$B%;%-%e%j%F%#%[!<%k(B memo - 2008.09

Last modified: Wed Jan 14 13:50:27 2009 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2008.09.30

$B"#(B Mozilla Firefox(3.0.3) User Interface Dispatcher Crash and Remote Denial of Service.
(secniche.org, 2008.09.29)

$B!!(BFirefox 3.0.3 $B0JA0$K7g4Y!#(Bkeypress $B$d(B click $B$H$$$C$?(B UIEvent $B$rO"B3$GJ#?t(B dispatchEvent() $B$9$k$H(B crash $B$7$F$7$^$&!#MW(B JavaScript$B!#(BPoC $B$"$j!#(B CVE-2008-4324$B!#(B CVE $B$K$O(B Windows XP $B$G!D!D$H$+=q$+$l$F$$$k$1$I!"

$B"#(B GPS$B%7%9%F%`$K@H
(WIRED VISION, 2008.09.30)

$B!!$&$R$c$"!#(B

$B"#(B $BDI5-(B

APSA08-06: Content Protection in Flash Media Server

$B!!(Bamazon $B$,$3$N7o$N;vNc$H$7$FOCBj$K$J$C$F$$$kLOMM!#(B

$B"#(B SIP$B%9%?%C%/$N
($BF|7P(B IT Pro, 22008.09.30)

$B!!(BIP$BEEOC$KL58@EEOC$,Ce?.$9$k8=>]$,B?H/!$860x$O%$%s%?!<%M%C%H>e$+$i$NIT@5967b(B ($BF|7P(B IT Pro, 2008.09.10) $B4XO"OC!#6<0R;vNc$H$=$NBP1~$J$I!#(B

$B"#(B 2008.09.29

$B"#(B SYM08-016 - Symantec Veritas NetBackup $B$N(B JAVA Administration GUI $B$KFC8">:3J$N@H
(Symantec, 2008.09.24)

$B!!(BVeritas NetBackup Server / Enterprise Server 5.1 / 6.0 / 6.5 $B$K7g4Y!#(B Java Administration GUI $B$K7g4Y$,$"$j!"HsFC8"%f!<%6$K$h$k8"8B>e>:$,2DG=!#(B

$B!!(BVeritas NetBackup Server / Enterprise Server 5.1 MP7 / 6.0 MP7 / 6.5.2 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B $B%/%j%C%/%8%c%C%-%s%0!'8&5f
($BF|7P(B IT Pro, 2008.09.29)

$B!!(BOWASP NYC AppSec 2008 Conference $B$GH/I=$5$l$kM=Dj$@$C$?!V(BNew 0-Day Browser Exploits: Clickjacking - yea, this is bad...$B!W$,!"$"$^$j$K(B bad $B$9$.$k$N$GH/I=$r95$($k$3$H$K$J$C$?7o!#(B

$B!!(BClickjacking $B$H$$$&L>$N$H$*$j!"(BWeb $B%V%i%&%6$K$*$1$k%^%&%9%/%j%C%/$r%O%$%8%c%C%/$9$kJ}K!$,B8:_$9$kLOMM!#$7$+$b!"(BIE 7/8 $B$d(B Firefox 3 $B$H$$$C$?

$B!!$^$?(B NoScript $B$N:nFirefox + NoScript vs Clickjacking (ZDNet Blog, 2008.09.25) $B;2>H!#(B

$B!!$"$H!"$3$N$"$?$j(B?

2008.10.08 $BDI5-(B:

$B!!(B2 $BBj!#(BFlash $B$H(B NoScript $B$K$D$$$F!#(B

  1. Adobe $B$+$i(B workaround $B=P$^$7$?(B: Flash Player workaround available for "Clickjacking" issue (Adobe, 2008.10.07)$B!#(BFlash $B$K$*$1$k!"30It$+$i$N%+%a%i!&%^%$%/$NA`:n$r6X;_$9$kOC(B ($B%G%U%)%k%H$O5v2D$J$N(B?)$B!#4XO"(B: $B%"%I%S!"(BFlash Player$B$N!V%/%j%C%/>h$C ($BF|7P(B IT Pro, 2008.10.08)

    • $B0lHL%f!<%6(B: $B$^$:$O!"(B [$B%0%m!<%P%k%W%i%$%P%7!<@_Dj(B] $B%Q%M%k(B (macromedia.com) $B$G(B [$B>o$K5qH](B...] ($B1Q8lHG(B: [Always deny...]) $B$r%/%j%C%/!#(B $B$=$N>e$G!"FCDj$N%5%$%H$K$O%+%a%i!&%^%$%/$X$N%"%/%;%9$r5v2D$7$?$$>l9g$K$O!"(B[Web $B%5%$%H$N%W%i%$%P%7!<@_Dj(B] $B%Q%M%k(B (macromedia.com) $B$+$i@_Dj$9$k!#(B

    • IT $B4IM}e5-$N%f!<%6@_Dj$h$j$b(B mms.cfg $B$K$h$k@_Dj$NJ}$,M%@h$5$l$k!#(B mms.cfg $B$O0J2<$N>l=j$K@_CV$9$k$N$@$=$&$@(B:

      • Windows: %WINDIR%\system32\Macromed\Flash

      • Mac OS X: /Library/Application Support/Macromedia

      • Linux Flash 9: /etc/adobe/

      mms.cfg $B$O(B Flash Player 8 $B0J9_$G%5%]!<%H$5$l$F$$$k!#(Bmms.cfg $B$NJ8;z%3!<%I$O!"(BOS $B$N%G%U%)%k%H%3!<%I%Z!<%8!"$"$k$$$O(B BOM $B$D$-$N(B UTF-8 / UTF-16$B!#(B

    CVE-2008-4503

    $B:,K\E*$JBP1~$K$D$$$F$O!"(B10 $B7nKv$^$G$KEP>l$9$kM=Dj$N(B Flash Player $B$N?7HG$G9T$o$l$k$N$@$=$&$@!#(B

  2. NoScript $B$G$9$,!"(B1.8.2.1 $B0J9_$K%"%C%W%G!<%H$7$?J}$,$$$$$_$?$$(B: Hello ClearClick, Goodbye Clickjacking! (ackademix.net, 2008.10.08)

2008.10.17 $BDI5-(B:

$B!!(BFlash Player $B$K$D$$$F$O!"(BFlash Player 10 $B$GBP1~$5$l$?$=$&$G!#(B

$B!!$"$H!"4XO"(B:

2008.11.14 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

Security Advisories for Firefox 3.0: Fixed in Firefox 3.0.2

$B!!(BFirefox 3.0.3 $B=P$F$$$^$9!#$d$^$T!A$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B@55,%5%$%H$KIT@5(BFlash$B9-9p7G:\$+!'(B URL$B$r%3%T%Z$7$?$i0-h$C

$B!!(BUnderstanding the security changes in Flash Player 10 beta: Setting data on the system Clipboard requires user interaction (adobe.com, 2008.09.20)$B!#(BFlash Player 10 beta $B$G$O!"%/%j%C%W%\!<%I$X$N%3%T!<$K:]$7$F%f!<%6$NBPOCE*$JA`:n$,I,MW$K$J$C$?$=$&$G$9!#(B

$B"#(B 2008.09.26

$B"#(B $B$$$m$$$m(B (2008.09.26)
(various)

$B"#(B $BDI5-(B

Security Advisories for Firefox 3.0: Fixed in Firefox 3.0.2

$B!!(BThunderbird 2.0.0.17 $BEP>l$7$F$$$^$9!#(B

$B!!$"$H!"9q:]2=%I%a%$%sL>(B ($BNc(B: $BF|K\8l%I%a%$%sL>(B) $B$N%5%$%H$N%Q%9%o!<%I$r(B Firefox $B$GJ]B8$7$F$$$?>l9g$K!"(BFirefox 3.0.2 $B$K%"%C%W%G!<%H$9$k$H;H$($J$/$J$C$F$7$^$&IT6q9g$,$"$kLOMM!#(B

