[AusNOG] AusCERT Week in Review - Week Ending 07/03/2008 (AUSCERT#20073F686)
Zane Jarvis
zane at auscert.org.au
Fri Mar 7 17:37:45 EST 2008
Greetings,
We have have released an update to our paper "Protecting your computer
from Malicious Code". This update includes information for Mac and Linux
based personal computers as well as an update of the content.
For those of who who jumped the gun and viewed it last week (it was linked
to from the "Practical Computer Security slides") you can now view the
updated version as the latest installment in Fraud Fortnight.
http://www.auscert.org.au/AntiMalware
More conference news, the schedule has been updated and the tutorial program
is now available:
http://conference.auscert.org.au/conf2008/program_schedule.html
Also for quick access the registration page (including tutorials) is available
from here:
http://conference.auscert.org.au/conf2008/reg_transition.php?type=delegate
I should also mention AusCERT is fifteen years old on the 8th of March. Happy
birthday to us... happy birthday to us... Ok I'll stop now.
Have a great weekend everyone - put down the keyboard!
Regards,
Zane Jarvis, Computer Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert at auscert.org.au
AusCERT in the Media:
- ---------------------
'Hacking attempts a threat to nation'
NEWS.com.au, Australia
46 minutes ago
http://www.news.com.au/story/0,23599,23335543-29277,00.html
Australia engages allies in cyber warfare
CIO Australia, Australia
1 hour ago
http://www.cio.com.au/index.php/id;1447007406
E-games to test infrastructure security
The Age, Australia
16 hours ago
http://news.theage.com.au/egames-to-test-infrastructure-security/20080306-1xnn.html
AusCERT: Web apps, social networks, virtualisation to attract more...
Search Security, Australia
Mar 3, 2008
http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=6101222
Papers, Articles and other documents:
- -------------------------------------
Title: Protecting your computer from Malicious Code
Date: 07 March 2008
URL: http://www.auscert.org.au/AntiMalware
Web Log Entries:
- ----------------
Alerts, Advisories and Updates:
- -------------------------------
Title: AA-2008.0061 -- [Win][UNIX/Linux] -- Squid Analysis Report Generator
(Sarg) Multiple vulnerabilities
Date: 07 March 2008
URL: http://www.auscert.org.au/8906
Title: AA-2008.0062 -- [Win][Linux][Solaris] -- Sun Java JRE and JDK -
multiple security vulnerabilities
Date: 05 March 2008
URL: http://www.auscert.org.au/8911
Title: AU-2008.0004 -- AusCERT Update - [Win][UNIX/Linux] - Mozilla Firefox,
Thunderbird, and SeaMonkey - Multiple vulnerabilities
Date: 05 March 2008
URL: http://www.auscert.org.au/8908
Title: AA-2008.0049 -- [Win][UNIX/Linux] -- Opera version 9.26 released fixing
several vulnerabilities
Date: 03 March 2008
URL: http://www.auscert.org.au/8843
External Security Bulletins:
- ----------------------------
Title: ESB-2008.0240 -- [Debian] -- New Linux kernel 2.4.27 packages fix
several issues
Date: 07 March 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8918
Title: ESB-2008.0239 -- [Debian] -- New lighttpd packages fix CGI source
disclosure
Date: 07 March 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8917
Title: ESB-2008.0238 -- [Solaris] -- Solaris 10: Incorrect Patches or Sequence
of Installation May Disable N2 Hardware Encryption for IPsec on T5120
and T5220
Date: 06 March 2008
OS: Solaris
URL: http://www.auscert.org.au/8916
Title: ESB-2008.0237 -- [UNIX/Linux] -- lighttpd: Multiple vulnerabilities
Date: 06 March 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/8915
Title: ESB-2008.0236 -- [Debian] -- New evolution packages fix arbitrary code
execution
Date: 06 March 2008
OS: Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/8914
Title: ESB-2008.0235 -- [Win][UNIX/Linux] -- Drupal Module - Refine by
Taxonomy - Cross Site Scripting
Date: 06 March 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows
Vista
URL: http://www.auscert.org.au/8913
Title: ESB-2008.0234 -- [Win][Linux][RedHat][Solaris] -- Moderate:
java-1.5.0-bea security update
Date: 06 March 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Red Hat Linux, Windows Vista
URL: http://www.auscert.org.au/8912
Title: ESB-2008.0233 -- [Linux][RedHat] -- Important: kernel security and bug
fix update
Date: 06 March 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/8910
Title: ESB-2008.0232 -- [UNIX/Linux][RedHat] -- Critical: evolution security
update
Date: 06 March 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/8909
Title: ESB-2008.0231 -- [VMware ESX] -- Updated e2fsprogs service console
package
Date: 04 March 2008
OS: Virtualisation
URL: http://www.auscert.org.au/8907
Title: ESB-2008.0230 -- [UNIX/Linux][Solaris] -- Solaris 10 x86 Systems Using
Marvell HBA Controllers May Experience Panic or Hang
Date: 04 March 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8905
Title: ESB-2008.0229 -- [Debian] -- New libicu packages fix multiple problems
Date: 04 March 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/8904
Title: ESB-2008.0228 -- [Appliance] -- Canon - vulnerable to FTP Bounce
Date: 03 March 2008
URL: http://www.auscert.org.au/8903
Title: ESB-2008.0227 -- [Win] -- Weakness in Citrix Presentation Server and
Citrix Desktop Server installer could result in credentials being
logged
Date: 03 March 2008
OS: Windows 2003
URL: http://www.auscert.org.au/8902
Title: ESB-2008.0223 -- [Win][UNIX/Linux] -- Multiple problems in Wireshark
(formerly Ethereal) versions 0.6.0 to 0.99.7
Date: 03 March 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8896
Title: ESB-2008.0215 -- [Win][UNIX/Linux] -- Drupal Core - Multiple cross site
scripting vulnerabilities
Date: 05 March 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/8887
Title: ESB-2008.0209 -- [Solaris] -- Security Vulnerability May Allow Firewall
Compromise or Creation of Denial of Service (DoS) Condition
Date: 04 March 2008
OS: Solaris
URL: http://www.auscert.org.au/8874
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list