$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Sat Jan 28 18:45:12 2012 +0900 (JST)
$BC;=L(B URL: http://goo.gl/pwSG$B!!(BQR $B%3!<%I(B: http://goo.gl/pwSG.qr

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B45$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B109$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B172$BI<(B)
$B2f$i9_Iz$;$:!]%5%$%Q%s6L:U@o$N685$$H?? ($B8=:_(B136$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2012.01.28

$B"#(B 2012.01.27

$B"#(B $B%7%^%s%F%C%/!"!V(BpcAnywhere$B!W$NL58z2=$r8F$S$+$1(B
(CNET, 2012.01.26)

$B!!$3$l$N7o(B:

$B"#(B $BDI5-(B

Crucial$B@=(BSSD(m4)$B5Z$S(BCFD$B@=(BSSD(S6NM4Q)$B$N(BFirmware$B99?7$N$*4j$$(B

$B!!(B$B%P%C%U%!%m!<@=(BSSD$B$N0lIt$G!V(B5000$B;~4V;H$&$H%/%i%C%7%e$9$k!WIT6q9g(B (slashdot.jp, 2012.01.26)$B!#%P%C%U%!%m!<$+$i$b=P$F$$$?$N$G$9$M!#(B

Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS12-004 - $B6[5^(B: Windows Media $B$N@H $B$N!V(BMIDI $B$N%j%b!<%H$G%3!<%I$,CVE-2012-0003$B!W$N(B exploit $B$,=P2s$C$F$$$k$=$&$G$9!#(B CVE-2012-0003 Exploited in the Wild (IBM ISS, 2012.01.26)

$B"#(B [SA47689] PHP Suhosin Extension Transparent Cookie Encryption Buffer Overflow Vulnerability
(secunia, 2012.01.25)

$B!!(BSuhosin Extension 0.9.32.1 $B0JA0$K7g4Y!#(Btransparent cookie encryption $B$K$*$$$F(B buffer overflow $B$,H/@8!"FCDj$N5,DjCM$G$O$J$$IT0BA4$J(B Suhosin $B@_Dj$r9T$C$?>l9g(B remote $B$+$i$NG$0U$N%3!<%I$N7$/!#(B [Full-disclosure] Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow $B$K$O!"FCDj$N5,DjCM$G$O$J$$IT0BA4$J(B Suhosin $B@_Dj$H$7$F0J2<$,5s$2$i$l$F$$$k!#(B

suhosin.multiheader=On
suhosin.request.disallow_nul=Off
suhosin.get.disallow_nul=Off
suhosin.post.disallow_nul=Off
suhosin.cookie.disallow_nul=Off

$B!!>e5-$N@_Dj$r9T$C$?>e$G!"(BFORTIFY_SOURCE $B%3%s%Q%$%k%*%W%7%g%s$r30$7$F:n@.$5$l$?(B Suhosin Extension $B$G$J$$$H967b$O@.8y$7$J$$$H$$$&!#(B

$B!!(BSuhosin Extension 0.9.33 $B$G=$@5$5$l$F$$$k!#(BCVE-2012-0807

$B"#(B 2012.01.26

$B"#(B $BDI5-(B

Linux root exploit due to memory access - Update 2

$B!!(BLinux$B%Y%s%@! (ComputerWorld.jp, 2012.01.25)

$B"#(B [ANN] Struts 2.3.1.2 GA release available
(apache.org, 2012.01.23)

$B!!(BApache Struts 2.3.1.2 $BEP>l!#(Bremote $B$+$i$N%3%^%s%I$NS2-009 (Struts 2.0.0 $B!A(B 2.3.1.1 $B$K1F6A!"(BCVE-2011-3923) $B$,=$@5$5$l$F$$$k!#(B

$B"#(B SYM12-002: Security Advisories Relating to Symantec Products - Symantec pcAnywhere Remote Code Execution, Local Access File Tampering
(Symantec, 2012.01.24)

