[AusNOG] AusCERT Week in Review - Week Ending 8/10/2010 (AUSCERT#20073f686)

Daniel McNamara daniel at auscert.org.au
Fri Oct 8 17:23:01 EST 2010 

Greetings,

 

The week was relatively quiet but it also warns of busy times ahead:

 

- Adobe released updates for Acrobat & Reader a week earlier than initially
announced. [1]

 

- RedHat was the first vendor to quickly follow these with an update to
their acroread package. [2]

 

- In a surprising move Microsoft has provided a very early pre-notification
of next week's patch

  day. A total of sixteen (16) different patches being put forward covering
Internet Explorer,

  the various Microsoft operating systems and Microsoft Office. [3]

 

Because of the very large amount and spread of the upcoming Microsoft
patches we are recommending

organisations have a well organised patch plan in place to offset any issues
that may arise.

 

With that we leave you to enjoy your weekend!

 

- Daniel

 

 

[1] ESB-2010.0890 - [Win][UNIX/Linux] Adobe Reader and Acrobat: Multiple
vulnerabilities

    http://www.auscert.org.au/13432

 

[2] ESB-2010.0892 - [RedHat] acroread: Multiple vulnerabilities

    http://www.auscert.org.au/13434

 

[3] ESB-2010.0896 - ALERT [Win][Mac][OSX] Microsoft Security Bulletin
Advance Notification for October 2010

    http://www.auscert.org.au/13438

 

AusCERT Week in Review

08 October 2010

 

Alerts, Advisories and Updates:

-------------------------------

Title: ASB-2010.0217.2 - UPDATE [Win][UNIX/Linux] BIND 9.7.2-P1: Multiple

       vulnerabilities 

Date:  06 October 2010

URL:   http://www.auscert.org.au/13413

 

Title: ASB-2010.0221 - [Appliance] Bluecoat ProxySG prior to version 6.1:

       Administrator compromise - Remote with user interaction 

Date:  05 October 2010

URL:   http://www.auscert.org.au/13430

 

Title: ASB-2010.0220 - [Win][UNIX/Linux] Adobe Reader & Acrobat: Multiple

       vulnerabilities 

Date:  04 October 2010

URL:   http://www.auscert.org.au/13424

 

 

External Security Bulletins:

----------------------------

Title: ESB-2010.0903 - [RedHat] kernel-rt: Multiple vulnerabilities 

Date:  08 October 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/13445

 

Title: ESB-2010.0902 - [RedHat] Red Hat MRG Messaging: Multiple

       vulnerabilities 

Date:  08 October 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/13444

 

Title: ESB-2010.0901 - [UNIX/Linux][RedHat] cups: Multiple vulnerabilities 

Date:  08 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13443

 

Title: ESB-2010.0900 - [UNIX/Linux][RedHat] kdegraphics: Multiple

       vulnerabilities 

Date:  08 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13442

 

Title: ESB-2010.0899 - [UNIX/Linux][RedHat] gpdf: Multiple vulnerabilities 

Date:  08 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13441

 

Title: ESB-2010.0898 - [UNIX/Linux][RedHat] xpdf: Multiple vulnerabilities 

Date:  08 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13440

 

Title: ESB-2010.0897 - [UNIX/Linux][RedHat] poppler: Multiple
vulnerabilities 

Date:  08 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13439

 

Title: ESB-2010.0896 - ALERT [Win][Mac][OSX] Microsoft Security Bulletin

       Advance Notification for October 2010 

Date:  08 October 2010

OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista, Mac

       OS X, Windows Server 2008 

URL:   http://www.auscert.org.au/13438

 

Title: ESB-2010.0895 - [Win][UNIX/Linux] RSA Authentication Client: Access

       confidential data - Existing account 

Date:  07 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD

       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,

       Windows Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/13437

 

Title: ESB-2010.0894 - [SUSE] SUSE: Multiple vulnerabilities 

Date:  07 October 2010

OS:    SUSE 

URL:   http://www.auscert.org.au/13436

 

Title: ESB-2010.0893 - [UNIX/Linux][Ubuntu] kerberos: Denial of service -

       Existing account 

Date:  07 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian

       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,

       Other Linux Variants 

URL:   http://www.auscert.org.au/13435

 

Title: ESB-2010.0892 - [RedHat] acroread: Multiple vulnerabilities 

Date:  07 October 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/13434

 

Title: ESB-2010.0891 - [Win][UNIX/Linux][RedHat] postgresql: Increased

       privileges - Existing account 

Date:  07 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/13433

 

Title: ESB-2010.0890 - [Win][UNIX/Linux] Adobe Reader and Acrobat: Multiple

       vulnerabilities 

Date:  06 October 2010

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat

       Linux, AIX, Windows 7, Windows Server 2008, Windows Vista, Windows

       2003, Windows 2000, Windows XP, Mac OS X 

URL:   http://www.auscert.org.au/13432

 

Title: ESB-2010.0889 - [HP Tru64] ntp: Denial of service -

       Remote/unauthenticated 

Date:  06 October 2010

OS:    HP-UX 

URL:   http://www.auscert.org.au/13431

 

Title: ESB-2010.0888 - [RedHat] freetype: Multiple vulnerabilities 

Date:  05 October 2010

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/13429

 

Title: ESB-2010.0887 - [Win][UNIX/Linux][Debian] apr-util: Denial of service
-

       Remote/unauthenticated 

Date:  05 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/13428

 

Title: ESB-2010.0886 - [Win][UNIX/Linux][Debian] freetype: Execute arbitrary

       code/commands - Remote with user interaction 

Date:  05 October 2010

OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,

       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD

       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,

       Other Linux Variants, Windows Server 2008 

URL:   http://www.auscert.org.au/13427

 

Title: ESB-2010.0885 - [Win][Netware][Linux][AIX] Novell eDirectory: Denial
of

       service - Remote/unauthenticated 

Date:  04 October 2010

OS:    Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian

       GNU/Linux, Windows XP, SUSE, Windows 2000, AIX, Windows Vista,
Windows

       Server 2008, Other Linux Variants 

URL:   http://www.auscert.org.au/13426

 

Title: ESB-2010.0884 - [Win][Netware][RedHat][SUSE] Novell iManager: Execute

       arbitrary code/commands - Remote/unauthenticated 

Date:  04 October 2010

OS:    Windows 2003, Windows XP, SUSE, Windows 2000, Windows 7, Windows
Vista,

       Windows Server 2008, Novell Netware 

URL:   http://www.auscert.org.au/13425

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20101008/3513412d/attachment.html>

More information about the AusNOG mailing list