$B!!$3$NIT6q9g$r=$@5$7$?(B Firefox 3.0.3 $B$,6aF|Cf$KEP>l$9$kM=Dj$NLOMM!#(B

$B"#(B 2008.09.25

$B"#(B $B$$$m$$$m(B (2008.09.25)
(various)

2008.09.26 $BDI5-(B:

$B!!(BCisco $B$N(B 9/24 $BIU!#7W(B 12 $B8D!#(B

$B"#(B 2008.09.24

$B"#(B Zero-Day Exploit Strikes QuickTime 7.5.5, iTunes 8.0
(McAfee blog, 2008.09.18)

$B!!(BQuicktime7.5.5/Itunes 8.0 Remote Heap Overflow Crash (milw0rm) $B$N7o!#(BDoS (crash) $B$K$O$J$k$1$I!"G$0U$N%3!<%I$N

$B"#(B Security Advisories for Firefox 3.0: Fixed in Firefox 3.0.2
(mozilla.org, 2008.09.23)

$B!!(BFirefox 3.0.2 $BEP>l!#(B5 $B$D$N7g4Y(B$B$,=$@5$5$l$F$$$k!#(B Firefox 2.0.0.17$B!"(BSeaMonkey 1.1.12 $B$bF1;~$K8x3+$5$l$F$$$k!#(B

$B!!(BThunderbird 2.0.0.17 $B$b4V$b$J$/EP>l$H;W$o$l!#(B

2008.09.26 $BDI5-(B:

$B!!(BThunderbird 2.0.0.17 $BEP>l$7$F$$$^$9!#(B

$B!!$"$H!"9q:]2=%I%a%$%sL>(B ($BNc(B: $BF|K\8l%I%a%$%sL>(B) $B$N%5%$%H$N%Q%9%o!<%I$r(B Firefox $B$GJ]B8$7$F$$$?>l9g$K!"(BFirefox 3.0.2 $B$K%"%C%W%G!<%H$9$k$H;H$($J$/$J$C$F$7$^$&IT6q9g$,$"$kLOMM!#(B

$B!!$3$NIT6q9g$r=$@5$7$?(B Firefox 3.0.3 $B$,6aF|Cf$KEP>l$9$kM=Dj$NLOMM!#(B

2008.09.29 $BDI5-(B:

$B!!(BFirefox 3.0.3 $B=P$F$$$^$9!#$d$^$T!A$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B$$$m$$$m(B (2008.09.24)
(various)

2008.10.01 $BDI5-(B:

$B!!(BphpMyAdmin $B$N7o(B: JVN#54824688: phpMyAdmin $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H (JVN, 2008.09.26)

$B"#(B 2008.09.23

$B"#(B 2008.09.22

$B"#(B VMware Security Advisory on critical openwsman issue
(VMware, 2008.09.18)

$B!!(BVMware ESX 3.5 / ESXi 3.5 $BOC!#$^$:?75,(B:

$B!!$"$H!"(BVMware ESX 3.5 / ESXi 3.5 $B$K4XO"$7$F!"$$$/$D$+$N(B Security Advisory $B$KDI5-$5$l$?OC!#(B

$B"#(B WinVNC$B$rIT?3$J%W%m%0%i%`$H$7$F8!=P$5$;$J$$$h$&$K$9$kJ}K!(B
($B%^%+%U%#!<(B, 2008.09.22)

$B!!$J$<:#99$3$s$J!D!D$H;W$C$?$N$@$,!"$3$&$$$&$3$H$@$=$&$G$9!#(B

$B=EMW(B: 2008/09/18 $B2PMKF|%j%j!<%9$N(BDAT5387$B$h$j$5$^$6$^$J(BVNC$B%I%i%$%P$r8!CN$9$kDj5A$,4^$^$l$F$$$^$9!#(B

$B!!$H$$$&$o$1$G!"$3$l$^$G(B PUP $B07$$$5$l$F$$$J$+$C$?%b%N$,(B PUP $B07$$$5$l$k$h$&$K$J$C$?LOMM!#(B

$B"#(B 2008.09.21

$B"#(B $B!V#I#T@=IJ!"%=!<%9%3!<%I3+<($;$h!W!DCf9q$,309q4k6H$KMW5a$X(B
($BFIGd(B, 2008.09.19)

$B!!$^$5$K%A%c%$%J%j%9%/!#(Byama $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2008.09.19

$B"#(B $BDI5-(B

$B0lB@O:$N@H

$B!!(BSecurity Updates for Exploit-TaroDrop.e (McAfee blog, 2008.09.17)

$B"#(B 2008.09.18

$B"#(B DNS$B%-%c%C%7%e%]%$%:%K%s%0$N@H
(IPA, 2008.09.18)

$B!!(BVulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$KBP1~$9$k$?$a$N(B 3 $B$D$N%]%$%s%H$H!"$=$l$i$r3NG'$9$kJ}K!!#(B

$B3NG'9`L\(B $B3NG'J}K!(B $B%3%^%s%INc(B
DNS$BLd$$9g$o$;$K;HMQ$9$k%]!<%HHV9f$,%i%s%@%`2=$5$l$F$$$k$3$H(B porttest.dns-oarc.net $B$rMxMQ$9$k(B dig +short porttest.dns-oarc.net TXT
nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net.
DNS$BLd$$9g$o$;$K;HMQ$9$k(BID$B$,%i%s%@%`2=$5$l$F$$$k$3$H(B txidtest.dns-oarc.net $B$rMxMQ$9$k(B dig +short txidtest.dns-oarc.net TXT
nslookup -querytype=TXT -timeout=10 txidtest.dns-oarc.net.
$B30It$+$i$N:F5"E*$J(BDNS$BLd$$9g$o$;$KEz$($J$$$3$H(B http://recursive.iana.org/ $B$rMxMQ$9$k(B http://recursive.iana.org/ $B$K%"%/%;%9$9$k(B

$B!!:#$9$03NG'$7$h$&!#BP1~$,I,MW$J>l9g$O(B:

$B"#(B 2008.09.17

$B"#(B $BDI5-(B

$B0lB@O:$N@H

$B!!(B$B0lB@O:$N@H$B$,99?7$5$l$?!#0lB@O:(B 2008 $BBN83HG$N99?7HG$,MQ0U$5$l$F$$$k!#(B

$B!V(BMac OS X 10.4/10.5$B!W$r>h$C

$B!!(BMac OS X - About Security Update 2008-005 $B$G$N=$@5$O40A4$G$O$J$+$C$?$=$&$G!"(B About the security content of Apple Remote Desktop 3.2.2 $B$,8x3+$5$l$F$$$^$9!#:#EY$3$=Bg>fIW$+$J!#(B

$B"#(B [SA31342] Trend Micro OfficeScan Server "cgiRecvFile.exe" Buffer Overflow
(secunia, 2008.09.13)

$B!!(BTrend Micro OfficeScan Corporate Edition 7.x / 8.x, Trend Micro Client Server Messaging Security for SMB 2.x / 3.x $B$K7g4Y!#(B cgiRecvFile.exe $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"D9Bg$J(B ComputerName $B%Q%i%a!<%?$rCmF~$9$k$3$H$GG$0U$N%3!<%I$rCVE-2008-2437

$B!!1Q8lHG@=IJ$K$D$$$F$O(B patch $B$,=P$F$$$k(B (OfficeScan, Messaging)$B!#(B Client Server Messaging Security for SMB 2.x $B$O$b$O$d0];}$5$l$F$$$J$$(B?

