気になるニュース(3/21)

# 不在後の後始末に追われてほとんどチェックできず…

・新東京タワーの名称“候補”が決定 - ITmedia +D LifeStyle
　# どれもいまいちなのは気のせい？

・Excelの計算間違い引き起こすパッチを修正 - ITmedia エンタープライズ
　# Excel 2003 SP2とSP3な方で、速攻でパッチを当てちゃった方、ご確認を

・神の手雲メールに注意　マルウェア感染の可能性も - ITmedia エンタープライズ
　# いつになったら大衆は「この○○を○人に送ると云々」という文句に騙されなくなるんだろう

・3分LifeHacking：他人の作った書類を閲覧する - ITmedia Biz.ID
　# 備忘録、備忘録

・ドコモ、Bluetooth対応の骨伝導レシーバマイク「サウンドリーフプラス」発売 - ITmedia +D モバイル
　# お！出た！Bluetooth対応骨伝導！

・iPhoneとiPod touchを操作不能にする新たなエクスプロイトが明らかに:ニュース - CNET Japan
　# iPod touchな方、ご注意を

・［DJ］ Adobe、iPhone向けFlashプレーヤー開発へ - ITmedia News
　# Flashに対応することが確定すれば、もうほとんどiPod touchに躊躇する理由がなくなる…

・米Apple、iPod/iPhone向け無制限音楽DLサービスでレコード会社と交渉か | ネット | マイコミジャーナル
・「Apple、無制限音楽サービスについてレーベルと交渉」の報道 - ITmedia News
　# 購読サービスって、事実上、無限に購読を続けないと入手した全ての楽曲が聴けなくなるというある意味呪縛…

・研修で教えてくれない！：第40回「いる？　いらない？　メールを削除する基準を考える」 - ITmedia Biz.ID
　# MacでMail.app使っている限りは、Spotlightで全メールが検索対象なので捨てることはなくなります

・asahi.comでHD映像配信　Silverlight活用 - ITmedia News
　# あれ？結構前からやってたんじゃないの？

・日本でも根付くか「デジタルフォトフレーム」　ソニーが再参入 - ITmedia News
　# まだ高すぎるんだよなぁ…

・ついにダウンロード可能に：Windows Vista SP1がダウンロードセンターで公開に - ITmedia News
・マイクロソフト、Windows Vista SP1の一般公開を開始 | パソコン | マイコミジャーナル
　# Vistaな方、ご確認を

・Yahoo!メールに誤ったヘッダ情報が付加　ヤフーが経緯説明 - ITmedia エンタープライズ
　# 何が起きるとそうなるんだか…

・豪男性、自分の「人生」をネットオークションに - ITmedia News
　# 落札するヤツの顔が見てみたい

・つい口に出る「微妙」な日本語：第5回 「誰が悪いとは言わんが」――いや、言ってます！ - ITmedia Biz.ID
　# あぁ、誰とはいわないが、よく使うなぁ…

・現実世界のマリオはこんな顔：『Photoshop』を駆使した画像 | WIRED VISION
　# かなりの勢いで気持ち悪いことは確か…

・追悼アーサー・Ｃ・クラーク　２０世紀そのものを牽引 (1/2ページ) - MSN産経ニュース
・成長を止めない精神：40年来の友人によるアーサー・C・クラークへの弔辞 | WIRED VISION
・SF作家アーサー・C・クラークが死去 - ITmedia News
　# 絶句…ご冥福をお祈りいたします

・ シンガポールの高等教育機関、「恋愛関係」教えるコース開講中 | 世界のこぼれ話 | Reuters
　# そんなことまで学校で教わるようになったらおしまいだな

・ マネキンで装飾された公衆トイレ、ポルトガルに登場 | 世界のこぼれ話 | Reuters
　# 怖くないか？

・ 鎌倉時代の木彫りの仏像、三越が14億円で落札 | 世界のこぼれ話 | Reuters
　# さすが三越！

Science News | March 21(2), 2008

asahi.com： 動物の愛目覚める「春告げホルモン」　名大グループ発見 - サイエンス

Thyrotrophin in the pars tuberalis triggers photoperiodic response.
Nobuhiro Nakao, Hiroko Ono, Takashi Yamamura, Tsubasa Anraku, Tsuyoshi Takagi, Kumiko Higashi, Shinobu Yasuo, Yasuhiro Katou, Saburo Kageyama, Yumiko Uno, Takeya Kasukawa, Masayuki Iigo, Peter J. Sharp, Atsushi Iwasawa, Yutaka Suzuki, Sumio Sugano, Teruyuki Niimi, Makoto Mizutani, Takao Namikawa, Shizufumi Ebihara, Hiroki R. Ueda, Takashi Yoshimura.
Nature 452, 317-322 (2008) | doi:10.1038/nature06738

