[AusNOG] AusCERT Week in Review - Week Ending 17/10/2008 (AUSCERT#20073F686)
Richard Billington
richard at auscert.org.au
Fri Oct 17 18:47:27 EST 2008
AusCERT Week in Review
17 October 2008
Papers, Articles and other documents:
- - -------------------------------------
Title: Call for presentations and tutorials for AusCERT2009
Date: 13 October 2008
URL: http://www.auscert.org.au/6748
Alerts, Advisories and Updates:
- - -------------------------------
Title: AA-2008.0212 -- [Appliance] -- Nortel has released two (2) security
bulletins correcting multiple vulnerabilities
Date: 16 October 2008
URL: http://www.auscert.org.au/9977
Title: AA-2008.0214 -- [Win] -- Adobe Flash CS3 Professional for Windows has a
remote code execution vulnerability
Date: 16 October 2008
URL: http://www.auscert.org.au/9981
Title: AA-2008.0213 -- [Win][UNIX/Linux] -- Adobe has released version
10.0.12.36 of Flash Player correcting five potential vulnerabilities
Date: 16 October 2008
URL: http://www.auscert.org.au/9980
Title: AL-2008.0102 -- [Win][OSX] -- MS08-057 - Critical - Vulnerabilities in
Microsoft Excel Could Allow Remote Code Execution
Date: 15 October 2008
URL: http://www.auscert.org.au/9966
Title: AL-2008.0103 -- [Win] -- MS08-058 - Critical - Cumulative Security
Update for Internet Explorer
Date: 15 October 2008
URL: http://www.auscert.org.au/9967
Title: AL-2008.0104 -- [Win] -- MS08-059 - Critical - Vulnerability in Host
Integration Server RPC Service Could Allow Remote Code Execution
Date: 15 October 2008
URL: http://www.auscert.org.au/9968
Title: AL-2008.0105 -- [Win] -- MS08-060 - Critical - Vulnerability in Active
Directory Could Allow Remote Code Execution
Date: 15 October 2008
URL: http://www.auscert.org.au/9969
Title: AU-2008.0020 -- AusCERT Update - [Win] - Microsoft Security Advisory
951306 has recently been updated with details of publicly available
exploit code
Date: 15 October 2008
URL: http://www.auscert.org.au/9972
Title: AL-2008.0106 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
Advisory - October 2008
Date: 15 October 2008
URL: http://www.auscert.org.au/9975
Title: AL-2008.0101 -- [Win][OSX] -- Microsoft Bulletin Notification - October
Prerelease Announcement
Date: 14 October 2008
URL: http://www.auscert.org.au/9955
Title: AA-2008.0210 -- [Win] -- Lenovo Rescue and Recovery Heap Overflow
Date: 14 October 2008
URL: http://www.auscert.org.au/9958
Title: AA-2008.0211 -- [Win][Appliance] -- Vulnerabilities in multiple Avaya
products
Date: 14 October 2008
URL: http://www.auscert.org.au/9959
External Security Bulletins:
- - ----------------------------
Title: ESB-2008.0985 -- [Win][Linux][HP-UX] -- HP Systems Insight Manager
(SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data
Date: 17 October 2008
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows Vista
URL: http://www.auscert.org.au/9983
Title: ESB-2008.0984 -- [Debian] -- New Linux 2.6.24 packages fix several
vulnerabilities
Date: 17 October 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9982
Title: ESB-2008.0983 -- [UNIX/Linux] -- D-Bus vulnerabilities
Date: 16 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9979
Title: ESB-2008.0982 -- [Win][UNIX/Linux] -- VLC media player XSPF Memory
Corruption
Date: 16 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9978
Title: ESB-2008.0981 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Drupal third-party modules
Date: 16 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9976
Title: ESB-2008.0980 -- [NetBSD] -- NetBSD 4.0.1 released incorporating
previous and upcoming security advisory patches
Date: 15 October 2008
OS: Other BSD Variants
URL: http://www.auscert.org.au/9974
Title: ESB-2008.0979 -- [Debian] -- New libxml2 packages fix execution of
arbitrary code
Date: 15 October 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9973
Title: ESB-2008.0978 -- [Win] -- Husdawg, LLC Systems Requirements Lab ActiveX
control and Java applet vulnerable to arbitrary code download and
