[AusNOG] AusCERT Week in Review - Week Ending 04/01/2008 (AUSCERT#20073F686)
Matthew Braid
mdb at auscert.org.au
Fri Jan 4 17:23:57 EST 2008
AusCERT Week in Review
04 January 2008
AusCERT in the Media:
---------------------
2007: How was it for security?
ZDNet.com.au, Australia
Dec 30, 2007
http://www.zdnet.com.au/news/security/soa/2007-How-was-it-for-security-/0,130061744,339284667,00.htm
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: Bits and ports
Date: 30 December 2007
URL: http://www.auscert.org.au/8569
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0001 -- [Win][UNIX/Linux] -- Multiple browsers may allow SSL
spoofing
Date: 02 January 2008
URL: http://www.auscert.org.au/8571
Title: AA-2007.0113 -- [Win][UNIX/Linux] -- Mozilla Firefox 2.0.0.10 Released
Date: 31 December 2008
URL: http://www.auscert.org.au/8420
Title: AA-2007.0125 -- [Win][UNIX/Linux] -- Dokeos 1.8.4 Cross Site Scripting
(XSS) vulnerability
Date: 31 December 2008
URL: http://www.auscert.org.au/8554
Title: AA-2007.0129 -- [Win][UNIX/Linux] -- TikiWiki 1.9.9 has been released
fixing four security flaws
Date: 31 December 2008
URL: http://www.auscert.org.au/8561
External Security Bulletins:
----------------------------
Title: ESB-2007.1058 -- [UNIX/Linux] -- Denial of Service vulnerability has
been discovered in Syslog-ng
Date: 31 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8568
Title: ESB-2007.1057 -- [Win][UNIX/Linux][Debian] -- New libsndfile packages
fix arbitrary code execution
Date: 31 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8567
Title: ESB-2007.1056 -- [Win][UNIX/Linux][Debian] -- New peercast packages fix
arbitrary code execution
Date: 31 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8566
Title: ESB-2007.1055 -- [Linux][Debian] -- New inotify-tools packages fix
arbitrary code execution
Date: 31 December 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/8565
Title: ESB-2007.1054 -- [UNIX/Linux][Debian] -- New typo3-src packages fix SQL
injection
Date: 31 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8564
Title: ESB-2007.1053 -- [UNIX/Linux][Debian] -- New tar packages fix several
vulnerabilities
Date: 31 December 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8563
Title: ESB-2007.1050 -- [Win] -- HP Software Update Running on Windows, Remote
Execution of Arbitrary Code
Date: 03 January 2008
OS: Windows Vista, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8552
Title: ESB-2007.1048 -- [Win][UNIX/Linux][Solaris] -- Cross-site Scripting
Vulnerability in Sun Java System Web Server and Web Proxy Server
Date: 31 December 2008
OS: Windows Vista, AIX, HP-UX, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/8550
Title: ESB-2007.1041 -- [Win] -- Cross-site scripting vulnerability in legacy
versions of Citrix Web Interface
Date: 31 December 2008
OS: Windows Vista, Windows XP, Windows 2000, Windows 2003
URL: http://www.auscert.org.au/8540
Title: ESB-2008.0007 -- [Win][UNIX/Linux] -- Vulnerabilities in some SWF files
could allow cross-site scripting
Date: 04 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8578
Title: ESB-2008.0006 -- [Win][UNIX/Linux] -- Flash Player update available to
address security vulnerabilities
Date: 04 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8577
Title: ESB-2008.0005 -- [UNIX/Linux][Debian] -- New tcpreen packages fix
denial of service
Date: 04 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8576
Title: ESB-2008.0004 -- [UNIX/Linux][Debian] -- New maradns packages fix
denial of service
Date: 04 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8575
Title: ESB-2008.0003 -- [Debian] -- New wireshark packages fix denial of
service
Date: 04 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8574
Title: ESB-2008.0002 -- [Debian] -- New php5 packages fix several
vulnerabilities
Date: 04 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8573
Title: ESB-2008.0001 -- [UNIX/Linux][Appliance] -- Asterisk Remote Crash
Vulnerability in SIP channel driver
Date: 03 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8572
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list