[AusNOG] AusCERT Week in Review - Week Ending 04/01/2008 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Jan 4 17:23:57 EST 2008


AusCERT Week in Review
04 January 2008

AusCERT in the Media:
---------------------
2007: How was it for security?
ZDNet.com.au, Australia 
Dec 30, 2007
http://www.zdnet.com.au/news/security/soa/2007-How-was-it-for-security-/0,130061744,339284667,00.htm


Papers, Articles and other documents:
-------------------------------------


Web Log Entries:
----------------
Title: Bits and ports 
Date:  30 December 2007
URL:   http://www.auscert.org.au/8569


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0001 -- [Win][UNIX/Linux] -- Multiple browsers may allow SSL
       spoofing 
Date:  02 January 2008
URL:   http://www.auscert.org.au/8571

Title: AA-2007.0113 -- [Win][UNIX/Linux] -- Mozilla Firefox 2.0.0.10 Released 
Date:  31 December 2008
URL:   http://www.auscert.org.au/8420

Title: AA-2007.0125 -- [Win][UNIX/Linux] -- Dokeos 1.8.4 Cross Site Scripting
       (XSS) vulnerability 
Date:  31 December 2008
URL:   http://www.auscert.org.au/8554

Title: AA-2007.0129 -- [Win][UNIX/Linux] -- TikiWiki 1.9.9 has been released
       fixing four security flaws 
Date:  31 December 2008
URL:   http://www.auscert.org.au/8561


External Security Bulletins:
----------------------------
Title: ESB-2007.1058 -- [UNIX/Linux] -- Denial of Service vulnerability has
       been discovered in Syslog-ng 
Date:  31 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8568

Title: ESB-2007.1057 -- [Win][UNIX/Linux][Debian] -- New libsndfile packages
       fix arbitrary code execution 
Date:  31 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8567

Title: ESB-2007.1056 -- [Win][UNIX/Linux][Debian] -- New peercast packages fix
       arbitrary code execution 
Date:  31 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8566

Title: ESB-2007.1055 -- [Linux][Debian] -- New inotify-tools packages fix
       arbitrary code execution 
Date:  31 December 2008
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8565

Title: ESB-2007.1054 -- [UNIX/Linux][Debian] -- New typo3-src packages fix SQL
       injection 
Date:  31 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8564

Title: ESB-2007.1053 -- [UNIX/Linux][Debian] -- New tar packages fix several
       vulnerabilities 
Date:  31 December 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8563

Title: ESB-2007.1050 -- [Win] -- HP Software Update Running on Windows, Remote
       Execution of Arbitrary Code 
Date:  03 January 2008
OS:    Windows Vista, Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/8552

Title: ESB-2007.1048 -- [Win][UNIX/Linux][Solaris] -- Cross-site Scripting
       Vulnerability in Sun Java System Web Server and Web Proxy Server 
Date:  31 December 2008
OS:    Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/8550

Title: ESB-2007.1041 -- [Win] -- Cross-site scripting vulnerability in legacy
       versions of Citrix Web Interface 
Date:  31 December 2008
OS:    Windows Vista, Windows XP, Windows 2000, Windows 2003 
URL:   http://www.auscert.org.au/8540

Title: ESB-2008.0007 -- [Win][UNIX/Linux] -- Vulnerabilities in some SWF files
       could allow cross-site scripting 
Date:  04 January 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8578

Title: ESB-2008.0006 -- [Win][UNIX/Linux] -- Flash Player update available to
       address security vulnerabilities 
Date:  04 January 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8577

Title: ESB-2008.0005 -- [UNIX/Linux][Debian] -- New tcpreen packages fix
       denial of service 
Date:  04 January 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8576

Title: ESB-2008.0004 -- [UNIX/Linux][Debian] -- New maradns packages fix
       denial of service 
Date:  04 January 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8575

Title: ESB-2008.0003 -- [Debian] -- New wireshark packages fix denial of
       service 
Date:  04 January 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8574

Title: ESB-2008.0002 -- [Debian] -- New php5 packages fix several
       vulnerabilities 
Date:  04 January 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8573

Title: ESB-2008.0001 -- [UNIX/Linux][Appliance] -- Asterisk Remote Crash
       Vulnerability in SIP channel driver 
Date:  03 January 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8572



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list