[AusNOG] AusCERT Week in Review - Week Ending 01/05/2009 (AUSCERT#20073f686)
Richard Billington
richard at auscert.org.au
Tue May 5 10:37:26 EST 2009
AusCERT Week in Review
01 May 2009
Web Log Entries:
- - ----------------
Title: Swine update
Date: 29 April 2009
URL: http://www.auscert.org.au/10912
Title: I love SRP!
Date: 28 April 2009
URL: http://www.auscert.org.au/10859
Title: Swine Flu
Date: 27 April 2009
URL: http://www.auscert.org.au/10891
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2009.0108 -- [Win][UNIX/Linux] -- TWiki: Cross-site Request Forgery
Date: 01 May 2009
URL: http://www.auscert.org.au/10936
Title: AU-2009.0017 -- AusCERT Update - [Solaris] - Security Vulnerability in
GNU tar May Lead to Arbitrary Code Execution or Denial of Service (DoS)
Date: 30 April 2009
URL: http://www.auscert.org.au/10920
Title: AU-2009.0018 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] - HP
OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary
Code
Date: 30 April 2009
URL: http://www.auscert.org.au/10922
Title: AA-2009.0107 -- [Appliance] -- F5 Networks - BigIP 10.0.0 - Multiple
Vulnerabilities
Date: 30 April 2009
URL: http://www.auscert.org.au/10923
Title: AU-2009.0019 -- AusCERT Update - [VMware ESX] - ESX: updates for
openssl, bind and vim
Date: 30 April 2009
URL: http://www.auscert.org.au/10929
Title: AA-2009.0106 -- [Linux] -- Adobe Reader: Execute Arbitrary
Code/Commands
Date: 29 April 2009
URL: http://www.auscert.org.au/10919
Title: AL-2009.0036 -- [Win][Netware][Linux] -- Symantec Alert Management
System 2: Administrator Compromise
Date: 29 April 2009
URL: http://www.auscert.org.au/10915
Title: AA-2009.0105 -- [Win][UNIX/Linux] -- Firefox: Denial of Service
Date: 28 April 2009
URL: http://www.auscert.org.au/10895
Title: AA-2009.0102 -- [Cisco] -- Cisco ASA: Multiple Vulnerabilities
Date: 27 April 2009
URL: http://www.auscert.org.au/10887
Title: AA-2009.0103 -- [Win][UNIX/Linux] -- Apache: Access Privileged Data
Date: 27 April 2009
URL: http://www.auscert.org.au/10889
Title: AA-2009.0104 -- [Win] -- Google Chrome: Execute Arbitrary Code/Commands
Date: 27 April 2009
URL: http://www.auscert.org.au/10892
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0864 -- [Solaris] -- Security Vulnerability in GNU tar May
Lead to Arbitrary Code Execution or Denial of Service (DoS)
Date: 30 April 2009
OS: Solaris
URL: http://www.auscert.org.au/9819
Title: ESB-2009.0426 -- [RedHat] -- kernel: Multiple Vulnerabilities
Date: 01 May 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10935
Title: ESB-2009.0425 -- [UNIX/Linux][RedHat] -- gpdf: Multiple Vulnerabilities
Date: 01 May 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10934
Title: ESB-2009.0424 -- [UNIX/Linux][RedHat] -- libwmf: Execute Arbitrary
Code/Commands
Date: 01 May 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10933
Title: ESB-2009.0423 -- [UNIX/Linux][Ubuntu] -- apport: Modify Arbitrary Files
Date: 01 May 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10932
Title: ESB-2009.0422 -- [Solaris] -- ASN.1 Printing: Denial of Service
Date: 01 May 2009
OS: Solaris
URL: http://www.auscert.org.au/10931
Title: ESB-2009.0421 -- [UNIX/Linux][Debian] -- freetype: Execute Arbitrary
Code/Commands
Date: 01 May 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10930
Title: ESB-2009.0420 -- [Win][Netware][Linux] -- Symantec Log Viewer: Execute
Arbitrary Code/Commands
Date: 30 April 2009
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Novell
Netware, Windows Vista
URL: http://www.auscert.org.au/10928
Title: ESB-2009.0419 -- [Debian] -- mysql-dfsg-5.0: Multiple Vulnerabilities
Date: 30 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10927
Title: ESB-2009.0418 -- [UNIX/Linux][Debian] -- mplayer: Execute Arbitrary
Code/Commands
