[AusNOG] AusCERT Week in Review - Week Ending 27/03/2009 (AUSCERT#20073f686)

Patrick Mannion patrick at auscert.org.au
Fri Mar 27 17:35:50 EST 2009


Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0063 -- [Win][UNIX/Linux] -- Two vulnerabilities patched in
       phpMyAdmin 
Date:  27 March 2009
URL:   http://www.auscert.org.au/10686

Title: AA-2009.0066 -- [Win][UNIX/Linux] -- OpenSSL: Multiple vulnerabilities 
Date:  27 March 2009
URL:   http://www.auscert.org.au/10708

Title: AA-2009.0067 -- [Win][Netware][Linux][Solaris][AIX] -- eDirectory:
       Hotfix available to correct a security vulnerability 
Date:  27 March 2009
URL:   http://www.auscert.org.au/10709

Title: AL-2009.0022 -- [Win] -- IBM Access Support ActiveX Control: Execute
       Arbitrary Code 
Date:  27 March 2009
URL:   http://www.auscert.org.au/10710

Title: AA-2009.0068 -- [Win][Netware][Linux] -- ZENworks: information
       disclosure vulnerability 
Date:  27 March 2009
URL:   http://www.auscert.org.au/10711

Title: AA-2009.0064 -- [Win] -- Unauthorized read access vulnerability in IBM
       Rational AppScan Enterprise 
Date:  26 March 2009
URL:   http://www.auscert.org.au/10689

Title: AL-2009.0021 -- [Win] -- Update on Conficker as April 2009 activation
       date approaches 
Date:  26 March 2009
URL:   http://www.auscert.org.au/10702

Title: AA-2009.0065 -- [Win] -- Novell - vulnerabilities patched in Client for
       Windows 4.8 and 4.9 
Date:  26 March 2009
URL:   http://www.auscert.org.au/10703

Title: AL-2009.0018 -- [Win][UNIX/Linux] -- Critical update for Adobe Reader 9
       and Acrobat 9 
Date:  25 March 2009
URL:   http://www.auscert.org.au/10621

Title: AA-2009.0062 -- [Win][UNIX/Linux] -- HTTP Response Splitting and file
       inclusion vulnerability in phpMyAdmin 
Date:  25 March 2009
URL:   http://www.auscert.org.au/10684

Title: AU-2009.0012 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] -
       HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node
       Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service
       (DoS) 
Date:  24 March 2009
URL:   http://www.auscert.org.au/10677

Title: AA-2009.0061 -- [Win][UNIX/Linux] -- New versions of PostgreSQL
       released 
Date:  24 March 2009
URL:   http://www.auscert.org.au/10681

Title: AA-2008.0259 -- [Win][UNIX/Linux] -- phpBB version 3.0.4 has been
       released correcting two vulnerabilities 
Date:  23 March 2009
URL:   http://www.auscert.org.au/10221

Title: AA-2009.0059 -- [Win][UNIX/Linux] -- Possible application source file
       exposure in IBM WebSphere Application Server 
Date:  23 March 2009
URL:   http://www.auscert.org.au/10650

Title: AA-2009.0060 -- [Win][UNIX/Linux] -- TikiWiki 2.3 released 
Date:  23 March 2009
URL:   http://www.auscert.org.au/10672


External Security Bulletins:
----------------------------
Title: ESB-2008.1111 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
       weaknesses were discovered in Drupal 
Date:  26 March 2009
OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
       XP, Mac OS X 
URL:   http://www.auscert.org.au/10192

Title: ESB-2008.0592 -- [Win][Linux][HP-UX][Solaris] -- HPSBMA02338
       SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV
       NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) 
Date:  23 March 2009
OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
       AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
       XP, Mac OS X 
URL:   http://www.auscert.org.au/9420

Title: ESB-2009.0288 -- [RedHat] -- NetworkManager: Moderate security update 
Date:  27 March 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10707

Title: ESB-2009.0287 -- [Debian] -- Iceweasel: End-of-life announcement in
       Debian 4.0 
Date:  27 March 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10706

Title: ESB-2009.0286 -- [RedHat] -- acroread: Critical security update 
Date:  26 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10705

Title: ESB-2009.0285 -- [Linux][Debian] -- systemtap: New packages fix local
       privilege escalation 
Date:  27 March 2009
OS:    Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu 
URL:   http://www.auscert.org.au/10704

Title: ESB-2009.0284 -- [UNIX/Linux][Debian] -- New lcms packages fix
       regression 
Date:  26 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10701

Title: ESB-2009.0283 -- [Cisco] -- Multiple Cisco IOS Vulnerabilities 
Date:  26 March 2009
OS:    Cisco Products 
URL:   http://www.auscert.org.au/10700

Title: ESB-2009.0282 -- [Win][UNIX/Linux][RedHat][Solaris] -- Critical:
       java-1.6.0-ibm security update 
Date:  26 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10699