execution
Date: 15 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9971
Title: ESB-2008.0977 -- [Win] -- MS08-066 - Important - Vulnerability in the
Microsoft Ancillary Function Driver Could Allow Elevation of Privilege
Date: 15 October 2008
OS: Windows 2003, Windows XP
URL: http://www.auscert.org.au/9965
Title: ESB-2008.0976 -- [Win] -- MS08-065 - Important - Vulnerability in
Message Queuing Could Allow Remote Code Execution
Date: 15 October 2008
OS: Windows 2000
URL: http://www.auscert.org.au/9964
Title: ESB-2008.0975 -- [Win] -- MS08-064 - Important - Vulnerability in
Virtual Address Descriptor Manipulation Could Allow Elevation of
Privilege
Date: 15 October 2008
OS: Windows 2003, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9963
Title: ESB-2008.0974 -- [Win] -- MS08-063 - Important - Vulnerability in SMB
Could Allow Remote Code Execution
Date: 15 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9962
Title: ESB-2008.0973 -- [Win] -- MS08-062 - Important - Vulnerability in
Windows Internet Printing Service Could Allow Remote Code Execution
Date: 15 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9961
Title: ESB-2008.0972 -- [Win] -- MS08-061 - Important - Vulnerabilities in
Windows Kernel Could Allow Elevation of Privilege
Date: 15 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9960
Title: ESB-2008.0971 -- [Win] -- MS08-056 - Moderate - Vulnerability in
Microsoft Office Could Allow Information Disclosure
Date: 15 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9970
Title: ESB-2008.0970 -- [Win][UNIX/Linux] -- Opera 9.60 released correcting
two vulnerabilities
Date: 14 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9957
Title: ESB-2008.0969 -- [Linux][Debian] -- New Linux 2.6.18 packages fix
several vulnerabilities
Date: 14 October 2008
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/9956
Title: ESB-2008.0968 -- [Win] -- CA ARCserve Backup - Multiple Vulnerabilities
Date: 13 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9954
Title: ESB-2008.0967 -- [Win][Linux][HP-UX][Solaris] -- A Heap Overflow
Security Vulnerability exists in the Sun Java Web Proxy Server
Date: 13 October 2008
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
Vista
URL: http://www.auscert.org.au/9953
Title: ESB-2008.0966 -- [Win][UNIX/Linux][Debian] -- New ruby1.8 and ruby1.9
packages fix several vulnerabilities
Date: 13 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/9952
Title: ESB-2008.0965 -- [Debian] -- New openldap2.3 packags fix denial of
service
Date: 13 October 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9951
Title: ESB-2008.0964 -- [Win] -- Trend Micro OfficeScan Buffer Overflow and
DoS Vulnerabilities
Date: 13 October 2008
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/9950
Title: ESB-2008.0963 -- [UNIX/Linux][RedHat] -- Important: cups security
update
Date: 13 October 2008
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/9949
Title: ESB-2008.0950 -- [Debian] -- New squid packages released for Debian
Date: 16 October 2008
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/9932
Title: ESB-2008.0892 -- [Solaris] -- Security Vulnerability in the ACL
(acl(2)) Implementation for UFS File Systems May Allow a Local User to
Panic the System
Date: 16 October 2008
OS: Solaris
URL: http://www.auscert.org.au/9861
Title: ESB-2008.0687 -- [Win][HP-UX][Solaris] -- HP OpenView Network Node
Manager - Multiple vulnerabilities
Date: 16 October 2008
OS: Windows Vista, HP-UX, Red Hat Linux, Server 2008, Windows XP, Windows
2000, Windows 2003, Solaris
URL: http://www.auscert.org.au/9563
Title: ESB-2008.0541 -- [Win][Linux][HP-UX][Solaris][AIX] -- Cross-Site
Scripting Vulnerability in the Sun Java System Web Server Advanced
Search Mechanism
Date: 16 October 2008
OS: AIX, HP-UX, Red Hat Linux, Windows XP, Windows 2000, Windows 2003,
Solaris
URL: http://www.auscert.org.au/9341
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list