$B!!(BpcAnywhere 12.5.x / 12.6.x $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(Bhotfix $B$,MQ0U$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Crucial$B@=(BSSD(m4)$B5Z$S(BCFD$B@=(BSSD(S6NM4Q)$B$N(BFirmware$B99?7$N$*4j$$(B
(CFD, 2012.01.20)

$B!!(BCrucial m4 CTxxxM4SSD2 (xxx = 064 / 128 / 256 / 512) $B$*$h$S(B CFD CSSD-S6MxxNM4Q (xx = 64 / 128 / 256 / 512) $B$N%U%!!<%`%&%'%"$K7g4Y!#;HMQ;~4V$,(B 5,184 $B;~4V$r1[$($k$H(B SMART $B%+%&%s%?!<$,0[>o$J?tCM$rJV$9$?$a$K(B SSD $B$,G'<1$5$l$J$/$J$j%V%k!<%5%s%@!C<:$O5/$3$i$J$$!#(B

$B!!%U%!!<%`%&%'%"$r(B 0309 ($B:G?7HG(B) $B$K%"%C%W%G!<%H$9$k$3$H$G2sHr$G$-$k!#(B$B%@%&%s%m!<%I(B$B!#(B $B$?$@$7!V(BHP$B

$B!!(BOEM $B85$G$"$k(B Micron $B$N(B RealSSD C400 $B$r$*;H$$$N>l9g$O!"(B$B$3$A$i$+$i(B$B!#(B

2012.01.27 $BDI5-(B:

$B!!(B$B%P%C%U%!%m!<@=(BSSD$B$N0lIt$G!V(B5000$B;~4V;H$&$H%/%i%C%7%e$9$k!WIT6q9g(B (slashdot.jp, 2012.01.26)$B!#%P%C%U%!%m!<$+$i$b=P$F$$$?$N$G$9$M!#(B

$B"#(B 2012.01.25

$B"#(B 2012.01.24

$B"#(B $BDI5-(B

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(B[CentOS-announce] CESA-2012:0033 Moderate CentOS 5 php Update (CentOS, 2012.01.18)$B!#(BCentOS 5 $BMQ$b=P$^$7$?!#(B

$B"#(B Linux root exploit due to memory access - Update 2
(H Security, 2012.01.23)

$B!!(BLinux 2.6.39 $B0J9_$K7g4Y!#(B /proc/<pid>/mem $B$N=hM}$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$r5v$9!#(B CVE-2012-0056

$B!!(Bgit $B>e$G$O=$@5$5$l$F$$$k(B$B!#4XO"(B:

2012.01.26 $BDI5-(B:

$B!!(BLinux$B%Y%s%@! (ComputerWorld.jp, 2012.01.25)

$B"#(B Opera 11.61 released
(Opera, 2012.01.24)

$B!!(BOpera 11.61 $B=P$^$7$?!#%;%-%e%j%F%#=$@5(B 2 $B7o$"$j$^$9!#(B

$B"#(B Google Chrome Stable Channel Update
(Google, 2012.01.23)

$B!!(BGoogle Chrome 16.0.912.77 $BEP>l!#(B5 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B 5 $B7o$NFb(B 4 $B7o$O(B AddressSanitizer $B$r;H$C$FH/8+$7$?$=$&$@!#(B

$B"#(B $B<+M3$C$F$=$l$+$h!*(Bau$B$,%f!<%6$X!V@kEA$9$k<+M3!W3+;O!#(B
($B$9$^$[$s(B!!, 2012.01.23)

$B!!(Bau $B%9%^!<%H%U%)%s$K%W%j%$%s%9%H!<%k$5$l$F$$$k%"%W%j!V(Bau one market$B!W$,!"(B airpush $B$N$h$&$J9-9p$r$O$8$a$?$H$$$&OC!#9-9p(B on $B$@$HNA6b$,0B$/$J$k$H$+$$$C$?%f!<%6!

$B!!

