27日 金曜日、友引

サーバメンテナンスのお知らせ（2009年11月30日）
http://www.trendmicro.co.jp/support/news.asp?id=1329

EUの情報セキュリティ機関，電子IDカードに関する報告書を公開
http://itpro.nikkeibp.co.jp/article/NEWS/20091127/341172/?ST=security

JVNDB-2009-002273 Oracle Database の Net Foundation Layer コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002273.html

JVNDB-2009-002272 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002272.html

JVNDB-2009-002271 Oracle Database の Workspace Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002271.html

JVNDB-2009-002270 Oracle Database の Application Express コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002270.html

JVNDB-2009-002269 Oracle Database の PL/SQL コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002269.html

TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592




+ FreeBSD 8.0-RELEASE released
http://www.freebsd.org/releases/8.0R/announce.html

+ Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/977981.mspx

+ PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138

[ANNOUNCE] Apache Lucene Java 3.0.0 released
http://lucene.apache.org/java/3_0_0/changes/Changes.html

[FreeBSD-Announce] FreeBSD 8.0-RELEASE Available
http://www.freebsd.org/releases/8.0R/relnotes.html
http://www.freebsd.org/releases/8.0R/errata.html

Samba 3.5.0pre1 Available for Download
http://news.samba.org/releases/3.5.0pre1/

Document ID: 337830: Veritas Storage Foundation and High Availability Solutions Version 5.1 SP1 for Windows Server 2003/2008 Getting Started Guide
http://seer.entsupport.symantec.com/docs/337830.htm

Document ID: 337683: Hardware Compatibility List (HCL) for Veritas Storage Foundation and High Availability Solutions 5.1 Service Pack 1 (SP1) for Windows
http://seer.entsupport.symantec.com/docs/337683.htm

Document ID: 337599: VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)
VxPAL and/or VxATd may display a crash after upgrading from a previous version of Storage Foundation High Availability for Windows (SFW HA) to SFW HA 5.1 Service Pack 1 (SP1)

セキュアブレイン、無料ウイルス対策ソフトの日本語版を公開
ウイルス検査はネット上のサーバーで、他社製品の検出状況も収集
http://itpro.nikkeibp.co.jp/article/NEWS/20091126/341166/?ST=security

What Are You Thankful For?
http://isc.sans.org/diary.html?storyid=7651

Microsoft Security Advisory (977981)
http://isc.sans.org/diary.html?storyid=7654

RHBA-2009:1610-1: metacity bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1610.html

RHBA-2009:1611-1: xterm bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1611.html

RHBA-2009:1612-1: openswan bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1612.html

RHBA-2009:1613-1: system-config-lvm bug-fix update
http://rhn.redhat.com/errata/RHBA-2009-1613.html

OpenBSD Protocol Flaw in SSL Renegotiation Lets Remote Users Conduct Man-in-the-Middle Attacks
http://securitytracker.com/alerts/2009/Nov/1023243.html

Sun Solaris 8 LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37506/

Sun Solaris LDAP Client Configuration Cache Daemon Denial of Service
http://secunia.com/advisories/37505/

Ingate Firewall and SIParator Multiple Vulnerabilities
http://secunia.com/advisories/37504/

Fedora update for php-pear-Net-Traceroute
http://secunia.com/advisories/37503/

Fedora update for php-pear-Net-Ping
http://secunia.com/advisories/37502/

HP-UX update for OpenSSL
http://secunia.com/advisories/37501/

Sun Solaris BIND DNS Cache Poisoning Vulnerability
http://secunia.com/advisories/37491/

Debian update for poppler
http://secunia.com/advisories/37488/

Debian update for php5
http://secunia.com/advisories/37482/

Serenity "MplayInputFile()" M3U Playlist Buffer Overflow
http://secunia.com/advisories/37472/

SugarCRM Multiple Vulnerabilities
http://secunia.com/advisories/37464/

Gentoo update for dstat
http://secunia.com/advisories/37457/

IBM DB2 "DASAUTO" Command Privilege Escalation
http://secunia.com/advisories/37454/

Dstat Insecure Plugin Search Path Security Issue
http://secunia.com/advisories/37445/

Gentoo update for wireshark
http://secunia.com/advisories/37409/

IBM DB2 "DASAUTO" Command Local Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3340

GlobalSCAPE Secure FTP Server Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/13454

PHP 'proc_open()' 'safe_mode_protected_env_var' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/37138

PHP 'tempname()' 'safe_mode' Restriction-Bypass Vulnerability
http://www.securityfocus.com/bid/36555

PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449

PHP Versions Prior to 5.3.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/37079

Citrix XenCenterWeb Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/35592

MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/2880

Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703

PEAR Net_Traceroute 'traceroute()' Function Arbitrary Argument Injection Vulnerability
http://www.securityfocus.com/bid/37094

Poppler 'ABWOutputDev.cc' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36976

Poppler Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/33749

Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718

strongSwan Crafted X.509 Certificate Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/35452

ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118

SugarCRM Versions 5.2.0j and 5.5.0.RC2 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/37136

Borland InterBase IBServer.EXE Remote Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25048

Multiple Oracle XDB FTP / HTTP Services Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/8375

Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/27344

PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
http://www.securityfocus.com/bid/35440

PHP 'ini_restore()' Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36009

Novell eDirectory iMonitor HTTPSTK Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/20655

America Online ICQ ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/20930

Hewlett-Packard OpenView OVTrace Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/25255

Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137

Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109

IBM DB2 Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/36540

Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853

Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852

Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856

Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855

Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851

Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857

Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854

Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935

Joomla! Google Calendar Component 'gcid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37134

CA BrightStor 'AddColumn()' ListCtrl.ocx ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/28268

CA eTrust PestPatrol Anti-Spyware 'ppctl.dl' ActiveX Control Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37133

phpBazar 'admin/admin.php' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37132

Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37085

Microsoft Internet Explorer 8 Cross-Site Scripting Filter Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37135

TrackerCam Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/12592