[AusNOG] Subject: AusCERT Week in Review - Week Ending 28/11/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Nov 28 17:35:08 EST 2008
AusCERT Week in Review
28 November 2008
Papers, Articles and other documents:
- - -------------------------------------
Title: AusCERT Remote Monitoring (ARM)
Date: 25 November 2008
URL: http://www.auscert.org.au/9027
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0242 -- [Linux][Solaris][Mac][OSX] -- VirtualBox 2.0.6 has been
released correcting a privilege escalation vulnerability
Date: 28 November 2008
URL: http://www.auscert.org.au/10119
Title: AA-2008.0243 -- [Win][UNIX/Linux] -- ffdshow is vulnerable to a buffer
overflow
Date: 28 November 2008
URL: http://www.auscert.org.au/10122
Title: AA-2008.0241 -- [Win][UNIX/Linux] -- WordPress 2.6.5 has been released
Date: 26 November 2008
URL: http://www.auscert.org.au/10118
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1079 -- [AIX] -- AIX 6.1 multiple security vulnerabilities
Date: 28 November 2008
OS: AIX
URL: http://www.auscert.org.au/10124
Title: ESB-2008.1078 -- [UNIX/Linux] -- Samba 3.0.29 to 3.2.4 can potentially
leak arbitrary memory contents to malicious clients
Date: 28 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10123
Title: ESB-2008.1077 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Drupal modules
Date: 27 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10121
Title: ESB-2008.1076 -- [Win][UNIX/Linux][Appliance] -- SSH CBC plaintext
recovery vulnerability
Date: 26 November 2008
OS: Solaris, HP Tru64 UNIX, Windows 98/98SE, Ubuntu, Debian GNU/Linux,
Other BSD Variants, IRIX, Windows 2003, Windows CE, OpenBSD, Windows
2000, FreeBSD, Other Linux Variants, Windows XP, Virtualisation, Server
2008, Cisco Products, Red Hat Linux, Windows NT 4, Mac OS X, Novell
Netware, HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/10120
Title: ESB-2008.1075 -- [Tru64] -- HP Secure Web Server for Tru64 UNIX or
Internet Express for Tru64 UNIX running PHP, Remote Denial of Service
(DoS) or Arbitrary Code Execution
Date: 26 November 2008
OS: HP Tru64 UNIX
URL: http://www.auscert.org.au/10117
Title: ESB-2008.1074 -- [Win][UNIX/Linux][RedHat] -- Important: tog-pegasus
security update
Date: 26 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10116
Title: ESB-2008.1073 -- [RedHat] -- Critical: java-1.4.2-ibm security update
Date: 26 November 2008
OS: Red Hat Linux
URL: http://www.auscert.org.au/10115
Title: ESB-2008.1072 -- [Win][UNIX/Linux] -- Moderate: vim security update
Date: 26 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10114
Title: ESB-2008.1071 -- [Win][Appliance][Solaris] -- Checkpoint VPN-1 PAT
information disclosure
Date: 25 November 2008
OS: Solaris, Windows 2003, Windows 2000, Windows XP, Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10113
Title: ESB-2008.1070 -- [Win][UNIX/Linux][Debian] -- New enscript packages fix
arbitrary code execution
Date: 25 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10112
Title: ESB-2008.1069 -- [Debian] -- New iceweasel packages fix several
vulnerabilities
Date: 25 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10111
Title: ESB-2008.1068 -- [FreeBSD] -- arc4random(9) predictable sequence
vulnerability
Date: 25 November 2008
OS: FreeBSD
URL: http://www.auscert.org.au/10110
Title: ESB-2008.1067 -- [Win] -- Multiple vulnerabilities in EMC Control
Center SAN Manager
Date: 24 November 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10109
Title: ESB-2008.1066 -- [Appliance] -- Cisco Response to TKIP Encryption
Weakness
Date: 28 November 2008
OS: Windows ME, Windows Vista, AIX, HP-UX, Novell Netware, Mac OS X,
Windows NT 4, Red Hat Linux, Cisco Products, Server 2008,
Virtualisation, Windows XP, Other Linux Variants, FreeBSD, Windows
2000, OpenBSD, Windows CE, Windows 2003, IRIX, Other BSD Variants,
Debian GNU/Linux, Ubuntu, Windows 98/98SE, HP Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10108
Title: ESB-2008.1065 -- [Appliance][OSX] -- iPhone OS 2.2 and iPhone OS for
iPod touch 2.2
Date: 24 November 2008
OS: Mac OS X
URL: http://www.auscert.org.au/10107
Title: ESB-2008.1064 -- [UNIX/Linux][Debian] -- New hf packages fix execution
of arbitrary code
Date: 24 November 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL: http://www.auscert.org.au/10106
Title: ESB-2008.1063 -- [Debian] -- New xulrunner packages fix several
vulnerabilities
Date: 24 November 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10105
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list