02.14)

$B!!(BCVE-2012-0831 $B$N7o!"(B $B$B>! (co3k.org, 2012.02.15)$B!#%9%C%]%=(B @supp0n $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BMW$9$k$K!"(B PHP 5.3.11 $B$N3+H/Cf$N%=!<%9%3!<%I$K$N$_B8:_$9$kLdBj$G$"$j!"8=:_%j%j!<%9$5$l$F$$$k$9$Y$F$N%P!<%8%g%s$N(B PHP $B$K$O$3$N@H
$B860x$O(B PHP 5.3.11-dev $B$K2C$o$C$?(B http://svn.php.net/viewvc?view=revision&revision=323016 $B$N%3%_%C%H$G$9!#$3$N%3%_%C%H$O(B PHP 5.3.10 $B0JA0!"$D$^$j%j%j!<%9$5$l$F$$$k(B PHP $B$K$O4^$^$l$F$$$^$;$s!#(B

Microsoft 2012 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!=q$$$?!#(B

$B"#(B Google Chrome Stable Channel Update
(Google, 2012.02.15)

$B!!(BGoogle Chrome 17.0.963.56 $BEP>l!#(B13 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B APSB12-03: Security update available for Adobe Flash Player $B$K$"$o$;$F(B Flash Player $B$b99?7$5$l$F$$$k!#(B

$B"#(B APSB12-03: Security update available for Adobe Flash Player
(Adobe, 2012.02.15)

$B!!(BFlash Player 11.1.102.62 for Windows / Mac / Linux / Solaris, Flash Player 11.1.115.6 for Android 4.x, Flash Player 11.1.111.6 for Android 3.x $BEP>l!#(B 7 $B7o$N%;%-%e%j%F%#7g4Y(B CVE-2012-0751 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 $B$,=$@5$5$l$F$$$k!#(B CVE-2012-0767 $B$O%f%K%P!<%5%k(B XSS$B!"B>$OG$0U$N%3!<%I$N7$/$b$N!#(B CVE-2012-0767 $B$O4{$K0-MQ$,3NG'$5$l$F$$$k!#(B

$B!!(BGoogle Chrome $BFbB"$N(B Flash Player $B$K$D$$$F$O!"(B17.0.963.56 $B$G=$@5$5$l$F$$$k!#(B

$B!!4XO"(B:

$B"#(B 2012.02.15

$B"#(B Microsoft 2012 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2012.02.15)

$B!!(B9 $B7o=P$F$^$9(B ($B$"$H$G=q$/(B)

$B!!4XO"(B:

2012.02.16 $BDI5-(B:

$B!!=q$$$?!#(B

MS12-008 - $B6[5^(B: Windows $B%+!<%M%k%b!<%I(B $B%I%i%$%P!<$N@H

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K(B 2 $B$D7g4Y!#(B

MS12-009 - $B=EMW(B: Ancillary Function $B%I%i%$%P!<$N@H:3J$5$l$k(B (2645640)

$B!!(BWindows XP 64bit / Server 2003 / Vista 64bit / Server 2008 64bit / 7 64bit / Server 2008 R2 $B$K(B 2 $B$D7g4Y!#(B

  • AfdPoll $B$NFC8"$N>:3J$N@HCVE-2012-0148$B!#(BExploitability Index: 1

  • Ancillary Function $B%I%i%$%P!<$NFC8"$N>:3J$N@HCVE-2012-0149$B!#(BExploitability Index: 1

MS12-010 - $B6[5^(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (2647516)

$B!!(BIE 6 / 7 / 8 / 9 $B$K(B 4 $B$D$N7g4Y!#(B

  • $B%3%T!<$*$h$SE=$jIU$1$N>pJsO3$($$$N@HCVE-2012-0010

    Exploitability Index: N/A

  • HTML $B%l%$%"%&%H$N%j%b!<%H$G%3!<%I$,CVE-2012-0011

    IE 7$B!A(B9$B!#(BExploitability Index: 1

  • Null $B%P%$%H$N>pJsO3$($$$N@HCVE-CVE-2012-0012

    IE 9 $B$N$_!#(BExploitability Index: 3

  • VML $B$N%j%b!<%H$G%3!<%I$,CVE-2012-0155

    IE 9 $B$N$_!#(BExploitability Index: 1

MS12-011 - Important: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)