Title: ESB-2009.0281 -- [Win][Linux][Solaris] -- Multiple vulnerabilities in
       Java Runtime Environment (JRE) 
Date:  27 March 2009
OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/10698

Title: ESB-2009.0280 -- [Win][Linux][Solaris] -- Security Vulnerabilities in
       the Java Runtime Environment (JRE) With Storing and Processing Font
       Files May Allow Denial of Service (DOS) 
Date:  27 March 2009
OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/10697

Title: ESB-2009.0279 -- [Win][Linux][Solaris] -- A Security Vulnerability in
       the Java Runtime Environment (JRE) HTTP Server Implementation May Allow
       a Denial of Service (DoS) Condition on a JAX-WS Service Endpoint 
Date:  27 March 2009
OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/10693

Title: ESB-2009.0278 -- [Win][Linux][Solaris] -- Integer and Buffer Overflow
       Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR
       Unpacking Utility May Lead to Escalation of Privileges 
Date:  27 March 2009
OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/10692

Title: ESB-2009.0277 -- [Win][Linux][Solaris] -- Multiple Security
       Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated 
Date:  27 March 2009
OS:    Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL:   http://www.auscert.org.au/10691

Title: ESB-2009.0276 -- [Solaris] -- A Security Vulnerability in the Java
       Runtime Environment (JRE) Virtual Machine With Code Generation May
       Allow Escalation of Privileges 
Date:  27 March 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10690

Title: ESB-2009.0275 -- [Solaris] -- Multiple Security Vulnerabilities in the
       Adobe Flash Player for Solaris 10 
Date:  25 March 2009
OS:    Solaris 
URL:   http://www.auscert.org.au/10688

Title: ESB-2009.0274 -- [RedHat] -- Moderate: thunderbird security update 
Date:  25 March 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10687

Title: ESB-2009.0273 -- [RedHat] -- Moderate: glib2 security update 
Date:  25 March 2009
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/10685

Title: ESB-2009.0272 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
       Node Manager (OV NNM), Remote Execution of Arbitrary Code 
Date:  25 March 2009
OS:    Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
       Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
       Vista 
URL:   http://www.auscert.org.au/10683

Title: ESB-2009.0271 -- [HP-UX] -- HP-UX Running VERITAS File System
       (VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation
       of Privilege 
Date:  25 March 2009
OS:    HP-UX 
URL:   http://www.auscert.org.au/10682

Title: ESB-2009.0270 -- [UNIX/Linux] -- A security vulnerability has been
       identified and fixed in pam 
Date:  24 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10680

Title: ESB-2009.0269 -- [Win][UNIX/Linux] -- Sun Java System Identity Manager
       Security Vulnerabilities 
Date:  27 March 2009
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/10679

Title: ESB-2009.0268 -- [UNIX/Linux][Debian] -- New webcit packages fix
       potential remote code execution 
Date:  24 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10678

Title: ESB-2009.0267 -- [Win][UNIX/Linux] -- BIND 9.5.1-P2 and 9.4.3-P2 are
       now available 
Date:  24 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10676

Title: ESB-2009.0266 -- [Win][UNIX/Linux] -- Vulnerabilities identified in
       Printer, e-mail and PDF versions, and Content Construction Kit (Drupal
       third-party modules) 
Date:  25 March 2009
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/10675

Title: ESB-2009.0265 -- [Win][RedHat][OSX] -- Symantec pcAnywhere Format
       String Denial of Service 
Date:  23 March 2009
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Red Hat Linux, Mac
       OS X, Windows Vista 
URL:   http://www.auscert.org.au/10674

Title: ESB-2009.0264 -- [Debian] -- New glib2.0 packages fix arbitrary code
       execution 
Date:  23 March 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10673

Title: ESB-2009.0263 -- [Debian] -- New Linux 2.6.26 packages fix several
       vulnerabilities 
Date:  23 March 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10671

Title: ESB-2009.0262 -- [UNIX/Linux][Debian] -- New xulrunner packages fix
       several vulnerabilities 
Date:  23 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10670

Title: ESB-2009.0261 -- [UNIX/Linux][FreeBSD] -- Local privilege escalation 
Date:  23 March 2009
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/10669

Title: ESB-2009.0260 -- [Debian] -- New libpng packages fix several
       vulnerabilities 
Date:  23 March 2009
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10668

Title: ESB-2009.0251 -- [UNIX/Linux][Ubuntu] -- GLib vulnerability 
Date:  25 March 2009
OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
       UNIX, Solaris 
URL:   http://www.auscert.org.au/10656

Title: ESB-2009.0027 -- [Win][UNIX/Linux] -- Openfire multiple vulnerabilities
Date:  24 March 2009
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
       Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/10320



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================






More information about the AusNOG mailing list