Molecular mechanisms regulating animal seasonal breeding in response to changing photoperiod are not well understood. Rapid induction of gene expression of thyroid-hormone-activating enzyme (type 2 deiodinase, DIO2) in the mediobasal hypothalamus (MBH) of the Japanese quail (Coturnix japonica) is the earliest event yet recorded in the photoperiodic signal transduction pathway. Here we show cascades of gene expression in the quail MBH associated with the initiation of photoinduced secretion of luteinizing hormone. We identified two waves of gene expression. The first was initiated about 14 h after dawn of the first long day and included increased thyrotrophin (TSH) β-subunit expression in the pars tuberalis; the second occurred approximately 4 h later and included increased expression of DIO2. Intracerebroventricular (ICV) administration of TSH to short-day quail stimulated gonadal growth and expression of DIO2 which was shown to be mediated through a TSH receptor–cyclic AMP (cAMP) signalling pathway. Increased TSH in the pars tuberalis therefore seems to trigger long-day photoinduced seasonal breeding.

　# ん？TSH？…あれ？確か御大が最初にとったのもTSHじゃなかったっけ？
　# お！TKちゃん載ってるし

---

文科省はＥＳ細胞の研究規制緩和を…総合科技会議が要望へ : 科学 : YOMIURI ONLINE（読売新聞）

ヒトＥＳ細胞：研究規制緩和を　科技会議部会が合意 - 毎日ｊｐ(毎日新聞)
　# これもある意味、iPS細胞のおかげでやりやすくなりつつあるといっても過言ではない

---

多忙イチゴ農家、ロボットの手も借りたい : 科学 : YOMIURI ONLINE（読売新聞）
　# 農業こそ、最もロボット化すべき産業分野ではないかと…

---

ミジンコの卵「きぼう」保管室に、小浜水産高校が提供 : 科学 : YOMIURI ONLINE（読売新聞）
　# 無重力は生育環境的にどう見なされるのかどうか…

---

血液抗凝固剤：死亡例多発、無許可成分を検出－－米ＦＤＡ - 毎日ｊｐ(毎日新聞)
　# へ？ヘパリンにコンドロイチン硫酸が混じってたって？そりゃ、あかんやろ

---

ブラジルの熱帯雨林に残る2億2000万年前の巨大隕石クレーター - Technobahn
　# そんなに古いクレーターが未だに残っているって、相当巨大なインパクトだったんだろうな

---

Biotechnology Japan | エピジェネティクス研究の新ツールとして期待、菅裕明・東大教授らがリシン側鎖を複雑に修飾したヒストンテールを簡易合成
　# リシン？…リジンじゃなくて？

---

化学の驚きを堪能できる動画、トップ10 | WIRED VISION
　# 話のネタに如何？

---

9つの「実は健康じゃない」健康食品
　# 「実は…」といわれても、元からあまり健康的に感じないものも…

---

「Apple」のロゴを見るだけで創造性が上昇――デューク大学調査 - ITmedia News

Automatic Effects of Brand Exposure on Motivated Behavior: How Apple Makes You "Think Different".
Gráinne M. Fitzsimons, Tanya L. Chartrand, Gavan J. Fitzsimons.
JOURNAL OF CONSUMER RESEARCH, Latest Articles | DOI: 10.1086/527269

This article first examines whether brand exposure elicits automatic behavioral effects as does exposure to social primes. Results support the translation of these effects: participants primed with Apple logos behave more creatively than IBM primed and controls; Disney-primed participants behave more honestly than E!-primed participants and controls. Second, this article investigates the hypothesis that exposure to goal-relevant brands (i.e., those that represent a positively valenced characteristic) elicits behavior that is goal directed in nature. Three experiments demonstrate that the primed behavior showed typical goal-directed qualities, including increased performance postdelay, decreased performance postprogress, and moderation by motivation.

