[AusNOG] AusCERT Week in Review - Week Ending 18/02/2011 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Feb 18 16:55:55 EST 2011


AusCERT Week in Review
18 February 2011

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0012.2 - UPDATE [Win][Linux] IBM Rational Team Concert:
       Cross-site scripting - Remote with user interaction 
Date:  15 February 2011
URL:   http://www.auscert.org.au/13922

Title: ASB-2011.0014.2 - UPDATE [Win][UNIX/Linux] Google Chrome prior to
       9.0.597.94: Multiple vulnerabilities 
Date:  14 February 2011
URL:   http://www.auscert.org.au/13961

Title: ASB-2011.0016 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
       Application Server: Denial of service - Remote with user interaction 
Date:  14 February 2011
URL:   http://www.auscert.org.au/13967

Title: ASB-2011.0017 - [Linux] Novell iPrint: Execute arbitrary
code/commands
       - Remote/unauthenticated 
Date:  14 February 2011
URL:   http://www.auscert.org.au/13969

External Security Bulletins:
- ----------------------------
Title: ESB-2010.1173.2 - UPDATE [VMware ESX] VMware ESXi 4.1 Update
Installer:
       Unauthorised access - Remote/unauthenticated 
Date:  14 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13765

Title: ESB-2010.1105.2 - UPDATE [VMware ESX] VMware ESX 3.5: Multiple
       vulnerabilities 
Date:  16 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13685

Title: ESB-2010.0789.5 - UPDATE [VMware ESX] VMware ESX: Multiple
       vulnerabilities 
Date:  16 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13280

Title: ESB-2010.0630.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities 
Date:  14 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13078

Title: ESB-2010.0314.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities 
Date:  16 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/12609

Title: ESB-2011.0195 - [UNIX] HP NonStop Servers: Denial of service -
       Remote/unauthenticated 
Date:  18 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, HP-UX, Other BSD Variants, OpenBSD,
AIX,
       FreeBSD 
URL:   http://www.auscert.org.au/13996

Title: ESB-2011.0194 - [Win][UNIX/Linux][Linux] IBM DB2: Denial of service -
       Remote with user interaction 
Date:  18 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13995

Title: ESB-2011.0193 - [Win][Netware][Linux] Novell ZenWorks: Execute
       arbitrary code/commands - Remote/unauthenticated 
Date:  18 February 2011
OS:    Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian
       GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13994

Title: ESB-2011.0192 - [Win][UNIX/Linux][RedHat] java-1.6.0-openjdk and
       java-1.6.0-sun: Multiple vulnerabilities 
Date:  18 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13993

Title: ESB-2011.0191 - [Win][UNIX/Linux] Messaging (Drupal third-party
       module): Cross-site scripting - Remote with user interaction 
Date:  17 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13992

Title: ESB-2011.0190 - [RedHat] fence: Overwrite arbitrary files - Existing
       account 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13991

Title: ESB-2011.0189 - [RedHat] ccs: Overwrite arbitrary files - Existing
       account 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13990

Title: ESB-2011.0188 - [RedHat] rgmanager: Multiple vulnerabilities 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13989

Title: ESB-2011.0187 - [RedHat] kernel: Multiple vulnerabilities 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13988

Title: ESB-2011.0186 - [RedHat] sendmail: Provide misleading information -
       Remote with user interaction 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13987

Title: ESB-2011.0185 - [RedHat] bash: Overwrite arbitrary files - Existing
       account 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13986

Title: ESB-2011.0184 - [RedHat] python: Multiple vulnerabilities 
Date:  17 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13985

Title: ESB-2011.0183 - [UNIX/Linux][Debian] telepathy-gabble: Provide
       misleading information - Remote/unauthenticated 
Date:  17 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13984

Title: ESB-2011.0182 - [UNIX/Linux][Debian] openafs: Denial of service -
       Remote/unauthenticated 
Date:  17 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13983

Title: ESB-2011.0181 - [Debian] phpmyadmin: Execute arbitrary code/commands
-
       Remote with user interaction 
Date:  17 February 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13982

Title: ESB-2011.0180 - [Debian] chromium-browser: Multiple vulnerabilities 
Date:  17 February 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13981

Title: ESB-2011.0179 - [UNIX/Linux][Debian] ffmpeg-debian: Multiple
       vulnerabilities 
Date:  17 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13980

Title: ESB-2011.0178 - [Win] Cisco Security Agent: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  17 February 2011
OS:    Cisco Products, Windows 2003, Windows 7, Windows XP, Windows 2000,
       Windows Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/13979

Title: ESB-2011.0177 - [Win][UNIX/Linux] Oracle Java Runtime: Multiple
       vulnerabilities 
Date:  16 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/13978

Title: ESB-2011.0176 - [UNIX/Linux][Ubuntu] qemu-kvm: Unauthorised access -
       Remote/unauthenticated 
Date:  16 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants 
URL:   http://www.auscert.org.au/13977

Title: ESB-2011.0175 - [RedHat] flash-plugin: 1-Month End Of Life Notice 
Date:  16 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13976

Title: ESB-2011.0174 - [RedHat] subversion: Multiple vulnerabilities 
Date:  16 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13975

Title: ESB-2011.0173 - [RedHat] dhcp: Denial of service -
       Remote/unauthenticated 
Date:  16 February 2011
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/13974

Title: ESB-2011.0172 - [UNIX/Linux][Debian] shadow: Root compromise -
Existing
       account 
Date:  16 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13973

Title: ESB-2011.0171 - [SUSE] flash-player: Execute arbitrary code/commands
-
       Remote with user interaction 
Date:  15 February 2011
OS:    SUSE 
URL:   http://www.auscert.org.au/13972

Title: ESB-2011.0170 - [UNIX/Linux][Debian] python-django: Multiple
       vulnerabilities 
Date:  15 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13971

Title: ESB-2011.0169 - [UNIX/Linux][Debian] openssl: Denial of service -
       Remote/unauthenticated 
Date:  15 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
       GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
       FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13970

Title: ESB-2011.0168 - [Win][UNIX/Linux] phpMyAdmin: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  14 February 2011
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/13968

Title: ESB-2011.0167 - [VMware ESX] VMware ESX, ESXi, vCenter Server and
       vCenter Update Manager: Multiple vulnerabilities 
Date:  14 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13966

Title: ESB-2011.0166 - [SUSE][OpenSUSE] kernel: Multiple vulnerabilities 
Date:  14 February 2011
OS:    Other Linux Variants, SUSE 
URL:   http://www.auscert.org.au/13965

Title: ESB-2011.0165.2 - UPDATE [Debian] openjdk-6: Denial of service -
Remote
       with user interaction 
Date:  15 February 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13964

Title: ESB-2011.0164 - [Debian] tomcat6: Multiple vulnerabilities 
Date:  14 February 2011
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/13963

Title: ESB-2011.0120.2 - UPDATE [UNIX/Linux] OpenSSH: Access confidential
data
       - Remote with user interaction 
Date:  14 February 2011
OS:    Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
       HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
       Tru64 UNIX, IRIX 
URL:   http://www.auscert.org.au/13911

Title: ESB-2011.0010.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities 
Date:  14 February 2011
OS:    Virtualisation 
URL:   http://www.auscert.org.au/13787

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================




-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNXgkv/iFOrG6YcBERApypAKCseafN3cpsYqYfMqWlBtcFrCj0ZQCfZKKa
/fDUS960p4GXYhkJixrGBGI=
=i+yC
-----END PGP SIGNATURE-----




More information about the AusNOG mailing list