[AusNOG] AusCERT Week in Review - Week Ending 05/12/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Dec 5 17:47:04 EST 2008
AusCERT Week in Review
05 December 2008
AusCERT in the Media:
- - ---------------------
Cybercriminals need to be punished
Secure Computing, Australia
2 hours ago
http://www.securecomputing.net.au/News/130279,cybercriminals-need-to-be-punished.aspx
APCERT Nails Down Online Underground Economy In Regional Drill <b>...</b>
Bernama, Malaysia
23 hours ago
http://www.bernama.com/bernama/v5/newsbusiness.php?id=376291
Online Banking Security Myths Debunked
Lifehacker Australia, Australia
Dec 3, 2008
http://www.lifehacker.com.au/tips/2008/12/04/online_banking_security_myths_debunked.html
Naked Mac versus protected PC: What wins?
ZDNet.com.au, Australia
Dec 2, 2008
http://www.zdnet.com.au/blogs/securifythis/soa/Naked-Mac-versus-protected-PC-What-wins-/0,139033343,339293605,00.htm
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0230 -- [UNIX/Linux] -- ClamAV version 0.94.1 released
Date: 05 December 2008
URL: http://www.auscert.org.au/10059
Title: AA-2008.0245 -- [Win][UNIX/Linux] -- A denial of service vulnerability
has been found in ClamAV
Date: 05 December 2008
URL: http://www.auscert.org.au/10136
Title: AL-2008.0117 -- [Win] -- SPAM email with potentially malicious fake
"antivirus" link
Date: 05 December 2008
URL: http://www.auscert.org.au/10146
Title: AA-2008.0241 -- [Win][UNIX/Linux] -- WordPress 2.6.5 has been released
Date: 03 December 2008
URL: http://www.auscert.org.au/10118
Title: AA-2008.0244 -- [Win][UNIX/Linux] -- Buffer overflow in VLC Media
Player
Date: 02 December 2008
URL: http://www.auscert.org.au/10130
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1096 -- [UNIX/Linux][Ubuntu] -- nfs-utils vulnerability
Date: 05 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10147
Title: ESB-2008.1095 -- [Debian] -- New Linux 2.6.24 packages fix several
vulnerabilities
Date: 05 December 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10145
Title: ESB-2008.1094 -- [Debian] -- New clamav packages fix potential code
execution
Date: 05 December 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10144
Title: ESB-2008.1093 -- [RedHat] -- Critical: java-1.6.0-sun security update
Date: 05 December 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10143
Title: ESB-2008.1092 -- [RedHat] -- Moderate: ruby security update
Date: 05 December 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10142
Title: ESB-2008.1091 -- [RedHat] -- Moderate: Red Hat Application Stack v2.2
security and enhancement update
Date: 05 December 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10141
Title: ESB-2008.1090 -- [Win][UNIX/Linux] -- Sun Releases Updates for Java
Runtime Environment (JRE) and Java SE Development Kit (JDK)
Date: 05 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10140
Title: ESB-2008.1089 -- [Win][UNIX/Linux] -- SQL injection vulnerability in
Storm Project Drupal project
Date: 04 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10139
Title: ESB-2008.1088 -- [HP-UX] -- A Local Denial of Service Vulnerability has
been corrected in HP-UX
Date: 04 December 2008
OS: HP-UX
URL: http://www.auscert.org.au/10138
Title: ESB-2008.1087 -- [Win][UNIX/Linux] -- New awstats packages fix
cross-site scripting
Date: 04 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10137
Title: ESB-2008.1086 -- [Win][VMware ESX][OSX] -- Two vulnerabilities in
VMware products have been corrected
Date: 04 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux, Mac
OS X, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10135
Title: ESB-2008.1085 -- [Win][UNIX/Linux][Debian] -- New perl packages fix
privilege escalation
Date: 04 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10134
Title: ESB-2008.1084 -- [UNIX/Linux][Debian] -- New CUPS packages fix
arbitrary code execution
Date: 03 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10131
Title: ESB-2008.1083 -- [Win][UNIX/Linux][Debian] -- New phpmyadmin packages
fix cross site scripting
Date: 02 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10129
Title: ESB-2008.1082 -- [Debian] -- New wireshark packages fix several
vulnerabilities
Date: 01 December 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10128
Title: ESB-2008.1081 -- [UNIX/Linux] -- New imlib2 packages fix arbitrary code
execution
Date: 01 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10127
Title: ESB-2008.1080 -- [Win] -- BlackBerry Desktop Software buffer overflow
vulnerability
Date: 01 December 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10126
Title: ESB-2008.0581 -- [Solaris] -- rpc.ypupdated(1M) may allow execution of
Arbitrary Code when run in Insecure Mode
Date: 05 December 2008
OS: Solaris
URL: http://www.auscert.org.au/9397
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list