[AusNOG] AusCERT Week in Review - Week Ending 26/10/2007 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Oct 26 15:57:31 EST 2007
AusCERT Week in Review
26 October 2007
Papers, Articles and other documents:
- - -------------------------------------
Title: AusCERT Training Course Information
Date: 23 October 2007
URL: http://www.auscert.org.au/2408
Title: Web Infrastructure Security on UNIX
Date: 23 October 2007
URL: http://www.auscert.org.au/8254
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2007.0089 -- [Win][Appliance] -- Multiple vulnerabilities in Nortel
IP Phone products
Date: 26 October 2007
URL: http://www.auscert.org.au/8239
Title: AU-2007.0023 -- AusCERT Update - [Win][UNIX/Linux] - Oracle Critical
Patch Update for October 2007
Date: 22 October 2007
URL: http://www.auscert.org.au/8218
External Security Bulletins:
- - ----------------------------
Title: ESB-2007.0843 -- [RedHat] -- Moderate: httpd security update
Date: 26 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8270
Title: ESB-2007.0842 -- [Win] -- Trend Micro Tmxpflt.sys IOCTL 0xa0284403
Buffer Overflow Vulnerability
Date: 26 October 2007
OS: Windows 98/98SE, Windows 2003, Windows CE, Windows 2000, Windows XP,
Windows NT 4, Novell Netware, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8269
Title: ESB-2007.0841 -- [UNIX/Linux][Debian] -- New xen-utils packages fix
file truncation
Date: 26 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Virtualisation, Red Hat Linux,
HP-UX, AIX
URL: http://www.auscert.org.au/8268
Title: ESB-2007.0840 -- [Win][UNIX/Linux] -- IBM Lotus Notes Client
TagAttributeListCopy Buffer Overflow Vulnerability
Date: 25 October 2007
OS: Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8267
Title: ESB-2007.0839 -- [Win][UNIX/Linux] -- IBM Lotus Domino IMAP Buffer
Overflow Vulnerability
Date: 25 October 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX, AIX,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8266
Title: ESB-2007.0838 -- [Win] -- Microsoft Windows CE IGMP Denial of Service
Date: 25 October 2007
OS: Windows CE
URL: http://www.auscert.org.au/8265
Title: ESB-2007.0837 -- [Win][Linux][HP-UX][Solaris][AIX] -- HP OpenView
Configuration Management (CM) Infrastructure (Radia) and Client
Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized
Access to Data
Date: 25 October 2007
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, HP-UX,
AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8264
Title: ESB-2007.0836 -- [Win] -- Lotus Notes Memory Mapped Files Vulnerability
Date: 24 October 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8263
Title: ESB-2007.0835 -- [Solaris] -- Multiple Memory Corruption
Vulnerabilities in Layout Engine for Mozilla 1.7
Date: 24 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8262
Title: ESB-2007.0834 -- [Win][Linux][Solaris] -- Vulnerability in Java Runtime
Environment Virtual Machine May Allow Untrusted Application or Applet
to Elevate Privileges
Date: 24 October 2007
OS: Solaris, Windows 98/98SE, Debian GNU/Linux, Windows 2003, Windows 2000,
Other Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Windows
Vista, Windows ME
URL: http://www.auscert.org.au/8261
Title: ESB-2007.0833 -- [RedHat] -- Moderate: libpng security update
Date: 24 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8260
Title: ESB-2007.0832 -- [RedHat] -- Important: dhcp security update
Date: 24 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8259
Title: ESB-2007.0831 -- [RedHat] -- Moderate: php security update
Date: 24 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8258
Title: ESB-2007.0830 -- [UNIX/Linux][Debian] -- New ktorrent packages fix
directory traversal
Date: 24 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8257
Title: ESB-2007.0829 -- [Debian] -- New reprepro packages fix authentication
bypass
Date: 24 October 2007
OS: Debian GNU/Linux, Other Linux Variants
URL: http://www.auscert.org.au/8256
Title: ESB-2007.0828 -- [UNIX/Linux][Debian] -- New xfce4-terminal packages
fix arbitrary command execution
Date: 24 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8255
Title: ESB-2007.0827 -- [UNIX/Linux][OSX] -- util-linux: Local privilege
escalation
Date: 23 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8253
Title: ESB-2007.0826 -- [Win][UNIX/Linux][RedHat][OSX] -- Important: flac
security update
Date: 23 October 2007