$B!!>e5-$K3:Ev$9$kF|K\8lHG(B ($B%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s!"(BTrend Micro $B%S%8%M%9%;%-%e%j%F%#(B) $BMQ(B patch $B$O$^$@$J$$$h$&$@(B ($B%3!<%]%l!<%H%(%G%#%7%g%s(B$B!"(B$B%S%8%M%9%;%-%e%j%F%#(B)$B!#$$$/$D$+D4$Y$F$_$k$H!"$I$&$d$iF|JF$N;~:9$O(B 2 $B=54V

patch $BL>(B US $BF|K\(B
OfficeScan 7.0 Critical Patch - Build 1397 2008.08.29 2008.09.10
OfficeScan 7.3 Critical Patch - Build 1362 2008.08.29 2008.09.10
OfficeScan 8.0 Service Pack 1 Critical Patch - Build 2402 2008.08.22 2008.09.03
OfficeScan 8.0 Critical Patch - Build 1351 2008.08.22 2008.09.03
OfficeScan 8.0 Service Pack 1 Patch 1 Critical Patch - Build 3037 2008.08.22 N/A
Client Server Messaging Security 3.5 - Security Server Critical Patch - Build 1168 2008.08.29 2008.09.10
Client Server Messaging Security 3.6 - Security Server Critical Patch - Build 1194 2008.08.29 2008.09.10

$B!!F|K\$G$O!"(BOfficeScan 8.0 SP1 Patch 1 $B$K3:Ev$9$k@=IJ$,B8:_$7$J$$$N$+$J!#(B

2008.10.03 $BDI5-(B:

$B!!(B2008.10.01 $BIU$G!"(B$B%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s(B$B$G0J2<$,8x3+$5$l$F$$$^$9!#(B

$B!!(B2008.10.01 $BIU$G!"(B$B%&%$%k%9%P%9%?!<(B $B%S%8%M%9%;%-%e%j%F%#(B$B$G0J2<$,8x3+$5$l$F$$$^$9!#(B

2008.10.14 $BDI5-(B:

$B!!(B$B%"%i!<%H(B/$B%"%I%P%$%6%j!'%&%$%k%9%P%9%?!<%3!<%]%l!<%H%(%G%#%7%g%s!&%&%$%k%9%P%9%?!<%S%8%M%9%;%-%e%j%F%#$N(BCGI$B%b%8%e!<%k$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H ($B%H%l%s%I%^%$%/%m(B, 2008.09.30 $B99?7(B)$B!#(B10/7 $BIU$G!"(B $B%&%$%k%9%P%9%?!<%S%8%M%9%;%-%e%j%F%#(B 3.0 $B$H(B Trend Micro Client/Server Security 2.0 $BMQ$N(B patch $B$b=P$?$h$&$G$9!#(B

$B"#(B APSA08-07 - Potential vulnerabilities in Mac Illustrator CS2
(Adobe, 2008.09.16)

$B!!(BMac $BMQ$N(B Illustrator CS2 $B$K7g4Y!#(BAI $B%U%!%$%k$N07$$$K7g4Y$,$"$j!"96N,(B AI $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rlM=Dj$N(B Illustrator CS4 $B$K$O$3$N7g4Y$O$J$$!#(B CVE-2008-3961

$B!!8=;~E@$K$*$$$F(B patch $B$O$J$$!#=P$kM=Dj$,$"$k$N$+$I$&$+$b$h$/$o$+$i$J$$!#(B

$B"#(B $B$$$m$$$m(B (2008.09.17)
(various)

2009.01.14 $BDI5-(B:

$B!!(BMicrosoft Windows WRITE_ANDX SMB command handling Kernel DoS $B$N7o!"(B MS09-001 - $B6[5^(B: SMB $B$N@H (Microsoft) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B [SA31888] LANDesk Multiple Products Buffer Overflow Vulnerability
(secunia, 2008.09.17)

$B!!(BLANDesk Management Suite / LANDesk Security Suite / LANDesk Server Manager $B$=$l$>$l$N(B 8.8 $B0JA0$K7g4Y!#(B Intel QIP Service ($B%G%U%)%k%H(B: 12175/tcp) $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B 'heal' $B%j%/%(%9%H$K$h$C$F(B remote $B$+$iG$0U$N%3!<%I$rCVE-2008-2468

$B!!(Bpatch $B$,$"$k$N$G=$@5$9$l$P$h$$!#(B

$B"#(B Why you should upgrade to Rails 2.1
(blog.innerewut.de, 2008.06.16)

$B!!(BRuby on Rails $B$K7g4Y!#(B:offset $B$*$h$S(B :limit $B%Q%i%a!<%?$N07$$$K7g4Y$,$"$j!"(BSQL $B%$%s%8%'%/%7%g%s967b$r>7$$$F$7$^$&!#(B

$B!!(BRuby on Rails 2.1.1 $B$G=$@5$5$l$F$$$k!#$^$?(B Ruby on Rails 2-0-stable / 1-2-stable $BMQ$N(B patch $B$,$"$k!#(B

$B!!(BCVE-2008-4094

$B"#(B 2008.09.16

$B"#(B About the security content of iPhone v2.1
(Apple, 2008.09.16)

$B!!(B$BM=9p(B$B$I$*$j=P$^$7$?!#(B$B%Q%9%o!<%I!&%m%C%/$r2sHr$G$-$kOC(B$B$N=$@5$O(B CVE-2008-3633 $B$N$h$&$G$9$M!#(B

$B"#(B About the security content of Mac OS X v10.5.5 and Security Update 2008-006
(apple, 2008.09.16)

$B!!(BMac OS X 10.5.5 $B$*$h$S(B Security Update 2008-006 (Mac OS X 10.4.9 $BMQ(B) $B$,EP>l!#(B

$B%b%8%e!<%k(B CVE Mac OS X $B1F6A(B $B$=$NB>(B
ATS CVE-2008-2305 10.4.x / 10.5.x $BG$0U$N%3!<%I$N
BIND N/A 10.4.x / 10.5.x $B%Q%U%)!<%^%s%9$NITB-(B BIND 9.3.5-P2 / 9.4.2-P2 $B$X0\9T(B
ClamAV CVE-2008-1100 CVE-2008-1387
CVE-2008-0314 CVE-2008-1833
CVE-2008-1835 CVE-2008-1836
CVE-2008-1837 CVE-2008-2713
CVE-2008-3215 		Server 10.4.x / Server 10.5.x $BG$0U$N%3!<%I$N ClamAV 0.93.3 $B$X0\9T(B
Directory Services CVE-2008-2329 10.5.x login $B2hLL$K%"%/%;%9$G$-$k$H%f!<%60lMw$r Active Directory $B$r;H$C$FG'>Z$9$k>l9g$NOC(B
CVE-2008-2330 10.5.x OpenLDAP $B$N4IM}
Finder CVE-2008-2331 10.5.x $B@5$7$$8"8B$,I=<($5$l$J$$(B
CVE-2008-3613 10.5.x DoS
ImageIO CVE-2008-2327 10.4.x / 10.5.x $BG$0U$N%3!<%I$N TIFF $B%U%!%$%k$GH/@8(B
CVE-2008-2332 10.4.x / 10.5.x $BG$0U$N%3!<%I$N TIFF $B%U%!%$%k$GH/@8(B
CVE-2008-3608 10.4.x / 10.5.x $BG$0U$N%3!<%I$N JPEG $B%U%!%$%k$GH/@8(B
CVE-2008-1382 10.4.x / 10.5.x N/A libpng 1.2.29 $B$K0\9T(B
Kernel CVE-2008-3609 10.5.x local user $B$,8"8B$N$J$$%U%!%$%k$K%"%/%;%9$G$-$k(B
libresolv CVE-2008-1447 10.4.x / 10.5.x DNS $B%-%c%C%7%e1x@w(B
Login Window CVE-2008-3610 10.5.x $B%Q%9%o!<%I$rCN$i$J$/$F$b(B login $B$G$-$k(B
CVE-2008-3611 10.4.x login $B2hLL$K%"%/%;%9$G$-$k$H!"B>$N%f!<%6$N%Q%9%o!<%I$rJQ99$G$-$k(B
mDNSResponder CVE-2008-1447 10.4.x / 10.5.x DNS $B%-%c%C%7%e1x@w(B
OpenSSH CVE-2008-1483 CVE-2008-1657 10.4.x / 10.5.x local user $B$,B>?M$N(B X11 $B%;%C%7%g%s$r@)8f$G$-$k(B
QuickDraw Manager CVE-2008-3614 10.4.x / 10.5.x $BG$0U$N%3!<%I$N PICT $B%U%!%$%k$GH/@8(B
Ruby CVE-2008-2376 10.4.x / 10.5.x $BG$0U$N%3!<%I$N
SearchKit CVE-2008-3616 10.4.x / 10.5.x $BG$0U$N%3!<%I$N
System Configuration CVE-2008-2312 10.4.x local user $B$,(B PPP $B%Q%9%o!<%I$r
CVE-2008-3617 10.5.x $B%f!<%6$,%Q%9%o!<%I$N6/EY$r8m2r$9$k(B ($B
CVE-2008-3618 10.5.x $BG'>Z:Q%f!<%6$,M=4|$;$:(B remote file / directory $B$K%"%/%;%9$7$F$7$^$&(B
Time Machine CVE-2008-3619 10.5.x $B%;%s%7%F%#%V>pJs$NO31L(B
VideoConference CVE-2008-3621 10.4.x / 10.5.x $BG$0U$N%3!<%I$N
Wiki Server CVE-2008-3622 10.5.x remote $B$+$i(B JavaScript $B$rA^F~$G$-$k(B