$B!!(BSharePoint Server 2010$B!"(BSharePoint Foundation 2010 $B$K(B 3 $B$D$N(B XSS $B7g4Y!#(B $B$$$:$l$b(B Exploitability Index: 1

$B!!4XO"(B:

MS12-012 - $B=EMW(B: $B%+%i!<(B $B%3%s%H%m!<%k(B $B%Q%M%k$N@H

$B!!(BWindows Server 2008 / Server 2008 R2 $B$K7g4Y(B ($B$?$@$7(B Server Core $B$O=|$/(B)$B!#%+%i!<(B $B%3%s%H%m!<%k%Q%M%k$K(B DLL $BFI$_9~$_$K4X$9$k@H$B!#(BExploitability Index: 1

$B!!4XO"(B:

MS12-013 - $B6[5^(B: C $B%i%s%?%$%`(B $B%i%$%V%i%j$N@H

$B!!(BWindows Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(Bmsvcrt.dll $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rCVE-2012-0150$B!#(BExploitability Index: 1

$B!!4XO"(B:

MS12-014 - $B=EMW(B: Indeo $B%3!<%G%C%/$N@H

$B!!(BWindows XP $B$K7g4Y!#(BIndeo $B%3!<%G%C%/$G(B DLL $BFI$_9~$_$K4X$9$k@H$B!#(BExploitability Index: 1

$B!!4XO"(B: MS12-014: Indeo, a blast from the past (Microsoft Security Research & Defense, 2012.02.14)

MS12-015 - $B=EMW(B: Microsoft Visio Viewer 2010 $B$N@H

$B!!(BVisio Viewer 2010 $B$K(B 5 $B$D$N7g4Y!#$$$:$l$b!"96N,(B VSD $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,

  • VSD $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0019$B!#(BExploitability Index: 1

  • VSD $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0020$B!#(BExploitability Index: 1

  • VSD $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0136$B!#(BExploitability Index: 3

  • VSD $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0137$B!#(BExploitability Index: 3

  • VSD $B%U%!%$%k7A<0$N%a%b%jGKB;$N@HCVE-2012-0138$B!#(BExploitability Index: 3

MS12-016 - $B6[5^(B: .NET Framework $B$*$h$S(B Microsoft Silverlight $B$N@H

$B!!(B.NET Framework 2.0 SP2 / 3.5.1 / 4$B!"(BSilverlight 4 $B$K(B 2 $B$D$N7g4Y!#(B Mac $BHG(B Silverlight 4 $B$b1F6A$r

$B!!(B.NET Framework 1.1 SP1 / 3.5 SP1$B!"(BSilverlight 5 $B$K$O1F6A$O$J$$!#(B

$B"#(B $B%"%I%S!"?<9o$J@H
(so-net $B%;%-%e%j%F%#DL?.(B, 2012.02.15)

$B!!(BAPSB12-02: Security update available for Adobe Shockwave Player (Adobe, 2012.02.14) $B$N7o!#(B9 $B7o$N%;%-%e%j%F%#7g4Y$,(B Shockwave Player 11.6.4.634 $B$G=$@5$5$l$F$$$k!#(B

$B!!=$@59`L\(B: CVE-2012-0757 CVE-2012-0758 CVE-2012-0759 CVE-2012-0760 CVE-2012-0761 CVE-2012-0762 CVE-2012-0763 CVE-2012-0764 CVE-2012-0766

$B"#(B $B%*%i%/%k!"?<9o$J@H
(so-net $B%;%-%e%j%F%#DL?.(B, 2012.02.15)

$B!!(BOracle Java SE Critical Patch Update Advisory - February 2012 (Oracle, 2012.02.14) $B$N7o!#7W(B 14 $B7o$N%;%-%e%j%F%#7g4Y$,(B Java SE 6 Update 31 / Java SE 7 Update 3 $B$*$h$S(B JavaFX 2.0.3 $B$G99?7$5$l$F$$$k!#(B

