[AusNOG] AusCERT Week in Review - Week Ending 21/12/2007 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Dec 21 17:39:55 EST 2007


AusCERT Week in Review
21 December 2007

AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------
Title: OWASP Australia Application Security Conference 2008 
Date:  19 December 2007
URL:   http://www.auscert.org.au/8531

Title: AusCERT submission to the ALRC's Review of the Privacy Act 
Date:  16 December 2007
URL:   http://www.auscert.org.au/8510


Web Log Entries:
----------------


Alerts, Advisories and Updates:
-------------------------------
Title: AL-2007.0131 -- [Win][UNIX/Linux] -- Flash Player update available to
       address security vulnerabilities 
Date:  19 December 2007
URL:   http://www.auscert.org.au/8516

Title: AL-2007.0132 -- [Win] -- Trend Micro ServerProtect StRpcSrv.dll
       Insecure Method Exposure Vulnerability 
Date:  19 December 2007
URL:   http://www.auscert.org.au/8526

Title: AU-2007.0027 -- AusCERT Update - [UNIX/Linux] - SquirrelMail 1.4.12
       Package Compromise 
Date:  17 December 2007
URL:   http://www.auscert.org.au/8508


External Security Bulletins:
----------------------------
Title: ESB-2007.1045 -- [Linux][RedHat] -- Important: autofs security update 
Date:  21 December 2007
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8544

Title: ESB-2007.1044 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
       several vulnerabilities 
Date:  21 December 2007
OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8543

Title: ESB-2007.1043 -- [TRU64] -- HP Tru64 UNIX running FFM, Local Denial of
       Service (Dos) 
Date:  21 December 2007
OS:    HP Tru64 UNIX 
URL:   http://www.auscert.org.au/8542

Title: ESB-2007.1042 -- [HP-UX] -- HP-UX Running rpc.yppasswdd, Remote Denial
       of Service (DoS) 
Date:  21 December 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8541

Title: ESB-2007.1041 -- [Win] -- Cross-site scripting vulnerability in legacy
       versions of Citrix Web Interface 
Date:  20 December 2007
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8540

Title: ESB-2007.1040 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
       Wireshark or Ethereal may allow remote denial of service 
Date:  21 December 2007
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
       Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
       Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8539

Title: ESB-2007.1039 -- [RedHat] -- Important: kernel security and bug fix
       update 
Date:  20 December 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8538

Title: ESB-2007.1038 -- [RedHat] -- Moderate: thunderbird security update 
Date:  20 December 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8537

Title: ESB-2007.1037 -- [Debian] -- New clamav packages fix several
       vulnerabilities 
Date:  20 December 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8536

Title: ESB-2007.1036 -- [RedHat] -- Important: mysql security update 
Date:  20 December 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8535

Title: ESB-2007.1035 -- [UNIX/Linux][RedHat] -- Moderate: libexif security
       update 
Date:  20 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8534

Title: ESB-2007.1034 -- [Cisco] -- Application Inspection Vulnerability in
       Cisco Firewall Services Module 
Date:  20 December 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8533

Title: ESB-2007.1033 -- [Solaris] -- Solaris 9 sshd(1M) Patches May Cause
       Incorrect Audit Data to be Logged 
Date:  20 December 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8532

Title: ESB-2007.1032 -- [Linux][Solaris] -- Security Vulnerabilities in the
       Sun Ray Device Manager Daemon 
Date:  20 December 2007
OS:    Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 
URL:   http://www.auscert.org.au/8530

Title: ESB-2007.1031 -- [Solaris] -- Security Vulnerability in Sun Management
       Center (Sun MC) May Allow Unauthorized Access to System and Data 
Date:  20 December 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8529

Title: ESB-2007.1030 -- [Solaris] -- Multiple Security Vulnerabilities in
       Firefox and Thunderbird for Solaris 10 May Allow Execution of Arbitrary
       Code and Access to Unauthorized Data 
Date:  20 December 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8528