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

About the security content of iTunes 8.0

$B!!(BiTunes 8 + Windows XP / Vista $B$N4D6-$G(B iPhone / iPod $B$r@\B3$9$k$H!"%V%k!<2hLL$K$J$k$3$H$,$"$k$i$7$$(B: iTunes 8: If Windows Vista displays a blue screen error message when connecting iPhone or iPod (Apple TS2280)$B!#$=$N>l9g$O!"$^$:(B $B0lC6(B iPhone / iPod $B$r30$7!"

$B!!4XO"(B: $B%"%C%W%k!"!V(BiTunes 8$B!W$r%"%C%W%G!<%H(B--Windows Vista$B$N%V%k!<%9%/%j!<%sLdBj$r2r7h(B (CNET, 2008.09.16)

[$B=EMW(B] Movable Type 4.2 RC5 $B$H%;%-%e%j%F%#%"%C%W%G!<%H$NDs6!$r3+;O(B

$B!!4XO"(B:

$B"#(B $B$$$m$$$m(B (2008.09.16)
(various)

$B"#(B 2008.09.15

$B"#(B 2008.09.14

$B"#(B 2008.09.13

$B"#(B 2008.09.12

$B"#(B Postfix Linux-only local denial of service
(postfix.org, 2008.09.02)

$B!!(Bpostfix 2.4 $B0J9_(B + Linux 2.6 $B$G7g4Y!#(B.forward $B$J$I$K$*$$$FHs(B postfix $B%3%^%s%I$r$N%W%i%C%H%[!<%`$G$OH/@8$7$J$$!#(B CVE-2008-3889

$B!!(Bpostfix 2.4.9 / 2.5.5 / 2.6-20080902 $B$G=$@5$5$l$F$$$k!#$^$?!"E:IU$5$l$F$$$k(B patch $B$K$h$C$F$b=$@5$G$-$k!#(B

2008.09.25 $BDI5-(B:

$B!!(BPostfix Local Denial of Service (PIPE, Exploit) (securiteam)$B!#(B CVE-2008-4042 $B$H$$$&HV9f$OGK4~$5$l$F$$$k$N$G;H$o$J$$$G$M!#(B

$B"#(B $BDI5-(B

$B0lB@O:$N@H

$B!!4XO"(B:

$B"#(B Adobe Acrobat 9 ActiveX Remote Denial of Service Exploit
(milw0rm, 2008.09.11)

$B!!(BDoS $B$N(B PoC $B$@$=$&$G$9!#(B CVE-2008-4071

$B"#(B 2008.09.11

$B"#(B $BDI5-(B

Microsoft 2008 $BG/(B 9 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!FqGH$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B) 

$B$5$F!"I8Bj$N7o$K$D$-$^$7$F!"K\F|%^%$%/%m%=%U%HZ$r9T$C$F$$$?:]!"!V(BMS08-052$B!J(B954593$B!K!W$K$$$/$D$+$N(B
$BIT6q9g$,3NG'$5$l$^$7$?$,!"F1pJs$rDs6!$5$;$F$$$?$@$-$^$9!#(B

$B!ZEvJ}$GGD0.$7$F$$$kIT6q9g![(B
$B!!"(0J2]$,H/@8$9$k$N$G$O$J$$$+!Y(B
$B!!!!!!!!!!(B $B$H$$$C$?0le$G9pCN(B
$B!!!!!!!!!!(B $B!J%"%I%P%$%6%jEy!K$9$k$+$b$7$l$J$$!Y$H$N$3$H$G$9!#(B

$B!!!!"#(B3$B7oL\!JIT6q9g$G$OL5$/!"7G:\>pJs$NITHw$G$9$,!&!&!&!K(B
$B!!!!!!F1pJs(B MS08-052$B!W!J2<5-(BURL$B!K$K$*$$$F!"(B
$B!!!!!!](BURL$B!&!&!&(B
$B!!!!!!!!!!(Bhttp://www.microsoft.com/japan/technet/security/bulletin/MS08-052.mspx

$B!!!!!!(B $B!&8mI=5-$H;W$o$l$k2U=j!c(B1$B7oL\!d(B
$B!!!!!!!!!!F1%5%$%H"*!V%;%-%e%j%F%#99?7%W%m%0%i%`$K4X$9$k>pJs!W"*(B
$B!!!!!!!!!!!V%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+!W"*!V(BMicrosoft .NET Framework1.0$B!W$N(B
$B!!!!!!!!!!!V%l%8%9%H%j%-!<$N3NG'!W$K!"!V(B.NET Framework 1.0 SP3$B!W$K$D$$$F$O!"(B
$B!!!!!!!!!!0J2<$N%l%8%9%H%j%-!<$r3NG'$9$k$h$&$K5-:\$5$l$F$$$^$9$,!"(B
$B!!!!!!!!!!e$G(B
$B!!!!!!!!!!(B $BI,MW$,$"$l$PBP=h$9$k!Y;]2sEz$rF@$^$7$?!#(B

$B!!]$H$7$FG'<1$5$l$J$+$C$?!#(B $BIT?3$K;W$C$F%l%8%9%H%j$d%U%!%$%k$r3NG'$7$F$_$?$i!"o$K%$%s%9%H!<%k$G$-$F$$$k$h$&$@$C$?!#(B

$B!!!D!D>e5-$N$&$A!"%l%8%9%H%j$N7o$O(B MS08-052 $B$G$b=$@5$5$l$^$7$?$M!#(B

$B0lB@O:$N@H

$B!!(B$B0lB@O:$N@H$B$,99?7$5$l$?!#BP>]$H$J$k0lB@O:$N%P!<%8%g%s!"$*$h$S=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B

