[AusNOG] AusCERT Week in Review - Week Ending 30/11/2007 (AUSCERT#20073F686)

matthew at auscert.org.au matthew at auscert.org.au
Fri Nov 30 13:28:12 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


AusCERT Week in Review
30 November 2007

Greetings AusNOG,

Don't forget today is Computer Security Day. More details are available
at:

  http://www.auscert.org.au/8172

Please come along as all are welcome.

Best Regards,

- -- Matthew McGlashan --
Coordination Centre Team Leader             | Hotline: +61 7 3365 4417
Australian Computer Emergency Response Team | Direct:  +61 7 3365 7924
(AusCERT)                                   | Fax:     +61 7 3365 7031
The University of Queensland                | WWW:     www.auscert.org.au
Qld 4072 Australia                          | Email: auscert at auscert.org.au

AusCERT in the Media:
- ---------------------
securing from the inside: whitelisting
TechRepublic, KY 
23 hours ago
http://blogs.techrepublic.com.com/security/?p=369


Papers, Articles and other documents:
- -------------------------------------
Title: Computer Security Day 2007 
Date:  29 November 2007
URL:   http://www.auscert.org.au/8172


Web Log Entries:
- ----------------


Alerts, Advisories and Updates:
- -------------------------------
Title: AU-2007.0025 -- AusCERT Update - [FreeBSD] - Firefox 2.0.0.10 now
       available on FreeBSD 
Date:  29 November 2007
URL:   http://www.auscert.org.au/8426

Title: AA-2007.0114 -- [Win][UNIX/Linux] -- Netscape Multiple Vulnerabilities 
Date:  29 November 2007
URL:   http://www.auscert.org.au/8427

Title: AL-2007.0122 -- [Win] -- Buffer overflow vulnerability in Lotus Notes
       file viewer for Lotus 1-2-3 attachments 
Date:  29 November 2007
URL:   http://www.auscert.org.au/8428

Title: AA-2007.0113 -- [Win][UNIX/Linux] -- Mozilla Firefox 2.0.0.10 Released 
Date:  27 November 2007
URL:   http://www.auscert.org.au/8420

Title: AA-2007.0107 -- [Appliance] -- Multiple vulnerabilities in Ingate
       Firewall and SIParator 
Date:  26 November 2007
URL:   http://www.auscert.org.au/8400

Title: AL-2007.0121 -- [Win] -- New vulnerabilities in Apple QuickTime may
       allow remote execution of arbitrary code 
Date:  26 November 2007
URL:   http://www.auscert.org.au/8413

Title: AA-2007.0112 -- [Win][UNIX/Linux] -- Session fixation vulnerability in
       Ruby on Rails 
Date:  26 November 2007
URL:   http://www.auscert.org.au/8414


External Security Bulletins:
- ----------------------------
Title: ESB-2007.0958 -- [Cisco] -- Cisco Unified IP Phone Remote Eavesdropping
Date:  29 November 2007
OS:    Cisco Products 
URL:   http://www.auscert.org.au/8425

Title: ESB-2007.0957 -- [Win] -- Symantec Backup Exec for Windows Server:
       Multiple Denial of Service Issues in Job Engine 
Date:  29 November 2007
OS:    Windows 2003, Windows 2000, Windows XP 
URL:   http://www.auscert.org.au/8424

Title: ESB-2007.0956 -- [OSX] -- Apple Mail remote command execution
       vulnerability 
Date:  28 November 2007
OS:    Mac OS X 
URL:   http://www.auscert.org.au/8423

Title: ESB-2007.0955 -- [Win][UNIX/Linux][Debian] -- New tk8.3 and tk8.4
       packages fix arbitrary code execution 
Date:  28 November 2007
OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
       Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
       Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris 
URL:   http://www.auscert.org.au/8422

Title: ESB-2007.0954 -- [Win][UNIX/Linux][Debian] -- New wireshark packages
       fix several vulnerabilities 
Date:  28 November 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8421

Title: ESB-2007.0953 -- [UNIX/Linux][RedHat] -- Critical: firefox and
       seamonkey security updates 
Date:  27 November 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8419

Title: ESB-2007.0952 -- [Appliance] -- HPSBST02291 SSRT071498 rev.1 - Storage
       Management Appliance (SMA), Microsoft Patch Applicability MS07-061 and
       MS07-062 
Date:  27 November 2007
URL:   http://www.auscert.org.au/8418

Title: ESB-2007.0951 -- [RedHat] -- Important: java-1.5.0-ibm security update 
Date:  27 November 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8417

Title: ESB-2007.0950 -- [UNIX/Linux] -- nss_ldap: Information disclosure 
Date:  27 November 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/8416

Title: ESB-2007.0949 -- [Debian] -- New mysql packages fix multiple
       vulnerabilities 
Date:  27 November 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8415

Title: ESB-2007.0948 -- [Debian] -- New ruby packages fix insecure SSL
       certificate validation 
Date:  26 November 2007
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/8412

Title: ESB-2007.0947 -- [Win][Linux] -- IBM Director fails to properly
       time-out connection requests from clients 
Date:  23 November 2007
OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
       Variants, Windows XP, Red Hat Linux 
URL:   http://www.auscert.org.au/8409

Title: ESB-2007.0946 -- [Win][UNIX/Linux] -- Updated cacti packages fix SQL
       injection vulnerability 
Date:  23 November 2007
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
       Vista 
URL:   http://www.auscert.org.au/8408

Title: ESB-2007.0944 -- [RedHat] -- Moderate: conga security, bug fix, and
       enhancement update 
Date:  23 November 2007
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/8406

Title: ESB-2007.0718 -- [HP-UX] -- HP-UX Running BIND, Remote DNS Cache
       Poisoning 
Date:  28 November 2007
OS:    HP-UX 
URL:   http://www.auscert.org.au/8111



===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR091PCh9+71yA2DNAQKXXgP+PEvWjalTrlJ9PGR7IFGjl3V4xZydmldM
Dr/bF9NX2YpT6QoT5pNkvZ+KNShREnXwKyh6sc85dOQCWK22fIcCkQCsI8ZCS6oS
ztq+GB6x6k4XA2D1RgBTNwS732DkIMXLZz0ug7y5Nwr6se9r3xObsTHkCu53TG+i
0GvY7H51lwM=
=LUAs
-----END PGP SIGNATURE-----




More information about the AusNOG mailing list