　# へぇ！つまり、Macを使い続けていれば、Windowsで仕事をするより創造的になれるって考えてよろし？

---

［WSJ］ 小惑星との衝突から世界を救うには - ITmedia News

Near-Earth Object Program
　# 天災は忘れた頃にやってくる…

Science News | March 21(1), 2008

# 結局、昨日は疲れてエントリー能わず…

---

「１リットルの涙」の難病、遺伝子治療で改善…群馬大 : 科学 : YOMIURI ONLINE（読売新聞）

脊髄小脳変性症：マウスに遺伝子　群馬大が導入成功 - 毎日ｊｐ(毎日新聞) (3/24追加)

Lentivector-mediated rescue from cerebellar ataxia in a mouse model of spinocerebellar ataxia.
Takashi Torashima, Chiho Koyama, Akira Iizuka, Kazuhiro Mitsumura, Kiyohiko Takayama, Shigeru Yanagi, Miho Oue, Haruyasu Yamaguchi, Hirokazu Hirai.
EMBO reports, Advance online publication | doi:10.1038/embor.2008.31

Polyglutamine disorders are inherited neurodegenerative diseases caused by the accumulation of expanded polyglutamine protein (polyQ). Previously, we identified a new guanosine triphosphatase, CRAG, which facilitates the degradation of polyQ aggregates through the ubiquitin–proteasome pathway in cultured cells. Because expression of CRAG decreases in the adult brain, a reduced level of CRAG could underlie the onset of polyglutamine diseases. To examine the potential of CRAG expression for treating polyglutamine diseases, we generated model mice expressing polyQ predominantly in Purkinje cells. The model mice showed poor dendritic arborization of Purkinje cells, a markedly atrophied cerebellum and severe ataxia. Lentivector-mediated expression of CRAG in Purkinje cells of model mice extensively cleared polyQ aggregates and re-activated dendritic differentiation, resulting in a striking rescue from ataxia. Our in vivo data substantiate previous cell-culture-based results and extend further the usefulness of targeted delivery of CRAG as a gene therapy for polyglutamine diseases.

　# 「欧州分子生物学機構機関誌」って何かと思ったらEMBO Journalだと思って探し続けてたらEMBO Reportだった
　# がんばって訳したんだろうけど、返って分かりにくいって

---

血液検査で「うつ状態」を判断、抗うつ剤の効果を素早く確認 国際ニュース : AFPBB News

Postmortem Brain Tissue of Depressed Suicides Reveals Increased Gs{alpha} Localization in Lipid Raft Domains Where It Is Less Likely to Activate Adenylyl Cyclase.
Robert J. Donati, Yogesh Dwivedi, Rosalinda C. Roberts, Robert R. Conley, Ghanshyam N. Pandey, Mark M. Rasenick.
J. Neurosci. 28, 3042-3050 (2008) | doi:10.1523/JNEUROSCI.5713-07.2008

Recent in vivo and in vitro studies have demonstrated that Gsα migrates from a Triton X-100 (TX-100)-insoluble membrane domain (lipid raft) to a TX-100-soluble nonraft membrane domain in response to chronic, but not acute, treatment with tricyclic or selective serotonin reuptake inhibitor antidepressants. This migration resulted in a more facile association with adenylyl cyclase. Our hypothesis is that Gsα may be ensconced, to a greater extent, in lipid rafts during depression, and that one action of chronic antidepressant treatment is to reverse this. In this postmortem study, we examined Gsα membrane localization in the cerebellum and prefrontal cortex of brains from nonpsychiatric control subjects and suicide cases with confirmed unipolar depression. Sequential TX-100 and TX-114 detergent extractions were performed on the brain tissue. In the cerebellum, the ratio of TX-100/TX-114-soluble Gsα is ~2:1 for control versus depressed suicides. Results with prefrontal cortex samples from each group demonstrate a similar trend. These data suggest that depression localizes Gsα to a membrane domain (lipid rafts) where it is less likely to couple to adenylyl cyclase and that antidepressants may upregulate Gsα signaling via disruption of membrane microenvironments. Raft localization of Gsα in human peripheral tissue may thus serve as a biomarker for depression and as a harbinger of antidepressant responsiveness.

