[AusNOG] AusCERT Week in Review - Week Ending 06/03/2009 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Mar 6 16:16:00 EST 2009


AusCERT Week in Review

06 March 2009

 

Papers, Articles and other documents:

-------------------------------------

Title: Skeleton DDoS Mitigation Procedure 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10590

 

Web Log Entries:

----------------

Title: Another day... another browser vulnerability. 

Date:  05 March 2009

URL:   http://www.auscert.org.au/10602

 

Alerts, Advisories and Updates:

-------------------------------

Title: AA-2009.0051 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in IBM Websphere Application Server 

Date:  06 March 2009

URL:   http://www.auscert.org.au/10599

 

Title: AA-2009.0052 -- [Win][Linux][HP-UX][Solaris][AIX] -- A number of

       vulnerabilities have been identified in IBM DB2 

Date:  06 March 2009

URL:   http://www.auscert.org.au/10600

 

Title: AA-2009.0049 -- [Win][UNIX/Linux] -- An update has been released for

       OpenSC 

Date:  05 March 2009

URL:   http://www.auscert.org.au/10593

 

Title: AL-2009.0015 -- [Win][UNIX/Linux] -- A number of vulnerabilities have

       been identified in Mozilla Firefox, SeaMonkey and Thunderbird 

Date:  05 March 2009

URL:   http://www.auscert.org.au/10591

 

Title: AA-2009.0050 -- [UNIX/Linux] -- A vulnerability has been identified
in

       Nagios 

Date:  05 March 2009

URL:   http://www.auscert.org.au/10594

 

Title: AL-2009.0007 -- [Win][UNIX/Linux] -- Updates available for Firefox,

       ThunderBird and SeaMonkey 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10457

 

Title: AL-2009.0014 -- [UNIX/Linux] -- Squid Proxy Cache Security Update

       Advisory 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10464

 

Title: AA-2009.0047 -- [Win][UNIX/Linux] -- A vulnerability has been found
in

       libsndfile used by Winamp 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10582

 

Title: AU-2009.0011 -- AusCERT Update - [Appliance] - Blue Coat Update -

       Intercepting proxy servers may incorrectly rely on HTTP headers to
make

       connections 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10583

 

Title: AA-2009.0048 -- [Win][UNIX/Linux] -- Opera 9.64 has been released

       correcting multiple security vulnerabilities 

Date:  04 March 2009

URL:   http://www.auscert.org.au/10584

 

Title: AA-2009.0045 -- [Win][UNIX/Linux] -- PHP 5.2.9 released 

Date:  03 March 2009

URL:   http://www.auscert.org.au/10574

 

Title: AA-2009.0046 -- [Win][Netware][UNIX/Linux] -- Vulnerability
identified

       in Novell eDirectory 

Date:  03 March 2009

URL:   http://www.auscert.org.au/10578

 

Title: AU-2009.0010 -- AusCERT Update - [Debian] - [DSA 1719-2] New GNUTLS

       packages fix regression 

Date:  02 March 2009

URL:   http://www.auscert.org.au/10575

 

Title: AA-2009.0044 -- [Win][UNIX/Linux] -- Joomla!: multiple
vulnerabilities 

Date:  02 March 2009

URL:   http://www.auscert.org.au/10569

 

External Security Bulletins:

----------------------------

Title: ESB-2009.0209 -- [Appliance] -- Time Capsule and AirPort Base Station

       (802.11n*) Firmware 7.4.1 

Date:  06 March 2009

OS:    Mac OS X 

URL:   http://www.auscert.org.au/10601

 

Title: ESB-2009.0208 -- [UNIX/Linux] -- Multiple vulnerabilities identified
in

       php 

Date:  06 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10598

 

Title: ESB-2009.0207 -- [Solaris] -- A Security Vulnerability With the
Solaris

       Crypto Driver May Cause a System Panic 

Date:  06 March 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10597

 

Title: ESB-2009.0206 -- [Solaris] -- Cross Site Scripting (XSS)
Vulnerability

       in Sun Management Center (SunMC) Performance Reporting Module 

Date:  06 March 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10596

 

Title: ESB-2009.0205 -- [Debian] -- New opensc packages fix information

       disclosure 

Date:  06 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10595

 

Title: ESB-2009.0204 -- [RedHat] -- Critical: firefox and seamonkey security

       updates 

Date:  05 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10592

 

Title: ESB-2009.0203 -- [Cisco] -- Cisco 7600 Series Router Session Border

       Controller Denial of Service Vulnerability 

Date:  05 March 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10589

 

Title: ESB-2009.0202 -- [RedHat] -- Moderate: libpng security update 

Date:  05 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10588

 

Title: ESB-2009.0201 -- [Win][UNIX/Linux][RedHat] -- Moderate: wireshark

       security update 

Date:  05 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows
XP,

       Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista 

URL:   http://www.auscert.org.au/10587

 

Title: ESB-2009.0200 -- [UNIX/Linux][Ubuntu] -- network-manager-applet and

       network-manager vulnerabilities 

Date:  04 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10586

 

Title: ESB-2009.0199 -- [Win][UNIX/Linux] -- libpng vulnerability - libpng

       fails to properly initialize element pointers 

Date:  04 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10585

 

Title: ESB-2009.0198 -- [Win][UNIX/Linux][Ubuntu] -- curl vulnerability 

Date:  04 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10581

 

Title: ESB-2009.0197 -- [Win][UNIX/Linux][Debian] -- New squid3 packages fix

       denial of service 

Date:  04 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10580

 

Title: ESB-2009.0196 -- [UNIX/Linux][Debian] -- New vim packages fix
multiple

       vulnerabilities 

Date:  04 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10579

 

Title: ESB-2009.0195 -- [Appliance] -- Nortel Response to OpenSSL

       'EVP_VerifyFinal' Function Signature Verification Vulnerability 

Date:  03 March 2009

URL:   http://www.auscert.org.au/10577

 

Title: ESB-2009.0194 -- [Linux] -- SUSE Update for Multiple Packages 

Date:  03 March 2009

OS:    Other Linux Variants 

URL:   http://www.auscert.org.au/10576

 

Title: ESB-2009.0193 -- [Debian] -- New ndiswrapper packages fix arbitrary

       code execution vulnerability 

Date:  03 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10573

 

Title: ESB-2009.0192 -- [Debian] -- New proftpd-dfsg packages fix SQL

       injection vulnerabilites 

Date:  03 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10572

 

Title: ESB-2009.0191 -- [Debian] -- New gst-plugins-bad0.10 packages fix

       multiple vulnerabilities 

Date:  03 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10571

 

Title: ESB-2009.0190 -- [RedHat] -- Low: Red Hat Enterprise Linux 2.1 - 3

       Month End Of Life Notice 

Date:  03 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10570

 

Title: ESB-2009.0189 -- [Win][UNIX/Linux] -- Taxonomy Theme (Drupal

       Third-party module) - Cross site scripting 

Date:  02 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10568

 

Title: ESB-2009.0188 -- [UNIX/Linux][Debian] -- New dkim-milter packages fix

       denial of service 

Date:  02 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10567

 

Title: ESB-2009.0155 -- [HP-UX] -- HP-UX Running Apache Web Server Suite,

       Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution

       of Arbitrary Code, Cross-Site Request Forgery (CSRF) 

Date:  03 March 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/10509

 

Title: ESB-2009.0142 -- [Debian] -- New gnutls13 packages fix certificate

       validation 

Date:  03 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10489

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090306/be431259/attachment.html>


More information about the AusNOG mailing list