[AusNOG] FW: AusCERT Week in Review - Week Ending 10/12/2010 (AUSCERT#20073f686)

Joel Hatton joel at auscert.org.au
Fri Dec 10 18:19:18 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Week in Review
10 December 2010

Greetings,

Popular applications in focus this week, with Firefox[1], Google Chrome[2],
Thunderbird[3] and Quicktime[4] all corrected for multiple vulnerabilities.
Next week is Microsoft patch week and the Advance Notification[5] is out: 17
bulletins in total, with critical impacts on Windows, Internet Explorer
and Office.

regards,
The AusCERT Team

[1] Mozilla Firefox http://www.auscert.org.au/13697
[2] Google Chrome http://www.auscert.org.au/13678
[3] Mozilla Thunderbird http://www.auscert.org.au/13698
[4] Apple Quicktime http://www.auscert.org.au/13687
[5] Microsoft Advance Notification http://www.auscert.org.au/13694


Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2010.0248 - ALERT [Win][UNIX/Linux] Firefox: Multiple
       vulnerabilities 
Date:  10 December 2010
URL:   http://www.auscert.org.au/13697

Title: ASB-2010.0249 - [Win][UNIX/Linux] Thunderbird: Multiple
vulnerabilities
Date:  10 December 2010
URL:   http://www.auscert.org.au/13698

Title: ASB-2010.0247 - [Win][UNIX/Linux] WordPress prior to version 3.0.3:
       Increased privileges - Existing account 
Date:  09 December 2010
URL:   http://www.auscert.org.au/13693

Title: ASB-2010.0246.2 - UPDATE [Win][Linux][OSX] Google Chrome prior to
       8.0.552.215: Multiple vulnerabilities 
Date:  08 December 2010
URL:   http://www.auscert.org.au/13678


External Security Bulletins:
- ----------------------------
Title: ESB-2010.1117 - [RedHat] thunderbird: Multiple vulnerabilities 
Date:  10 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13700

Title: ESB-2010.1116 - [RedHat] firefox: Multiple vulnerabilities 
Date:  10 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13699

Title: ESB-2010.1115 - [Win] CA XOsoft: Execute arbitrary code/commands -
       Remote/unauthenticated 
Date:  10 December 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/13696

Title: ESB-2010.1114 - [HP-UX] HP-UX Apache-based Web Server: Multiple
       vulnerabilities 
Date:  10 December 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13695

Title: ESB-2010.1113 - [Win] Microsoft Security Bulletin Advance
Notification
       for December 2010 
Date:  10 December 2010
OS:    Windows 2003, Windows XP, Windows 7, Windows Vista, Windows Server
2008
URL:   http://www.auscert.org.au/13694

Title: ESB-2010.1112 - [Win][UNIX/Linux] Drupal third-party modules: Execute
       arbitrary code/commands - Remote with user interaction 
Date:  09 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13692

Title: ESB-2010.1111 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities 
Date:  09 December 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13691

Title: ESB-2010.1110 - [SUSE][OpenSUSE] acoread: Multiple vulnerabilities 
Date:  09 December 2010
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13690

Title: ESB-2010.1109 - [RedHat] JBoss: Denial of service - Remote with user
       interaction 
Date:  09 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13689

Title: ESB-2010.1108 - [RedHat] kernel-rt: Multiple vulnerabilities 
Date:  09 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13688

Title: ESB-2010.1107 - [Win][OSX] QuickTime prior to 7.6.9: Multiple
       vulnerabilities 
Date:  08 December 2010
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac
       OS X, Windows Server 2008 
URL:   http://www.auscert.org.au/13687

Title: ESB-2010.1106 - [Win][UNIX/Linux][Mandriva] clamav: Multiple
       vulnerabilities 
Date:  08 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13686

Title: ESB-2010.1105 - [VMware ESX] VMware ESX 3.5: Multiple vulnerabilities

Date:  08 December 2010
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13685

Title: ESB-2010.1104 - [HP-UX] HP-UX: Denial of service -
       Remote/unauthenticated 
Date:  08 December 2010
OS:    HP-UX 
URL:   http://www.auscert.org.au/13684

Title: ESB-2010.1103 - [RedHat] apr-util: Denial of service - Existing
account
Date:  08 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13683

Title: ESB-2010.1102 - [Win][UNIX/Linux] Atlassian JIRA prior to 4.2.1:
       Cross-site request forgery - Remote with user interaction 
Date:  07 December 2010
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13682

Title: ESB-2010.1101 - [RedHat] quagga: Multiple vulnerabilities 
Date:  07 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13681

Title: ESB-2010.1100 - [RedHat] kvm: Denial of service - Existing account 
Date:  07 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13680

Title: ESB-2010.1099 - [RedHat] Red Hat Enterprise Virtualization Manager:
       Increased privileges - Existing account 
Date:  07 December 2010
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13679



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNAdK4/iFOrG6YcBERAvs8AJ9hjObTC1fXpLXyC6RFqenLbmOR6ACfTGpH
TNtsZAWeIuPfYCsZ0OF3Rs4=
=3MNr
-----END PGP SIGNATURE-----




More information about the AusNOG mailing list