[AusNOG] AusCERT Week in Review - Week Ending 18/04/2008 (AUSCERT#20073F686)
Macleonard Starkey
macleonard at auscert.org.au
Fri Apr 18 17:18:50 EST 2008
AusCERT Week in Review
18 April 2008
AusCERT in the Media:
---------------------
Business falling victim to phone hackers
SmartCompany.com.au, Australia
4 hours ago
http://www.smartcompany.com.au/Free-Articles/The-Briefing/20080418-Business-falling-victim-to-phone-hackers-.html
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0092 -- [UNIX/Linux] -- ClamAV multiple denial of service
vulnerabilities
Date: 18 April 2008
URL: http://www.auscert.org.au/9156
Title: AL-2008.0047 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
Pre-Release Notification
Date: 18 April 2008
URL: http://www.auscert.org.au/9124
Title: AA-2008.0089 -- [Win][UNIX/Linux] -- Coppermine Photo Gallery SQL
Injection
Date: 18 April 2008
URL: http://www.auscert.org.au/9126
Title: AL-2008.0051 -- [Win][UNIX/Linux] -- OpenOffice Arbitrary Code
Execution Vulnerabilities
Date: 18 April 2008
URL: http://www.auscert.org.au/9143
Title: AA-2008.0093 -- [Win] -- IIS Privilege Escalation Vulnerability
Date: 18 April 2008
URL: http://www.auscert.org.au/9157
Title: AL-2008.0049 -- [Win][OSX] -- Safari 3.1.1 Released fixing multiple
vulnerabilities
Date: 17 April 2008
URL: http://www.auscert.org.au/9137
Title: AL-2008.0050 -- [Win][UNIX/Linux] -- New Firefox, Thunderbird and
Seamonkey Versions Fix JavaScript Engine Vulnerability
Date: 17 April 2008
URL: http://www.auscert.org.au/9139
Title: AL-2008.0125 -- [Win][UNIX/Linux] -- Squid - Denial of service in cache
updates
Date: 16 April 2008
URL: http://www.auscert.org.au/8467
Title: AA-2008.0077 -- [Win][UNIX/Linux] -- Opera version 9.27 released fixing
several vulnerabilities
Date: 16 April 2008
URL: http://www.auscert.org.au/9068
Title: AA-2008.0082 -- [Win][UNIX/Linux] -- Cross site scripting vulnerability
in Blackboard Academic Suite
Date: 16 April 2008
URL: http://www.auscert.org.au/9086
Title: AL-2008.0048 -- [VMware ESX] -- Moderate Updated Service Console
packages pcre, net-snmp, and OpenPegasus
Date: 16 April 2008
URL: http://www.auscert.org.au/9131
Title: AA-2008.0090 -- [Win][Linux][Solaris] -- Denial of Service
vulnerability in Novell eDirectory
Date: 16 April 2008
URL: http://www.auscert.org.au/9132
Title: AA-2008.0091 -- [Win] -- Local vulnerability in Symantec Altiris
Deployment Solution
Date: 16 April 2008
URL: http://www.auscert.org.au/9133
Title: AA-2008.0088 -- [Win][Appliance] -- Tumbleweed SecureTransport
FileTransfer ActiveX Buffer Overflow Vulnerability
Date: 14 April 2008
URL: http://www.auscert.org.au/9122
External Security Bulletins:
----------------------------
Title: ESB-2008.0862 -- [Solaris] -- Security Vulnerability in GIMP(1) May
Lead to Denial of Service (DoS) or Execution of Arbitrary Code
Date: 18 April 2008
OS: Solaris
URL: http://www.auscert.org.au/7001
Title: ESB-2008.0405 -- [Win][Linux][HP-UX][Solaris] -- HPSBMA02133 SSRT061201
rev.8 - HP Oracle for OpenView (OfO) Critical Patch Update
Date: 18 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Windows 2003, Windows
2000, Other Linux Variants, Server 2008, Red Hat Linux, HP-UX
URL: http://www.auscert.org.au/9155
Title: ESB-2008.0404 -- [Win][UNIX/Linux] -- BIND 9.3.5 released fixing
arbitrary code execution vulnerabilities
Date: 18 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Server 2008, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9154
Title: ESB-2008.0403 -- [RedHat] -- Important: xpdf security update
Date: 18 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9153
Title: ESB-2008.0402 -- [UNIX/Linux][RedHat] -- Important: poppler security
update
Date: 18 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9152
Title: ESB-2008.0401 -- [UNIX/Linux][RedHat] -- Important: kdegraphics
security update
Date: 18 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9151
Title: ESB-2008.0400 -- [Appliance] -- HPSBST02329 SSRT080048 rev.1 - Storage
Management Appliance (SMA), Microsoft Patch Applicability MS08-018 to
MS08-025
Date: 18 April 2008
OS: Windows 2000
URL: http://www.auscert.org.au/9150
Title: ESB-2008.0399 -- [Linux][HP-UX] -- HPSBMA02328 SSRT071293 rev.2 - HP
OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross
Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code
Date: 18 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