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Debian GNU/Linux, Other BSD
Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other
Linux Variants, Windows XP, Red Hat Linux, Windows NT 4, Mac OS X,
HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/8252
Title: ESB-2007.0825 -- [RedHat] -- Important: kernel security update
Date: 23 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8251
Title: ESB-2007.0824 -- [Win] -- Update available for vulnerability in
versions 8.1 and earlier of Adobe Reader and Acrobat
Date: 25 October 2007
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/8250
Title: ESB-2007.0823 -- [Win] -- RealPlayer playlist name stack buffer
overflow
Date: 22 October 2007
OS: Windows 98/98SE, Windows 2003, Windows 2000, Windows XP, Windows NT 4,
Windows Vista, Windows ME
URL: http://www.auscert.org.au/8249
Title: ESB-2007.0822 -- [RedHat] -- Moderate: thunderbird security update
Date: 22 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8248
Title: ESB-2007.0821 -- [RedHat] -- Critical: seamonkey security update
Date: 22 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8247
Title: ESB-2007.0820 -- [RedHat] -- Critical: firefox security update
Date: 22 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8246
Title: ESB-2007.0819 -- [Win] -- CA Host-Based Intrusion Prevention System (CA
HIPS) Server Vulnerability
Date: 22 October 2007
OS: Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8245
Title: ESB-2007.0818 -- [Cisco] -- Cisco Security Response: Extensible
Authentication Protocol Vulnerability
Date: 25 October 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8244
Title: ESB-2007.0817 -- [Win][UNIX/Linux][Debian] -- New xulrunner packages
fix several vulnerabilities
Date: 22 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants,
Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8243
Title: ESB-2007.0816 -- [UNIX/Linux][Debian][OSX] -- New icedove packages fix
several vulnerabilities
Date: 22 October 2007
OS: Solaris, HP Tru64 UNIX, Debian GNU/Linux, Other BSD Variants, IRIX,
OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX,
AIX
URL: http://www.auscert.org.au/8242
Title: ESB-2007.0815 -- [Solaris] -- Security Vulnerabilities in Solaris
Kernel Statistics Retrieval Process May Allow a Denial of Service (DoS)
Date: 26 October 2007
OS: Solaris
URL: http://www.auscert.org.au/8241
Title: ESB-2007.0812 -- [Win][UNIX/Linux] -- New zoph packages fix SQL
injection
Date: 25 October 2007
OS: Windows ME, Windows Vista, AIX, HP-UX, Mac OS X, Windows NT 4, Red Hat
Linux, Windows XP, Other Linux Variants, FreeBSD, Windows 2000,
OpenBSD, Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux,
Windows 98/98SE, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8233
Title: ESB-2007.0810 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Drupal
Date: 23 October 2007
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8230
Title: ESB-2007.0803 -- [Cisco] -- Multiple Vulnerabilities in Cisco PIX and
ASA Appliances
Date: 22 October 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8222
Title: ESB-2007.0802 -- [Cisco] -- Multiple Vulnerabilities in Firewall
Services Module
Date: 22 October 2007
OS: Cisco Products
URL: http://www.auscert.org.au/8221
Title: ESB-2007.0789 -- [Win][Linux][HP-UX][Solaris] -- HP Oracle for OpenView
(OfO) Critical Patch Update October 2006
Date: 26 October 2007
OS: HP-UX, Red Hat Linux, Other Linux Variants, Windows 2000, Windows 2003,
Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/6910
Title: ESB-2007.0788 -- [RedHat] -- Important: openssl security update
Date: 23 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8202
Title: ESB-2007.0752 -- [Win][Linux][Solaris] -- An Untrusted Java Web Start
Application or Java Applet May Move or Copy Arbitrary Files by
Requesting the User to Drag and Drop a File from Application or Applet
Window to a Desktop Application
Date: 24 October 2007
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Solaris
URL: http://www.auscert.org.au/8157
Title: ESB-2007.0717 -- [RedHat] -- Moderate: php security update
Date: 26 October 2007
OS: Red Hat Linux
URL: http://www.auscert.org.au/8110
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 367 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20071026/bfa24328/attachment.sig>
More information about the AusNOG
mailing list