[AusNOG] AusCERT Week in Review - Week Ending 23/03/2012 (AUSCERT#20073f686)

Jonathan Levine jonathan at auscert.org.au
Fri Mar 23 17:10:34 EST 2012


AusCERT Week in Review
23 March 2012

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0040 - [Win][Linux][Mac][OSX] Google Chrome: Multiple
       vulnerabilities
Date:  23 March 2012
URL:   http://www.auscert.org.au/15638

Title: ASB-2012.0039 - [Win][Netware][Linux][Solaris][AIX] Novell
eDirectory:
       Denial of service - Existing account
Date:  20 March 2012
URL:   http://www.auscert.org.au/15621

Title: ASB-2012.0038 - [Win][UNIX/Linux] Joomla!: Increased privileges -
       Existing account
Date:  19 March 2012
URL:   http://www.auscert.org.au/15614

External Security Bulletins:
- ----------------------------
Title: ESB-2011.1185.5 - UPDATED ALERT [Printer] HP Printers & HP Digital
       Senders: Execute arbitrary code/commands - Remote/unauthenticated
Date:  20 March 2012
OS:    Printer, Printer, Printer 
URL:   http://www.auscert.org.au/15144

Title: ESB-2012.0312 - [Win][UNIX/Linux] RealPlayer: Execute arbitrary
       code/commands - Remote with user interaction
Date:  23 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15637

Title: ESB-2012.0311 - [Win][UNIX/Linux][RedHat] openoffice.org: Execute
       arbitrary code/commands - Remote with user interaction
Date:  23 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15636

Title: ESB-2012.0310 - [RedHat] raptor: Execute arbitrary code/commands -
       Remote with user interaction
Date:  23 March 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15635

Title: ESB-2012.0309 - [Debian] libpng: Execute arbitrary code/commands -
       Remote with user interaction
Date:  23 March 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15634

Title: ESB-2012.0308 - [Win][UNIX/Linux][Debian] raptor: Access confidential
       data - Remote/unauthenticated
Date:  23 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15633

Title: ESB-2012.0307 - [Win][UNIX/Linux] IBM Tivoli Endpoint Manager:
       Cross-site scripting - Remote with user interaction
Date:  22 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15632

Title: ESB-2012.0306 - [Win] Citrix XenServer: Reduced security -
       Unknown/unspecified
Date:  22 March 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15631

Title: ESB-2012.0305 - [AIX] OpenSSL: Multiple vulnerabilities
Date:  22 March 2012
OS:    AIX 
URL:   http://www.auscert.org.au/15630

Title: ESB-2012.0304 - [Win] CA ARCserve Backup: Denial of service -
       Remote/unauthenticated
Date:  22 March 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15629

Title: ESB-2012.0303 - [Debian] icedove: Multiple vulnerabilities
Date:  22 March 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15628

Title: ESB-2012.0302 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
       Application Server: Multiple vulnerabilities
Date:  21 March 2012
OS:    Solaris, HP-UX, SUSE, Ubuntu, Debian GNU/Linux, Other Linux Variants,
       Red Hat Linux, AIX, Windows 7, Windows Server 2008, Windows Vista,
       Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/15627

Title: ESB-2012.0301 - [Linux] HP Insight Control Software: Multiple
       vulnerabilities
Date:  21 March 2012
OS:    Red Hat Linux, HP-UX, SUSE, Other Linux Variants, Debian GNU/Linux,
       Ubuntu 
URL:   http://www.auscert.org.au/15626

Title: ESB-2012.0300 - [Win][UNIX/Linux][RedHat] libpng: Execute arbitrary
       code/commands - Remote with user interaction
Date:  21 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15625

Title: ESB-2012.0299 - [Win][UNIX/Linux][RedHat] JBoss Operations Network
       3.0.1: Multiple vulnerabilities
Date:  21 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15624

Title: ESB-2012.0298 - [Win][Linux][HP-UX][Solaris][AIX] IBM DB2: Multiple
       vulnerabilities
Date:  20 March 2012
OS:    Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
       Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15623

Title: ESB-2012.0297 - [Win][UNIX/Linux] VLC media player: Multiple
       vulnerabilities
Date:  20 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15622

Title: ESB-2012.0296 - [Win] RSA enVision 4.x: Multiple vulnerabilities
Date:  20 March 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15620

Title: ESB-2012.0295 - [RedHat] glibc: Execute arbitrary code/commands -
       Remote/unauthenticated
Date:  20 March 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15619

Title: ESB-2012.0294 - [Win][UNIX/Linux][RedHat] JBoss Operations Network
       2.4.2: Unauthorised access - Remote/unauthenticated
Date:  20 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15618

Title: ESB-2012.0293 - [Win][UNIX/Linux][Debian] libapache2-mod-fcgid:
Denial
       of service - Remote/unauthenticated
Date:  20 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15617

Title: ESB-2012.0292 - [Win][UNIX/Linux][Debian] gnash: Multiple
       vulnerabilities
Date:  20 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15616

Title: ESB-2012.0291 - [Win][UNIX/Linux][Debian] nginx: Access privileged
data
       - Remote/unauthenticated
Date:  20 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15615

Title: ESB-2012.0290 - [Win][UNIX/Linux][Mandriva] Pidgin: Denial of service
-
       Remote/unauthenticated
Date:  19 March 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15613

Title: ESB-2012.0289 - [Win][VMware ESX][Linux] VMWare: Multiple
       vulnerabilities
Date:  19 March 2012
OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
       Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista,
Windows
       Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15612

Title: ESB-2012.0288 - [Win] VMware View: Multiple vulnerabilities
Date:  19 March 2012
OS:    Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15611

Title: ESB-2012.0287 - [Debian] iceweasel: Multiple vulnerabilities
Date:  19 March 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15610

Title: ESB-2012.0109.2 - UPDATE [VMware ESX] VMware ESXi & VMware ESX:
       Multiple vulnerabilities
Date:  19 March 2012
OS:    Virtualisation, Virtualisation 
URL:   http://www.auscert.org.au/15398

===========================================================================
Australian Computer Emergency Response Team The University of Queensland
Brisbane Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list