[AusNOG] AusCERT Week in Review - Week Ending 21/11/2008 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Nov 21 18:08:00 EST 2008
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0239 -- [XEN][Virtualisation] -- Vulnerability in XenServer
could result in privilege escalation and arbitrary code execution
Date: 20 November 2008
URL: http://www.auscert.org.au/10099
Title: AA-2008.0240 -- [Win][UNIX/Linux] -- BIND 9.4.3 and Bind 9.3.6 patch
multiple vulnerabilities
Date: 20 November 2008
URL: http://www.auscert.org.au/10101
Title: AA-2008.0236 -- [Win][RedHat] -- Content Protection in Flash Media
Server 3.0
Date: 19 November 2008
URL: http://www.auscert.org.au/10092
Title: AA-2008.0237 -- [Appliance] -- F5 Networks Reminder: BIG-IP versions
4.x to reach End of Software Development (EoSD) on 31st December 2008
Date: 19 November 2008
URL: http://www.auscert.org.au/10094
Title: AA-2008.0238 -- [Linux] -- Vulnerabilty fixed in Linux kernel
2.6.27.6
Date: 19 November 2008
URL: http://www.auscert.org.au/10095
Title: AA-2008.0181 -- [Win][Netware][UNIX/Linux] -- Vulnerability reported
in
Novell User Application and Identity Manager Role Based Provisioning
Module
Date: 18 November 2008
URL: http://www.auscert.org.au/9781
Title: AA-2008.0234 -- [Win][Mac][OSX] -- Adobe AIR update available to
address security vulnerabilities
Date: 18 November 2008
URL: http://www.auscert.org.au/10090
Title: AA-2008.0235 -- [Netware][Linux][Solaris][AIX] -- Multiple confirmed
vulnerabilities in eDirectory before 8.8 SP3
Date: 18 November 2008
URL: http://www.auscert.org.au/10091
External Security Bulletins:
----------------------------
Title: ESB-2008.1062 -- [Linux][HP-UX][Solaris] -- HP OpenView Network Node
Manager (OV NNM), Remote Cross Site Scripting (XSS)
Date: 21 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat
Linux,
HP-UX
URL: http://www.auscert.org.au/10102
Title: ESB-2008.1061 -- [RedHat] -- Moderate: thunderbird security update
Date: 20 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10100
Title: ESB-2008.1060 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 20 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10098
Title: ESB-2008.1059 -- [Debian] -- New python2.4 packages fix several
vulnerabilities
Date: 20 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10096
Title: ESB-2008.1058 -- [Win][Appliance] -- Storage Management Appliance
(SMA), Microsoft Patch Applicability MS08-067 to MS08-069
Date: 19 November 2008
OS: Windows 2000
URL: http://www.auscert.org.au/10093
Title: ESB-2008.1057 -- [Debian] -- New libxml2 packages fix several
vulnerabilities
Date: 18 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10089
Title: ESB-2008.1056 -- [Win][UNIX/Linux] -- Important: libxml2 security
update
Date: 18 November 2008
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Windows XP, Other
Linux Variants, FreeBSD, Windows 2000, OpenBSD, Windows 2003, IRIX,
Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10088
Title: ESB-2008.1055 -- [Ubuntu] -- VMBuilder vulnerability
Date: 17 November 2008
OS: Ubuntu
URL: http://www.auscert.org.au/10087
Title: ESB-2008.1054 -- [Solaris] -- A Security Vulnerability in the Solaris
i915 DRM Driver May Cause a Kernel Panic
Date: 17 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10086
Title: ESB-2008.1053 -- [Solaris] -- A Buffer Overflow Security
Vulnerability
in the Solaris sadmind(1M) Daemon May Lead to Execution of Arbitrary
Code
Date: 17 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10085
Title: ESB-2008.1052 -- [Solaris] -- A Security Vulnerability in the Solaris
Socket(3SOCKET) Function May Allow Unprivileged Users to Panic the
System
Date: 19 November 2008
OS: Solaris
URL: http://www.auscert.org.au/10084
Title: ESB-2008.1051 -- [Win][UNIX/Linux][Solaris] -- Security Vulnerability
in StarOffice Related to .wmf Files May Lead to Heap Overflows and
Arbitrary Code Execution
Date: 17 November 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Other BSD Variants, Windows 2003,
OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP, Red
Hat Linux, Windows Vista
URL: http://www.auscert.org.au/10083
Title: ESB-2008.1028 -- [Win][Linux][Solaris][Mac][OSX] -- Flash Player
update
available to address security vulnerabilities
Date: 18 November 2008
OS: Windows Vista, Mac OS X, Red Hat Linux, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu,
Solaris
URL: http://www.auscert.org.au/10048
Title: ESB-2008.1014 -- [VMware ESX] -- Updated ESX packages for libxml2,
ucd-snmp, libtiff
Date: 19 November 2008
OS: Virtualisation
URL: http://www.auscert.org.au/10029
Title: ESB-2008.0946 -- [Win][VMware ESX][Linux] -- VMware Hosted products,
VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple
security issues
Date: 19 November 2008
OS: Windows Vista, Red Hat Linux, Server 2008, Virtualisation, Windows
XP,
Other Linux Variants, Windows 2000, Windows 2003, Debian GNU/Linux,
Ubuntu
URL: http://www.auscert.org.au/9927
Title: ESB-2008.0630 -- [Win][Cisco] -- Deterministic Network Enhancer
privilege escalation vulnerability
Date: 19 November 2008
OS: Windows Vista, Cisco Products, Server 2008, Windows XP, Windows 2000,
Windows 2003
URL: http://www.auscert.org.au/9478
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20081121/074c0434/attachment.html>
More information about the AusNOG
mailing list