(1)$B!V%H%C%W!W%?%V$rI=<($5$;$?>uBV$G0lHV2<$^$G%9%/%m!<%k(B
(2)$B!V9-9p$K$D$$$F!W$r%?%C%W(B
(3)$B!VG[?.Dd;_!&:F3+$O$3$A$i!W$r%?%C%W(B
(4)$B%@%$%"%m%0$KI=<($5$l$?%\%?%s$NI=<($r3NG'(B
$B"*!V9-9pI=<(!W$N>l9g$O9-9p$,L58z>uBV$J$N$G%\%?%s$r%?%C%W$;$:$KLa$k%\%?%s$GLa$k(B($B%\%?%s$r%?%C%W$9$k$H9-9p$,M-8z$K$J$k(B)
$B"*!V9-9pDd;_!W$N>l9g$O9-9p$,M-8z$J$N$G%\%?%s$r%?%C%W$7$FL58z$K$9$k!#(B

$B!!4XO"(B:

$B"#(B 2012.01.23

$B"#(B Oracle$B$,DjNc%"%C%W%G!<%H$r8x3+!"(B78$B7o$N@H
(ITmedia, 2012.01.18)

$B!!(BOracle Critical Patch Update Advisory - January 2012 (Oracle) $B$N7o!#(BMySQL 27 $B7o$,L\N)$C$F$k$J$"!#(BOracle DB $B$N=$@5$O(B 2 $B7o!#(B

$B!!4XO"(B: $B%*%i%/%k$O(BDB$B@=IJ$N%Q%C%ADs6!$,$J$*$6$j!=!=%;%-%e%j%F%#!&%Y%s%@!<44It$,HcH=!!(B $B%*%i%/%k$O!"!V(BDB$B@=IJ$O$9$G$K$[$H$s$I$N%P%0$,=|5n:Q$_!W$H@bL@(B (ComputerWorld.jp, 2012.01.18)

$B"#(B 2012.01.20

$B"#(B 2012.01.19

$B"#(B $BDI5-(B

ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability

$B!!(B2012.01.16 $B$K=P$F$^$7$?(B: Trend Micro Control Manager 5.5 Critical Patch ($B%S%k%I(B 1613)$B8x3+$N$*CN$i$;(B ($B%H%l%s%I%^%$%/%m(B, 2012.01.16)

OpenSSL Security Advisory [04 Jan 2012] Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s

$B!!(BOpenSSL Security Advisory [18 Jan 2011] ($B86J8%^%^(B) (OpenSSL.org, 2012.01.18)$B!#(B OpenSSL 1.0.0f / 0.9.8s $B$K$*$1$k!"(B DTLS Plaintext Recovery Attack (CVE-2011-4108) $B$X$NBP1~ItJ,$K7g4Y$,$"$j!"(B DoS $B967b$rCVE-2012-0050$B!#(B

$B!!(BOpenSSL 1.0.0g / 0.9.8t $B$G=$@5$5$l$F$$$k!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2012.01.18

$B"#(B $BDI5-(B

sched_clock() overflow after 208.5 days in Linux Kernel

$B!!(BDebian 6.0 (squeeze) $B$O(B linux-2.6 (2.6.32-40) $B$G=$@5$5$l$F$$$^$9!#(B

$B!!$7$+$7(B DSA-2389-1 linux-2.6 -- privilege escalation/denial of service/information leak $B$H$7$F(B 2012.01.15 $B$K%j%j!<%9$5$l$?$N$O(B 2.6.32-39 $B$N$h$&$G!#(B $B$3$l$G$OD>$C$F$$$J$$LOMM!#(B $B4XO"(B: Debian Package Tracking System - linux-2.6 (debian.org)

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(BHashTable$B$N%"%k%4%j%:%`$rFM$$$?(BDoS$B967b(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2012.01.18)

VU#723755: WiFi Protected Setup PIN brute force vulnerability

$B!!(Breaver-wps$B$G(BWPA$B$N%-!<$r%/%i%C%/$7$F$_$?$h(B (bogus press, 2012.01.07)$B!#(BNEC Aterm WR4100N $B$G$N(B WPS $B%/%i%C%/;vNc!#(B