　# Gsαがうつ状態のバイオマーカーになって、これを使えば、個人の抗うつ薬の効き目もモニターできるかもしれないそうな

---

asahi.com： ｉＰＳ細胞研究の拠点建設、前倒し　文科省 - サイエンス
　# 今日のiPS細胞ニュース

---

asahi.com： 「影響力ある論文」阪大・審良教授が４年連続ベストテン - サイエンス

2006-2007年“Hottest Researchers”を発表
　# 審良先生の順位は当分揺らぎそうにはなさそうです

---

asahi.com： 宇宙でもブーメラン戻ってきた　土井さん実験 - サイエンス

無重力でもブーメランの軌跡は同じ…土井さんも「感激」 : 科学 : YOMIURI ONLINE（読売新聞）

きぼうの明日：ブーメラン戻った！　土井さん宇宙で実験「地上と同じ。驚き感激」 - 毎日ｊｐ(毎日新聞)
　# これって、地上で最適化した状態のまま飛ばさないと意味ないんじゃないかと…

---

asahi.com： 太陽系外惑星に有機物　ＮＡＳＡ発見、生命探しに弾み - サイエンス

太陽系外惑星で有機物を初観測…６３光年のかなた : 科学 : YOMIURI ONLINE（読売新聞）

メタン：６３光年先、太陽系外惑星に有機物－－米ＮＡＳＡの研究チーム - 毎日ｊｐ(毎日新聞)

太陽系外惑星に有機物　ハッブル望遠鏡でＮＡＳＡ - MSN産経ニュース

Extrasolar planets: A whiff of methane.
Adam P. Showman.
Nature 452, 296-297 (2008) | doi:10.1038/452296a

The presence of methane in the atmosphere of an extrasolar planet.
Mark R. Swain, Gautam Vasisht, Giovanna Tinetti.
Nature 452, 329-331 (2008) | doi:10.1038/nature06823

Molecules present in the atmospheres of extrasolar planets are expected to influence strongly the balance of atmospheric radiation, to trace dynamical and chemical processes, and to indicate the presence of disequilibrium effects. As molecules have the potential to reveal atmospheric conditions and chemistry, searching for them is a high priority. The rotational–vibrational transition bands of water, carbon monoxide and methane are anticipated to be the primary sources of non-continuum opacity in hot-Jupiter planets. As these bands can overlap in wavelength, and the corresponding signatures from them are weak, decisive identification requires precision infrared spectroscopy. Here we report a near-infrared transmission spectrum of the planet HD 189733b that shows the presence of methane. Additionally, a resolved water vapour band at 1.9 µm confirms the recent claim of water in this object. On thermochemical grounds, carbon monoxide is expected to be abundant in the upper atmosphere of hot-Jupiter planets, but is not identifiable here; therefore the detection of methane rather than carbon monoxide in such a hot planet could signal the presence of a horizontal chemical gradient away from the permanent dayside, or it may imply an ill-understood photochemical mechanism that leads to an enhancement of methane.

　# まぁ、有機物いうてもメタンだからなぁ…

デジタルカメラ RAW 互換性アップデート

デジタルカメラ RAW 互換性アップデートがソフトウェア・アップデート経由で出ています。

---

デジタルカメラ RAW 互換性アップデート　2.0　2.7 MB
このアップデートは、Aperture 2 および iPhoto ’08 に次のカメラの RAW ファイルとの互換性を追加します：

• Hasselblad CFV-16
• Hasselblad H3D-31
• Hasselblad H3D-31II
• Leaf Aptus 54S
• Leaf Aptus 65S
• Nikon D60
• Olympus E-3
• Pentax *ist DL2
• Pentax *ist DS2
• Pentax K100D Super
• Sony DSLR-A200
• Sony DSLR-A350

---

Apple、RAWファイルとAirMacの脆弱性に対処 - ITmedia News

Time Machine および AirMac アップデート

Time Machine および AirMac アップデートがソフトウェア・アップデート経由で出ています。

---

Time Machine および AirMac アップデート　1.0　10.2 MB
このアップデートには、Time Machine を Time Capsule とともに使用する際の互換性の改善、および AirMac ドライバの修正が含まれており、すべてのユーザに適用をお勧めします。

以下、Apple Product Securityからのメールを引用。

APPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1

Firmware version 7.3.1 is now available for AirPort Extreme 802.11n* base stations. (* Based on an IEEE 802.11n draft specification) Further information on the base station is available via: http://www.apple.com/airportextreme/