$B!!BP>]$H$J$k$N$O(B: $B0lB@O:(B 12 / 13 / 2004 / 2005 / $BJ8i:(B / 2006 / 2007 / 2008$B!"0lB@O:%,%P%a%s%H(B 2006 / 2007 / 2008$B!"$*$h$S0lB@O:%S%e!<%"!#0lB@O:$K$O(B patch $B$,!"0lB@O:%S%e!<%"$K$O99?7HG(B (5.1.4.0) $B$,MQ0U$5$l$F$$$k!#$^$?0lB@O:(B 2008 $BBN83HG$K$b!V99?7HG!W$,MQ0U$5$l$k$=$&$@(B ($B:#$O$^$@MQ0U$5$l$F$$$J$$(B)$B!#(B

$B!!4XO"(B:

$B!!0lB@O:(B Lite2 $B$C$F$^$@%5%]!<%H$5$l$F$$$k$C$]$$$N$G$9$,!":#2s$N7g4Y$O$J$$$H$$$&$3$H$J$s$G$9$+$M$(!#(B

$B"#(B 2008.09.10

$B"#(B Microsoft 2008 $BG/(B 9 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2008.09.10)

$B!!M=Dj$I$*$j6[5^(B x 4 $B$G$9!#(B

MS08-052 - $B6[5^(B: GDI+ $B$N@H

$B!!(BGDI+ $B$KJ#?t$N7g4Y!#$$$:$l$bG$0U$N%3!<%I$N7$/!#(B

$B!!(BGDI+ $B$O

  • Windows XP / Server 2003 / Vista / Server 2008

  • Office XP (2002) / 2003 / 2007

  • Visio 2002

  • PowerPoint Viewer 2003

  • Works 8

  • Digital Image Suite 2006

  • $B$O$,$-%9%?%8%*(B 2006

  • SQL Server 2000 / 2005

  • Visual Studio .NET 2002 / 2003 / 2005 / 2008

  • Report Viewer 2005 / 2008

  • Platform SDK Redistributable: GDI+

$B!!$^$?!"(BWindows 2000 $B$Kl9g$K$b4^$^$l$k!#(B

  • IE 6

  • .NET Framework 1.0 / 1.1 / 2.0

  • Office Home Style+

  • Forefront Client Security 1.0

$B!!$5$i$K!"(B3rd party $B%"%W%j$K4^$^$l$k>l9g$b$"$k!#$?$@$7!"(B 2008$BG/(B9$B7n$N%;%-%e%j%F%#%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`(B, 2008.09.10) $B$K$h$k$H(B

$B1F6A$,$"$k>l9g$G$b!"4pK\E*$O(B GDI+ $B$r;}$?$J$$(B Windows 2000 $B4D6-$,Cm0U$,I,MW$J4D6-$H$J$j$^$9!#(BWindwos 2000$B4D6-$G$O!"4pK\E*$K$=$N%"%W%j%1!<%7%g%s3+H/85$,%;%-%e%j%F%#99?7%W%m%0%i%`$rDs6!$9$kI,MW$,$"$j$^$9!#(BWindows XP $B0J9_$K$D$$$F$O!"DL>o$N%^%J!<$K=>$C$F(BSide By Side (WinSxS) $B$r;HMQ$7$F$$$k%"%W%j%1!<%7%g%s$G$"$l$P!"(BWindows $B$N99?7$rE,MQ$9$k;v$G1F6A$r

$B!!(BWindows XP $B0J9_$G$"$l$P!"DL>o$OLdBj$J$5$=$&$@!#(B

MS08-053 - $B6[5^(B: Windows Media $B%(%s%3!<%@!<(B 9 $B$N@H

$B!!(BWindows Media $B%(%s%3!<%@!<(B 9 $B$K7g4Y!#(BWMEX.DLL ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B Web $B%Z!<%8$r1\Mw$5$;$k$3$H$GG$0U$N%3!<%I$rCVE-2008-3008

MS08-054 - $B6[5^(B: Windows Media Player $B$N@H

$B!!(BWindows Media Player 11 $B$K7g4Y!#%*!<%G%#%*%U%!%$%k$N=hM}$K7g4Y$,$"$j!"%5!<%P$+$iAw$i$l$k96N,%*!<%G%#%*%U%!%$%k$r=hM}$5$;$k$3$H$GG$0U$N%3!<%I$rCVE-2008-2253

MS08-055 - $B6[5^(B: Microsoft Office $B$N@H

$B!!(BOffice XP (2002) / 2003 / 2007$B!"(BOneNote 2007 $B$K7g4Y!#(B onenote:// URL $B$N=hM}$K7g4Y$,$"$j!"96N,(B URL $B$r%/%j%C%/$5$;$k$3$H$GG$0U$N%3!<%I$rCVE-2008-3007$B!"(B[Full-disclosure] Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!D!D$G:Q$^$;$?$$$H$3$m$@$,!"(B MS08-052 - $B6[5^(B: GDI+ $B$N@H$B$N!V$O$,$-%9%?%8%*(B 2006$B!WMQ(B patch $B$@$1$,$^$@B8:_$7$J$$!#(B

$B!!$H$3$m$G!"@Q$_$N$3$7$O$I$&$J$C$F$k$N$+$J!D!D!#(B

2008.09.11 $BDI5-(B:

$B!!FqGH$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B) 

$B$5$F!"I8Bj$N7o$K$D$-$^$7$F!"K\F|%^%$%/%m%=%U%HZ$r9T$C$F$$$?:]!"!V(BMS08-052$B!J(B954593$B!K!W$K$$$/$D$+$N(B
$BIT6q9g$,3NG'$5$l$^$7$?$,!"F1pJs$rDs6!$5$;$F$$$?$@$-$^$9!#(B

$B!ZEvJ}$GGD0.$7$F$$$kIT6q9g![(B
$B!!"(0J2]$,H/@8$9$k$N$G$O$J$$$+!Y(B
$B!!!!!!!!!!(B $B$H$$$C$?0le$G9pCN(B
$B!!!!!!!!!!(B $B!J%"%I%P%$%6%jEy!K$9$k$+$b$7$l$J$$!Y$H$N$3$H$G$9!#(B

$B!!!!"#(B3$B7oL\!JIT6q9g$G$OL5$/!"7G:\>pJs$NITHw$G$9$,!&!&!&!K(B
$B!!!!!!F1pJs(B MS08-052$B!W!J2<5-(BURL$B!K$K$*$$$F!"(B
$B!!!!!!](BURL$B!&!&!&(B
$B!!!!!!!!!!(Bhttp://www.microsoft.com/japan/technet/security/bulletin/MS08-052.mspx

$B!!!!!!(B $B!&8mI=5-$H;W$o$l$k2U=j!c(B1$B7oL\!d(B
$B!!!!!!!!!!F1%5%$%H"*!V%;%-%e%j%F%#99?7%W%m%0%i%`$K4X$9$k>pJs!W"*(B
$B!!!!!!!!!!!V%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+!W"*!V(BMicrosoft .NET Framework1.0$B!W$N(B
$B!!!!!!!!!!!V%l%8%9%H%j%-!<$N3NG'!W$K!"!V(B.NET Framework 1.0 SP3$B!W$K$D$$$F$O!"(B
$B!!!!!!!!!!0J2<$N%l%8%9%H%j%-!<$r3NG'$9$k$h$&$K5-:\$5$l$F$$$^$9$,!"(B
$B!!!!!!!!!!e$G(B
$B!!!!!!!!!!(B $BI,MW$,$"$l$PBP=h$9$k!Y;]2sEz$rF@$^$7$?!#(B

$B!!]$H$7$FG'<1$5$l$J$+$C$?!#(B $BIT?3$K;W$C$F%l%8%9%H%j$d%U%!%$%k$r3NG'$7$F$_$?$i!"o$K%$%s%9%H!<%k$G$-$F$$$k$h$&$@$C$?!#(B

$B!!!D!D>e5-$N$&$A!"%l%8%9%H%j$N7o$O(B MS08-052 $B$G$b=$@5$5$l$^$7$?$M!#(B

$B"#(B WordPress 2.6.2
(WordPress Blog, 2008.09.08)