FreeBSD Security Advisories SA-11:06$B!A(B10

$B!!(B$BJ#?t%Y%s%@$N(Btelnetd$B$N(Blibtelnet/encrypt.c$B$K$*$1$kG$0U$N%3!<%I$rZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2012.01.17)$B!#(BFreeBSD 8.2 $B$*$h$S(B Debian 6.0.2 $B$G8!>Z!#(B

Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows Packager$B@_Dj$K$*$1$kG$0U$N%3!<%I$rZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2012.01.17)

$B!!(BMS12-007 - $B=EMW(B: AntiXSS Library $B$N@HpJsO3$($$$,5/$3$k(B (2607664) $B$,2~D{$5$l$F$$$^$9!#%"%C%W%0%l!<%I%Q%C%1!<%8$,!"(BAntiXSS Library version 4.2 $B$+$i(B AntiXSS Library version 4.2.1 $B$K99?7$5$l$?$=$&$G$9!#(B

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!(BAdobe Reader$B$*$h$S(BAcrobat$B$K$*$1$k(BU3D$B$N=hM}$N@HZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2012.01.17)$B!#(BWindows XP SP3 + Adobe Reader 9.4.6 $B$G$N8!>Z7k2L!#(B

$B"#(B 2012.01.17

$B"#(B $B$$$m$$$m(B (2012.01.17)
(various)

$B"#(B 2012.01.16

$B"#(B 2012.01.14

$B"#(B 2012.01.13

$B"#(B $BDI5-(B

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(BRHEL $B$*$h$S8_49(B OS $BMQ=$@5%Q%C%1!<%8!#(B

$B!!$"$H!"4XO"5-;v(B:

$B"#(B 2012.01.12

$B"#(B 2012.01.11

$B"#(B Wireshark 1.6.5 / 1.4.11 $B%j%j!<%9(B
(Wireshark, 2012.01.10)

$B!!(BWireshark 1.6.5 / 1.4.11 $BEP>l!#(B3 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B Microsoft 2012 $BG/(B 1 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2012.01.11)

$B!!M=Dj$I$*$j(B 7 $B7o!#(B

MS12-001 - $B=EMW(B: Windows $B%+!<%M%k$N@H

$B!!(BWindows XP (64bit $BHG$N$_(B) / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(BNtdll.dll $B$K7g4Y$,$"$j!"(BVisual C++ .NET 2003 $B$G%3%s%Q%$%k$7$?%"%W%j%1!<%7%g%s$+$i(B SafeSEH $B%;%-%e%j%F%#5!G=$r2sHr$G$-$k!#(B CVE-2012-0001$B!#(BExploitability Index: 1

$B!!4XO"(B: More information on the impact of MS12-001 (Microsoft Security Research & Defense, 2012.01.10)

You can determine if your binary is affected by this issue by using the Microsoft Visual C++ linker command $B!H(Blink.exe /dump /headers binary.dll$B!I(B. Binaries with a Load Config Directory size of 0x48 are affected as shown below.

MS12-002 - $B=EMW(B: Windows $B%*%V%8%'%/%H(B $B%Q%C%1!<%8%c!<$N@H

$B!!(BWindows XP / Server 2003 $B$K7g4Y!#(BWindows $B%*%V%8%'%/%H(B $B%Q%C%1!<%8%c!<$K7g4Y$,$"$k!#(B $B%U%!%$%k6&M-$d(B WebDAV $B6&M-$K(B

  • $B@5Ev$J%U%!%$%k(B

  • $B96N,%3!<%I$NF~$C$?