Firmware version 7.3.1 fixes the following security issue:

AirPort Extreme Base Station with 802.11n*
CVE-ID: CVE-2008-1012
Available for: AirPort Extreme Base Station with 802.11n*
Impact: A maliciously crafted AFP request may lead to a denial of service
Description: An input validation issue exists in the AirPort Extreme Base Station's handling of AFP requests, which may cause file sharing to become unresponsive. This update addresses the issue by performing additional validation of AFP requests. This issue does not affect Time Capsule or AirPort Express. The fix for this issue is available in the following separate updates:
- - AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1
- - AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1
Credit to Alex deVries for reporting this issue.

Installation note for Firmware version 7.3.1

Firmware version 7.3.1 is installed into an AirPort Extreme Base Station with 802.11n* by running the AirPort Utility which is provided with the Base Station.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

---

Time Machine Now Works with Airport Extreme USB Drives - Mac Rumors
　# AirMac ExtremeにUSB接続したHDDもTimeMachineドライブになるらしい

Security Update 2008-002 1.0

Security Update 2008-002がソフトウェア・アップデート経由で出ています。

---

Security Update 2008-002　1.0　50.5 MB
すべてのユーザに、Security Update 2008-002 を適用して、Mac OS X のセキュリティを強化することを推奨します。これまでの改良箇所も今回のセキュリティアップデートに含まれています。

このアップデートの詳細については、こちらを参照してください：http://docs.info.apple.com/article.html?artnum=61798-ja

以下、Apple Product Securityからのメールを引用…しようと思ったけど、容量オーバーなため、項目のみ引用。

APPLE-SA-2008-03-18 Security Update 2008-002

Security Update 2008-002 is now available and addresses the following
issues:

AFP Client
CVE-ID: CVE-2008-0044
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2

AFP Server
CVE-ID: CVE-2008-0045
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Apache
CVE-ID: CVE-2005-3352, CVE-2006-3747, CVE-2007-3847, CVE-2007-5000, CVE-2007-6388
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X Server v10.5.2

Apache
CVE-ID: CVE-2007-5000, CVE-2007-6203, CVE-2007-6388, CVE-2007-6421, CVE-2008-0005
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

AppKit
CVE-ID: CVE-2008-0048
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

AppKit
CVE-ID: CVE-2008-0049
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

AppKit
CVE-ID: CVE-2008-0057
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

AppKit
CVE-ID: CVE-2008-0997
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Application Firewall
CVE-ID: CVE-2008-0046
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

CFNetwork
CVE-ID: CVE-2008-0050
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

ClamAV
CVE-ID: CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-5759, CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2008-0318, CVE-2008-0728
Available for: Mac OS X Server v10.5.2

ClamAV
CVE-ID: CVE-2006-6481, CVE-2007-1745, CVE-2007-1997, CVE-2007-3725, CVE-2007-4510, CVE-2007-4560, CVE-2007-0897, CVE-2007-0898, CVE-2008-0318, CVE-2008-0728
Available for: Mac OS X Server v10.4.11

CoreFoundation
CVE-ID: CVE-2008-0051
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

CoreServices
CVE-ID: CVE-2008-0052
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

CUPS
CVE-ID: CVE-2008-0596
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

CUPS
CVE-ID: CVE-2008-0047
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

CUPS
CVE-ID: CVE-2008-0053, CVE-2008-0882
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

curl
CVE-ID: CVE-2005-4077
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Emacs
CVE-ID: CVE-2007-6109
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2

Emacs
CVE-ID: CVE-2007-5795
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

file
CVE-ID: CVE-2007-2799
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Foundation
CVE-ID: CVE-2008-0054
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Foundation
CVE-ID: CVE-2008-0055
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Foundation
CVE-ID: CVE-2008-0056
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Foundation
CVE-ID: CVE-2008-0058
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Foundation
CVE-ID: CVE-2008-0059
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

Help Viewer
CVE-ID: CVE-2008-0060
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2

Image Raw
CVE-ID: CVE-2008-0987
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

Kerberos
CVE-ID: CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2

libc
CVE-ID: CVE-2008-0988
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

mDNSResponder
CVE-ID: CVE-2008-0989
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

notifyd
CVE-ID: CVE-2008-0990
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

