[AusNOG] AusCERT Week in Review - Week Ending 29/08/2008 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Aug 29 16:05:24 EST 2008 

AusCERT Week in Review
29 August 2008

AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------

Web Log Entries:
----------------

Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0090 -- [Win][Mac][OSX] -- MS08-051 - Vulnerabilities in
       Microsoft PowerPoint Could Allow Remote Code Execution 
Date:  25 August 2008
URL:   http://www.auscert.org.au/9706

External Security Bulletins:
----------------------------
Title: ESB-2008.0843 -- [Win] -- Worry-Free Business Security 5.0 - Security
       Server Critical Patch 
Date:  29 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9770

Title: ESB-2008.0842 -- [Solaris] -- Covert Channel Security Vulnerability in
       the Solaris Kernel 
Date:  29 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9769

Title: ESB-2008.0841 -- [HP-UX] -- HP-UX Running Apache, Remote Cross Site
       Scripting (XSS) or Denial of Service (DoS) 
Date:  29 August 2008
URL:   http://www.auscert.org.au/9768

Title: ESB-2008.0840 -- [RedHat] -- Important: libtiff security update 
Date:  29 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9767

Title: ESB-2008.0839 -- [Win] -- HP Enterprise Discovery Running on Windows,
       Remote Authorized User, Gain Extended Privileges 
Date:  28 August 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9766

Title: ESB-2008.0838 -- [RedHat] -- Important: tomcat security update 
Date:  28 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9765

Title: ESB-2008.0837 -- [UNIX/Linux][RedHat] -- Important: openoffice.org
       security update 
Date:  28 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9764

Title: ESB-2008.0836 -- [RedHat] -- Critical: Red Hat Directory Server 7.1
       Service Pack 7 security update 
Date:  28 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9763

Title: ESB-2008.0835 -- [RedHat] -- Moderate: adminutil security update 
Date:  28 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9762

Title: ESB-2008.0834 -- [Appliance][Solaris] -- Attempts to Install Patch
       124898-08 on Brocade Switches 3250, 3850, 3900, and 24000 will Fail 
Date:  28 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9761

Title: ESB-2008.0833 -- [RedHat] -- Moderate: redhat-ds-base and
       redhat-ds-admin security and bug fix update 
Date:  28 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9760

Title: ESB-2008.0832 -- [Solaris] -- Security Vulnerability in Solaris 10 NFS
       Remote Procedure Calls (RPCs) May Allow a Denial of Service (DoS) or
       Data Integrity Issues for Non-Global Zones 
Date:  27 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9759

Title: ESB-2008.0831 -- [NetBSD] -- Malicious PPPoE discovery packet can
       overrun a kernel buffer 
Date:  27 August 2008
OS:    Other BSD Variants 
URL:   http://www.auscert.org.au/9758

Title: ESB-2008.0830 -- [UNIX/Linux][Debian] -- New tiff packages fix
       arbitrary code execution 
Date:  27 August 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9757

Title: ESB-2008.0829 -- [Linux][RedHat] -- Important: kernel security and bug
       fix update 
Date:  27 August 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/9756

Title: ESB-2008.0828 -- [Linux][RedHat] -- Important: ipsec-tools security
       update 
Date:  27 August 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/9755

Title: ESB-2008.0827 -- [Win][UNIX/Linux] -- DoS vulnerability in REXML 
Date:  26 August 2008
OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
       XP, Mac OS X 
URL:   http://www.auscert.org.au/9754

Title: ESB-2008.0826 -- [Win] -- Trend Micro(TM) OfficeScan(TM) 8.0 Service
       Pack 1 Critical Patch 
Date:  26 August 2008
OS:    Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/9753

Title: ESB-2008.0825 -- [Solaris] -- A Security Vulnerability in the Solaris
       NFS Kernel Module May Lead to a System Panic, Resulting in a Denial of
       Service (DoS) 
Date:  25 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9752

Title: ESB-2008.0824 -- [Solaris] -- Sun Fire 12K/15K/E20K/E25K Systems
       Equipped Witha Quad GigaSwift (QGE-X) Card May Panic 
Date:  25 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9751

Title: ESB-2008.0823 -- [Debian] -- New libxml2 packages fix denial of service
Date:  27 August 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9750

Title: ESB-2008.0822 -- [RedHat] -- Critical: openssh security update 
Date:  25 August 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9749

Title: ESB-2008.0805 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
       weaknesses were discovered in Drupal 
Date:  29 August 2008
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/9722

Title: ESB-2008.0797 -- [VMware ESX] -- Updated ESX packages for OpenSSL,
       net-snmp, perl 
Date:  27 August 2008
OS:    Virtualisation 
URL:   http://www.auscert.org.au/9713

Title: ESB-2008.0618 -- [Solaris] -- Solaris 10 Patches Cause ARP to
       Erroneously Detect Duplicate Network Address Which Leaves the Affected
       Interface in an Unusable State 
Date:  28 August 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9456

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

More information about the AusNOG mailing list