[AusNOG] AusCERT Week in Review - Week Ending 18/01/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Jan 18 17:23:55 EST 2008
AusCERT Week in Review
18 January 2008
AusCERT in the Media:
---------------------
Papers, Articles and other documents:
-------------------------------------
Web Log Entries:
----------------
Title: Have you flashed your router?
Date: 14 January 2008
URL: http://www.auscert.org.au/8643
Title: Everything old is new again - MBR Rootkits?
Date: 13 January 2008
URL: http://www.auscert.org.au/8635
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0013 -- [Win] -- Vulnerability in Citrix Presentation Server
could result in arbitrary code execution
Date: 18 January 2008
URL: http://www.auscert.org.au/8664
Title: AA-2008.0014 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in VLC
Player
Date: 18 January 2008
URL: http://www.auscert.org.au/8665
Title: AA-2008.0011 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities in Horde
Products
Date: 17 January 2008
URL: http://www.auscert.org.au/8657
Title: AA-2008.0012 -- [Linux] -- Permission Bypass Vulnerability in Linux
Kernel
Date: 17 January 2008
URL: http://www.auscert.org.au/8658
Title: AA-2008.0004 -- [Appliance] -- Denial of Service vulnerability in
Ingate Firewall and SIParator
Date: 16 January 2008
URL: http://www.auscert.org.au/8617
Title: AL-2008.0007 -- [Win][OSX] -- QuickTime 7.4 Released to fix multiple
vulnerabilities
Date: 16 January 2008
URL: http://www.auscert.org.au/8644
Title: AL-2008.0008 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update - 26
vulnerabilities in Oracle
Date: 16 January 2008
URL: http://www.auscert.org.au/8649
Title: AA-2008.0010 -- [Win][UNIX/Linux] -- Denial of Service (Dos)
vulnerability reported in Mambo
Date: 16 January 2008
URL: http://www.auscert.org.au/8652
Title: AL-2008.0009 -- [Win][OSX] -- Reported Vulnerability in Microsoft Excel
- Remote Code Execution
Date: 15 January 2008
URL: http://www.auscert.org.au/8654
Title: AA-2008.0006 -- [Win] -- IBM Tivoli Storage Manager Express Heap
Overflow
Date: 15 January 2008
URL: http://www.auscert.org.au/8632
Title: AL-2008.0005 -- [Win][UNIX/Linux] -- SAP MaxDB Arbitrary Code Execution
Vulnerability
Date: 15 January 2008
URL: http://www.auscert.org.au/8640
Title: AL-2008.0006 -- [Win][UNIX/Linux] -- Multiple Vulnerabilities in yaSSL
Date: 15 January 2008
URL: http://www.auscert.org.au/8641
Title: AA-2008.0009 -- [UNIX/Linux] -- Multiple vulnerabilities in Apache
Modules
Date: 15 January 2008
URL: http://www.auscert.org.au/8642
Title: AL-2008.0004 -- [Win][Mac][OSX] -- Apple QuickTime RTSP Response
message Reason-Phrase buffer overflow vulnerability
Date: 14 January 2008
URL: http://www.auscert.org.au/8631
Title: AA-2008.0007 -- [Win][UNIX/Linux] -- Joomla! 1.0.14 RC1 released
correcting multiple security vulnerabilities
Date: 14 January 2008
URL: http://www.auscert.org.au/8633
Title: AA-2008.0008 -- [UNIX/Linux] -- Buffer overflow vulnerability in
xine-lib
Date: 14 January 2008
URL: http://www.auscert.org.au/8634
External Security Bulletins:
----------------------------
Title: ESB-2007.1047 -- [Solaris] -- Security Vulnerabilities in the Apache
1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross
Site Scripting (XSS) or Denial of Service (DoS).
