[AusNOG] AusCERT Week in Review - Week Ending 21/12/2007 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Dec 21 17:39:55 EST 2007
AusCERT Week in Review
21 December 2007
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Title: OWASP Australia Application Security Conference 2008
Date: 19 December 2007
URL: http://www.auscert.org.au/8531
Title: AusCERT submission to the ALRC's Review of the Privacy Act
Date: 16 December 2007
URL: http://www.auscert.org.au/8510
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AL-2007.0131 -- [Win][UNIX/Linux] -- Flash Player update available to
address security vulnerabilities
Date: 19 December 2007
URL: http://www.auscert.org.au/8516
Title: AL-2007.0132 -- [Win] -- Trend Micro ServerProtect StRpcSrv.dll
Insecure Method Exposure Vulnerability
Date: 19 December 2007
URL: http://www.auscert.org.au/8526
Title: AU-2007.0027 -- AusCERT Update - [UNIX/Linux] - SquirrelMail 1.4.12
Package Compromise
Date: 17 December 2007
URL: http://www.auscert.org.au/8508
External Security Bulletins:
----------------------------
Title: ESB-2007.1045 -- [Linux][RedHat] -- Important: autofs security update
Date: 21 December 2007
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8544
Title: ESB-2007.1044 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 21 December 2007
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8543
Title: ESB-2007.1043 -- [TRU64] -- HP Tru64 UNIX running FFM, Local Denial of
Service (Dos)
Date: 21 December 2007
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/8542
Title: ESB-2007.1042 -- [HP-UX] -- HP-UX Running rpc.yppasswdd, Remote Denial
of Service (DoS)
Date: 21 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8541
Title: ESB-2007.1041 -- [Win] -- Cross-site scripting vulnerability in legacy
versions of Citrix Web Interface
Date: 20 December 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8540
Title: ESB-2007.1040 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Wireshark or Ethereal may allow remote denial of service
Date: 21 December 2007
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8539
Title: ESB-2007.1039 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 20 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8538
Title: ESB-2007.1038 -- [RedHat] -- Moderate: thunderbird security update
Date: 20 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8537
Title: ESB-2007.1037 -- [Debian] -- New clamav packages fix several
vulnerabilities
Date: 20 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8536
Title: ESB-2007.1036 -- [RedHat] -- Important: mysql security update
Date: 20 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8535
Title: ESB-2007.1035 -- [UNIX/Linux][RedHat] -- Moderate: libexif security
update
Date: 20 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8534
Title: ESB-2007.1034 -- [Cisco] -- Application Inspection Vulnerability in
Cisco Firewall Services Module
Date: 20 December 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8533
Title: ESB-2007.1033 -- [Solaris] -- Solaris 9 sshd(1M) Patches May Cause
Incorrect Audit Data to be Logged
Date: 20 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8532
Title: ESB-2007.1032 -- [Linux][Solaris] -- Security Vulnerabilities in the
Sun Ray Device Manager Daemon
Date: 20 December 2007
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8530
Title: ESB-2007.1031 -- [Solaris] -- Security Vulnerability in Sun Management
Center (Sun MC) May Allow Unauthorized Access to System and Data
Date: 20 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8529
Title: ESB-2007.1030 -- [Solaris] -- Multiple Security Vulnerabilities in
Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary
Code and Access to Unauthorized Data
Date: 20 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8528
Title: ESB-2007.1029 -- [HP-UX] -- Hewlett-Packard HP-UX swagentd Buffer
Overflow Vulnerability
Date: 20 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8527
Title: ESB-2007.1028 -- [OSX] -- Apple Mac OS X mount_smbfs Stack Based Buffer
Overflow Vulnerability
Date: 19 December 2007
OS: Mac OS X
URL: http://www.auscert.org.au/8525
Title: ESB-2007.1027 -- [Appliance] -- Storage Management Appliance (SMA),
Microsoft Patch Applicability MS07-063 to MS07-069
Date: 19 December 2007
URL: http://www.auscert.org.au/8524
Title: ESB-2007.1026 -- [AIX] -- AIX Perl buffer overflow vulnerability
Date: 20 December 2007
OS: AIX
URL: http://www.auscert.org.au/8523
Title: ESB-2007.1025 -- [UNIX/Linux] -- Asterisk: Database matching order
permits host-based authentication to be ignored
Date: 19 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8522
Title: ESB-2007.1024 -- [Solaris] -- Multiple Security Vulnerabilities Within
the GIMP Plugins
Date: 20 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8521
Title: ESB-2007.1023 -- [UNIX/Linux][RedHat] -- Moderate: squid security
update
Date: 19 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8520
Title: ESB-2007.1022 -- [RedHat] -- Important: mysql security update
Date: 19 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8519
Title: ESB-2007.1021 -- [UNIX/Linux] -- ClamAV libclamav MEW PE File Integer
Overflow Vulnerability
Date: 19 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8518
Title: ESB-2007.1020 -- [RedHat] -- Critical: flash-plugin security update
Date: 19 December 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8517
Title: ESB-2007.1019 -- [OSX] -- APPLE-SA-2007-12-17 Security Update 2007-009
Date: 18 December 2007
OS: Mac OS X
URL: http://www.auscert.org.au/8515
Title: ESB-2007.1018 -- [Win] -- HP Quick Launch Button (QLB) Running on
Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
Date: 17 December 2007
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8514
Title: ESB-2007.1017 -- [Solaris] -- Solaris 10 Kernel Patches May Allow
Privileged Remote Users to Gain Root Access to Files Shared by NFS
Servers
Date: 17 December 2007
OS: Solaris
URL: http://www.auscert.org.au/8513
Title: ESB-2007.1016 -- [UNIX/Linux][Debian] -- New mydns packages fix denial
of service
Date: 17 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8512
Title: ESB-2007.1015 -- [UNIX/Linux][Debian] -- New centericq packages fix
execution of code
Date: 17 December 2007
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8511
Title: ESB-2007.1014 -- [Debian] -- New link-grammar packages fix execution of
code
Date: 17 December 2007
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8509
Title: ESB-2007.1013 -- [Mac][OSX] -- Java Release 6 for Mac OS X 10.4
Date: 17 December 2007
OS: Mac OS X
URL: http://www.auscert.org.au/8507
Title: ESB-2007.1012 -- [UNIX/Linux] -- SquirrelMail 1.4.12 Package Compromise
Date: 17 December 2007
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/8505
Title: ESB-2007.1010 -- [HP-UX] -- HP-UX Running OpenSSL, Remote Execution of
Arbitrary Code
Date: 17 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8503
Title: ESB-2007.0919 -- [HP-UX] -- HP-UX Running Java JRE and JDK, Remote
Unauthorized Access
Date: 21 December 2007
OS: HP-UX
URL: http://www.auscert.org.au/8370
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list