[AusNOG] AusCERT Week in Review - Week Ending 22/02/2008 (AUSCERT#20073F686)
Damien Curtain
damien at auscert.org.au
Fri Feb 22 16:25:06 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Week in Review
22 February 2008
Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2008.0046 -- [Win][UNIX/Linux] -- Mambo and Joomla components - SQL
injections
Date: 22 February 2008
URL: http://www.auscert.org.au/8826
Title: AA-2008.0049 -- [Win][UNIX/Linux] -- Opera version 9.26 released fixing
several vulnerabilities
Date: 21 February 2008
URL: http://www.auscert.org.au/8843
Title: AA-2008.0050 -- [Win][UNIX/Linux] -- Multiple Horde products do not
properly check access rights
Date: 21 February 2008
URL: http://www.auscert.org.au/8844
Title: AA-2008.0047 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in IBM
DB2 9.1
Date: 20 February 2008
URL: http://www.auscert.org.au/8833
Title: AA-2008.0048 -- [Linux] -- Linux kernel 2.4 security update
Date: 20 February 2008
URL: http://www.auscert.org.au/8835
Title: AA-2008.0027 -- [Win][UNIX/Linux] -- Multiple SQL injection
vulnerabilities in Wordpress plugins
Date: 19 February 2008
URL: http://www.auscert.org.au/8730
Title: AA-2008.0045 -- [Win][UNIX/Linux] -- New Cacti release has multiple
vulnerability fixes
Date: 18 February 2008
URL: http://www.auscert.org.au/8812
External Security Bulletins:
- ----------------------------
Title: ESB-2007.1047 -- [Solaris] -- Security Vulnerabilities in the Apache
1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross
Site Scripting (XSS) or Denial of Service (DoS).
Date: 17 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8548
Title: ESB-2007.1032 -- [Linux][Solaris] -- Security Vulnerabilities in the
Sun Ray Device Manager Daemon
Date: 20 February 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8530
Title: ESB-2008.0196 -- [Win][Linux][HP-UX][Solaris][AIX] -- Veritas Storage
Foundation by Symantec: Veritas Enterprise Administrator, Heap Overflow
Date: 22 February 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8856
Title: ESB-2008.0195 -- [Win][UNIX/Linux][Ubuntu] -- Qt vulnerability
Date: 22 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/8855
Title: ESB-2008.0194 -- [Appliance] -- Storage Management Appliance (SMA),
Microsoft Patch Applicability MS08-003 to MS08-013
Date: 22 February 2008
URL: http://www.auscert.org.au/8854
Title: ESB-2008.0193 -- [Win][UNIX/Linux][Debian] -- New wordpress packages
fix multiple vulnerabilities
Date: 22 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8853
Title: ESB-2008.0192 -- [Debian] -- New dspam packages fix information
disclosure
Date: 22 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8852
Title: ESB-2008.0191 -- [UNIX/Linux][Debian] -- New splitvt packages fix
privilege escalation
Date: 22 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8851
Title: ESB-2008.0190 -- [AIX] -- IBM Pegasus CIM Server for Director on AIX
vulnerabilities
Date: 22 February 2008
OS: AIX
URL: http://www.auscert.org.au/8850
Title: ESB-2008.0189 -- [VMware ESX] -- Moderate: Updated aacraid driver and
samba and python service console updates
Date: 22 February 2008
OS: Other Linux Variants, Virtualisation
URL: http://www.auscert.org.au/8849
Title: ESB-2008.0188 -- [UNIX/Linux][RedHat] -- Important: cups security
update
Date: 22 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8848
Title: ESB-2008.0187 -- [RedHat] -- Moderate: tk security update
Date: 22 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8847
Title: ESB-2008.0186 -- [RedHat] -- Moderate: tcltk security update
Date: 22 February 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8846
Title: ESB-2008.0185 -- [UNIX/Linux][RedHat] -- Moderate: openldap security
update
Date: 22 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8845
