[AusNOG] AusCERT Week in Review - Week Ending 24/07/2009 (AUSCERT#20073F686)
Paul Fahey
paul at auscert.org.au
Fri Jul 24 15:28:53 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: ASB-2009.1026.2 - UPDATED ALERT [Win][UNIX/Linux] Adobe Flash:
Multiple
vulnerabilities
Date: 24 July 2009
URL: http://www.auscert.org.au/11356
Title: ASB-2009.1028 - [Win][UNIX/Linux] Joomla!: Multiple vulnerabilities
Date: 24 July 2009
URL: http://www.auscert.org.au/11361
Title: ASB-2009.1029.2 - UPDATE [Win][Linux][HP-UX][Solaris][AIX] IBM Tivoli
Identity Manager: Unauthorised access - Remote/unauthenticated
Date: 24 July 2009
URL: http://www.auscert.org.au/11363
Title: ASB-2009.1025 - [Appliance] DD-WRT: Root compromise -
Remote/unauthenticated
Date: 23 July 2009
URL: http://www.auscert.org.au/11355
Title: ASB-2009.1027 - [UNIX/Linux] ZNC: Multiple vulnerabilities
Date: 23 July 2009
URL: http://www.auscert.org.au/11358
Title: ASB-2009.1019.2 - UPDATE [Win] Chrome: Multiple vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11335
Title: ASB-2009.1022.3 - UPDATE [Win][UNIX/Linux] Wireshark: Multiple
vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11343
Title: ASB-2009.1023 - [Linux] Linux kernel: Multiple vulnerabilities
Date: 22 July 2009
URL: http://www.auscert.org.au/11346
Title: ASB-2009.1024 - [Win][UNIX/Linux] WordPress: Cross-site scripting -
Remote/unauthenticated
Date: 22 July 2009
URL: http://www.auscert.org.au/11347
Title: ASB-2009.1020 - [UNIX/Linux] Novell Privileged User Manager: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 21 July 2009
URL: http://www.auscert.org.au/11341
Title: ASB-2009.1021 - [Win][Linux][Solaris] Novell Access Manager: Access
privileged data - Existing account
Date: 21 July 2009
URL: http://www.auscert.org.au/11342
Title: ASB-2009.1017 - [Win][Linux][HP-UX][AIX] Hitachi Web server: Multiple
vulnerabilities
Date: 20 July 2009
URL: http://www.auscert.org.au/11333
Title: ASB-2009.1018 - [Win] VLC media player: Execute arbitrary
code/commands
- Remote with user interaction
Date: 20 July 2009
URL: http://www.auscert.org.au/11334
External Security Bulletins:
----------------------------
Title: ESB-2009.1091 - [SUSE] kernel: Multiple vulnerabilities
Date: 24 July 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/11362
Title: ESB-2009.1090 - [UNIX/Linux][Debian] xulrunner: Multiple
vulnerabilities
Date: 24 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD
Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11360
Title: ESB-2009.1089 - [Win][UNIX/Linux] Moderation (Drupal third-party
module): Cross-site request forgery - Remote/unauthenticated
Date: 23 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11357
Title: ESB-2009.1088.2 - UPDATE [Win] Akamai Download Manager: Execute
arbitrary code/commands - Remote with user interaction
Date: 24 July 2009
OS: Windows 2000, Windows XP, Windows Server 2008, Windows 2003, Windows
Vista
URL: http://www.auscert.org.au/11354
Title: ESB-2009.1087 - [HP-UX] XNTP 3.5: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 23 July 2009
OS: HP-UX
URL: http://www.auscert.org.au/11353
Title: ESB-2009.1086 - [Debian] evolution-data-server: Multiple
vulnerabilities
Date: 22 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11351
Title: ESB-2009.1085 - [RedHat] tomcat: Multiple vulnerabilities
Date: 22 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11350
Title: ESB-2009.1084 - [Win][UNIX/Linux][RedHat] seamonkey: Multiple
vulnerabilities
Date: 22 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11349
Title: ESB-2009.1083 - [Win][UNIX/Linux] firefox: Multiple vulnerabilities
Date: 22 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Mac OS X,
Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants,
OpenBSD, Windows 2000, AIX, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11348
Title: ESB-2009.1082 - [Win][Linux][Solaris] Helix: Multiple vulnerabilities
Date: 21 July 2009
OS: Solaris, Red Hat Linux, Windows 2003, Windows XP, Windows 2000,
Windows
Vista, Windows Server 2008, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11344
Title: ESB-2009.1081.2 - UPDATE [Solaris][OpenSolaris] SCTP: Denial of
service
- Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11340
Title: ESB-2009.1080 - [Solaris][OpenSolaris] Solaris XScreenSaver : Access
confidential data - Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11339
Title: ESB-2009.1079.2 - UPDATE [Solaris] Sun Ray Server Software 4.0:
Multiple vulnerabilities
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11338
Title: ESB-2009.1078 - [Win][UNIX/Linux][Appliance] XMLDsig: Provide
misleading information - Remote/unauthenticated
Date: 20 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Cisco Products, Windows
2003, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other
BSD
Variants, OpenBSD, Windows 2000, Windows Vista, FreeBSD, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/11337
Title: ESB-2009.1077 - [Debian] pulseaudio: Increased privileges - Existing
account
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11336
Title: ESB-2009.1076 - [UNIX/Linux] Syslog-ng: Reduced security - Existing
account
Date: 20 July 2009
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, HP-UX, Other BSD
Variants,
OpenBSD, AIX, FreeBSD, Mac OS X, Other Linux Variants, Ubuntu, Debian
GNU/Linux
URL: http://www.auscert.org.au/11332
Title: ESB-2009.1075 - [Debian] GStreamer Good Plugins: Execute arbitrary
code/commands - Remote with user interaction
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11331
Title: ESB-2009.1074 - [Debian] dbus: Denial of service - Existing account
Date: 20 July 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/11330
Title: ESB-2009.1073 - [RedHat] JBoss Enterprise Web Server: Multiple
vulnerabilities
Date: 20 July 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/11329
Title: ESB-2009.1072.2 - UPDATE [Solaris][OpenSolaris] NFSv4: Denial of
service - Existing account
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11327
Title: ESB-2009.1071.2 - UPDATE [Solaris][OpenSolaris] ipfilter: Denial of
service - Remote/unauthenticated
Date: 21 July 2009
OS: Solaris
URL: http://www.auscert.org.au/11326
Title: ESB-2009.0624 -- [AIX] -- OpenSSL: Denial of Service
Date: 22 July 2009
OS: AIX
URL: http://www.auscert.org.au/11231
Title: ESB-2009.0601 -- [NetBSD] -- NetBSD OpenPAM passwd(1): Root
Compromise
Date: 21 July 2009
OS: Other BSD Variants
URL: http://www.auscert.org.au/11198
Title: ESB-2009.0416 -- [Win][UNIX/Linux] -- Drupal core and Drupal
third-party modules: Multiple Vulnerabilities
Date: 23 July 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows Server
2008, Windows XP, Other Linux Variants, FreeBSD, OpenBSD, Windows
2003,
IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/10924
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090724/df162888/attachment.html>
More information about the AusNOG
mailing list