$B!!=$@59`L\(B: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0504 CVE-2012-0505 CVE-2012-0506 CVE-2012-0508$B!#(B CVE-2012-0508 $B$O(B JavaFX $B$K$N$_1F6A!#(B

$B"#(B 2012.02.14

$B"#(B $B$$$m$$$m(B (2012.02.14)
(various)

2012.02.16 $BDI5-(B:

$B!!(BCVE-2012-0831 $B$N7o!"(B $B$B>! (co3k.org, 2012.02.15)$B!#%9%C%]%=(B @supp0n $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BMW$9$k$K!"(B PHP 5.3.11 $B$N3+H/Cf$N%=!<%9%3!<%I$K$N$_B8:_$9$kLdBj$G$"$j!"8=:_%j%j!<%9$5$l$F$$$k$9$Y$F$N%P!<%8%g%s$N(B PHP $B$K$O$3$N@H
$B860x$O(B PHP 5.3.11-dev $B$K2C$o$C$?(B http://svn.php.net/viewvc?view=revision&revision=323016 $B$N%3%_%C%H$G$9!#$3$N%3%_%C%H$O(B PHP 5.3.10 $B0JA0!"$D$^$j%j%j!<%9$5$l$F$$$k(B PHP $B$K$O4^$^$l$F$$$^$;$s!#(B

$B"#(B $BDI5-(B

Firefox 10.0 / 10.0 ESR / 3.6.26$B!"(BThunderbird 10.0 / 10.0 ESR / 3.1.18$B!"(BSeaMonkey 2.7 $BEP>l(B

$B!!(BFirefox / Thunderbird 10.0.1 / 10.0.1 ESR$B!"(BSeaMonkey 2.7.1 $B$,8x3+$5$l$F$$$k!#(B MFSA 2012-10: nsXBLDocumentInfo::ReadPrototypeBindings $B$K$*$1$k2rJ|8e;HMQ$NLdBj(B $B$,=$@5$5$l$F$$$k!#(B

Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable Collision DOS

$B!!(Bubuntu $B$N(B USN-1358-1: PHP vulnerabilities $B$,(B 2012.02.09 $B$K=P$?$N$G=$@5!#(B

$B"#(B 2012.02.09

$B"#(B Clarifying The Trustwave CA Policy Update
(Trustwave, 2012.02.04)

$B!!G'>Z6I(B Trustwave $B$O!"Cf4V2pF~967b(B (MITM attack) $B$rZL@=q$rH/9T$7$F$$$?!#Ev3:>ZL@=q$r4^$s$@AuCV$O(B SSL proxy $B$H$7$FF0:n$7!"(BSSL $B0E9f2=DL?.$rA4$F2r=|$G$-$k!#(B $BEv3:>ZL@=q$,H/9T$5$l$?$N$O4k6H$NFbIt%M%C%H%o!<%/MQ$G$"$j!"@/I\$d(B ISP $B$dK!<99T5!4X$G$O$J$$$H$5$l$F$$$k!#(B

$B!!(BMozilla $B$O(B Firefox / Thunderbird $B$+$i(B Trustwave $B$N(B root $B>ZL@=q$r:o=|(B: Bug 724929 - Remove Trustwave Certificate(s) from trusted root certificates (Mozilla)

$B"#(B Google Chrome Stable Channel Update
(Google, 2012.02.08)

$B!!(BGoogle Chrome 17.0.963.46 $BEP>l!#(B20 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B Chrome 17 $B$O%;%-%e%j%F%#LL$G$N?75!G=$b$"$k$=$&$G!#(B

  • Speed and Security (Google Chrome Blog, 2012.01.05)

  • All About Safe Browsing (Chromium Blog, 2012.01.31)

