[AusNOG] AusCERT Week in Review - Week Ending 24/04/2009 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Fri Apr 24 16:54:05 EST 2009


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0101 -- [Win][UNIX/Linux] -- Ruby: Access Privileged Data 
Date:  24 April 2009
URL:   http://www.auscert.org.au/10878

Title: AL-2009.0035 -- [Win][UNIX/Linux] -- Firefox, Seamonkey and
       Thunderbird: Execute Arbitrary Code 
Date:  23 April 2009
URL:   http://www.auscert.org.au/10869

Title: AL-2009.0027 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
       Pre-release Announcement for April 2009 
Date:  22 April 2009
URL:   http://www.auscert.org.au/10800

Title: AA-2009.0100 -- [Appliance] -- Nortel Application Gateway: Access
       Privileged Data 
Date:  22 April 2009
URL:   http://www.auscert.org.au/10867


External Security Bulletins:
----------------------------
Title: ESB-2009.0399 -- [Win] -- Citrix XenApp: Reduced Security 
Date:  24 April 2009
OS:    Windows 2003 
URL:   http://www.auscert.org.au/10880

Title: ESB-2009.0398 -- [SUSE] -- cups: Execute Arbitrary Code 
Date:  23 April 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/10877

Title: ESB-2009.0397 -- [Linux][Solaris] -- Sun Java System Delegated
       Administrator: Cross-site Scripting 
Date:  23 April 2009
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/10876

Title: ESB-2009.0396 -- [SUSE] -- udev: Root Compromise 
Date:  23 April 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/10875

Title: ESB-2009.0395 -- [FreeBSD] -- libc: Access Privileged Data 
Date:  23 April 2009
OS:    FreeBSD 
URL:   http://www.auscert.org.au/10874

Title: ESB-2009.0394 -- [FreeBSD] -- OpenSSL: Denial of Service 
Date:  23 April 2009
OS:    FreeBSD 
URL:   http://www.auscert.org.au/10873

Title: ESB-2009.0393 -- [UNIX/Linux][Debian] -- mahara: Cross-site Scripting 
Date:  23 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10872

Title: ESB-2009.0392 -- [RedHat] -- giflib: Execute Arbitrary Code 
Date:  23 April 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10871

Title: ESB-2009.0391 -- [RedHat] -- firefox: Execute Arbitrary Code 
Date:  23 April 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10870

Title: ESB-2009.0390 -- [Win][UNIX/Linux][RedHat] -- seamonkey: Execute
       Arbitrary Code 
Date:  22 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
       HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/10868

Title: ESB-2009.0389 -- [Ubuntu] -- APT: Provide Misleading Information 
Date:  22 April 2009
OS:    Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/10866

Title: ESB-2009.0388 -- [UNIX/Linux][Ubuntu] -- xine-lib: Execute Arbitrary
       Code 
Date:  22 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10865

Title: ESB-2009.0387 -- [Debian] -- git-core: Increased Privileges 
Date:  22 April 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10864

Title: ESB-2009.0386 -- [Linux][Debian][AIX][Mac][OSX] -- slurm-llnl:
       Increased Privileges 
Date:  22 April 2009
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, Mac OS
       X, AIX 
URL:   http://www.auscert.org.au/10863

Title: ESB-2009.0385 -- [OpenSolaris] -- OpenSolaris SCTP Sockets: Denial of
       Service 
Date:  22 April 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10862

Title: ESB-2009.0384 -- [Debian] -- php-json-ext: Denial of Service 
Date:  21 April 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10861

Title: ESB-2009.0383 -- [Win][RedHat] -- HP StorageWorks Storage Mirroring:
       Execute Arbitrary Code 
Date:  21 April 2009
OS:    Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Red Hat
       Linux, Windows Vista 
URL:   http://www.auscert.org.au/10860

Title: ESB-2009.0382 -- [Win][UNIX/Linux] -- HP Storage Essentials: Increased
       Privileges 
Date:  21 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
       HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/10858

Title: ESB-2009.0381 -- [SUSE] -- SUSE: Execute Arbitrary Code/Commands 
Date:  21 April 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/10857

Title: ESB-2009.0380 -- [Solaris] -- Veritas NetBackup: Increased Privileges 
Date:  20 April 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10856

Title: ESB-2009.0379 -- [UNIX/Linux][Ubuntu] -- Poppler: Execute Arbitrary
       Code 
Date:  20 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10855

Title: ESB-2009.0378 -- [Win][UNIX/Linux][Debian] -- ejabberd: Cross-site
       scripting 
Date:  20 April 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
       HP-UX, AIX, Windows Vista 
URL:   http://www.auscert.org.au/10854

Title: ESB-2009.0376 -- [Win][Linux][HP-UX][Solaris] -- Sun Java System
       Directory Server: Multiple Vulnerabilities 
Date:  20 April 2009
OS:    HP-UX, Red Hat Linux, Windows Server 2008, Other Linux Variants,
       Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris 
URL:   http://www.auscert.org.au/10846

Title: ESB-2009.0374 -- [SUSE] -- udev: Root Compromise 
Date:  22 April 2009
OS:    Other Linux Variants 
URL:   http://www.auscert.org.au/10844

Title: ESB-2009.0370 -- [RedHat] -- udev: Root Compromise 
Date:  22 April 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10839

Title: ESB-2009.0369 -- [Debian] -- udev: Root Compromise 
Date:  22 April 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10838

Title: ESB-2009.0365 -- [Linux][Ubuntu] -- udev: Root Compromise 
Date:  22 April 2009
OS:    Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/10831

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list