Title: ESB-2008.0184 -- [Win] -- Possible Java plug-in vulnerability in Lotus
Notes
Date: 21 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8842
Title: ESB-2008.0183 -- [Win] -- Potential security issue with the Execution
Control List and Notes signatures on Java applets in Lotus Notes
Date: 22 February 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8841
Title: ESB-2008.0182 -- [Win] -- Symantec Altiris Notification Server Agent
Privilege Escalation Vulnerability
Date: 21 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8840
Title: ESB-2008.0181 -- [Win] -- Symantec Veritas Storage Foundation Scheduler
Service DoS Vulnerability
Date: 21 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8839
Title: ESB-2008.0180 -- [Win][UNIX/Linux] -- Unspecified vulnerability in the
Drupal Header Image Module
Date: 21 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8838
Title: ESB-2008.0179 -- [Win] -- EMC RepliStor Multiple Heap Overflow
Vulnerabilities
Date: 21 February 2008
OS: Windows 2003, Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8837
Title: ESB-2008.0178 -- [TRU64] -- HP Tru64 UNIX running Perl, Remote
Execution of Arbitrary Code
Date: 21 February 2008
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/8836
Title: ESB-2008.0177 -- [UNIX/Linux][Debian] -- New pcre3 packages fix
arbitrary code execution
Date: 20 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8834
Title: ESB-2008.0176 -- [Appliance] -- SOPHOS Email Security Appliance Cross
Site Scripting Vulnerability
Date: 22 February 2008
URL: http://www.auscert.org.au/8832
Title: ESB-2008.0175 -- [Win][Linux][Solaris] -- Lyris ListManager - Multiple
Vulnerabilities
Date: 20 February 2008
OS: Solaris, Windows 2003, Windows 2000, Windows XP, Red Hat Linux
URL: http://www.auscert.org.au/8831
Title: ESB-2008.0174 -- [Win][UNIX/Linux] -- BEA Systems release 21 security
advisories for multiple products
Date: 22 February 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8830
Title: ESB-2008.0173 -- [Win][UNIX/Linux][Debian] -- New libimager-perl
packages fix arbitrary code execution
Date: 20 February 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8829
Title: ESB-2008.0172 -- [Win] -- Patch available for RoboHelp Cross-Site
Scripting issue
Date: 19 February 2008
OS: Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/8828
Title: ESB-2008.0171 -- [Solaris] -- Security Vulnerability in the
vuidmice(7M) STREAMS Modules May Lead to a System Panic
Date: 22 February 2008
OS: Solaris
URL: http://www.auscert.org.au/8827
Title: ESB-2008.0170 -- [Debian] -- New clamav packages fix several
vulnerabilities
Date: 18 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8825
Title: ESB-2008.0164 -- [Win][Linux] -- F-Secure - Specially crafted CAB and
RAR archives can bypass antivirus scanning
Date: 18 February 2008
OS: Windows Vista, Red Hat Linux, Windows XP, Other Linux Variants, Windows
2000, Windows 2003, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/8818
Title: ESB-2008.0154 -- [Debian] -- New nagios-plugins packages fix several
vulnerabilities
Date: 18 February 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8804
Title: ESB-2008.0151 -- [Win] -- MS08-011 - Important - Vulnerabilities in
Microsoft Works File Converter Could Allow Remote Code Execution
Date: 22 February 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8801
Title: ESB-2008.0145 -- [Win][UNIX/Linux] -- New versions of Apache Tomcat
correct multiple vulnerabilities
Date: 21 February 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8779
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBR75cSSh9+71yA2DNAQLWyAP+NUqnFvQB1k8tMcpjOT2KImhHC+rDSK1I
EjDv6WDf3ELg4JcIvDuBUXN6Ask1BxvB1XJNfMTDpZsK+dVClABytqFoYaRYCToO
vxmyOPFzo7WH4/fzcbxgLjfjmJKAiKMZ3eWefnBhV9Pavensy6ONUKK6beHFPCuj
bKMyvlEMZsU=
=mG5r
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list