[AusNOG] Subject: AusCERT Week in Review - Week Ending 28/11/2008 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Nov 28 17:35:08 EST 2008


AusCERT Week in Review
28 November 2008

Papers, Articles and other documents:
- - -------------------------------------
Title: AusCERT Remote Monitoring (ARM) 
Date:  25 November 2008
URL:   http://www.auscert.org.au/9027


Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0242 -- [Linux][Solaris][Mac][OSX] -- VirtualBox 2.0.6 has been
       released correcting a privilege escalation vulnerability 
Date:  28 November 2008
URL:   http://www.auscert.org.au/10119

Title: AA-2008.0243 -- [Win][UNIX/Linux] -- ffdshow is vulnerable to a buffer
       overflow 
Date:  28 November 2008
URL:   http://www.auscert.org.au/10122

Title: AA-2008.0241 -- [Win][UNIX/Linux] -- WordPress 2.6.5 has been released 
Date:  26 November 2008
URL:   http://www.auscert.org.au/10118


External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1079 -- [AIX] -- AIX 6.1 multiple security vulnerabilities 
Date:  28 November 2008
OS:    AIX 
URL:   http://www.auscert.org.au/10124

Title: ESB-2008.1078 -- [UNIX/Linux] -- Samba 3.0.29 to 3.2.4 can potentially
       leak arbitrary memory contents to malicious clients 
Date:  28 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10123

Title: ESB-2008.1077 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
       Drupal modules 
Date:  27 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10121

Title: ESB-2008.1076 -- [Win][UNIX/Linux][Appliance] -- SSH CBC plaintext
       recovery vulnerability 
Date:  26 November 2008
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Ubuntu, Debian GNU/Linux,
       Other BSD Variants, IRIX, Windows 2003, Windows CE, OpenBSD, Windows
       2000, FreeBSD, Other Linux Variants, Windows XP, Virtualisation, Server
       2008, Cisco Products, Red Hat Linux, Windows NT 4, Mac OS X, Novell
       Netware, HP-UX, AIX, Windows Vista, Windows ME 
URL:   http://www.auscert.org.au/10120

Title: ESB-2008.1075 -- [Tru64] -- HP Secure Web Server for Tru64 UNIX or
       Internet Express for Tru64 UNIX running PHP, Remote Denial of Service
       (DoS) or Arbitrary Code Execution 
Date:  26 November 2008
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/10117

Title: ESB-2008.1074 -- [Win][UNIX/Linux][RedHat] -- Important: tog-pegasus
       security update 
Date:  26 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10116

Title: ESB-2008.1073 -- [RedHat] -- Critical: java-1.4.2-ibm security update 
Date:  26 November 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10115

Title: ESB-2008.1072 -- [Win][UNIX/Linux] -- Moderate: vim security update 
Date:  26 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10114

Title: ESB-2008.1071 -- [Win][Appliance][Solaris] -- Checkpoint VPN-1 PAT
       information disclosure 
Date:  25 November 2008
OS:    Solaris, Windows 2003, Windows 2000, Windows XP, Server 2008, Windows
       Vista 
URL:   http://www.auscert.org.au/10113

Title: ESB-2008.1070 -- [Win][UNIX/Linux][Debian] -- New enscript packages fix
       arbitrary code execution 
Date:  25 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10112

Title: ESB-2008.1069 -- [Debian] -- New iceweasel packages fix several
       vulnerabilities 
Date:  25 November 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10111

Title: ESB-2008.1068 -- [FreeBSD] -- arc4random(9) predictable sequence
       vulnerability 
Date:  25 November 2008
OS:    FreeBSD 
URL:   http://www.auscert.org.au/10110

Title: ESB-2008.1067 -- [Win] -- Multiple vulnerabilities in EMC Control
       Center SAN Manager 
Date:  24 November 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/10109

Title: ESB-2008.1066 -- [Appliance] -- Cisco Response to TKIP Encryption
       Weakness 
Date:  28 November 2008
OS:    Windows ME, Windows Vista, AIX, HP-UX, Novell Netware, Mac OS X,
       Windows NT 4, Red Hat Linux, Cisco Products, Server 2008,
       Virtualisation, Windows XP, Other Linux Variants, FreeBSD, Windows
       2000, OpenBSD, Windows CE, Windows 2003, IRIX, Other BSD Variants,
       Debian GNU/Linux, Ubuntu, Windows 98/98SE, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/10108

Title: ESB-2008.1065 -- [Appliance][OSX] -- iPhone OS 2.2 and iPhone OS for
       iPod touch 2.2 
Date:  24 November 2008
OS:    Mac OS X 
URL:   http://www.auscert.org.au/10107

Title: ESB-2008.1064 -- [UNIX/Linux][Debian] -- New hf packages fix execution
       of arbitrary code 
Date:  24 November 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/10106

Title: ESB-2008.1063 -- [Debian] -- New xulrunner packages fix several
       vulnerabilities 
Date:  24 November 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10105


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




More information about the AusNOG mailing list