    Malicious downloads are especially tricky to detect since they$B!G(Bre often posted on rapidly changing URLs and are even $B!H(Bre-packed$B!I(B to fool anti-virus programs. Chrome helps counter this behavior by checking executable downloads against a list of known good files and publishers. If a file isn$B!G(Bt from a known source, Chrome sends the URL and IP of the host and other meta data, such as the file$B!G(Bs hash and binary size, to Google. The file is automatically classified using machine learning analysis and the reputation and trustworthiness of files previously seen from the same publisher and website. Google then sends the results back to Chrome, which warns you if you$B!G(Bre at risk.
    It$B!G(Bs important to note that any time Safe Browsing sends data back to Google, such as information about a suspected phishing page or malicious file, the information is only used to flag malicious activity and is never used anywhere else at Google. After two weeks, any associated information, such as your IP address, is stripped, and only the URL itself is retained. If you$B!G(Bd rather not send any information to Safe Browsing, you can also turn these features off.

  • Faster browsing, safer downloading (Google Chrome Blog, 2012.02.08)

    On the security front, Chrome now does even more to help protect you from malicious downloads. In addition to checking a list of known bad files, Chrome also does checks on executable files (like ".exe" and ".msi" files). If the executable doesn't match a whitelist, Chrome checks with Google for more information, such as whether the website you're accessing hosts a high number of malicious downloads.

$B"#(B 2012.02.08

$B"#(B $B$$$m$$$m(B (2012.02.08)
(various)

$B"#(B RealNetworks, Inc.$B!"%;%-%e%j%F%#@H
(RealNetworks, 2012.02.06)

$B!!(BWindows $BMQ$*$h$S(B Mac $BMQ$N(B RealPlayer $B$K!"G$0U$N%3!<%I$N7$/7g4Y!#(B Windows $BMQ(B RealPlayer 15.02.71$B!"(BMac $BMQ(B RealPlayer 12.0.0.1703 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Ghost Domain Names: Revoked Yet Still Resolvable
(ISC, 2012.02.07)

$B!!(BBIND 9 $B$K7g4Y!#%I%a%$%s$,%l%8%9%H%j$+$i:o=|$5$l$F$b(B cache $B$5$lB3$1$F$7$^$&!#(BCVE-2012-1033

$B!!2sHrJ}K!$J$7!#(Bpatch $B$O8=:_%F%9%HCf!#(B

2012.02.16 $BDI5-(B:

$B!!(BBIND $B$@$1$G$J$/!"J#?t$N(B DNS $Be$G$N5sF0$,L@5-$5$l$F$$$J$$ItJ,$J$?$a!"

$B!!(BGhost Domain Names: Revoked Yet Still Resolvable (ISC) $B$O(B 2012.02.08 $BIU$G(B 2.0 $B$K2~D{$5$l$F$$$k!#Aa5^$J(B patch $B$OITMW$HH=CG$5$l$?LOMM!#(B

On further review, ISC has determined that this is not an issue which needs an immediate patch. The issue is being reviewed at the protocol level and will be addressed there. Implementing DNSSEC is the safest mitigation measure.

2012.02.17 $BDI5-(B:

$B!!(B$B!V(Bghost domain names$B!JM)Nn%I%a%$%sL>!K!W@H (JPRS, 2012.02.17)$B!#aZ$$$H$3$m$K

$B"#(B 2012.02.07

$B"#(B $BDI5-(B

Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable Collision DOS

$B!!(BDebian $BMQ(B fix$B!"(Blenny $BMQ$N%Q%C%1!<%8$bMQ0U$5$l$?;v$rDI5-!#(BScientific Linux $B=P$?$N$G=$@5!#(B FreeBSD ports $B$,(B 5.3.10 $B$K$J$C$?$N$G=$@5!#(B

About the security content of OS X Lion v10.7.3 and Security Update 2012-001

$B!!(BMac OS X 10.6.8 $BMQ$KIT6q9g$,H/@8$7!"=P$7D>$7$K$J$C$F$$$?!#(B Rosetta $B$GIT6q9g$,H/@8$7$?LOMM!#(B ImageIO $B4XO"$N%;%-%e%j%F%#=$@5$r:o=|$7$?$=$&$@!#(BCVE-2011-0241 $B$,$=$l$_$?$$!#(B Lion $BMQ(B (10.7.3) $B$K$OLdBj$J$7!#(B

PHP 5.3.9 Released!