OpenSSH
CVE-ID: CVE-2007-4752
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2

pax archive utility
CVE-ID: CVE-2008-0992
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

PHP
CVE-ID: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

PHP
CVE-ID: CVE-2007-3378, CVE-2007-3799
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X Server v10.5.2

Podcast Producer
CVE-ID: CVE-2008-0993
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

Preview
CVE-ID: CVE-2008-0994
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

Printing
CVE-ID: CVE-2008-0995
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

Printing
CVE-ID: CVE-2008-0996
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

System Configuration
CVE-ID: CVE-2008-0998
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.2, Mac OS X Server v10.5.2

UDF
CVE-ID: CVE-2008-0999
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

Wiki Server
CVE-ID: CVE-2008-1000
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

X11
CVE-ID: CVE-2007-4568, CVE-2007-4990
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11

X11
CVE-ID: CVE-2006-3334, CVE-2006-5793, CVE-2007-2445, CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269
Available for: Mac OS X v10.5.2, Mac OS X Server v10.5.2

X11
CVE-ID: CVE-2007-5958, CVE-2008-0006, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2

Security Update 2008-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

For Mac OS X v10.5.2
The download file is named: "SecUpd2008-002.dmg"
Its SHA-1 digest is: 15083986b3ce6b73c3b894f1c2bcf5c22170236c

For Mac OS X v10.4.11 (Universal)
The download file is named: "SecUpd2008-002Univ.dmg"
Its SHA-1 digest is: 49b1c6b1a919b33cbaada1c86eb501291e7145e8

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2008-002PPC.dmg"
Its SHA-1 digest is: 8a838e33b6720184a4e4e13c17392892e5a06a56

For Mac OS X Server v10.5.2
The download file is named: "SecUpdSrvr2008-002.dmg"
Its SHA-1 digest is: 2f5126096b872482315a25cd3d75bc1c0a082e84

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-002Univ.dmg"
Its SHA-1 digest is: 77074bdd1d0574abe9631b12011f8ef1d15151b3

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2008-002PPC.dmg"
Its SHA-1 digest is: 1b5f3c1464b1fce0d77f44e50a0b662b467e3fd0

Information will also be posted to the Apple Security Updates web site:
http://docs.info.apple.com/article.html?artnum=61798

---

Safari 3.1

Safari 3.1がソフトウェア・アップデート経由で出ています。

---

Safari　3.1　39.0 MB
このアップデートには、安定性、互換性、JavaScript のパフォーマンス、およびセキュリティに対する改善が含まれており、すべての Safari ユーザにお勧めします。

このアップデートについて詳しくは、次の Web サイトを参照してください：http://docs.info.apple.com/article.html?artnum=307467-ja

セキュリティアップデートについて詳しくは、次の Web サイトを参照してください：http://docs.info.apple.com/article.html?artnum=61798-ja

以下、Apple Product Securityからのメールを引用。

APPLE-SA-2008-03-18 Safari 3.1

Safari 3.1 is now available and addresses the following issues:

Safari
CVE-ID: CVE-2007-4680
Available for: Windows XP or Vista
Impact: A remote attacker may be able to cause an untrusted certificate to appear trusted
Description: An issue exists in the validation of certificates. A man-in-the-middle attacker may be able to direct the user to a legitimate site with a valid SSL certificate, then re-direct the user to a spoofed web site that incorrectly appears to be trusted. This could allow user credentials or other information to be collected. This update addresses the issue through improved validation of certificates. This issue is addressed for Mac OS X in Security Update 2007-008, and is incorporated into Mac OS X v10.4.11 and Mac OS X v10.5 or later. Credit to Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C for reporting this issue.

Safari
CVE-ID: CVE-2008-0050
Available for: Windows XP or Vista
Impact: A malicious proxy server may spoof secure websites
Description: A malicious HTTPS proxy server may return arbitrary data to CFNetwork in a 502 Bad Gateway error, which could allow a secure website to be spoofed. This update addresses the issue by returning an error on any proxy error, instead of returning the proxy-supplied data. This issue has already been addressed in Mac OS X 10.5.2, and in Security Update 2008-002 for Mac OS X 10.4.11 systems.

