[AusNOG] AusCERT Week in Review - Week Ending 25/07/2008 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Jul 25 15:28:00 EST 2008
AusCERT Week in Review
25 July 2008
AusCERT in the Media:
---------------------
Staying secure at the Olympics
CRN Australia, Australia
Jul 22, 2008
http://www.crn.com.au/Feature/4765,staying-secure-at-the-olympics.aspx
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2008.0067 -- [Win][VMware ESX][Linux] -- Patches available for
critical VMware vulnerabilities
Date: 24 July 2008
URL: http://www.auscert.org.au/9399
Title: AA-2008.0151 -- [Win][UNIX/Linux] -- Joomla! 1.5.4 released correct
multiple vulnerabilities
Date: 24 July 2008
URL: http://www.auscert.org.au/9544
Title: AA-2008.0163 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in Drupal
Date: 24 July 2008
URL: http://www.auscert.org.au/9625
Title: AL-2008.0083 -- [Win][UNIX/Linux][Juniper][Cisco] -- DNS cache
poisoning fix may be ineffective with an intervening NAT device
Date: 23 July 2008
URL: http://www.auscert.org.au/9618
Title: AA-2008.0162 -- [Win] -- Increased levels of malicious email
Date: 22 July 2008
URL: http://www.auscert.org.au/9615
Title: AL-2008.0082 -- [Win][UNIX/Linux][Juniper][Cisco] -- DNS cache
poisoning vulnerability information allegedly leaked to the public
Date: 22 July 2008
URL: http://www.auscert.org.au/9611
Title: AA-2008.0159 -- [Win][UNIX/Linux] -- phpMyAdmin vulnerable to
Cross-Site Request Forgery
Date: 21 July 2008
URL: http://www.auscert.org.au/9602
External Security Bulletins:
----------------------------
Title: ESB-2008.0738 -- [NetBSD] -- BIND cache poisoning
Date: 25 July 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9633
Title: ESB-2008.0737 -- [RedHat] -- Low: coreutils security update
Date: 25 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9632
Title: ESB-2008.0736 -- [RedHat] -- Low: nss_ldap security and bug fix update
Date: 25 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9631
Title: ESB-2008.0735 -- [RedHat] -- Moderate: Updated kernel packages for Red
Hat Enterprise Linux 4.7
Date: 25 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9630
Title: ESB-2008.0734 -- [RedHat] -- Moderate: mysql security, bug fix, and
enhancement update
Date: 25 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9629
Title: ESB-2008.0733 -- [UNIX/Linux][RedHat] -- Moderate: vsftpd security
update
Date: 25 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9628
Title: ESB-2008.0732 -- [RedHat] -- Moderate: rdesktop security update
Date: 25 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9627
Title: ESB-2008.0731 -- [Debian] -- new clamav packages fix denial of service
Date: 25 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9626
Title: ESB-2008.0730 -- [RedHat] -- Moderate: thunderbird security update
Date: 24 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9624
Title: ESB-2008.0729 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 24 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9623
Title: ESB-2008.0728 -- [Debian] -- New xulrunner packages fix several
vulnerabilities
Date: 24 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9622
Title: ESB-2008.0727 -- [Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 24 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9621
Title: ESB-2008.0726 -- [UNIX/Linux] -- AST-2008-011 - Traffic amplification
in IAX2 firmware provisioning system
Date: 24 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9620
Title: ESB-2008.0725 -- [UNIX/Linux] -- AST-2008-010 - Asterisk IAX 'POKE'
resource exhaustion
Date: 24 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9619
Title: ESB-2008.0724 -- [RedHat] -- Moderate: php security update
Date: 23 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9617
Title: ESB-2008.0723 -- [Debian] -- new libgd2 packages fix multiple
vulnerabilities
Date: 23 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9616
Title: ESB-2008.0722 -- [Win] -- Multiple vulnerabilities in EMC Dantz
Retrospect 7 Backup Client
Date: 22 July 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9614
Title: ESB-2008.0721 -- [HP-UX] -- OpenSSH 5.1 release fixes possible
man-in-the-middle attack
Date: 22 July 2008
OS: HP-UX
URL: http://www.auscert.org.au/9612
Title: ESB-2008.0720 -- [Debian] -- New ruby1.8 packages fix several
vulnerabilities
Date: 22 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9610
Title: ESB-2008.0719 -- [RedHat] -- Moderate: rhpki-util, rhpki-common, and
rhpki-ca security and bug fix update
Date: 22 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9609
Title: ESB-2008.0718 -- [RedHat] -- Critical: acroread security update
Date: 22 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9608
Title: ESB-2008.0717 -- [BLACKBERRY] -- Vulnerability in the PDF distiller of
the BlackBerry Attachment Service for the BlackBerry Enterprise Server
Date: 21 July 2008
URL: http://www.auscert.org.au/9607
Title: ESB-2008.0716 -- [Solaris] -- Security Vulnerability in the System
Management Agent (SMA) SNMP daemon (snmpd(1M))
Date: 21 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9606
Title: ESB-2008.0715 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
Poisoning
Date: 21 July 2008
OS: HP-UX
URL: http://www.auscert.org.au/9601
Title: ESB-2008.0712 -- [Win] -- HP Select Identity Active Directory
Bidirectional LDAP Connector, Remote Unauthorized Access
Date: 23 July 2008
OS: Windows Vista, Server 2008, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/9598
Title: ESB-2008.0696 -- [Win][UNIX/Linux] -- Wireshark new release fixing
multiple vulnerabilities
Date: 24 July 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9576
Title: ESB-2008.0356 -- [Debian] -- New lighttpd packages fix denial of
service
Date: 24 July 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9081
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list