$B!!(BWordPress 2.6.2 $BEP>l!#(B MySQL and SQL Column Truncation Vulnerabilities $B$H(B mt_srand and not so random numbers $B$KBP1~$5$l$F$$$k$=$&$G$9!#(B Suhosin $B$NMxMQ$b?d>)$5$l$F$^$9!#(B

$B"#(B About the security content of Bonjour for Windows 1.0.5
(Apple, 2008.09.10)

$B!!(BBonjour for Windows $B$K(B 2 $B7o$N7g4Y$,$"$j!"(B Bonjour for Windows 1.0.5 $B$G=$@5$5$l$?!#(B

CVE $BFbMF(B
CVE-2008-2326 mDNSResponder $B$K7g4Y!#(BBonjour Namespace Provider $B$G(B NULL $B$]$s$9$k!#(B
CVE-2008-3630 mDNSResponder $B$K7g4Y!#(Bsource port $B$*$h$S%H%i%s%6%/%7%g%s(B ID $B$N%i%s%@%`@-$rA}2C$5$;$?!#(B

$B"#(B About the security content of iPod touch v2.1
(Apple, 2008.09.10)

$B!!(BiPod Touch $B$KJ#?t$N7g4Y$,$"$j!"=$@5HG$N(B iPod Touch 2.1 $B$,8x3+$5$l$?!#(B

CVE $BBP>](B Ver. $BFbMF(B
CVE-2008-3631 2.0$B!A(B2.0.2 Application Sandbox $B$K7g4Y$,$"$j!"JL$N%"%W%j$N%U%!%$%k$rFI$_9~$a$F$7$^$&!#(B
CVE-2008-1806
CVE-2008-1807
CVE-2008-1808 		1.1$B!A(B2.0.2 iPod $B$,;HMQ$7$F$$$k(B FreeType v2.3.5 $B$N7g4Y!#(BFreeType 2.3.6 $B$K0\9T$9$k$3$H$GBP1~$9$k!#(B
CVE-2008-1447 1.1$B!A(B2.0.2 mDNSResponder $B$N7g4Y!#(BVulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$N7o!#(B
CVE-2008-3612 2.0$B!A(B2.0.2 TCP ISN $B$N%i%s%@%`@-$,IT==J,$G!"M=B,2DG=!#(B
CVE-2008-3632 1.1$B!A(B2.0.2 WebKit $B$K$*$1$k(B CSS $B$N07$$$K7g4Y$,$"$j!"96N,(B Web $B%5%$%H$r1\Mw$9$k$HG$0U$N%3!<%I$,

$B"#(B About the security content of iTunes 8.0
(Apple, 2008.09.10)

$B!!(BiTunes $B$KJ#?t$N7g4Y$,$"$j!"=$@5HG$N(B iTunes 8.0 $B$,8x3+$5$l$?!#(B

CVE $BBP>](B $BFbMF(B
CVE-2008-3634 Mac (Mac OS X 10.4.x $B$N$_(B) $B%U%!%$%"%&%)!<%k$G(B iTunes Music Sharing $B$r5qH]$7$F$$$k>l9g$K!"(BiTunes $B$N(B iTunes Music Sharing $B$rM-8z$K$9$k$H!"(BiTunes Music Sharing $B$N5qH]$r2r=|$7$F$b%U%!%$%"%&%)!<%k$N%;%-%e%j%F%#$K$O1F6A$7$J$$$H$$$&4V0c$C$?0FFb$,I=<($5$l$F$7$^$&!#(B $B$3$N7g4Y$O(B Mac OS X 10.5.x $B$G$OH/@8$7$J$$!#(B
CVE-2008-3636 Windows iTunes $B$H6&$KG[I[$5$l$F$$$k(B 3rd party $B%I%i%$%P$K(B integer overflow $B$9$k7g4Y$,$"$j!"(Blocal user $B$,4IM}

2008.09.16 $BDI5-(B:

$B!!(BiTunes 8 + Windows XP / Vista $B$N4D6-$G(B iPhone / iPod $B$r@\B3$9$k$H!"%V%k!<2hLL$K$J$k$3$H$,$"$k$i$7$$(B: iTunes 8: If Windows Vista displays a blue screen error message when connecting iPhone or iPod (Apple TS2280)$B!#$=$N>l9g$O!"$^$:(B $B0lC6(B iPhone / iPod $B$r30$7!"

$B!!4XO"(B: $B%"%C%W%k!"!V(BiTunes 8$B!W$r%"%C%W%G!<%H(B--Windows Vista$B$N%V%k!<%9%/%j!<%sLdBj$r2r7h(B (CNET, 2008.09.16)

$B"#(B About the security content of QuickTime 7.5.5
(Apple, 2008.09.10)

$B!!(BQuickTime $B$KJ#?t$N7g4Y$,$"$j!"=$@5HG$N(B QuickTime 7.5.5 $B$,8x3+$5$l$?!#(B

CVE $BBP>](B $BFbMF(B
CVE-2008-3615 Windows 3rd party $B@=IJ(B Indeo v5 codec for QuickTime $B$K$*$$$F!"=i4|2=$5$l$F$$$J$$%a%b%j$r%"%/%;%9$9$k7g4Y$,$"$j!"96N,(B movie $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCritical Vulnerability in Apple Quicktime's Indeo Codec (NGSSoftware)
CVE-2008-3635 Windows 3rd party $B@=IJ(B Indeo v3.2 codec for QuickTime $B$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B movie $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3624 Windows Mac QTVR $B$N(B panorama atom $B$N07$$$K$*$$$F(B heap buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B QTVR $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3625 Windows Mac QTVR $B$N(B panorama atom $B$N07$$$K$*$$$F(B stack buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B QTVR $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3614 Windows PICT $B2hA|$N07$$$K$*$$$F(B integer overflow $B$9$k7g4Y$,$"$j!"96N,(B PICT $B2hA|$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3626 Windows Mac $B%`!<%S!<%U%!%$%k$N(B STSZ atom $B$N07$$$K$*$$$F%a%b%jGK2u$9$k7g4Y$,$"$j!"96N,%`!<%S!<%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3627 Windows Mac H.264 $B%(%s%3!<%I$5$l$?%`!<%S!<%U%!%$%k$N07$$$K$*$$$F%a%b%jGK2u$9$k7g4Y$,$"$j!"96N,%`!<%S!<%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3628 Windows PICT $B2hA|$N07$$$K$*$$$F%]%$%s%?$K4X$9$k7g4Y$,$"$j!"96N,(B PICT $B2hA|$K$h$C$FG$0U$N%3!<%I$r
CVE-2008-3629 Windows Mac PICT $B2hA|$N07$$$K$*$$$F6-3&$r1[$($FFI$_9~$s$G$7$^$&7g4Y$,$"$j!"96N,(B PICT $B2hA|$K$h$C$FG$0U$N%3!<%I$r

$B!!$J$*(B Indeo codec $B$K$D$$$F$O!"(BIndeo codec $B$rI,MW$H$9$k%3%s%F%s%D$r07$o$J$$$3$H$G7g4Y$r2sHr$7$F$$$k!#(B

$B"#(B 2008.09.09

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2008.06.12)

$B!!(BCORE-2008-0125: CitectSCADA ODBC service vulnerability $B$N7o!"(BMetasploit $B%b%8%e!<%k$H$7$F(B exploit $B$,8x3+$5$l$?LOMM!#(B

Google Chrome $BJ}LL(B

$B!!(BGoogle Chrome 0.2.149.27 $B$K?7$?$J7g4Y!"D9Bg$J(B <title> $B$N$D$$$?%Z!<%8$r(B [$BL>A0$rIU$1$FJ]B8(B...] $B$9$k$H(B buffer overflow $B$,H/@8!"G$0U$N%3!<%I$r