$B$NN>J}$r@_CV$7$F$*$/!#$3$3$G@5Ev$J%U%!%$%k$r3+$/$H!"96N,%3!<%I$,CVE-2012-0009$B!#(BExploitability Index: 1

MS12-003 - $B=EMW(B: Windows $B%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`$N@H:3J$5$l$k(B (2646524)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 $B$K7g4Y!#(B $B%/%i%$%"%s%H(B/$B%5!<%P!<(B $B%i%s%?%$%`(B $B%5%V%7%9%F%`(B (CSRSS) $B$K$*$1$k(B UNICODE $BJ8;z%7!<%1%s%9$N=hM}$K7g4Y$,$"$j!"(Blocal user $B$K$h$k8"8B>e>:$,2DG=!#(B CVE-2012-0005$B!#(B Exploitability Index: 1

MS12-004 - $B6[5^(B: Windows Media $B$N@H

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 $B$N(B Windows Multimedia Library $B$*$h$S(B DirectShow$B!"(B Windows 7 / Server 2008 R2 $B$N(B DirectShow$B!"(B $B$*$h$S(B Windows Media Center TV Pack for Windows Vista $B$N(B DirectShow $B$K7g4Y!#(B

  • MIDI $B$N%j%b!<%H$G%3!<%I$,CVE-2012-0003

    Windows Multimedia Library $B$N(B winmm.dll $B$K7g4Y$,$"$j!"96N,(B MIDI $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,

  • DirectShow $B$N%j%b!<%H$G%3!<%I$,CVE-2012-0004

    DirectShow $B$N(B Quartz.dll $B$*$h$S(B Qdvd.dll $B$K7g4Y$,$"$j!"96N,%a%G%#%"%U%!%$%k$r3+$/$HG$0U$N%3!<%I$,

$B!!4XO"(B: More information on MS12-004 (Microsoft Security Research & Defense, 2012.01.10)

MS12-005 - $B=EMW(B: Microsoft Windows $B$N@H

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B ClickOnce $B%"%W%j%1!<%7%g%s$,(B Windows Packager $B$N0BA4$G$J$$%U%!%$%k$NCVE-2012-0013$B!#(B Exploitability Index: 1

MS12-006 - $B=EMW(B: SSL/TLS $B$N@HpJsO3$($$$,5/$3$k(B (2643584)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B $BDL?.$rJ]8n$9$k!V(BSSL$B!?(BTLS$B!W$N@H$B$N7o!#(BExploitability Index: 3

MS12-007 - $B=EMW(B: AntiXSS Library $B$N@HpJsO3$($$$,5/$3$k(B (2607664)

$B!!(BMicrosoft Anti-Cross Site Scripting (AntiXSS) Library V3.x / V4.x $B$K7g4Y!#(B $B%5%K%?%$%:$,IT==J,$J$?$a!"(BXSS $B967b$r5v$92DG=@-$,$"$k!#(B CVE-2012-0007$B!#(B Exploitability Index: 3

$B!!4XO"(B:

2012.01.18 $BDI5-(B:

$B!!(BWindows Packager$B@_Dj$K$*$1$kG$0U$N%3!<%I$rZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2012.01.17)

$B!!(BMS12-007 - $B=EMW(B: AntiXSS Library $B$N@HpJsO3$($$$,5/$3$k(B (2607664) $B$,2~D{$5$l$F$$$^$9!#%"%C%W%0%l!<%I%Q%C%1!<%8$,!"(BAntiXSS Library version 4.2 $B$+$i(B AntiXSS Library version 4.2.1 $B$K99?7$5$l$?$=$&$G$9!#(B

2012.01.27 $BDI5-(B:

$B!!(BMS12-004 - $B6[5^(B: Windows Media $B$N@H $B$N!V(BMIDI $B$N%j%b!<%H$G%3!<%I$,CVE-2012-0003$B!W$N(B exploit $B$,=P2s$C$F$$$k$=$&$G$9!#(B CVE-2012-0003 Exploited in the Wild (IBM ISS, 2012.01.26)

$B"#(B PHP 5.3.9 Released!
(php.net, 2012.01.11)

$B!!=P$^$7$?!#(BEffective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2] $B$N7o(B (CVE-2011-4885) $B$H!"96N,(B Exif $B%X%C%@$K$h$C$F(B integer overflow $B$9$k7o(B (CVE-2011-4566) $B$,=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

