[AusNOG] AusCERT Week in Review - Week Ending 21/04/2006

Fri Apr 21 16:11:21 EST 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings ausnog,

The following is a summary of what we have pushed to our subscribers for
the past week.  

I hope this is of some use.

Best regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

AusCERT Week in Review
21 April 2006

Papers, Articles and other documents:
- -------------------------------------

Alerts, Advisories and Updates:
- -------------------------------
Title: AU-2006.0011 -- AusCERT Update - [Solaris] - Patches now available for
       sendmail race condition vulnerability 
Date:  21 April 2006
URL:   http://www.auscert.org.au/6221

Title: AL-2006.0028 -- [Win][UNIX/Linux] -- Oracle Products Contain Multiple
       Vulnerabilities 
Date:  20 April 2006
URL:   http://www.auscert.org.au/6214

Title: AL-2006.0027 -- [Win][UNIX/Linux] -- Mozilla Products Contain Multiple
       Vulnerabilities 
Date:  18 April 2006
URL:   http://www.auscert.org.au/6205

External Security Bulletins:
- ----------------------------
Title: ESB-2006.0282 -- [Solaris] -- Sun Java Studio Enterprise 8 May Create
       World-Writable Files When Installed by Root 
Date:  21 April 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6223

Title: ESB-2006.0281 -- [RedHat] -- Critical: Mozilla security update 
Date:  21 April 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6222

Title: ESB-2006.0280 -- [Win][UNIX/Linux][Debian] -- New zope-cmfplone
       packages fix unprivileged data manipulation 
Date:  21 April 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6220

Title: ESB-2006.0279 -- [Debian] -- New horde3 packages fix several
       vulnerabilities 
Date:  20 April 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6219

Title: ESB-2006.0278 -- [Win] -- Vulnerability in Microsoft FrontPage Server
       Extensions Could Allow Cross-Site Scripting (917627) 
Date:  20 April 2006
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/6218

Title: ESB-2006.0277 -- [Cisco] -- Cisco IOS XR MPLS Vulnerabilities 
Date:  20 April 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6217

Title: ESB-2006.0276 -- [Cisco] -- Multiple Vulnerabilities in the WLSE
       Appliance 
Date:  20 April 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6216

Title: ESB-2006.0275 -- [Cisco] -- Response to Privilege Escalation on
       Multiple Cisco Products 
Date:  20 April 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6215

Title: ESB-2006.0274 -- [Solaris] -- Security Vulnerability in LDAP2 Client
       Commands 
Date:  20 April 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6213

Title: ESB-2006.0273 -- [Solaris] -- Security Vulnerability May Allow 'sh'
       Process to be Crashed Causing a Denial of Service 
Date:  20 April 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6212

Title: ESB-2006.0272 -- [FreeBSD] -- FPU information disclosure 
Date:  20 April 2006
OS:    FreeBSD 
URL:   http://www.auscert.org.au/6211

Title: ESB-2006.0271 -- [Mac][OSX] -- J2SE 5.0 Release 4 
Date:  19 April 2006
OS:    Mac OS X 
URL:   http://www.auscert.org.au/6210

Title: ESB-2006.0270 -- [AIX] -- mklvcopy allows users in the system group to
       execute arbitrary code 
Date:  18 April 2006
OS:    AIX 
URL:   http://www.auscert.org.au/6209

Title: ESB-2006.0269 -- [Debian] -- New fcheck packages fix insecure temporary
       file creation 
Date:  18 April 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6208

Title: ESB-2006.0268 -- [Win][UNIX/Linux][Debian] -- New horde2 packages fix
       several vulnerabilities 
Date:  18 April 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX 
URL:   http://www.auscert.org.au/6207

Title: ESB-2006.0267 -- [RedHat] -- Critical: Firefox security update 
Date:  18 April 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6206

Title: ESB-2006.0261 -- [HP-UX] -- HP-UX running Sendmail, Remote Execution of
       Arbitrary Code 
Date:  19 April 2006
OS:    HP-UX 
URL:   http://www.auscert.org.au/6193

Title: ESB-2006.0233 -- [Solaris] -- Security Vulnerability in sendmail(1M)
       Versions Prior to 8.13.6 
Date:  21 April 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6163

Title: ESB-2006.0161 -- [Solaris] -- Sun TCP Connections May Experience
       Performance Degradation If Certain ICMP Error Messages Are Received 
Date:  21 April 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6083

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBREh3iCh9+71yA2DNAQJkQgP/Z7d786C3i68xR6NJU/nx+WK1m1wBQPG4
m+N6ToWEbskrGM+XPI9COjINx7d9RWkh5GfB8TFtn+xCTL8P43qdWHvWUE2Iii1g
bJlBxYjMFg/FIbc2Mxb0P1Jy03oKwn0arm9GjxcrHYI485hoh18vl7kVDD+hvzDt
9aFXq8ZQRP0=
=ZnTY
-----END PGP SIGNATURE-----