$B!!$3$N7g4Y$O(B Google Chrome 0.2.149.29 $B$G=$@5$5$l$F$$$k$i$7$$!#%P!<%8%g%s$O!"%"%I%l%9%P!<$K(B about: $B$HF~NO$9$l$P3NG'$G$-$k!#(B

$B!!B>$N7g4Y$K$D$$$F$O!D!D%j%j!<%9%N!<%H=P$^$7$?(B: Beta release: 0.2.149.29 (Google Chrome Releases, 2008.09.08)$B!#>e5-$N$b$N$K$D$$$F$OD>$C$F$$$k$h$&$G$9!#(B

$B"#(B 2008.09.08

$B"#(B 2008.09.07

$B"#(B [Clamav-announce] announcing ClamAV 0.94
(ClamAV.net, 2008.09.02)

$B!!(BClamAV 0.94 $BEP>l!#L@5-$5$l$F$$$J$$$,!"96N,(B CHM $B%U%!%$%k$r;H$C$F(B DoS $B967b$rCVE-2008-1389 $B!#(B

$B"#(B 2008.09.06

$B"#(B 2008.09.05

$B"#(B Cisco $BJ}LL(B
(Cisco, 2008.09.03)

$B"#(B FreeBSD $BJ}LL(B
(FreeBSD.org, 2008.09.04)

$B!!(B3 $B7o=P$F$^$9!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2008 $BG/(B 9 $B7n(B
(Microsoft, 2008.09.05)

$B!!:#7n$O6[5^(B x 4 $B$rM=Dj$7$F$$$k$=$&$G$9!#(B

$B"#(B Multiple problems in Wireshark versions 0.9.7 to 1.0.2
(Wireshark.org, 2008.09.03)

$B!!(BWireshark 1.0.3 $BEP>l!#J#?t$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

Google Chrome $BJ}LL(B

$B!!(BEULA $B$N(B 11. $B!"1Q8lHG$O2~D{$5$l$?$h$&$G$9$,!"F|K\8lHG$O$"$$$+$o$i$:85$N$^$^$G$9!#(B

$B!!$^$!!"!V(B3.2 $BK\5,Ls$N1Q8lHG$HK]LuHG$GAj0c$dL7=b$,H/@8$9$k>l9g!"1Q8lHG$,M%@h$9$k$b$N$H$7$^$9!W$J$N$G$9$,!D!D!#(B

$B!!(BGoogle Chrome $B$O(B 404 $B%(%i!<$r>h$C

$B!!(BEULA $BE*$K$O$3$NItJ,$G5vBz$5$l$F$$$k$3$H$K$J$k$N$+(B?

8.3 Google $B$O!"K\%5!<%S%9$NK\%3%s%F%s%D$N0lIt$^$?$O$9$Y$F$r;vA0%9%/%j!<%K%s%0!"?3::!"%U%i%0@_Dj!"%U%#%k%?%j%s%0!"5qH]!":o=|$9$k8"Mx$rM-$7$F$$$^$9!#(B

$B"#(B 2008.09.04

$B"#(B APSA08-06: Content Protection in Flash Media Server
(Adobe, 2008.09.02)

$B!!(BFlash Media Server $B$+$iG[?.$5$l$k(B video $B%3%s%F%s%D$N(B ripping $B$KBP93$9$kJ}K!!#(B 3 ways to heaven$B!#(B

  1. SWF Verification (SWF $B8!>Z(B) $B$rM-8z$K$9$k(B ($B%G%U%)%k%H$G$OL58z(B)

  2. RTMPE (RTMP $B$r(B 128bit AES $B$G0E9f2=$9$k%W%m%H%3%k$_$?$$(B) $B$r;HMQ$7!"$=$&$G$J$$$b$N$r5qH]$9$k(B

  3. video $B;q;:$r(B Adobe Flash Media Rights Management Server $B$r;H$C$F0E9f2=$9$k(B (limited to Adobe AIR solutions $B!D!D$H$$$&$N$O!"(BAdobe AIR $B%=%j%e!<%7%g%s$G$O$3$NJ}K!$K8BDj$5$l$k!"$H$$$&0UL#(B?)

$B!!$3$NJ8=q$G$O!":G=i$N(B 2 $B$D(B (SWF Verification, RTMPE) $B$K$D$$$F>\=R$5$l$F$$$k!#4XO"(B:

2008.09.30 $BDI5-(B:

$B!!(Bamazon $B$,$3$N7o$N;vNc$H$7$FOCBj$K$J$C$F$$$kLOMM!#(B

$B"#(B $BDI5-(B

Google Chrome $BJ}LL(B

$B!!4XO"(B:

VMSA-2008-0014: Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

$B!!(BCVE-2008-3892$B!"(BVMware COM API ActiveX Remote Buffer Overflow PoC (milw0rm) $B$K$D$$$FDI5-$7$?!#(B

$B"#(B Google Chrome $BJ}LL(B
(various)

$B!!$5$C$=$/$$$m$$$m$_$D$+$C$F$$$k$h$&$G!#$^$!!"&B$G$9$+$i$M$(!#(B

2008.09.04 $BDI5-(B:

$B!!4XO"(B:

2008.09.05 $BDI5-(B:

$B!!(BEULA $B$N(B 11. $B!"1Q8lHG$O2~D{$5$l$?$h$&$G$9$,!"F|K\8lHG$O$"$$$+$o$i$:85$N$^$^$G$9!#(B

$B!!$^$!!"!V(B3.2 $BK\5,Ls$N1Q8lHG$HK]LuHG$GAj0c$dL7=b$,H/@8$9$k>l9g!"1Q8lHG$,M%@h$9$k$b$N$H$7$^$9!W$J$N$G$9$,!D!D!#(B

$B!!(BGoogle Chrome $B$O(B 404 $B%(%i!<$r>h$C

$B!!(BEULA $BE*$K$O$3$NItJ,$G5vBz$5$l$F$$$k$3$H$K$J$k$N$+(B?

8.3 Google $B$O!"K\%5!<%S%9$NK\%3%s%F%s%D$N0lIt$^$?$O$9$Y$F$r;vA0%9%/%j!<%K%s%0!"?3::!"%U%i%0@_Dj!"%U%#%k%?%j%s%0!"5qH]!":o=|$9$k8"Mx$rM-$7$F$$$^$9!#(B

2008.09.09 $BDI5-(B:

$B!!(BGoogle Chrome 0.2.149.27 $B$K?7$?$J7g4Y!"D9Bg$J(B <title> $B$N$D$$$?%Z!<%8$r(B [$BL>A0$rIU$1$FJ]B8(B...] $B$9$k$H(B buffer overflow $B$,H/@8!"G$0U$N%3!<%I$r

$B!!$3$N7g4Y$O(B Google Chrome 0.2.149.29 $B$G=$@5$5$l$F$$$k$i$7$$!#%P!<%8%g%s$O!"%"%I%l%9%P!<$K(B about: $B$HF~NO$9$l$P3NG'$G$-$k!#(B

$B!!B>$N7g4Y$K$D$$$F$O!D!D%j%j!<%9%N!<%H=P$^$7$?(B: Beta release: 0.2.149.29 (Google Chrome Releases, 2008.09.08)$B!#>e5-$N$b$N$K$D$$$F$OD>$C$F$$$k$h$&$G$9!#(B

$B"#(B 2008.09.03

$B"#(B 5300$B%(%s%8%s$K4X$9$k(BFAQ$B0lMw(B
($B%^%+%U%#!<(B, 2008.09.02)

$B!!(B2008.08.28 $B$K(B 5300 $B%(%s%8%s$X$N<+F099?7$,9T$o$l$^$7$?$,!"(BVSE 8.x $BJ}LL$K$*$$$F!"$=$l$KH<$&IT6q9g$,$5$i$K=P$F$$$k$h$&$G$9!#(B

$B!!(BVirusScan for Mac $B$O0JA0$+$i%"%J%&%s%9$5$l$F$$$kOC$@$1(B:

$B"#(B 2008.09.02

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.