Date: 30 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10926
Title: ESB-2009.0417 -- [Debian] -- ffmpeg-debian: Execute Arbitrary
Code/Commands
Date: 30 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10925
Title: ESB-2009.0416 -- [Win][UNIX/Linux] -- Drupal core and Drupal
third-party modules: Multiple Vulnerabilities
Date: 30 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, FreeBSD, Other Linux Variants, Windows XP,
Windows Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10924
Title: ESB-2009.0415 -- [RedHat] -- kernel-rt: Multiple Vulnerabilities
Date: 30 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10921
Title: ESB-2009.0414 -- [UNIX/Linux][Ubuntu] -- acpid: Denial of Service
Date: 29 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10917
Title: ESB-2009.0413 -- [Solaris] -- DTrace: Denial of Service
Date: 30 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10916
Title: ESB-2009.0412 -- [UNIX/Linux][Debian] -- libdbd-pg-perl: Multiple
Vulnerabilities
Date: 29 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10911
Title: ESB-2009.0411 -- [HP-UX] -- useradd: Inappropriate Access
Date: 29 April 2009
OS: HP-UX
URL: http://www.auscert.org.au/10910
Title: ESB-2009.0410 -- [Win][UNIX/Linux] -- TIBCO SmartSockets: Administrator
Compromise
Date: 29 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10908
Title: ESB-2009.0409 -- [Win][UNIX/Linux] -- ClamAV: Multiple Vulnerabilities
Date: 28 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10898
Title: ESB-2009.0408 -- [RedHat] -- Firefox: Execute Arbitrary Code/Commands
Date: 28 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10896
Title: ESB-2009.0407 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager: Execute Arbitrary Code/Commands
Date: 28 April 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Windows Server 2008, Red Hat Linux, HP-UX,
Windows Vista
URL: http://www.auscert.org.au/10893
Title: ESB-2009.0406 -- [Appliance] -- Symantec Brightmail Gateway: Multiple
Vulnerabilities
Date: 27 April 2009
URL: http://www.auscert.org.au/10890
Title: ESB-2009.0405 -- [FreeBSD] -- libc: Access Privileged Data
Date: 27 April 2009
OS: FreeBSD
URL: http://www.auscert.org.au/10888
Title: ESB-2009.0404 -- [Solaris] -- Avaya: Multiple Vulnerabilities
Date: 27 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10886
Title: ESB-2009.0403 -- [SUSE] -- glib2: Execute Arbitrary Code/Commands
Date: 27 April 2009
OS: Other Linux Variants
URL: http://www.auscert.org.au/10885
Title: ESB-2009.0402 -- [Debian] -- apt: Multiple Vulnerabilities
Date: 27 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10884
Title: ESB-2009.0395 -- [FreeBSD] -- libc: Access Privileged Data
Date: 28 April 2009
OS: FreeBSD, FreeBSD
URL: http://www.auscert.org.au/10874
Title: ESB-2009.0385 -- [OpenSolaris] -- OpenSolaris SCTP Sockets: Denial of
Service
Date: 27 April 2009
OS: Solaris, Solaris
URL: http://www.auscert.org.au/10862
Title: ESB-2009.0360 -- [Win][UNIX/Linux][Ubuntu] -- ClamAV: Denial of Service
Date: 27 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista, Solaris, HP Tru64 UNIX, Ubuntu, Debian
GNU/Linux, Other BSD Variants, IRIX, Windows 2003, OpenBSD, Windows
2000, FreeBSD, Other Linux Variants, Windows XP, Windows Server 2008,
Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10822
Title: ESB-2009.0307 -- [VMware ESX] -- ESX: updates for openssl, bind and vim
Date: 30 April 2009
OS: Virtualisation
URL: http://www.auscert.org.au/10742
Title: ESB-2009.0073 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Execution of Arbitrary Code
Date: 30 April 2009
OS: Windows Vista, HP-UX, Red Hat Linux, Windows Server 2008, Windows XP,
Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
Ubuntu, Solaris
URL: http://www.auscert.org.au/10390
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list