$B!!(Blibxslt $B$N7o(B Bug #54446 - Arbitrary file creation via libxslt 'output' extension (PHP.net) (CVE-2012-0057) $B$b(B PHP 5.3.9 $B$G=$@5$5$l$F$$$k!#(B

Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS12-006 SSL/TLS $B$N@H\$7$$2r@b(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2012.01.29)

$B"#(B 2012.02.06

$B"#(B $BDI5-(B

Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BInterScan WebManager SCC$B$K$*$$$F!"%^%$%/%m%=%U%H$N%;%-%e%j%F%#%Q%C%A(BMS12-006$B$rE,MQ8e!"(BHTTPS$B5,@)$,@5$7$/9T$o$l$J$/$J$k2DG=@-$,$"$kLdBj$K$D$$$F(B ($B%H%l%s%I%^%$%/%m(B, 2012.02.06)$B!#(B InterScan WebManager SCC3.0.0.3 $B$GBP1~$5$l$F$$$k$=$&$G$9!#(B

$B"#(B $B$$$m$$$m(B (2012.02.06)
(various)

$B"#(B 2012.02.05

$B"#(B 2012.02.03

$B"#(B $BDI5-(B

Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows Media Player$B$N(BMIDI$B%U%!%$%k=hM}$K$*$1$k@HZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2012.01.30)

Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable Collision DOS

$B!!$3$N7g4Y$O(B PHP 5.3.10 $B$G=$@5$5$l$?$=$&$G$9!#4XO"(B:

About the security content of OS X Lion v10.7.3 and Security Update 2012-001

$B!!4XO"(B:

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(BOracle $BJ}LL(B (WebLogic, iPlanet, Containers for J2EE):

$B"#(B Bugzilla 4.2rc1, 4.0.3, 3.6.7, and 3.4.13 Security Advisory
(Bugzilla, 2012.01.31)

$B!!(BBugzilla 4.2rc1 / 4.0.3 / 3.6.7 / 3.4.1 $BEP>l!#Hs(B ASCII $BJ8;z$r4^$`EE;R%a!<%k%"%I%l%9$r@5$7$/GS=|$G$-$F$$$J$+$C$?7g4Y(B CVE-2012-0448 $B$H(B Cross-Site Request Forgery $B$J7g4Y(B CVE-2012-0440 $B$N=$@5$,4^$^$l$k!#(B

$B"#(B 2012.02.02

$B"#(B Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable Collision DOS
(thexploit.com, 2012.02.01)

$B!!(BEffective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2] $B$NBP1~$N$?$a$K(B PHP 5.3.9 $B$KDI2C$5$l$?%3!<%I$K!"(Bremote $B$+$i$N%3!<%I$N7$/JL$N7g4Y$,$"$k$H$$$&;XE&!#(B CVE-2012-0830

2012.02.03 $BDI5-(B:

$B!!$3$N7g4Y$O(B PHP 5.3.10 $B$G=$@5$5$l$?$=$&$G$9!#4XO"(B:

2012.02.07 $BDI5-(B:

$B!!(BDebian $BMQ(B fix$B!"(Blenny $BMQ$N%Q%C%1!<%8$bMQ0U$5$l$?;v$rDI5-!#(B Scientific Linux $B=P$?$N$G=$@5!#(B FreeBSD ports $B$,(B 5.3.10 $B$K$J$C$?$N$G=$@5!#(B

2012.02.14 $BDI5-(B:

$B!!(Bubuntu $B$N(B USN-1358-1: PHP vulnerabilities $B$,(B 2012.02.09 $B$K=P$?$N$G=$@5!#(B

$B"#(B About the security content of OS X Lion v10.7.3 and Security Update 2012-001
(Apple, 2012.02.01)

$B!!(BMac OS X 10.7.3 $B$*$h$S!"(B10.6.8 $BMQ%;%-%e%j%F%#99?7(B 2012-001 $B=P$F$^$9!#(B $B=$@5$5$l$?%;%-%e%j%F%#7g4Y$O(B 49 $B