$BDL?.$rJ]8n$9$k!V(BSSL$B!?(BTLS$B!W$N@H

$B!!(BWindows patch $B=P$?!#$?$@$7!"(BMS12-006 - $B=EMW(B: SSL/TLS $B$N@HpJsO3$($$$,5/$3$k(B (2643584) $B$H(B MS11-099 - $B=EMW(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (2618444) $B$NN>J}$rE,MQ$9$kI,MW$,$"$k!#(B

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(B PHP 5.3.9 Released! (php.net, 2012.01.11)

APSA11-04: Security Advisory for Adobe Reader and Acrobat

$B!!(BAPSB12-01: Adobe Reader $B$*$h$S(B Acrobat $B$K4X$9$k%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe, 2012.01.10) $B$G(B Adobe Reader / Acrobat 9.5 / 10.1.2 $B=P$^$7$?!#=$@5$5$l$F$^$9!#(B

APSB12-01: Prenotification Security Advisory for Adobe Reader and Acrobat

$B!!(BAdobe Reader / Acrobat 9.5 / 10.1.2 $B=P$^$7$?!#(B

$B"#(B PowerDNS$B$N@H)(B -
(JPRS, 2012.01.11)

$B!!(BPowerDNS 2.9.22.5 $BL$K~(B / 3.0.1 $BL$K~$K7g4Y!#96N,(B DNS $B1~Ez$K$h$C$F%k!<%W$K4Y$j(B DoS $B>uBV$H$J$k!#(BCVE-2012-0206

$B!!(BPowerDNS 2.9.22.5 / 3.0.1 $B$G=$@5$5$l$F$$$k!#(B[Pdns-announce] PowerDNS Security Advisory 2012-01: Denial of Service vulnerability in most versions of the PowerDNS Authoritative Server $B$K$O(B patch $B$b<($5$l$F$$$k!#$^$?(B powerdns.conf $B$G(B cache-ttl=0 $B$r@_Dj$9$k$3$H$G2sHr$G$-$k!#(B

$B"#(B 2012.01.10

$B"#(B $B$$$m$$$m(B (2012.01.10)
(various)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2012.01.06)

$B!!(BDTLS $B$N7o!"(BGnuTLS 3.0.11 $B$G=$@5$5$l$^$7$?!#(B

sched_clock() overflow after 208.5 days in Linux Kernel

$B!!(BVine Linux 6 $B=$@5=P$^$7$?!#(B

$B!!$J$*!"$3$N7g4Y$O(B Vine Linux 5 $B0JA0$K$O1F6A$7$^$;$s!#(B

$B"#(B APSB12-01: Prenotification Security Advisory for Adobe Reader and Acrobat
(Adobe, 2012.01.06)

$B!!(B2012.01.10 (US $B;~4V(B) $B$K(B Adobe Reader / Acrobat 9.x / 10.x $B$N99?7HG$,8x3+$5$l$kM=Dj$G$9!#(B

2012.01.11 $BDI5-(B:

$B!!(BAdobe Reader / Acrobat 9.5 / 10.1.2 $B=P$^$7$?!#(B

$B"#(B 2012.01.09

$B"#(B 2012.01.08

$B"#(B 2012.01.06

$B"#(B $B$$$m$$$m(B (2012.01.06)
(various)

2012.01.10 $BDI5-(B:

$B!!(BDTLS $B$N7o!"(BGnuTLS 3.0.11 $B$G=$@5$5$l$^$7$?!#(B

$B"#(B $B%;%-%e%j%F%#8&5f
(ComputerWorld.jp, 2012.01.06)