Title: ESB-2007.1029 -- [HP-UX] -- Hewlett-Packard HP-UX swagentd Buffer
       Overflow Vulnerability 
Date:  20 December 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8527

Title: ESB-2007.1028 -- [OSX] -- Apple Mac OS X mount_smbfs Stack Based Buffer
       Overflow Vulnerability 
Date:  19 December 2007
OS:    Mac OS X 
URL:   http://www.auscert.org.au/8525

Title: ESB-2007.1027 -- [Appliance] -- Storage Management Appliance (SMA),
       Microsoft Patch Applicability MS07-063 to MS07-069 
Date:  19 December 2007
URL:   http://www.auscert.org.au/8524

Title: ESB-2007.1026 -- [AIX] -- AIX Perl buffer overflow vulnerability 
Date:  20 December 2007
OS:    AIX 
URL:   http://www.auscert.org.au/8523

Title: ESB-2007.1025 -- [UNIX/Linux] -- Asterisk: Database matching order
       permits host-based authentication to be ignored 
Date:  19 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8522

Title: ESB-2007.1024 -- [Solaris] -- Multiple Security Vulnerabilities Within
       the GIMP Plugins 
Date:  20 December 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8521

Title: ESB-2007.1023 -- [UNIX/Linux][RedHat] -- Moderate: squid security
       update 
Date:  19 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8520

Title: ESB-2007.1022 -- [RedHat] -- Important: mysql security update 
Date:  19 December 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8519

Title: ESB-2007.1021 -- [UNIX/Linux] -- ClamAV libclamav MEW PE File Integer
       Overflow Vulnerability 
Date:  19 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8518

Title: ESB-2007.1020 -- [RedHat] -- Critical: flash-plugin security update 
Date:  19 December 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8517

Title: ESB-2007.1019 -- [OSX] -- APPLE-SA-2007-12-17 Security Update 2007-009 
Date:  18 December 2007
OS:    Mac OS X 
URL:   http://www.auscert.org.au/8515

Title: ESB-2007.1018 -- [Win] -- HP Quick Launch Button (QLB) Running on
       Windows, Remote Execution of Arbitrary Code, Gain Privileged Access 
Date:  17 December 2007
OS:    Windows 2003, Windows 2000, Windows XP, Windows Vista 
URL:   http://www.auscert.org.au/8514

Title: ESB-2007.1017 -- [Solaris] -- Solaris 10 Kernel Patches May Allow
       Privileged Remote Users to Gain Root Access to Files Shared by NFS
       Servers 
Date:  17 December 2007
OS:    Solaris 
URL:   http://www.auscert.org.au/8513

Title: ESB-2007.1016 -- [UNIX/Linux][Debian] -- New mydns packages fix denial
       of service 
Date:  17 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8512

Title: ESB-2007.1015 -- [UNIX/Linux][Debian] -- New centericq packages fix
       execution of code 
Date:  17 December 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8511

Title: ESB-2007.1014 -- [Debian] -- New link-grammar packages fix execution of
       code 
Date:  17 December 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8509

Title: ESB-2007.1013 -- [Mac][OSX] -- Java Release 6 for Mac OS X 10.4 
Date:  17 December 2007
OS:    Mac OS X 
URL:   http://www.auscert.org.au/8507

Title: ESB-2007.1012 -- [UNIX/Linux] -- SquirrelMail 1.4.12 Package Compromise
Date:  17 December 2007
OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
       UNIX, Solaris 
URL:   http://www.auscert.org.au/8505

Title: ESB-2007.1010 -- [HP-UX] -- HP-UX Running OpenSSL, Remote Execution of
       Arbitrary Code 
Date:  17 December 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8503

Title: ESB-2007.0919 -- [HP-UX] -- HP-UX Running Java JRE and JDK, Remote
       Unauthorized Access 
Date:  21 December 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8370



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================





More information about the AusNOG mailing list