HP-UX
URL: http://www.auscert.org.au/9149
Title: ESB-2008.0398 -- [UNIX/Linux][Debian] -- New suphp packages fix local
privilege escalation
Date: 18 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/9148
Title: ESB-2008.0397 -- [Debian] -- New clamav packages fix several
vulnerabilities
Date: 18 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9147
Title: ESB-2008.0396 -- [UNIX/Linux][Debian] -- New xpdf packages fix
arbitrary code execution
Date: 18 April 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, OpenBSD,
FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/9146
Title: ESB-2008.0395 -- [RedHat] -- Important: openoffice.org security update
Date: 18 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9145
Title: ESB-2008.0394 -- [Debian] -- New OpenOffice.org packages fix arbitrary
code execution
Date: 18 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9144
Title: ESB-2008.0393 -- [Win][UNIX/Linux] -- Important: speex security update
Date: 18 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9142
Title: ESB-2008.0392 -- [FreeBSD] -- OpenSSH X11-forwarding privilege
escalation
Date: 18 April 2008
OS: FreeBSD
URL: http://www.auscert.org.au/9141
Title: ESB-2008.0391 -- [RedHat] -- Firefox and Seamonkey Security Updates
Date: 17 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9140
Title: ESB-2008.0390 -- [RedHat] -- Moderate: ImageMagick security update
Date: 17 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9138
Title: ESB-2008.0389 -- [Appliance] -- Cisco Network Admission Control Shared
Secret Vulnerability
Date: 17 April 2008
OS: Cisco Products
URL: http://www.auscert.org.au/9136
Title: ESB-2008.0388 -- [RedHat] -- Critical: redhat-ds-admin security update
Date: 17 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9135
Title: ESB-2008.0387 -- [RedHat] -- Important: Red Hat Directory Server 7.1
Service Pack 5 security update
Date: 17 April 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9134
Title: ESB-2008.0386 -- [UNIX/Linux] -- Multiple vulnerabilities in IBM DB2
Universal Database
Date: 16 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9130
Title: ESB-2008.0385 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
ClamAV
Date: 16 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/9129
Title: ESB-2008.0384 -- [UNIX/Linux] -- libpng: Execution of arbitrary code
Date: 16 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9128
Title: ESB-2008.0383 -- [Ubuntu] -- Squid vulnerability
Date: 16 April 2008
OS: Ubuntu
URL: http://www.auscert.org.au/9127
Title: ESB-2008.0382 -- [Win][UNIX/Linux] -- Multiple buffer overflow
vulnerabilities in Python
Date: 15 April 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9125
Title: ESB-2008.0356 -- [Debian] -- New lighttpd packages fix denial of
service
Date: 16 April 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9081
Title: ESB-2008.0355 -- [Linux] -- Webwasher Denial of Service Vulnerability
Date: 16 April 2008
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/9079
Title: ESB-2008.0350 -- [Win][UNIX/Linux] -- Webform (Drupal third-party
module) Cross site scripting vulnerabilities
Date: 16 April 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9070
Title: ESB-2008.0340 -- [Win][UNIX/Linux] -- Flickr and Ubercart (Drupal
third-party module) Cross site scripting vulnerabilities
Date: 16 April 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9056
Title: ESB-2008.0326 -- [VMware ESX] -- Updated libxml2 service console
package
Date: 14 April 2008
OS: Virtualisation
URL: http://www.auscert.org.au/9037
Title: ESB-2008.0231 -- [VMware ESX] -- Updated e2fsprogs service console
package
Date: 14 April 2008
OS: Virtualisation
URL: http://www.auscert.org.au/8907
Title: ESB-2008.0189 -- [VMware ESX] -- Moderate: Updated aacraid driver and
samba and python service console updates
Date: 16 April 2008
OS: Virtualisation, Other Linux Variants
URL: http://www.auscert.org.au/8849
Title: ESB-2008.0024 -- [VMware ESX] -- Low severity security update for
VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
Date: 16 April 2008
OS: Virtualisation
URL: http://www.auscert.org.au/8598
===========================================================================
Australian Computer Emergency Response Team
he University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list