$B!!(BSlow Read DoS $BEP>l!#(B

$B!!$3$N967b$O!"(BWeb$B%/%i%$%"%s%H!J%V%i%&%6!K$,!"(BWeb$B%5!<%P$+$i$N%l%9%]%s%9$rFI$_o$JF0:n$rK832$9$k$H$$$&$b$N$G$"$k!#$9$G$KH/8+$5$l$F$$$k967b $B!!$?$@$7!"%/%i%$%"%s%HB&$N(BHTTP$B%j%/%(%9%HF0:n$r%9%m!<%@%&%s$5$;$k(BSlowloris$B$H$OBP6KE*$K!"(BSlow Read DoS$B$G$O%5!<%P$N%l%9%]%s%9F0:n$r%9%m!<%@%&%s$5$;$k!#(B

$B!!>\:Y(B: Are you ready for slow reading? (Qualys Security Labs, 2012.01.05)

$B"#(B $BDI5-(B

FreeBSD Security Advisories SA-11:06$B!A(B10

$B!!4XO"(B:

Android$B7HBSEy$NA4MzNr!"%W%j%$%s%9%H!<%k$GL5CG<}=8!J(BWIRED.jp$B!K(B

$B!!4XO"(B:

$BJF8&5fZ!=!=>h$C

$B!!(BHP patches printer firmware flaw, but leaves customers guessing (Sophos, 2012.01.05)$B!#(BHP $B$N%K%e!<%9%j%j!<%9$+$i$O%;%-%e%j%F%#7g4Y$N>\:Y>pJs$,$o$+$i$J$$$h!"$3$s$J$N@dBP$*$+$7$$$h!"$H$$$&OC!#(B

Effective DoS attacks against Web Application Plattforms ? #hashDoS [UPDATE2]

$B!!(BWeb$B%"%W%j%1!<%7%g%s$KBP$9$k9-HO$J(BDoS$B967b ($BFA4]9@$NF|5-(B, 2011.12.30) $B$,2~D{$5$l!"(Bsuhosin $B%Q%C%A(B$B$r;H$C$?2sHr:v$,>R2p$5$l$F$$$k!#(B

VU#723755: WiFi Protected Setup PIN brute force vulnerability

$B!!(BJVNVU#723755: Wi-Fi Protected Setup $B$K@H (JVN, 2012.01.04)$B!#F|K\$N3FpJs$,$"$k!D!D$+$H;W$$$-$d!"2?$b$J$$!#(B

$B"#(B Google Chrome Stable Channel Update
(Google, 2012.01.05)

$B!!(BGoogle Chrome 16.0.912.75 $BEP>l!#(B3 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2012 $BG/(B 1 $B7n(B
(Microsoft, 2012.01.06)

$B!!$b$&$=$s$J5(@a$J$N$+!#6[5^(B x 1$B!"=EMW(B x 6$B!#(BIE $B$d(B Office $B$O$J$$$_$?$$!#(B

$B"#(B WordPress 3.3.1 Security and Maintenance Release
(WordPress.org, 2012.01.03)

$B!!(BWordPress 3.3.1 $BEP>l!#(BXSS $B7g4Y$,=$@5$5$l$F$$$k!#(B CVE-2012-0287

$B"#(B OpenSSL Security Advisory [04 Jan 2012] Six security flaws have been fixed in OpenSSL 1.0.0f and 0.9.8s
(OpenSSL.org, 2012.01.04)

$B!!(BOpenSSL $B$K(B 6 $B$D$N7g4Y!#(BOpenSSL 0.9.8s / 1.0.0f $B$G=$@5$5$l$F$$$k!#(B

2012.01.19 $BDI5-(B:

$B!!(BOpenSSL Security Advisory [18 Jan 2011] ($B86J8%^%^(B) (OpenSSL.org, 2012.01.18)$B!#(B OpenSSL 1.0.0f / 0.9.8s $B$K$*$1$k!"(B DTLS Plaintext Recovery Attack (CVE-2011-4108) $B$X$NBP1~ItJ,$K7g4Y$,$"$j!"(B DoS $B967b$rCVE-2012-0050$B!#(B

$B!!(BOpenSSL 1.0.0g / 0.9.8t $B$G=$@5$5$l$F$$$k!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B sched_clock() overflow after 208.5 days in Linux Kernel
(okky$B$N6d2O@)054qk}(B, 2011.12.29)

