[AusNOG] AusCERT Week in Review - Week Ending 09/06/2006

matthew at auscert.org.au matthew at auscert.org.au
Fri Jun 9 17:19:56 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

G'day all,

The following is a summary of what we have pushed to our subscribers for
the past week.

Have a good weekend,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au


AusCERT Week in Review
09 June 2006


Papers, Articles and other documents:
- -------------------------------------


Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2006.0034 -- [Win] -- MailMarshal 6.1 ACE content filter bypass 
Date:  07 June 2006
URL:   http://www.auscert.org.au/6374

Title: AA-2006.0033 -- [Win] -- JIWA Financials reporting allows execution of
       arbitrary SQL commands 
Date:  06 June 2006
URL:   http://www.auscert.org.au/6359


External Security Bulletins:
- ----------------------------
Title: ESB-2006.0400 -- [Win][Linux][HP-UX][IRIX][Solaris][AIX][Mac] --
       Incomplete Authentication and Authorization in Sun Grid Engine 5.3 and
       N1 Grid Engine 6.0 Certificate Security Protocol (CSP) Mode 
Date:  09 June 2006
OS:    Solaris, Debian GNU/Linux, IRIX, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX 
URL:   http://www.auscert.org.au/6381

Title: ESB-2006.0399 -- [Win][UNIX/Linux][Debian] -- New TIFF packages fix
       arbitrary code execution 
Date:  09 June 2006
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows ME 
URL:   http://www.auscert.org.au/6380

Title: ESB-2006.0398 -- [Win][UNIX/Linux][Debian] -- New MySQL 4.1 packages
       fix SQL injection 
Date:  09 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX 
URL:   http://www.auscert.org.au/6379

Title: ESB-2006.0397 -- [UNIX/Linux][Debian] -- New xine-ui packages fix
       denial of service 
Date:  09 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6378

Title: ESB-2006.0396 -- [UNIX/Linux][Debian] -- New gforge packages fix
       cross-site scripting 
Date:  09 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6377

Title: ESB-2006.0395 -- [NetBSD] -- FPU Information leak on i386/amd64/Xen
       platforms with AMD CPUs 
Date:  09 June 2006
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/6376

Title: ESB-2006.0394 -- [NetBSD] -- IPv6 socket options can crash the system 
Date:  09 June 2006
URL:   http://www.auscert.org.au/6375

Title: ESB-2006.0393 -- [RedHat] -- Moderate: spamassassin security update 
Date:  07 June 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6373

Title: ESB-2006.0392 -- [Win][UNIX/Linux][Debian][OSX] -- New spamassassin
       packages fix remote command execution 
Date:  07 June 2006
OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
       HP-UX, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, AIX,
       Windows 2003, Windows 2000, Windows NT 4, Windows XP, Mac OS X 
URL:   http://www.auscert.org.au/6372

Title: ESB-2006.0391 -- [UNIX/Linux][Debian] -- New xmcd packages fix denial
       of service 
Date:  06 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6371

Title: ESB-2006.0390 -- [Win][UNIX/Linux][HP-UX] -- HP-UX Mozilla Remote
       Execution of Arbitrary Code, Denial of Service (DoS) 
Date:  06 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX 
URL:   http://www.auscert.org.au/6370

Title: ESB-2006.0389 -- [Solaris] -- Simultaneous Multi-Threading Processors
       May Leak Information 
Date:  05 June 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6369

Title: ESB-2006.0388 -- [Solaris] -- Security Vulnerability With Sun StorADE
       Version 2.4 Installation 
Date:  05 June 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6368

Title: ESB-2006.0387 -- [Win][UNIX/Linux][Debian] -- New PostgreSQL packages
       fix encoding vulnerabilities 
Date:  05 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6367

Title: ESB-2006.0386 -- [UNIX/Linux][Debian] -- New centericq packages fix
       arbitrary code execution 
Date:  05 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/6366

Title: ESB-2006.0385 -- [UNIX/Linux][Debian] -- New freeradius packages fix
       arbitrary code execution 
Date:  05 June 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
       AIX 
URL:   http://www.auscert.org.au/6365


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRIkhHCh9+71yA2DNAQJsFwP+Pip0gd3GvMuODm/a9117VkDdEPDnryU/
1t+fvfl+Lvgz6K5y8utnYFSCRkKcDZNKmGdEYkxgpDTS5kdKQRxKISxk6m3tApJm
h5geXcGAu29096iRBM+718K8jINi24hRZ0vCFcKEeELepyMeueDTur6BRGKse6GN
AnZCAVAQ5Is=
=OtQb
-----END PGP SIGNATURE-----




More information about the AusNOG mailing list