[AusNOG] AusCERT Week in Review - Week Ending 19/09/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Sep 19 16:13:03 EST 2008
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0202 -- [Win][UNIX/Linux][OSX] -- Horde Application Framework
3.2.2 Released
Date: 19 September 2008
URL: http://www.auscert.org.au/9857
Title: AA-2008.0191 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM releases
Fixpack 17 for DB2 Version 8
Date: 18 September 2008
URL: http://www.auscert.org.au/9809
Title: AL-2008.0098 -- [Win] -- Landesk QIP Server Service Heal Packet Buffer
Overflow Vulnerability
Date: 18 September 2008
URL: http://www.auscert.org.au/9846
Title: AA-2008.0198 -- [Win][Linux][HP-UX][Solaris][AIX] -- Multiple
vulnerabilities reported in IBM DB2 9.5
Date: 18 September 2008
URL: http://www.auscert.org.au/9850
Title: AA-2008.0199 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM releases fix
pack 19 for HTTP Server 6.1
Date: 18 September 2008
URL: http://www.auscert.org.au/9851
Title: AA-2008.0200 -- [Linux] -- A number of vulnerabilities identified in
Linux prior to 2.6.26.4
Date: 18 September 2008
URL: http://www.auscert.org.au/9853
Title: AA-2008.0201 -- [Appliance] -- Nortel Response to Potential
Authentication Bypass Vulnerability in SNMPv3
Date: 18 September 2008
URL: http://www.auscert.org.au/9854
Title: AL-2008.0093 -- [Win] -- MS08-052 - Vulnerabilities in GDI+ Could Allow
Remote Code Execution
Date: 17 September 2008
URL: http://www.auscert.org.au/9814
Title: AA-2008.0197 -- [Win] -- Buffer overflow vulnerability reported in
Trend Micro OfficeScan Server
Date: 17 September 2008
URL: http://www.auscert.org.au/9845
External Security Bulletins:
----------------------------
Title: ESB-2008.0889 -- [Win][UNIX/Linux][OSX] -- Answers - (Drupal
third-party module) - Cross site scripting
Date: 19 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9856
Title: ESB-2008.0888 -- [Solaris] -- Manipulated Tag Files used with Solaris
Text Editors May Lead to Execution of Arbitrary Code
Date: 19 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9855
Title: ESB-2008.0887 -- [Win][UNIX/Linux][OSX] -- Mailsave, Link To Us (Drupal
third-party module) - Cross Site Scripting
Date: 18 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9849
Title: ESB-2008.0886 -- [Win][Netware][Linux][Solaris] -- HP ProLiant
Essentials Rapid Deployment Pack (RDP) Running Symantec Altiris
Deployment Solution, Remote SQL Injection, Remote or Local Gain
Extended Privileges, Local Denial of Service (DoS)
Date: 18 September 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Red Hat Linux, Novell
Netware
URL: http://www.auscert.org.au/9848
Title: ESB-2008.0885 -- [Win][UNIX/Linux][OSX] -- Talk, Mailhandler (Drupal
third-party modules) - Cross site scripting, SQL injection
Date: 18 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9847
Title: ESB-2008.0884 -- [Win][UNIX/Linux] -- phpMyAdmin security announcement
PMASA-2008-7
Date: 17 September 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9844
Title: ESB-2008.0883 -- [Win] -- InstallShield / Macrovision / Acresso FLEXnet
Connect insecurely retrieves and executes scripts
Date: 17 September 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9843
Title: ESB-2008.0882 -- [Mac][OSX] -- APPLE-SA-2008-09-16 Apple Remote Desktop
3.2.2
Date: 17 September 2008
OS: Mac OS X
URL: http://www.auscert.org.au/9842
Title: ESB-2008.0881 -- [Solaris] -- A Security Vulnerability within the SunMC
PRM Web Page may result in a Denial of Service (DoS)
Date: 17 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9841
Title: ESB-2008.0880 -- [Debian] -- New openssh packages fix denial of service
Date: 17 September 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9840
Title: ESB-2008.0879 -- [RedHat] -- Moderate: bzip2 security update
Date: 17 September 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9839
Title: ESB-2008.0878 -- [Win][UNIX/Linux] -- TWiki command execution
vulnerability
Date: 19 September 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9838
Title: ESB-2008.0877 -- [Solaris] -- A Security Vulnerability in the bzip2(1)
command may lead to a Denial of Service (DoS)
Date: 16 September 2008
OS: Solaris
URL: http://www.auscert.org.au/9837
Title: ESB-2008.0876 -- [Mac][OSX] -- Mac OS X v10.5.5 and Security Update
2008-006
Date: 16 September 2008
OS: Mac OS X
URL: http://www.auscert.org.au/9836
Title: ESB-2008.0875 -- [UNIX/Linux][Debian] -- New git-core packages fix
buffer overflow
Date: 16 September 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X
URL: http://www.auscert.org.au/9835
Title: ESB-2008.0874 -- [Appliance] -- APPLE-SA-2008-09-12 iPhone v2.1
Date: 15 September 2008
URL: http://www.auscert.org.au/9834
Title: ESB-2008.0871 -- [HP OpenVMS] -- HP OpenVMS SMGRTL Run Time Library,
Local Authorized User, Gain Privileged Access
Date: 19 September 2008
OS: HP-UX, HP Tru64 UNIX
URL: http://www.auscert.org.au/9829
Title: ESB-2008.0856 -- [AIX] -- AIX swcons file ownership/permission
vulnerability.
Date: 18 September 2008
OS: AIX
URL: http://www.auscert.org.au/9793
Title: ESB-2008.0831 -- [NetBSD] -- Malicious PPPoE discovery packet can
overrun a kernel buffer
Date: 17 September 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9758
Title: ESB-2008.0756 -- [UNIX/Linux][RedHat] -- Critical: RealPlayer security
update
Date: 18 September 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/9656
Title: ESB-2006.0617 -- [Solaris] -- Multiple Security Vulnerabilites in
Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux
Date: 16 September 2008
OS: Solaris
URL: http://www.auscert.org.au/6681
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list