[AusNOG] AusCERT Week in Review - Week Ending 04/07/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Jul 4 15:49:45 EST 2008
AusCERT Week in Review
04 July 2008
Papers, Articles and other documents:
- - -------------------------------------
Title: Compromised Account Details and Logging FAQ
Date: 03 July 2008
URL: http://www.auscert.org.au/9536
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0149 -- [Win][UNIX/Linux] -- Opera has released a new version
(9.5.1) correcting 3 vulnerabilities (4 in the windows version)
Date: 04 July 2008
URL: http://www.auscert.org.au/9538
Title: AA-2008.0147 -- [Win][UNIX/Linux] -- Firefox 2.0.0.15 and SeaMonkey
1.1.10 have been released correcting 12 and 13 security vulnerabilities
respectively.
Date: 03 July 2008
URL: http://www.auscert.org.au/9531
Title: AA-2008.0148 -- [Win][UNIX/Linux] -- Thunderbird 2.0.0.14 is vulnerable
to five of the recent security vulnerabilities in AA-2008.0147
Date: 03 July 2008
URL: http://www.auscert.org.au/9537
Title: AA-2008.0145 -- [Win][UNIX/Linux] -- Wireshark 1.0.1 has been released
correcting five (5) vulnerabilities
Date: 02 July 2008
URL: http://www.auscert.org.au/9528
Title: AA-2008.0146 -- [Appliance] -- F5 Networks have released an update to
FirePass to prevent a cross-site scripting (XSS) vulnerability.
Date: 02 July 2008
URL: http://www.auscert.org.au/9530
Title: AA-2008.0143 -- [Appliance] -- Avaya has released three (3) security
bulletins correcting multiple vulnerabilities in multiple products.
Date: 30 June 2008
URL: http://www.auscert.org.au/9518
Title: AA-2008.0144 -- [Win][Appliance] -- Nortel has released four (4)
security bulletins correcting three (3) DoS vulnerabilities and a
vulnerability allowing an attacker to send unsolicited (SPIT) messages.
Date: 30 June 2008
URL: http://www.auscert.org.au/9519
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0804 -- [Win][UNIX/Linux] -- Two Security Vulnerabilities in
the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be
Modified or Allow for Arbitrarily Large Files to be Created
Date: 30 June 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8223
Title: ESB-2008.0668 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in four
Drupal third-party modules
Date: 03 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9535
Title: ESB-2008.0667 -- [RedHat][Solaris] -- Important: rhpki-common security
update
Date: 03 July 2008
OS: Solaris, Red Hat Linux
URL: http://www.auscert.org.au/9534
Title: ESB-2008.0666 -- [RedHat] -- Moderate: Red Hat Application Stack v2.1
security and enhancement update
Date: 03 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9533
Title: ESB-2008.0665 -- [RedHat] -- Critical: firefox security update
Date: 03 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9532
Title: ESB-2008.0664 -- [Win][Linux] -- HP System Management Homepage (SMH)
for Linux and Windows, Remote Cross Site Scripting (XSS)
Date: 02 July 2008
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/9529
Title: ESB-2008.0663 -- [Solaris] -- Security Vulnerabilities in Tomcat 4.0
Shipped with Solaris 9 and 10
Date: 02 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9527
Title: ESB-2008.0662 -- [UNIX/Linux][Debian] -- New sympa packages fix denial
of service
Date: 02 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9526
Title: ESB-2008.0661 -- [Win][UNIX/Linux] -- phpMyAdmin before 2.11.7 is
vulnerabile to a Cross-site Scripting attack
Date: 01 July 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9525
Title: ESB-2008.0660 -- [OSX] -- Security Update 2008-004 and Mac OS X v10.5.4
released
Date: 01 July 2008
OS: Mac OS X
URL: http://www.auscert.org.au/9524
Title: ESB-2008.0659 -- [OSX] -- Safari 3.1.2 for Mac OS X v10.4.11 released
Date: 01 July 2008
OS: Mac OS X
URL: http://www.auscert.org.au/9523
Title: ESB-2008.0658 -- [RedHat] -- Moderate: Red Hat Network Satellite Server
Solaris client security update
Date: 01 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9522
Title: ESB-2008.0657 -- [RedHat] -- Low: Red Hat Network Satellite Server
security update
Date: 01 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9521
Title: ESB-2008.0656 -- [RedHat] -- Low: Red Hat Network Proxy Server security
update
Date: 01 July 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/9520
Title: ESB-2008.0655 -- [Win][UNIX/Linux] -- Caucho Resin is vulnerable to XSS
via "file" parameter to "viewfile"
Date: 03 July 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/9517
Title: ESB-2008.0654 -- [Solaris] -- A Security Vulnerability in the Solaris
snmpXdmid(1M) may lead to a Denial of Service (DoS) condition
Date: 03 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9516
Title: ESB-2008.0653 -- [Win][Linux][Solaris] -- Sun Java System Access
Manager Does Not Securely Process XSLT Stylesheets contained in XML
Signatures contained in XML Signatures
Date: 03 July 2008
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/9515
Title: ESB-2008.0629 -- [Win] -- Novell iPrint Client ActiveX control stack
buffer overflows
Date: 01 July 2008
OS: Windows ME, Windows Vista, Windows NT 4, Server 2008, Windows XP,
Windows 2000, Windows 2003, Windows 98/98SE
URL: http://www.auscert.org.au/9477
Title: ESB-2008.0592 -- [Win][Linux][HP-UX][Solaris] -- HPSBMA02338
SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV
NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
Date: 01 July 2008
OS: HP-UX, Red Hat Linux, Other Linux Variants, Windows 2000, Windows 2003,
Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/9420
Title: ESB-2008.0465 -- [Solaris] -- Security Vulnerability in Solaris SSH May
Allow Unauthorized Access to X11 Sessions
Date: 04 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9232
Title: ESB-2008.0413 -- [Solaris] -- Multiple Security Vulnerabilities May
Affect MySQL 4.0.x Bundled With Solaris 10
Date: 02 July 2008
OS: Solaris
URL: http://www.auscert.org.au/9169
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list