[AusNOG] AusCERT Week in Review - Week Ending 03/10/2008 (AUSCERT#20073F686)

Matthew Braid mdb at auscert.org.au
Fri Oct 3 16:20:43 EST 2008


AusCERT Week in Review
03 October 2008

AusCERT in the Media:
---------------------

Papers, Articles and other documents:
-------------------------------------

Web Log Entries:
----------------

Alerts, Advisories and Updates:
-------------------------------
Title: AA-2008.0106 -- [Win][UNIX/Linux] -- Privilege escalation vulnerability
       reported in MySQL 
Date:  01 October 2008
URL:   http://www.auscert.org.au/9266

Title: AA-2008.0207 -- [UNIX/Linux] -- Cross-site request forgery
       vulnerability in ProFTPD 
Date:  29 September 2008
URL:   http://www.auscert.org.au/9907

Title: AA-2008.0208 -- [UNIX/Linux] -- Vulnerabilities in lighttpd 1.4 may
       allow attackers to access sensitive information 
Date:  29 September 2008
URL:   http://www.auscert.org.au/9908

External Security Bulletins:
----------------------------
Title: ESB-2008.0942 -- [Win][Mac][OSX] -- Apple TV 2.2 
Date:  03 October 2008
OS:    Windows 2003, Windows XP, Server 2008, Mac OS X, Windows Vista 
URL:   http://www.auscert.org.au/9922

Title: ESB-2008.0941 -- [RedHat] -- Important: tomcat security update 
Date:  03 October 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9921

Title: ESB-2008.0940 -- [Appliance] -- Cross-site scripting vulnerability in
       ICAP Patience page 
Date:  03 October 2008
URL:   http://www.auscert.org.au/9920

Title: ESB-2008.0939 -- [UNIX/Linux][RedHat] -- Moderate: pam_krb5 security
       update 
Date:  03 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9919

Title: ESB-2008.0938 -- [Solaris] -- Solaris 10 fifofs Patches 127737-02 and
       127738-02 WITHDRAWN, May Cause a System Panic 
Date:  03 October 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9918

Title: ESB-2008.0937 -- [Win][UNIX/Linux] -- Moderate: thunderbird security
       update 
Date:  02 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/9917

Title: ESB-2008.0936 -- [UNIX/Linux][RedHat] -- Important: xen security and
       bug fix update 
Date:  02 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9916

Title: ESB-2008.0935 -- [UNIX/Linux][FreeBSD] -- IPv6 Neighbor Discovery
       Protocol routing vulnerability 
Date:  02 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, HP-UX, AIX
URL:   http://www.auscert.org.au/9915

Title: ESB-2008.0934 -- [RedHat] -- Moderate: wireshark security update 
Date:  02 October 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9914

Title: ESB-2008.0933 -- [Win] -- Vulnerability in Citrix Presentation Server
       for Windows could result in privilege escalation 
Date:  01 October 2008
OS:    Windows 2003, Windows 2000 
URL:   http://www.auscert.org.au/9912

Title: ESB-2008.0932 -- [Win] -- phpMyAdmin security announcement PMASA-2008-8
Date:  30 September 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9911

Title: ESB-2008.0931 -- [Win][Linux] -- HP Insight Diagnostics, Remote
       Unauthorized Access to Files 
Date:  30 September 2008
OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Server 2008, Red
       Hat Linux 
URL:   http://www.auscert.org.au/9910

Title: ESB-2008.0930 -- [Win] -- ABB PCU400 vulnerable to stack overflow 
Date:  29 September 2008
OS:    Windows 2003, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/9909

Title: ESB-2008.0929 -- [Solaris] -- Multiple Security Vulnerabilities in the
       Solaris Server Extensions may lead to a Denial of Service (DoS)
       condition or allow Execution of Arbitrary Code 
Date:  02 October 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9904

Title: ESB-2008.0892 -- [Solaris] -- Security Vulnerability in the ACL
       (acl(2)) Implementation for UFS File Systems May Allow a Local User to
       Panic the System 
Date:  29 September 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9861

Title: ESB-2008.0890 -- [Win] -- ISC Advisory: BIND 9.3.5-P2-W2 is now
       available 
Date:  29 September 2008
OS:    Windows ME, Windows Vista, Windows NT 4, Server 2008, Windows XP,
       Windows 2000, Windows 2003, Windows 98/98SE 
URL:   http://www.auscert.org.au/9859

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================



More information about the AusNOG mailing list