Safari
CVE-ID: CVE-2008-1001
Available for: Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: A cross-site scripting issue exists in Safari's error page. By enticing a user to open a maliciously crafted URL, an attacker may cause the disclosure of sensitive information. This update addresses the issue by performing additional validation of URLs. This issue does not affect Mac OS X systems. Credit to Robert Swiecki of Google Information Security Team for reporting this issue.

Safari
CVE-ID: CVE-2008-1002
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: A cross-site scripting issue exists in the processing of javascript: URLs. Enticing a user to visit a maliciously crafted web page could allow the execution of JavaScript in the context of another site. This update addresses the issue by performing additional validation of javascript: URLs. Credit to Robert Swiecki of Google Information Security Team for reporting this issue.

WebCore
CVE-ID: CVE-2008-1003
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: An issue exists with the handling of web pages that have explicitly set the document.domain property. This could lead to a cross-site scripting attack in sites that set the document.domain property, or between HTTP and HTTPS sites with the same document.domain. This update addresses the issue by improving same-origin checks. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore
CVE-ID: CVE-2008-1004
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Using Web Inspector on a maliciously crafted website may result in cross-site scripting
Description: An issue in Web Inspector allows a page being inspected to escalate its privileges by injecting script that will run in other domains and read the user's file system. This update addresses the issue by preventing Javascript code on remote pages from being run. Credit to Collin Jackson and Adam Barth of Stanford University for reporting this issue.

WebCore
CVE-ID: CVE-2008-1005
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Using Kotoeri reverse conversion on a password field displays the password
Description: The content of password fields on web pages is normally hidden to guard against disclosing it to others with the ability to see the display. An issue exists with the use of the Kotoeri input method, which could result in exposing the password field content on the display when reverse conversion is requested. This update addresses the issue by no longer exposing the content of password fields when using Kotoeri reverse conversion.

WebCore
CVE-ID: CVE-2008-1006
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: The window.open() function may be used to change the security context of a webpage to the caller's context. Enticing a user to open a maliciously crafted page could allow an arbitrary script to be executed in the user's security context. This update addresses the issue by not allowing the security context to be changed. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore
CVE-ID: CVE-2008-1007
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting using Java
Description: The frame navigation policy is not enforced for Java applets. By enticing a user to open a maliciously crafted web page, an attacker may obtain elevated privileges through a cross-site scripting attack using Java. This update addresses the issue by enforcing the frame navigation policy for Java applets. Credit to Adam Barth and Collin Jackson of Stanford University for reporting this issue.

WebCore
CVE-ID: CVE-2008-1008
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: A cross-site scripting issue exists in Safari's handling of the document.domain property. Enticing a user to visit a maliciously crafted web page may lead to the disclosure of sensitive information. This update addresses the issue through additional validation of the document.domain property.

WebCore
CVE-ID: CVE-2008-1009
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: A JavaScript injection issue exists in the handling of the history object. This may allow frames to set history object properties in all other frames loaded from the same web page. An attacker may leverage this issue to inject JavaScript that will run in the context of other frames, resulting in cross-site scripting. This update addresses the issue by no longer allowing webpages to alter the history object.

WebKit
CVE-ID: CVE-2008-1010
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue exists in WebKit's handling of JavaScript regular expressions. Enticing a user to visit a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Eric Seidel of the WebKit Open Source Project, and Tavis Ormandy and Will Drewry of Google Security Team for reporting this issue.

WebKit
CVE-ID: CVE-2008-1011
Available for: Mac OS X v10.4.11, Mac OS X v10.5.2, Windows XP or Vista
Impact: Visiting a maliciously crafted website may result in cross-site scripting
Description: A cross-site scripting issue in WebKit allows method instances from one frame to be called in the context of another frame. Enticing a user to visit a maliciously crafted web page may lead to the disclosure of sensitive information. This update addresses the issue through improved handling of cross-domain method calls. Credit to David Bloom for reporting this issue.

Safari 3.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/

Safari for Mac OS X v10.5.2
The download file is named: "Safari31UpdLeo.dmg"
Its SHA-1 digest is: db76743014600581d59c1be3b60f2d8edd3defcd

Safari for Mac OS X v10.4.11
The download file is named: "Safari31UpdTiger.dmg"
Its SHA-1 digest is: 567ef2be9bdba51c2cf86613958599123e5f45f1

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: 48f9bfd5145be9f8a9307ab3e83674df4799c763

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 2c35c091ba306ee59a3101f86899a310f55c385f

---