[AusNOG] AusCERT Week in Review - Week Ending 21/11/2008 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Nov 21 18:08:00 EST 2008


Alerts, Advisories and Updates:

-------------------------------

Title: AA-2008.0239 -- [XEN][Virtualisation] -- Vulnerability in XenServer

       could result in privilege escalation and arbitrary code execution 

Date:  20 November 2008

URL:   http://www.auscert.org.au/10099

 

Title: AA-2008.0240 -- [Win][UNIX/Linux] -- BIND 9.4.3 and Bind 9.3.6 patch

       multiple vulnerabilities 

Date:  20 November 2008

URL:   http://www.auscert.org.au/10101

 

Title: AA-2008.0236 -- [Win][RedHat] -- Content Protection in Flash Media

       Server 3.0 

Date:  19 November 2008

URL:   http://www.auscert.org.au/10092

 

Title: AA-2008.0237 -- [Appliance] -- F5 Networks Reminder: BIG-IP versions

       4.x to reach End of Software Development (EoSD) on 31st December 2008


Date:  19 November 2008

URL:   http://www.auscert.org.au/10094

 

Title: AA-2008.0238 -- [Linux] -- Vulnerabilty fixed in Linux kernel
2.6.27.6 

Date:  19 November 2008

URL:   http://www.auscert.org.au/10095

 

Title: AA-2008.0181 -- [Win][Netware][UNIX/Linux] -- Vulnerability reported
in

       Novell User Application and Identity Manager Role Based Provisioning

       Module 

Date:  18 November 2008

URL:   http://www.auscert.org.au/9781

 

Title: AA-2008.0234 -- [Win][Mac][OSX] -- Adobe AIR update available to

       address security vulnerabilities 

Date:  18 November 2008

URL:   http://www.auscert.org.au/10090

 

Title: AA-2008.0235 -- [Netware][Linux][Solaris][AIX] -- Multiple confirmed

       vulnerabilities in eDirectory before 8.8 SP3 

Date:  18 November 2008

URL:   http://www.auscert.org.au/10091

 

 

External Security Bulletins:

----------------------------

Title: ESB-2008.1062 -- [Linux][HP-UX][Solaris] -- HP OpenView Network Node

       Manager (OV NNM), Remote Cross Site Scripting (XSS) 

Date:  21 November 2008

OS:    Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux,

       HP-UX 

URL:   http://www.auscert.org.au/10102

 

Title: ESB-2008.1061 -- [RedHat] -- Moderate: thunderbird security update 

Date:  20 November 2008

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10100

 

Title: ESB-2008.1060 -- [RedHat] -- Important: kernel security and bug fix

       update 

Date:  20 November 2008

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10098

 

Title: ESB-2008.1059 -- [Debian] -- New python2.4 packages fix several

       vulnerabilities 

Date:  20 November 2008

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10096

 

Title: ESB-2008.1058 -- [Win][Appliance] -- Storage Management Appliance

       (SMA), Microsoft Patch Applicability MS08-067 to MS08-069 

Date:  19 November 2008

OS:    Windows 2000 

URL:   http://www.auscert.org.au/10093

 

Title: ESB-2008.1057 -- [Debian] -- New libxml2 packages fix several

       vulnerabilities 

Date:  18 November 2008

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10089

 

Title: ESB-2008.1056 -- [Win][UNIX/Linux] -- Important: libxml2 security

       update 

Date:  18 November 2008

OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other

       Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,

       Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris 

URL:   http://www.auscert.org.au/10088

 

Title: ESB-2008.1055 -- [Ubuntu] -- VMBuilder vulnerability 

Date:  17 November 2008

OS:    Ubuntu 

URL:   http://www.auscert.org.au/10087

 

Title: ESB-2008.1054 -- [Solaris] -- A Security Vulnerability in the Solaris

       i915 DRM Driver May Cause a Kernel Panic 

Date:  17 November 2008

OS:    Solaris 

URL:   http://www.auscert.org.au/10086

 

Title: ESB-2008.1053 -- [Solaris] -- A Buffer Overflow Security
Vulnerability

       in the Solaris sadmind(1M) Daemon May Lead to Execution of Arbitrary

       Code 

Date:  17 November 2008

OS:    Solaris 

URL:   http://www.auscert.org.au/10085

 

Title: ESB-2008.1052 -- [Solaris] -- A Security Vulnerability in the Solaris

       Socket(3SOCKET) Function May Allow Unprivileged Users to Panic the

       System 

Date:  19 November 2008

OS:    Solaris 

URL:   http://www.auscert.org.au/10084

 

Title: ESB-2008.1051 -- [Win][UNIX/Linux][Solaris] -- Security Vulnerability

       in StarOffice Related to .wmf Files May Lead to Heap Overflows and

       Arbitrary Code Execution 

Date:  17 November 2008

OS:    Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,

       OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP, Red

       Hat Linux, Windows Vista 

URL:   http://www.auscert.org.au/10083

 

Title: ESB-2008.1028 -- [Win][Linux][Solaris][Mac][OSX] -- Flash Player
update

       available to address security vulnerabilities 

Date:  18 November 2008

OS:    Windows Vista, Mac OS X, Red Hat Linux, Windows XP, Other Linux

       Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,
Solaris

URL:   http://www.auscert.org.au/10048

 

Title: ESB-2008.1014 -- [VMware ESX] -- Updated ESX packages for libxml2,

       ucd-snmp, libtiff 

Date:  19 November 2008

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10029

 

Title: ESB-2008.0946 -- [Win][VMware ESX][Linux] -- VMware Hosted products,

       VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple

       security issues 

Date:  19 November 2008

OS:    Windows Vista, Red Hat Linux, Server 2008, Virtualisation, Windows
XP,

       Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,

       Ubuntu 

URL:   http://www.auscert.org.au/9927

 

Title: ESB-2008.0630 -- [Win][Cisco] -- Deterministic Network Enhancer

       privilege escalation vulnerability 

Date:  19 November 2008

OS:    Windows Vista, Cisco Products, Server 2008, Windows XP, Windows 2000,

       Windows 2003 

URL:   http://www.auscert.org.au/9478

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20081121/074c0434/attachment.html>


More information about the AusNOG mailing list