[AusNOG] AusCERT Week in Review - Week Ending 04/04/2008 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Apr 4 17:34:43 EST 2008
AusCERT Week in Review
04 April 2008
AusCERT in the Media:
---------------------
Risky Business Episode 56 - Knowledge is power
Search Security, Australia
Mar 31, 2008
http://searchsecurity.techtarget.com.au/articles/23956-Risky-Business-Episode-56-Knowledge-is-power
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0038 -- [Cisco] -- Cisco Unified Communications Disaster
Recovery Framework Command Execution Vulnerability
Date: 04 April 2008
URL: http://www.auscert.org.au/9067
Title: AA-2008.0077 -- [Win][UNIX/Linux] -- Opera version 9.27 released fixing
several vulnerabilities
Date: 04 April 2008
URL: http://www.auscert.org.au/9068
Title: AA-2008.0078 -- [Win][UNIX/Linux] -- OpenSSH 5.0 released fixing
connection hijacking vulnerability
Date: 04 April 2008
URL: http://www.auscert.org.au/9069
Title: AL-2008.0037 -- [Win][Mac] -- QuickTime 7.4.5 released fixing multiple
vulnerabilities
Date: 03 April 2008
URL: http://www.auscert.org.au/9059
Title: AA-2008.0076 -- [Win][UNIX/Linux] -- Vulnerability in GnuPG may allow
remote execution of arbitrary code
Date: 02 April 2008
URL: http://www.auscert.org.au/9050
Title: AA-2008.0074 -- [Win] -- avast! 4 contains local system compromise
vulnerability
Date: 01 April 2008
URL: http://www.auscert.org.au/9043
Title: AL-2008.0036 -- [Win] -- CA Multiple Products DSM ListCtrl ActiveX
Control Buffer Overflow Vulnerability
Date: 01 April 2008
URL: http://www.auscert.org.au/9044
Title: AA-2008.0075 -- [Win][UNIX/Linux] -- PowerDNS Cache Poisoning
Vulnerability
Date: 01 April 2008
URL: http://www.auscert.org.au/9046
External Security Bulletins:
----------------------------
Title: ESB-2008.0350 -- [Win][UNIX/Linux] -- Webform (Drupal third-party
module) Cross site scripting vulnerabilities
Date: 04 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9070
Title: ESB-2008.0349 -- [Solaris] -- Security Vulnerability in inetd(1M)
Daemon When Debug Logging is Enabled
Date: 04 April 2008
OS: Solaris
URL: http://www.auscert.org.au/9066
Title: ESB-2008.0348 -- [Win] -- Borland CaliberRM StarTeam Multicast Service
Buffer Overflow Vulnerability
Date: 04 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9065
Title: ESB-2008.0347 -- [Win] -- Symantec Norton Internet Security 2008
multiple vulnerabilities in ActiveX control
Date: 04 April 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/9064
Title: ESB-2008.0346 -- [SCO] -- SCO UnixWare pkgadd Directory Traversal
Vulnerability
Date: 04 April 2008
URL: http://www.auscert.org.au/9063
Title: ESB-2008.0345 -- [RedHat] -- Moderate: thunderbird security update
Date: 04 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9062
Title: ESB-2008.0344 -- [RedHat] -- Critical: java-1.5.0-ibm security update
Date: 04 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9061
Title: ESB-2008.0343 -- [Win][UNIX/Linux] -- phpMyAdmin - Credentials
disclosure vulnerability
Date: 03 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9060
Title: ESB-2008.0342 -- [Tru64] -- HP Internet Express for Tru64 UNIX running
PostgreSQL, Arbitrary Code Execution, Privilege Elevation, or Denial of
Service (DoS)
Date: 03 April 2008
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/9058
Title: ESB-2008.0341 -- [Win][RedHat][Solaris] -- HP Select Identity Software,
Gain Unauthorized Access
Date: 03 April 2008
OS: Solaris, Windows 2003, Red Hat Linux
URL: http://www.auscert.org.au/9057
Title: ESB-2008.0340 -- [Win][UNIX/Linux] -- Flickr and Ubercart (Drupal
third-party module) Cross site scripting vulnerabilities
Date: 03 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9056
Title: ESB-2008.0339 -- [RedHat] -- Moderate: JBoss Enterprise Application
Platform 4.2.0CP02 security update
Date: 03 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9055
Title: ESB-2008.0338 -- [Debian] -- New xpdf packages fix multiple
vulnerabilities
Date: 03 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9054
Title: ESB-2008.0337 -- [UNIX/Linux][RedHat] -- Moderate: gnome-screensaver
security update
Date: 03 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X
URL: http://www.auscert.org.au/9053
Title: ESB-2008.0336 -- [UNIX/Linux] -- lighttpd contains a remote denial of
service vulnerability
Date: 02 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9051
Title: ESB-2008.0335 -- [Win] -- Macrovision InstallShield InstallScript
One-Click Install Untrusted Library Loading Vulnerability
Date: 02 April 2008
OS: Windows 2003, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9049
Title: ESB-2008.0334 -- [RedHat] -- Important: lspp-eal4-config-ibm and
capp-lspp-eal4-config-hp security update
Date: 02 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9048
Title: ESB-2008.0333 -- [RedHat] -- Moderate: cups security update
Date: 02 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9047
Title: ESB-2008.0332 -- [Win][UNIX/Linux] -- Multiple problems in Wireshark
versions 0.99.2 to 0.99.8
Date: 01 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows XP,
Server 2008, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/9045
Title: ESB-2008.0331 -- [UNIX/Linux][Debian] -- New libxine packages fix
several vulnerabilities
Date: 01 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9042
Title: ESB-2008.0330 -- [Appliance] -- HP Compaq Business Notebook PC BIOS,
Local Denial of Service (DoS)
Date: 31 March 2008
URL: http://www.auscert.org.au/9041
Title: ESB-2008.0329 -- [Appliance] -- HP Compaq Notebook PC BIOS, Local
Unauthorized Access
Date: 31 March 2008
URL: http://www.auscert.org.au/9040
Title: ESB-2008.0328 -- [HP] -- HP OpenVMS SSH Using TCP/IP Services for
OpenVMS, Remote Unauthorized Access
Date: 31 March 2008
OS: HP-UX
URL: http://www.auscert.org.au/9039
Title: ESB-2008.0327 -- [Debian] -- New iceape packages fix several
vulnerabilities
Date: 31 March 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9038
Title: ESB-2008.0326 -- [VMware ESX] -- Updated libxml2 service console
package
Date: 31 March 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9037
Title: ESB-2008.0325 -- [Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 31 March 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9036
Title: ESB-2008.0322 -- [Win][UNIX/Linux][Debian] -- New exiftags packages fix
several vulnerabilities
Date: 02 April 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9032
Title: ESB-2008.0320 -- [UNIX/Linux][Debian] -- New policyd-weight packages
fix insecure temporary files
Date: 31 March 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/9030
Title: ESB-2008.0311 -- [UNIX/Linux] -- SILC pkcs_decode buffer overflow
Date: 02 April 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/9009
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list