$B!!(BCVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-0200 CVE-2011-0241 CVE-2011-1148 CVE-2011-1167 CVE-2011-1657 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 CVE-2011-1938 CVE-2011-2023 CVE-2011-2192 CVE-2011-2202 CVE-2011-2204 CVE-2011-2483 CVE-2011-2895 CVE-2011-2937 CVE-2011-3182 CVE-2011-3189 CVE-2011-3246 CVE-2011-3248 CVE-2011-3249 CVE-2011-3250 CVE-2011-3252 CVE-2011-3256 CVE-2011-3267 CVE-2011-3268 CVE-2011-3328 CVE-2011-3348 CVE-2011-3389 CVE-2011-3422 CVE-2011-3441 CVE-2011-3444 CVE-2011-3446 CVE-2011-3447 CVE-2011-3448 CVE-2011-3449 CVE-2011-3450 CVE-2011-3452 CVE-2011-3453 CVE-2011-3457 CVE-2011-3458 CVE-2011-3459 CVE-2011-3460 CVE-2011-3462 CVE-2011-3463

2012.02.03 $BDI5-(B:

$B!!4XO"(B:

2012.02.07 $BDI5-(B:

$B!!(BMac OS X 10.6.8 $BMQ$KIT6q9g$,H/@8$7!"=P$7D>$7$K$J$C$F$$$?!#(BB Rosetta $B$GIT6q9g$,H/@8$7$?LOMM!#(B ImageIO $B4XO"$N%;%-%e%j%F%#=$@5$r:o=|$7$?$=$&$@!#(B CVE-2011-0241 $B$,$=$l$_$?$$!#(B Lion $BMQ(B (10.7.3) $B$K$OLdBj$J$7!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2012.01.29)

$B!!(B Apache HTTP Server 2.2.22 Released (Apache, 2012.01.31)$B!#@5<0HG=P$^$7$?$N$G!"$_$J$5$s99?7$7$^$;$&!#(B

$B"#(B 2012.02.01

$B"#(B $B$$$m$$$m(B (2012.02.01)
(various)

$B"#(B $BDI5-(B

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(BAdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS (bugtraq, 2012.01.27)$B!#(B2012.01.21 $B$K=$@5:Q!#(B

SYM12-002: Security Advisories Relating to Symantec Products - Symantec pcAnywhere Remote Code Execution, Local Access File Tampering

$B!!F|K\8lHG%"%I%P%$%6%j(B: $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j!<(B - Symantec pcAnywhere $B$K!"%j%b!<%H%3!<%I ($B%7%^%s%F%C%/(B)

$B"#(B Firefox 10.0 / 10.0 ESR / 3.6.26$B!"(BThunderbird 10.0 / 10.0 ESR / 3.1.18$B!"(BSeaMonkey 2.7 $BEP>l(B
(mozilla.jp, 2012.02.01)

$B!!(BFirefox 10.0 / 10.0 ESR / 3.6.26$B!"(BThunderbird 10.0 / 10.0 ESR / 3.1.18$B!"(BSeaMonkey 2.7 $B=P$F$^$9!#(BESR $BHGEP>l$KH<$$!"(BFirefox 3.6 / Thunderbird 3.1 $B$O(B 2012.04.24 $B$G%5%]!<%H=*N;$@$=$&$G$9!#(B

>

  • $B%"%I%*%s$N8_49@-$r2~A1$7$?(B Firefox $B$N:G?7HG8x3+(B - $B%$%s%9%Z%/%?$J$IJXMx$J(B Web $B3+H/ (Mozilla Japan $B%V%m%0(B, 2012.02.01)$B!#!V(BFirefox 3.6 $B$N%5%]!<%H$O(B 2012 $BG/(B 4 $B7n(B 24 $BF|$G=*N;!W(B

