[AusNOG] AusCERT Week in Review - Week Ending 27/02/2009 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Feb 27 17:27:13 EST 2009


AusCERT Week in Review

27 February 2009

 

Alerts, Advisories and Updates:

-------------------------------

Title: AA-2009.0042 -- [Win][Mac][OSX] -- Vulnerability announced in
Microsoft

       Excel 

Date:  25 February 2009

URL:   http://www.auscert.org.au/10544

 

Title: AA-2009.0043 -- [Win][Linux][HP-UX][Solaris][AIX] -- Privilege

       escalation vulnerability in IBM websphere MQ 

Date:  25 February 2009

URL:   http://www.auscert.org.au/10546

 

Title: AA-2009.0039 -- [OpenBSD] -- OpenBSD patch corrects sudo
vulnerability 

Date:  24 February 2009

URL:   http://www.auscert.org.au/10538

 

Title: AA-2009.0040 -- [Win][Linux][Solaris][AIX] -- Vulnerability corrected

       in IBM WebSphere Partner Gateway 

Date:  24 February 2009

URL:   http://www.auscert.org.au/10539

 

Title: AA-2009.0041 -- [Appliance] -- Avaya addresses vulnerabilities in

       Digital Enhanced Cordless Telecommunications (DECT) 

Date:  24 February 2009

URL:   http://www.auscert.org.au/10542

 

Title: AA-2009.0035 -- [Win][UNIX/Linux] -- Security vulnerability corrected

       in Ruby - Revision 22440 

Date:  23 February 2009

URL:   http://www.auscert.org.au/10530

 

Title: AA-2009.0037 -- [Win][UNIX/Linux] -- SQL injection vulnerabilities in

       GForge 

Date:  23 February 2009

URL:   http://www.auscert.org.au/10534

 

Title: AA-2009.0038 -- [Win] -- Vulnerability corrected in LANDesk
Management

       Suite 

Date:  23 February 2009

URL:   http://www.auscert.org.au/10535

 

External Security Bulletins:

----------------------------

Title: ESB-2008.0997 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in

       Drupal Core and third-party modules 

Date:  22 February 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows

       XP, Mac OS X 

URL:   http://www.auscert.org.au/10003

 

Title: ESB-2008.0957 -- [Win][UNIX/Linux] -- SIOC and EveryBlog (Drupal

       third-party modules) Multiple vulnerabilities 

Date:  22 February 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows

       XP, Mac OS X 

URL:   http://www.auscert.org.au/9941

 

Title: ESB-2009.0187 -- [VMware ESX] -- ESX 2.5.5 patch 12 updates service

       console package ed 

Date:  27 February 2009

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10565

 

Title: ESB-2009.0186 -- [Cisco] -- Cisco Unified MeetingPlace Stored

       Cross-Site Scripting Vulnerability 

Date:  27 February 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10564

 

Title: ESB-2009.0185 -- [Win][UNIX/Linux] -- Tomcat information disclosure

       vulnerability 

Date:  27 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10563

 

Title: ESB-2009.0184 -- [Linux] -- A vulnerability has been identified and

       corrected in valgrind 

Date:  27 February 2009

OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 

URL:   http://www.auscert.org.au/10562

 

Title: ESB-2009.0183 -- [UNIX/Linux] -- Vulnerability identified in net-snmp


Date:  27 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10561

 

Title: ESB-2009.0182 -- [UNIX/Linux] -- Vulnerability identified in epiphany


Date:  27 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10560

 

Title: ESB-2009.0181 -- [Debian] -- New proftpd-dfsg packages fix SQL

       injection vulnerabilites 

Date:  27 February 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10559

 

Title: ESB-2009.0180 -- [Win] -- HP Virtual Rooms Client Running on Windows,

       Remote Execution of Arbitrary Code 

Date:  27 February 2009

OS:    Windows 2000, Windows XP, Windows Vista 

URL:   http://www.auscert.org.au/10558

 