Date: 14 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8548
Title: ESB-2007.0778 -- [Solaris] -- Multiple Security Issues Within The X
Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers
Date: 17 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8192
Title: ESB-2007.0737 -- [Win][Linux][HP-UX][Solaris] -- Installation of Sun
Java System Access Manager 7.1 on Sun Java System Application Server
9.1 or 8.x May Compromise Application Server Security
Date: 15 January 2008
OS: Solaris, HP-UX, Red Hat Linux, Windows 2003, Windows 2000, Windows XP
URL: http://www.auscert.org.au/8141
Title: ESB-2008.0067 -- [Win][UNIX/Linux] -- Adobe Security Bulletins -
January 2008
Date: 17 January 2008
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Windows Vista, Windows 2003, Windows 2000, Windows XP, Mac OS X
URL: http://www.auscert.org.au/8663
Title: ESB-2008.0066 -- [Win][UNIX/Linux] -- HP Oracle for OpenView (OfO)
Critical Patch Update January 2008
Date: 18 January 2008
OS: Windows Vista, HP-UX, Red Hat Linux, Windows XP, Other Linux Variants,
Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX,
Solaris
URL: http://www.auscert.org.au/8662
Title: ESB-2008.0065 -- [Debian] -- New xorg-server packages fix several
vulnerabilities
Date: 18 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8661
Title: ESB-2008.0064 -- [UNIX/Linux][Debian] -- New apt-listchanges packages
fix arbitrary code execution
Date: 18 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8660
Title: ESB-2008.0063 -- [RedHat] -- Important: xorg-x11 security update
Date: 18 January 2008
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/8659
Title: ESB-2008.0062 -- [Win][UNIX/Linux][Ubuntu] -- boost vulnerabilities
Date: 17 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8656
Title: ESB-2008.0061 -- [Cisco] -- Cisco Unified Communications Manager CTL
Provider Heap Overflow
Date: 17 January 2008
OS: Cisco Products
URL: http://www.auscert.org.au/8655
Title: ESB-2008.0060 -- [Solaris] -- Security Vulnerability in the libxml2
Library may Lead to a Denial of Service (DoS)
Date: 16 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8653
Title: ESB-2008.0059 -- [Appliance] -- Storage Management Appliance (SMA),
Microsoft Patch Applicability MS08-001 to MS08-002
Date: 16 January 2008
URL: http://www.auscert.org.au/8651
Title: ESB-2008.0058 -- [HP-UX] -- HP-UX Running X Font Server (xfs) Software,
Remote Execution of Arbitrary Code
Date: 16 January 2008
OS: HP-UX
URL: http://www.auscert.org.au/8650
Title: ESB-2008.0057 -- [UNIX/Linux][Debian] -- New syslog-ng packages fix
denial of service
Date: 16 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8648
Title: ESB-2008.0056 -- [RedHat] -- Moderate: apache security updates
Date: 16 January 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8647
Title: ESB-2008.0055 -- [Win][UNIX] -- TIBCO SmartSockets RTServer Multiple
Vulnerabilities
Date: 16 January 2008
OS: Solaris, HP Tru64 UNIX, Other BSD Variants, IRIX, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, HP-UX, AIX
URL: http://www.auscert.org.au/8646
Title: ESB-2008.0054 -- [Appliance] -- iPhone v1.1.3 and iPod touch v1.1.3
Date: 16 January 2008
URL: http://www.auscert.org.au/8645
Title: ESB-2008.0053 -- [FreeBSD] -- libc inet_network() buffer overflow
Date: 15 January 2008
OS: FreeBSD
URL: http://www.auscert.org.au/8639
Title: ESB-2008.0052 -- [FreeBSD] -- Multiple vulnerabilities in FreeBSD pty
handling
Date: 15 January 2008
OS: FreeBSD
URL: http://www.auscert.org.au/8638
Title: ESB-2008.0051 -- [Debian] -- New postgresql-7.4 packages fix several
vulnerabilities
Date: 15 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8637
Title: ESB-2008.0050 -- [Win][UNIX/Linux] -- Drupal Meta Tags / Nodewords
(third-party module) Arbitrary Code Execution
Date: 15 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8636
Title: ESB-2008.0049 -- [Solaris] -- Multiple Security Vulnerabilities in
PostgreSQL Shipped with Solaris 10 May Allow Elevation of Privileges or
Denial of Service (DoS)
Date: 14 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8630
Title: ESB-2008.0048 -- [Solaris] -- Security Vulnerability in Solaris 10
Related to the dotoprocs() Routine
Date: 14 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8629
Title: ESB-2008.0047 -- [Solaris] -- A Security Vulnerability in
libdevinfo(3LIB) May Allow Unauthorized Access to Files on the System
Date: 14 January 2008
OS: Solaris
URL: http://www.auscert.org.au/8628
Title: ESB-2008.0046 -- [RedHat] -- Moderate: postgresql security update
Date: 14 January 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8627
Title: ESB-2008.0045 -- [RedHat] -- Important: libxml2 security update
Date: 14 January 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8626
Title: ESB-2008.0044 -- [Debian] -- New hplip packages fix privilege
escalation
Date: 14 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8625
Title: ESB-2008.0043 -- [Win][UNIX/Linux][Debian] -- New libxml2 packages fix
denial of service
Date: 14 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8624
Title: ESB-2008.0042 -- [Debian] -- New postgresql-8.1 packages fix several
vulnerabilities
Date: 14 January 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8623
Title: ESB-2008.0041 -- [UNIX/Linux][Debian] -- New gforge packages fix SQL
injection
Date: 14 January 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8622
Title: ESB-2008.0040 -- [Win][UNIX/Linux] -- Multiple Security Vulnerabilities
in the Sun Java System Identity Manager May Allow HTML Injection,
Cross-Site Scripting Exploits or Unauthorized Redirection
Date: 18 January 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8620
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list