[AusNOG] AusCERT Week in Review - Week Ending 14/12/2007 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Dec 14 17:02:02 EST 2007
AusCERT Week in Review
14 December 2007
AusCERT in the Media:
---------------------
Is internet banking safe?
Sydney Morning Herald, Australia
Dec 12, 2007
http://www.smh.com.au/news/security/is-internet-banking-safe/2007/12/12/1197135470454.html
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: Perspectives on a recent SMH news article "Is internet banking safe?"
Date: 12 December 2007
URL: http://www.auscert.org.au/8500
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2007.0128 -- [Win] -- MS07-064 - Vulnerabilities in DirectX Could
Allow Remote Code Execution
Date: 12 December 2007
URL: http://www.auscert.org.au/8486
Title: AL-2007.0129 -- [Win] -- MS07-068 - Critical Vulnerability in Windows
Media File Format Could Allow Remote Code Execution
Date: 12 December 2007
URL: http://www.auscert.org.au/8487
Title: AL-2007.0130 -- [Win] -- MS07-069 - Cumulative Security Update for
Internet Explorer
Date: 12 December 2007
URL: http://www.auscert.org.au/8488
Title: AL-2007.0126 -- [UNIX/Linux] -- Samba: Buffer overrun in
send_mailslot()
Date: 11 December 2007
URL: http://www.auscert.org.au/8479
Title: AL-2007.0127 -- [Win] -- Microsoft December security bulletins
pre-release announcement
Date: 10 December 2007
URL: http://www.auscert.org.au/8483
Title: AA-2007.0124 -- [Win] -- A vulnerability in Microsoft Access may allow
execution of arbitrary code
Date: 10 December 2007
URL: http://www.auscert.org.au/8484
Title: AA-2007.0122 -- [Win][UNIX/Linux] -- WebSphere Application Server V6.1
Fix Pack 13
Date: 10 December 2007
URL: http://www.auscert.org.au/8473
Title: AA-2007.0123 -- [Win] -- A vulnerability in Windows Media Player 6.4
may allow execution of arbitrary code
Date: 10 December 2007
URL: http://www.auscert.org.au/8477
External Security Bulletins:
----------------------------
Title: ESB-2007.1012 -- [UNIX/Linux] -- SquirrelMail 1.4.12 Package Compromise
Date: 14 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8505
Title: ESB-2007.1011 -- [Win][OSX] -- APPLE-SA-2007-12-13 QuickTime 7.3.1
Date: 14 December 2007
OS: Windows 2003, Windows 2000, Windows XP, Mac OS X, Windows Vista
URL: http://www.auscert.org.au/8504
Title: ESB-2007.1010 -- [HP-UX] -- HP-UX Running OpenSSL, Remote Execution of
Arbitrary Code
Date: 14 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8503
Title: ESB-2007.1009 -- [HP-UX] -- HP-UX Running DCE, Remote Denial of Service
(DoS)
Date: 14 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8502
Title: ESB-2007.1008 -- [Linux] -- Updated wpa_supplicant package fixes remote
denial of service
Date: 14 December 2007
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants
URL: http://www.auscert.org.au/8501
Title: ESB-2007.1007 -- [Solaris] -- Security Vulnerabilities in Adobe Flash
Player May Allow Unauthorized System Access or Generation of HTTP
Requests
Date: 13 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8499
Title: ESB-2007.1006 -- [UNIX/Linux][RedHat] -- Moderate: java-1.4.2-bea
security update
Date: 13 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8498
Title: ESB-2007.1005 -- [Linux][RedHat] -- Important: autofs security update
Date: 13 December 2007
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8497
Title: ESB-2007.1004 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 12 December 2007
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8496
Title: ESB-2007.1003 -- [UNIX/Linux][Debian] -- New ruby-gnome2 packages fix
execution of arbitrary code
Date: 12 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8495
Title: ESB-2007.1002 -- [UNIX/Linux][Debian] -- New libnss-ldap packages fix
denial of service
Date: 12 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8494
Title: ESB-2007.1001 -- [Debian] -- New htdig packages fix cross site
scripting
Date: 12 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8493
Title: ESB-2007.1000 -- [Win] -- MS07-067 - Vulnerability in Macrovision
Driver Could Allow Local Elevation of Privilege
Date: 12 December 2007
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/8492
Title: ESB-2007.0999 -- [Win] -- MS07-066 - Vulnerability in Windows Kernel
Could Allow Elevation of Privilege
Date: 12 December 2007
OS: Windows Vista
URL: http://www.auscert.org.au/8491
Title: ESB-2007.0998 -- [Win] -- MS07-065 - Vulnerability in Message Queuing
Could Allow Remote Code Execution
Date: 12 December 2007
OS: Windows 2000, Windows XP
URL: http://www.auscert.org.au/8490
Title: ESB-2007.0997 -- [Win] -- MS07-063 - Vulnerability in SMBv2 Could Allow
Remote Code Execution
Date: 12 December 2007
OS: Windows Vista
URL: http://www.auscert.org.au/8489
Title: ESB-2007.0996 -- [Win][Netware][Linux] -- Novell NetMail AntiVirus
Agent Multiple Heap Overflow Vulnerabilities
Date: 11 December 2007
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Red Hat Linux, Novell Netware, Windows Vista
URL: http://www.auscert.org.au/8485
Title: ESB-2007.0995 -- [Win][UNIX/Linux][RedHat] -- Moderate: python security
update
Date: 11 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8482
Title: ESB-2007.0994 -- [RedHat] -- Critical: samba security and bug fix
update
Date: 11 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8481
Title: ESB-2007.0993 -- [Debian] -- New samba packages fix arbitrary code
execution
Date: 11 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8480
Title: ESB-2007.0992 -- [Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 11 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8478
Title: ESB-2007.0991 -- [UNIX/Linux][Debian] -- New xulrunner packages fix
several vulnerabilities
Date: 10 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8476
Title: ESB-2007.0990 -- [UNIX/Linux][Debian] -- New sitebar packages fix
several vulnerabilities
Date: 10 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8475
Title: ESB-2007.0989 -- [Debian] -- New qt-x11-free packages fix several
vulnerabilities
Date: 10 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8474
Title: ESB-2007.0988 -- [UNIX/Linux][Debian] -- New e2fsprogs packages fix
arbitrary code execution
Date: 10 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8472
Title: ESB-2007.0987 -- [Solaris] -- Manipulated Database Documents for
StarOffice/StarSuite 8 May Lead to Arbitrary Code Execution
Date: 13 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8471
Title: ESB-2007.0847 -- [Solaris] -- Multiple Security Vulnerabilities in
JavaScript Engine in Mozilla 1.7 for Solaris 8, 9 and 10
Date: 13 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8275
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list