[AusNOG] AusCERT Week in Review - Week Ending 14/11/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Nov 14 17:48:59 EST 2008
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0233 -- [Win][UNIX/Linux][Mac][OSX] -- New release of Joomla!
to correct cross site scripting vulnerabilities
Date: 14 November 2008
URL: http://www.auscert.org.au/10078
Title: AA-2008.0232 -- [Win][UNIX/Linux] -- Security bypass vulnerability in
Bugzilla
Date: 13 November 2008
URL: http://www.auscert.org.au/10072
Title: AL-2008.0114 -- [Win][UNIX/Linux] -- Firefox 3.0.4/2.0.0.18 and
SeaMonkey 1.1.13 released to correct multiple vulnerabilities
Date: 13 November 2008
URL: http://www.auscert.org.au/10073
Title: AL-2008.0115 -- [Win] -- SAP AG SAPgui MDrmSap ActiveX control code
execution vulnerability
Date: 13 November 2008
URL: http://www.auscert.org.au/10076
Title: AL-2008.0113 -- [Win] -- MS08-069 Vulnerabilities in Microsoft XML
Core
Services Could Allow Remote Code Execution
Date: 12 November 2008
URL: http://www.auscert.org.au/10064
Title: AA-2008.0231 -- [Linux] -- Multiple vulnerabilities fixed in Linux
kernel 2.4.36.9 and 2.6.27.5
Date: 12 November 2008
URL: http://www.auscert.org.au/10065
Title: AA-2008.0230 -- [UNIX/Linux] -- ClamAV version 0.94.1 released
Date: 11 November 2008
URL: http://www.auscert.org.au/10059
Title: AL-2008.0112 -- [Win] -- Microsoft Bulletin Notification - November
Prerelease Announcement
Date: 11 November 2008
URL: http://www.auscert.org.au/10060
Title: AA-2008.0224 -- [UNIX/Linux] -- A security vulnerability has been
identified in Dovecot
Date: 10 November 2008
URL: http://www.auscert.org.au/10028
Title: AA-2008.0229 -- [IBM HMC] -- IBM release fixes for HMC
Date: 10 November 2008
URL: http://www.auscert.org.au/10054
External Security Bulletins:
----------------------------
Title: ESB-2008.1050 -- [Solaris] -- ZFS Pool Corruption May Occur With Sun
Cluster 3.2 Running Solaris 10 with patch 137137-09 or 137138-09
Date: 14 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10081
Title: ESB-2008.1049 -- [Win][Mac][OSX] -- Safari 3.2 released fixing
several
vulnerabilities
Date: 14 November 2008
OS: Windows XP, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/10080
Title: ESB-2008.1048 -- [Linux][Solaris] -- Cross-Site Scripting (XSS)
Vulnerability in Sun Java Messaging Server
Date: 14 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux
URL: http://www.auscert.org.au/10079
Title: ESB-2008.1047 -- [Solaris] -- A Security Vulnerability in the Logical
Domains (LDoms) Manager May Allow Unauthorized System Access and
Escalation of Privileges
Date: 14 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10077
Title: ESB-2008.1046 -- [RedHat] -- Critical: firefox security update
Date: 13 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10075
Title: ESB-2008.1045 -- [RedHat] -- Critical: seamonkey security update
Date: 13 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10074
Title: ESB-2008.1044 -- [Solaris] -- Security Vulnerability in Solaris IP
Filter Network Address Translation (NAT) May Lead to DNS Cache
Poisoning
Date: 13 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10071
Title: ESB-2008.1043 -- [Win][UNIX/Linux] -- Multiple Security
Vulnerabilities
in Sun Java System Identity Manager May Allow Cross-Site Scripting
Exploits, Unauthorised Access or Unauthorised Redirection
Date: 13 November 2008
OS: HP Tru64 UNIX, Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10070
Title: ESB-2008.1042 -- [RedHat] -- Important: flash-plugin security update
Date: 13 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10069
Title: ESB-2008.1041 -- [Win][Linux][HP-UX][Solaris][AIX] -- HP Service
Manager (HPSM) versions prior to 7.01.71 may be used to gain extended
privileges
Date: 13 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10068
Title: ESB-2008.1040 -- [RedHat] -- Critical: acroread security update
Date: 13 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10067
Title: ESB-2008.1039 -- [UNIX/Linux][Debian] -- New libcdaudio packages fix
arbitrary code execution
Date: 13 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10066
Title: ESB-2008.1038 -- [Win] -- MS08-068 Vulnerability in SMB Could Allow
Remote Code Execution
Date: 12 November 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10063
Title: ESB-2008.1037 -- [Win][UNIX/Linux][RedHat] -- Moderate: gnutls
security
update
Date: 12 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10062
Title: ESB-2008.1036 -- [RedHat] -- Moderate: httpd security and bug fix
update
Date: 12 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10061
Title: ESB-2008.1035 -- [Solaris] -- Security Vulnerability in Solstice X.25
May Allow Denial of Service (DoS)
Date: 11 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10058
Title: ESB-2008.1034 -- [Solaris] -- Security Vulnerabilities in DHCP
Handling
of DHCP Requests May Allow Remote Users to Execute Arbitrary Code or
Cause a Denial of the DHCP Service
Date: 11 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10057
Title: ESB-2008.1033 -- [Mac][OSX] -- iLife Support 8.3.1
Date: 11 November 2008
OS: Mac OS X
URL: http://www.auscert.org.au/10056
Title: ESB-2008.1032 -- [UNIX/Linux][Debian] -- New ekg packages fix denial
of
service
Date: 11 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10055
Title: ESB-2008.1031 -- [Debian] -- New net-snmp packages fix several
vulnerabilities
Date: 10 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10053
Title: ESB-2008.1030 -- [Win][VMware ESX][Linux] -- VMware Hosted products,
VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple
security issues
Date: 10 November 2008
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux,
Windows Vista
URL: http://www.auscert.org.au/10052
Title: ESB-2008.0938 -- [Solaris] -- Solaris 10 fifofs Patches 127737-02 and
127738-02 WITHDRAWN, May Cause a System Panic
Date: 11 November 2008
OS: Solaris
URL: http://www.auscert.org.au/9918
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20081114/a23c3f7f/attachment.html>
More information about the AusNOG
mailing list