Title: ESB-2009.0179 -- [Solaris] -- Security Vulnerabilities in Tomcat 5.5

       may Lead to Cross Site Scripting (XSS) or Directory Traversal 

Date:  27 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10557

 

Title: ESB-2009.0178 -- [Win] -- Update for Windows Autorun 

Date:  26 February 2009

OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/10556

 

Title: ESB-2009.0177 -- [Cisco] -- Multiple Vulnerabilities in the Cisco ACE

       Application Control Engine Module and Cisco ACE 4710 Application

       Control Engine 

Date:  26 February 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10555

 

Title: ESB-2009.0176 -- [Cisco] -- Cisco Unified MeetingPlace Web
Conferencing

       Authentication Bypass Vulnerability 

Date:  26 February 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10554

 

Title: ESB-2009.0175 -- [Win] -- Updates available for RoboHelp and RoboHelp

       Server Cross-Site Scripting issues 

Date:  26 February 2009

OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/10553

 

Title: ESB-2009.0174 -- [Win][UNIX/Linux][RedHat] -- Critical: flash-plugin

       security update 

Date:  26 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10552

 

Title: ESB-2009.0173 -- [Debian] -- New python-crypto packages fix denial of

       service 

Date:  26 February 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10551

 

Title: ESB-2009.0172 -- [Win] -- Drupal core - Local file inclusion on
Windows

Date:  26 February 2009

OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/10550

 

Title: ESB-2009.0171 -- [Win][UNIX/Linux] -- Shibboleth IdP 2.X cross-site

       request attack 

Date:  25 February 2009

OS:    Mac OS X, Windows XP, Windows 2000, Windows 2003, Windows Vista,
Server

       2008, AIX, Red Hat Linux, Other Linux Variants, Debian GNU/Linux,

       Ubuntu, HP-UX, FreeBSD, Other BSD Variants, OpenBSD, IRIX, Solaris,
HP

       Tru64 UNIX 

URL:   http://www.auscert.org.au/10549

 

Title: ESB-2009.0170 -- [Win][Linux][Solaris][Mac][OSX] -- Adobe Flash
Player

       Invalid Object Reference Vulnerability 

Date:  26 February 2009

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,

       Windows Vista 

URL:   http://www.auscert.org.au/10548

 

Title: ESB-2009.0169 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network

       Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service

       (DoS) 

Date:  25 February 2009

OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other

       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX,
Windows

       Vista 

URL:   http://www.auscert.org.au/10547

 

Title: ESB-2009.0168 -- [RedHat] -- Important: kernel security update 

Date:  25 February 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10545

 

Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4

       updates Tomcat to 5.5.27 

Date:  24 February 2009

OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux

       Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux,

       Windows Vista 

URL:   http://www.auscert.org.au/10543

 

Title: ESB-2009.0166 -- [Win][UNIX/Linux] -- Vulnerability corrected in

       PyCrypto 

Date:  24 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10541

 

Title: ESB-2009.0165 -- [UNIX/Linux] -- GNU Emacs, XEmacs: Multiple

       vulnerabilities 

Date:  24 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10540

 

Title: ESB-2009.0164 -- [Appliance] -- Intercepting proxy servers may

       incorrectly rely on HTTP headers to make connections 

Date:  24 February 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10537

 

Title: ESB-2009.0163 -- [Win][UNIX/Linux] -- OpenSSH 5.2 released 

Date:  23 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10536

 

Title: ESB-2009.0162 -- [Win][UNIX/Linux] -- Adobe Reader and Acrobat buffer

       overflow vulnerability 

Date:  23 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10533

 

Title: ESB-2009.0157 -- [FreeBSD] -- telnetd code execution vulnerability 

Date:  23 February 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10512

 

Title: ESB-2009.0114 -- [VMware ESX] -- ESX patches address an issue loading

       corrupt virtual disks and update Service Console packages 

Date:  27 February 2009

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10448

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090227/69d0a50c/attachment.html>


More information about the AusNOG mailing list