[AusNOG] AusCERT Week in Review - Week Ending 21/07/2006

Fri Jul 21 17:39:22 EST 2006

Greetings all,

Round up for the week - on time for a change too.

Best regards,

- Matt

AusCERT Week in Review
21 July 2006

Papers, Articles and other documents:
-------------------------------------

Alerts, Advisories and Updates:
-------------------------------
Title: AA-2006.0051 -- [Win][UNIX/Linux] -- Vulnerabilities in Wireshark
       (formerly Ethereal) may allow remote execution of arbitrary code 
Date:  19 July 2006
URL:   http://www.auscert.org.au/6503

Title: AA-2006.0050 -- [Win] -- End of Life for Windows XP Service Pack 1 
Date:  18 July 2006
URL:   http://www.auscert.org.au/6495

Title: AA-2006.0049 -- [Appliance] -- D-Link routers may allow execution of
       arbitrary code 
Date:  18 July 2006
URL:   http://www.auscert.org.au/6494

Title: AA-2006.0048 -- [UNIX/Linux] -- Asterisk vulnerability may allow a
       denial of service 
Date:  18 July 2006
URL:   http://www.auscert.org.au/6493

Title: AU-2006.0026 -- AusCERT Update - [Win] - Microsoft PowerPoint
       vulnerability allows execution of arbitrary code 
Date:  18 July 2006
URL:   http://www.auscert.org.au/6490

Title: AA-2006.0046 -- [Win] -- Microsoft PowerPoint vulnerability allows
       execution of arbitrary code 
Date:  18 July 2006
URL:   http://www.auscert.org.au/6483

Title: AA-2006.0047 -- [Win][UNIX/Linux] -- TWiki vulnerability allows
       execution of arbitrary code 
Date:  17 July 2006
URL:   http://www.auscert.org.au/6489

Title: AL-2006.0057 -- [Linux][Debian] -- New Linux kernel 2.6.8 packages fix
       privilege escalation 
Date:  17 July 2006
URL:   http://www.auscert.org.au/6486

External Security Bulletins:
----------------------------
Title: ESB-2006.0488 -- [RedHat] -- Important: Updated kernel packages for Red
       Hat Enterprise Linux 3 Update 8 
Date:  21 July 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6510

Title: ESB-2006.0487 -- [Win][UNIX/Linux][RedHat] -- Critical: seamonkey
       security update (was mozilla) 
Date:  21 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6509

Title: ESB-2006.0486 -- [Win][Linux][HP-UX][Solaris] -- HP Oracle for OpenView
       (OfO) Critical Patch Update July 2006 
Date:  21 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Windows 2003, Windows 2000,
       Other Linux Variants, Windows XP, Red Hat Linux, HP-UX 
URL:   http://www.auscert.org.au/6508

Title: ESB-2006.0485 -- [Linux] -- VMware possible incorrect permissions on
       SSL key files 
Date:  20 July 2006
OS:    Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/6507

Title: ESB-2006.0484 -- [Solaris] -- Solaris 10 Kernel Patches May Cause a
       System Panic, Data Corruption, and/or a Denial of Service Security
       Issue 
Date:  20 July 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6506

Title: ESB-2006.0483 -- [Cisco] -- Multiple Vulnerabilities in Cisco Security
       Monitoring, Analysis and Response System (CS-MARS) 
Date:  20 July 2006
OS:    Cisco Products 
URL:   http://www.auscert.org.au/6505

Title: ESB-2006.0482 -- [Win][Linux] -- Oracle Products Contain Multiple
       Vulnerabilities 
Date:  20 July 2006
OS:    Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux Variants,
       Windows XP, Red Hat Linux, Windows NT 4 
URL:   http://www.auscert.org.au/6504

Title: ESB-2006.0481 -- [UNIX/Linux][Solaris] -- Memory Leak in NSS May Cause
       the System to Hang or Panic 
Date:  19 July 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6502

Title: ESB-2006.0480 -- [UNIX/Linux][RedHat] -- Moderate: libwmf security
       update 
Date:  19 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6501

Title: ESB-2006.0479 -- [RedHat] -- Moderate: freetype security update 
Date:  19 July 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6500

Title: ESB-2006.0478 -- [Win][UNIX/Linux][RedHat] -- Moderate: gimp security
       update 
Date:  19 July 2006
OS:    Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
       Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
       Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
       HP-UX, AIX, Windows ME 
URL:   http://www.auscert.org.au/6499

Title: ESB-2006.0477 -- [RedHat] -- Moderate: gnupg security update 
Date:  19 July 2006
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/6498

Title: ESB-2006.0476 -- [Tru64] -- HP Tru64 UNIX running NIS ypserv, Remote
       Denial of Service 
Date:  19 July 2006
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/6497

Title: ESB-2006.0475 -- [Win][UNIX/Linux][Debian] -- New Zope version fixes
       information disclosure vulnerability 
Date:  19 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6496

Title: ESB-2006.0474 -- [OSX] -- File Permissions Vulnerability in Adobe
       Reader and Adobe Acrobat 
Date:  18 July 2006
OS:    Mac OS X 
URL:   http://www.auscert.org.au/6492

Title: ESB-2006.0473 -- [Win][UNIX/Linux][Debian] -- New mysql-dfsg-4.1
       packages fix denial of service 
Date:  18 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
       Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX 
URL:   http://www.auscert.org.au/6491

Title: ESB-2006.0472 -- [UNIX/Linux][Solaris] -- Security Vulnerability With
       NIS server ypserv(1M) May Allow a Denial of Service (DoS) to Occur 
Date:  17 July 2006
OS:    HP Tru64 UNIX, Solaris, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6488

Title: ESB-2006.0471 -- [Solaris] -- Security Vulnerability in the X Inter
       Client Exchange Library (libICE) 
Date:  17 July 2006
OS:    Solaris 
URL:   http://www.auscert.org.au/6487

Title: ESB-2006.0470 -- [Debian] -- New samba packages fix denial of service 
Date:  17 July 2006
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/6485

Title: ESB-2006.0469 -- [UNIX/Linux][Debian] -- New rssh packages fix
       privilege escalation 
Date:  17 July 2006
OS:    Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
       OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX 
URL:   http://www.auscert.org.au/6484

Title: ESB-2006.0451 -- [UNIX/Linux] -- Memory exhaustion DoS against smbd 
Date:  17 July 2006
OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX,
       Solaris 
URL:   http://www.auscert.org.au/6462

Title: ESB-2006.0363 -- [Win][Linux][Solaris] -- Cross Site Scripting
       Vulnerability in Sun ONE and Sun Java System Applications 
Date:  19 July 2006
OS:    Red Hat Linux, Other Linux Variants, Windows 2000, Windows 2003, Debian
       GNU/Linux, Solaris 
URL:   http://www.auscert.org.au/6341

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================