$B!!(BVMware Fusion 1.x $B$K$b7g4Y$,$"$k(B (patch $B3+H/Cf(B) $B$N$G!"5-=R$r=$@5$7$?!#(B

$B"#(B 2008.09.01

$B"#(B VMSA-2008-0014: Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
(VMware, 2008.08.30)

$B!!(BVMware Workstation 6.0.4 / 5.5.7 $B0JA0!"(BVMware Player 2.0.4 / 1.0.7 $B0JA0!"(BVMware ACE 2.0.4 / 1.0.6 $B0JA0!"(BVMware Server 1.0.6 $B0JA0!"(BVMware ESX 3.5 / 3.0.3 / 3.0.2 / 3.0.1$B!"(BVMware ESXi 3.5$B!"(BVMware Fusion 1.x $B$KJ#?t$N7g4Y!#(B

$B!!(BVMware Workstation 6.0.5 / 5.5.8$B!"(BVMware Player 2.0.5 / 1.0.8$B!"(BVMware ACE 2.0.5 / 1.0.7$B!"(BVMware Server 1.0.7 $B$G=$@5$5$l$F$$$k!#(BVMware ESX / ESXi $B$K$D$$$F$O!"(B patch $B$rE,MQ$9$l$P$h$$(B (patch $B3+H/Cf$N$b$N$b$"$k(B)$B!#(BVMware Fusion $B$O8=:_(B patch $B3+H/Cf!#(B

VMware ESX / ESXi $B%P!<%8%g%s(B patch
ESXi 3.5 $B3+H/Cf$N(B patch
ESX 3.5 ESX350-200806203-UG, $B3+H/Cf$N(B patch ($BJ#?t(B)
ESX 3.0.3 ESX303-200808403-SG ESX303-200808404-SG ESX303-200808403-SG ESX303-200808406-SG
ESX 3.0.2 ESX-1004824 ESX-1005109 ESX-1005114 ESX-1005113 ESX-1006356
ESX 3.0.1 ESX-1004823 ESX-1005112 ESX-1005108 ESX-1005111 ESX-1005117
ESX 2.5.5 $B3+H/Cf$N(B patch ($BJ#?t(B)
ESX 2.5.4 $B3+H/Cf$N(B patch ($BJ#?t(B)

2008.09.02 $BDI5-(B:

$B!!(BVMware Fusion 1.x $B$K$b7g4Y$,$"$k(B (patch $B3+H/Cf(B) $B$N$G!"5-=R$r=$@5$7$?!#(B

2008.09.04 $BDI5-(B:

$B!!(BCVE-2008-3892$B!"(BVMware COM API ActiveX Remote Buffer Overflow PoC (milw0rm) $B$K$D$$$FDI5-$7$?!#(B

2008.10.06 $BDI5-(B:

$B!!99?7HG%"%I%P%$%6%j(B VMSA-2008-0014.2 $B$,=P$F$$$k!#(B

$B!!(BESX 3.5 / ESXi 3.5 $B$N(B patch $B$,(B 2008.09.18 $BIU$G=P$F$$$k!#(B

VMware ESX / ESXi $B%P!<%8%g%s(B patch
ESXi 3.5 ESXe350-200808501-I-SG
ESX 3.5 ESX350-200808401-BG, ESX350-200808409-SG

$B!!$^$?(B VMware Consolidated Backup (VCB) 1.1 $B$N99?7HG!"(BVCB 1.1 Update 1 build 118380 $B$,(B 2008.10.03 $BIU$G=P$F$$$k!#(B

$B"#(B $BDI5-(B

$BBg:e%,%9%5!<%S%9%7%g%C%W$r2H$NCf$KF~$l$F$O$$$1$J$$(B

$B!!B3Js(B: $BB3!VBg:e%,%9%5!<%S%9%7%g%C%W$r2H$KF~$l$F$O$$$1$J$$!W!A7Y;!$K9T$C$F$-$^$7$?JT!A(B (gigazine, 2008.09.01)

$B$J$*!":G8e$K=P$F$-$?G/G[$N7:;v$NJ}$O!"$=$NJ}$,=;$s$G$$$kCO0h$N<+<#2qD9$r$7$F$*$j!"$=$N:]$K$b$$$o$f$kE@8!>&K!$K$D$$$FLdBj$H$J$C$?$?$a!"CO0h$N<+<#2q$,G'Dj$7$?;]$NOS>O$r$7$F$$$J$$>l9g$K$O8MJLK,Ld$K$O1~$8$J$$$h$&$KCO0h=;L1$KE0Dl$5$;!"Ho32$rL$A3$KKI$$$G$$$k$H$N$3$H!#Bg:e%,%9%5!<%S%9%7%g%C%W$N7o$O=i<*$@$C$?$=$&$G$9$,!"%,%95kEr4o$dErJ($+$74o$rGd$j$D$1$k
$B$^$?!"JL$NOC$K1~$8$F$$$?$@$$$?7:;v$NJ}$O$J$s$H<+J,<+?H$N:J$,F1$8$h$&$JHo32$K$"$C$?7P83$,$"$j!"$=$N:]$K$O$$$D$N4V$K$+(B30$BK|1_0J>e$9$k5kEr4o$H8r49$5$;$i$l$F$*$j!"6KC<$J$3$H$r8@$&$H:>5=$^$,$$$N9T0Y$G$"$C$?$,J*E*>Z5r$,$J$+$C$?$?$a!"5c$-?2F~$j$;$6$k$rF@$J$+$C$?$H$N$3$H!#$=$NJ}$N>l9g!"8N>c$7$?$H$$$&$3$H$K$J$C$F$$$k85$N5kEr4o$d%,%9O3$l$,$7$F$$$k$H$$$&%[!<%9$J$I$O$9$Y$FBg:e%,%9%5!<%S%9%7%g%C%W$,!V2s<}$7$F$9$0$K=hJ,$7$?!W$H8@$C$F$$$k$?$aJ*E*>Z5r$,2?$b$J$/!"$"$-$i$a$?$H$N$3$H$G$9!#7Y;!$,Aj

$B!!$J$s$F$3$C$?!D!D!#(B

$B"#(B $B$$$m$$$m(B (2008.09.01)
(various)

$B"#(B Ruby - REXML $B$N(B DoS $B@H
(Ruby-lang.org, 2008.08.23)

$B!!(BRuby 1.8.6-p287 $B0JA0(B / 1.8.7-p72 $B0JA0(B / $BA4$F$N(B 1.9 $B7ONs!"$K7g4Y!#(B Rails $B$,MxMQ$7$F$$$k(B REXML $B$K7g4Y$,$"$j!"96N,(B XML $BJ8=q$r2r@O$5$;$k$3$H$G(B DoS $B>uBV$,H/@8!#(B CVE-2008-3790$B!#(B Rails$B$N@H ($B?eL57n$P$1$i$N$($SF|5-(B, 2008.08.25) $B$K$h$k$H!"(BRails $B$G$O(B XML $B$r

$BBgItJ,$N(BRails$B%"%W%j%1!<%7%g%s$O$3$N967b$KBP$7$F@H

$B!!(Brexml-expansion-fix.rb $B$H$$$&!V%b%s%-!<%Q%C%A!W$,MQ0U$5$l$F$*$j!"$3$l$rMxMQ$9$k$h$&$K@_Dj$9$k$3$H$G!"7g4Y$r2sHr$G$-$k!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B