$B!!(BLinux 2.6.28 $B0J9_$K7g4Y!#(Bsched_clock() $B$,Ls(B 208.5 $BF|$G(B overflow $B$9$k$?$a!"(B Linux $B$,:F5/F0$9$k!#(BLinux 2.6.28 $B0J9_$r;HMQ$7$F$$$k%G%#%9%H%j%S%e!<%7%g%s(B ($BNc(B: RHEL 6) $BA4$F$K1F6A$9$k!#$?$@$7!"2>A[%^%7%s>e$GF0:n$5$;$F$$$k>l9g$K$O!"$3$N7g4Y$O1F6A$7$J$$!#J*M}%^%7%s>e!"$+$D(B Pentium 4 $B0J9_$N(B Intel $B7O(B CPU ($B8_49IJ4^$`!"(B32 bit / 64bit $B$I$A$i$G$b(B) $B$r;HMQ$7$F$$$k>l9g$K$N$_1F6A!#(B $BF?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BLinux 2.6.32.50 / 3.0.13 / 3.1.5 $B$G=$@5$5$l$F$$$k!#4XO"(B:

$B!!(Bpatch $B$,$J$$%G%#%9%H%j$N>l9g$O!"(B200 $BF|0JFb$K

2012.01.10 $BDI5-(B:

$B!!(BVine Linux 6 $B=$@5=P$^$7$?!#(B

$B!!$J$*!"$3$N7g4Y$O(B Vine Linux 5 $B0JA0$K$O1F6A$7$^$;$s!#(B

2012.01.18 $BDI5-(B:

$B!!(BDebian 6.0 (squeeze) $B$O(B linux-2.6 (2.6.32-40) $B$G=$@5$5$l$F$$$^$9!#(B

$B!!$7$+$7(B DSA-2389-1 linux-2.6 -- privilege escalation/denial of service/information leak $B$H$7$F(B 2012.01.15 $B$K%j%j!<%9$5$l$?$N$O(B 2.6.32-39 $B$N$h$&$G!#(B $B$3$l$G$OD>$C$F$$$J$$LOMM!#4XO"(B: Debian Package Tracking System - linux-2.6 (debian.org)

$B"#(B Apache Struts 2.3.1.1 $B%j%j!<%9(B
(apache.org, 2011.12.25)

$B!!(BApache Struts 2.3.1.1 $BEP>l!#J#?t$N%;%-%e%j%F%#=$@5$,4^$^$l$F$$$k!#(B

$B"#(B 2012.01.05

$B"#(B $BDI5-(B

PuTTY version 0.62 is released

$B!!(B2011.12.29 $BIU$G(B iceiv+putty $B$,(B 0.62 $B%Y!<%9$K$J$C$F$^$9!#(B

$B"#(B 2012.01.04

$B"#(B 2012.01.03

$B"#(B ZABBIX 1.8.10
(zabbix.com, 2011.12.28)

$B!!(BZABBIX 1.8.10 $BEP>l!#(B$BJ#?t$N(B XSS $B7g4Y(B (CVE-2011-4615 CVE-2011-5027) $B$,=$@5$5$l$F$$$k!#(B

$B"#(B Bugzilla 4.1.3, 4.0.2, 3.6.6, and 3.4.12 Security Advisory
(Bugzilla, 2011.12.28)

$B!!(BBugzilla 3.4.13 / 3.6.7 / 4.0.3 / 4.2rc1 $BEP>l!#(B3 $B$D$N%;%-%e%j%F%#7g4Y(B (XSS$B!"L5G'>Z$G$N%"%+%&%s%H:n@.!"(BCSRF) $B$,=$@5$5$l$F$$$k!#(B

$B"#(B 2012.01.02

$B"#(B 2012.01.01

$B!!$"$1$^$7$F$*$a$G$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

VU#723755: WiFi Protected Setup PIN brute force vulnerability

$B!!96N,%W%m%0%i%`EP>l!#(B

$B2a5n$N5-;v(B: 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]