  • Web $B8!:w5!G=$rDI2C$7$?(B Thunderbird $B$N:G?7HG$r8x3+(B (Mozilla Japan $B%V%m%0(B, 2012.02.01)$B!#!V(BThunderbird 3.1 $B$N%5%]!<%H$O(B 2012 $BG/(B 4 $B7n(B 24 $BF|$G=*N;!W(B

  • Firefox $B$H(B Thunderbird $B$NK!?M8~$11dD9%5%]!<%HHG$r8x3+$7$^$7$?(B (Mozilla Japan $B%V%m%0(B, 2012.02.01)$B!#(B 10.0 ESR $B$N%@%&%s%m!<%I$O(B http://mozilla.jp/business/downloads/ $B$+$i!#(B $BDL>oHG$H$O0[$J$k$N$G$4Cm0U!#(B

  • Firefox 10.0 $B%j%j!<%9%N!<%H(B (mozilla.jp)

  • Android $BHG(B Firefox 10.0 $B%j%j!<%9%N!<%H(B (mozilla.jp)

  • Firefox 3.6.26 $B%j%j!<%9%N!<%H(B (mozilla.jp)

  • Thunderbird 10.0 $B%j%j!<%9%N!<%H(B (mozilla.jp)

  • Thunderbird 3.1.18 $B%j%j!<%9%N!<%H(B (mozilla.jp)

    $B!!%;%-%e%j%F%#=$@50lMw!#(B

    SA $BHV9f(B $B=EMWEY(B $B35MW(B F 10.0 F 3.6.26 T 10.0 T 3.1.18 S 2.7 $BFC5-;v9`(B
    MFSA 2012-01 $B:G9b(B $BMM!9$J%a%b%j0BA4@-$NLdBj(B (rv:10.0/ 1.9.2.26) X X X X X CVE-2012-0442 CVE-2012-0443
    MFSA 2012-02 $BDc(B $B2aEY$K5vMF$5$l$F$$$?(B IPv6 $B%j%F%i%k9=J8$K$h$kLdBj(B X X F 7.0 / T 7.0 / S 2.4 $B$G=$@5:Q!#(BCVE-2011-3670
    MFSA 2012-03 $B9b(B iframe $BMWAG$,(B name $BB0@-$rDL$8$FB>%I%a%$%s$+$iCV$-49$($i$l$k(B X X X CVE-2012-0445
    MFSA 2012-04 $B:G9b(B nsDOMAttribute $B$N;R%N!<%I$r:o=|8e$b;2>H$G$-$F$7$^$&(B X X X X X CVE-2011-3659
    MFSA 2012-05 $B:G9b(B $B?.Mj$G$-$J$$%*%V%8%'%/%H$r8F$S=P$7$?%U%l!<%`%9%/%j%W%H$,%;%-%e%j%F%#%A%'%C%/$r1*2s$9$k(B X X X CVE-2012-0446
    MFSA 2012-06 $B9b(B $B%"%$%3%s2hA|$N%(%s%3!<%I;~$KDI2C$5$l$kL$=i4|2=%a%b%j$K$h$k>pJs$N8mI=<((B X X X CVE-2012-0447
    MFSA 2012-07 $B:G9b(B Ogg Vorbis $B%U%!%$%k%G%3!<%I;~$N@x:_E*$J%a%b%jGK2u(B X X X X X CVE-2012-0444
    MFSA 2012-08 $B:G9b(B $BIT@5$KKd$a9~$^$l$?(B XSLT $B%9%?%$%k%7!<%H$K$h$k%/%i%C%7%e(B X X X X X CVE-2012-0449

    2012.02.14 $BDI5-(B:

    $B!!(BFirefox / Thunderbird 10.0.1 / 10.0.1 ESR$B!"(BSeaMonkey 2.7.1 $B$,8x3+$5$l$F$$$k!#(B MFSA 2012-10: nsXBLDocumentInfo::ReadPrototypeBindings $B$K$*$1$k2rJ|8e;HMQ$NLdBj(B $B$,=$@5$5$l$F$$$k!#(B

    • $B2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

    [$B%;%-%e%j%F%#%[!<%k(B memo]
    [$B;d$K$D$$$F(B]