[AusNOG] AusCERT Week in Review - Week Ending 24/10/2008 (AUSCERT#20073F686)

Richard Billington richard at auscert.org.au
Fri Oct 24 17:05:59 EST 2008 

AusCERT Week in Review
24 October 2008


AusCERT in the Media:
- - ---------------------
No Clean Feed - well duh!
Australian Techworld, Australia 
12 minutes ago
http://www.techworld.com.au/node/264978


Alerts, Advisories and Updates:
- - -------------------------------
Title: AL-2008.0110 -- [Win] -- Microsoft Security Bulletin MS08-067 Critical
       - Vulnerability in Server Service Could Allow Remote Code Execution 
Date:  24 October 2008
URL:   http://www.auscert.org.au/10008

Title: AL-2008.0108 -- [Win] -- Trend Micro OfficeScan Critical Patch Released
Date:  23 October 2008
URL:   http://www.auscert.org.au/10006

Title: AA-2008.0218 -- [Win][UNIX/Linux] -- Denial of Service vulnerability
       reported in Wireshark 
Date:  22 October 2008
URL:   http://www.auscert.org.au/9995

Title: AL-2008.0107 -- [Win][Linux] -- Patches released for a vulnerability in
       F-Secure products 
Date:  22 October 2008
URL:   http://www.auscert.org.au/9996

Title: AA-2008.0219 -- [Win][Linux] -- FireGPG stores sensitive information in
       insecure plain text files 
Date:  22 October 2008
URL:   http://www.auscert.org.au/9998

Title: AA-2008.0220 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in Opera
       may lead to information disclosure or cross-site scripting 
Date:  22 October 2008
URL:   http://www.auscert.org.au/9999

Title: AA-2008.0216 -- [Win][UNIX/Linux] -- Vulnerability reported in VLC
       Media Player 
Date:  21 October 2008
URL:   http://www.auscert.org.au/9989

Title: AA-2008.0217 -- [Win][UNIX/Linux] -- RealVNC Free Edition 4.1.3
       released 
Date:  21 October 2008
URL:   http://www.auscert.org.au/9991

Title: AA-2008.0215 -- [UNIX/Linux][Appliance] -- Multiple vulnerabilities in
       Avaya products. 
Date:  20 October 2008
URL:   http://www.auscert.org.au/9986


External Security Bulletins:
- - ----------------------------
Title: ESB-2008.1000 -- [Win][UNIX/Linux][Debian] -- New libspf2 packages fix
       potential remote code execution 
Date:  24 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10009

Title: ESB-2008.0999 -- [Win][Appliance] -- Storage Management Appliance
       (SMA), Microsoft Patch Applicability MS08-056 to MS08-066 
Date:  23 October 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/10005

Title: ESB-2008.0998 -- [Cisco] -- Multiple Vulnerabilities in Cisco PIX and
       Cisco ASA 
Date:  23 October 2008
OS:    Cisco Products 
URL:   http://www.auscert.org.au/10004

Title: ESB-2008.0997 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
       Drupal Core and third-party modules 
Date:  23 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
       Windows Vista 
URL:   http://www.auscert.org.au/10003

Title: ESB-2008.0996 -- [Solaris] -- A Security Vulnerability in the Sun
       Integrated Lights-Out Manager (ILOM) may Allow Unauthorized Access
       Through the Web Interface 
Date:  23 October 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/10002

Title: ESB-2008.0995 -- [Debian] -- New dbus packages fix denial of service 
Date:  23 October 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/10001

Title: ESB-2008.0994 -- [Win] -- Symantec Altiris Deployment Solution Local
       Access Elevation of Privilege in Client GUI 
Date:  22 October 2008
OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 
URL:   http://www.auscert.org.au/10000

Title: ESB-2008.0993 -- [Linux][HP-UX][Solaris][AIX] -- Veritas File System
       Quick I/O for Database Utility Information Disclosure 
Date:  22 October 2008
OS:    AIX, HP-UX, Red Hat Linux, Other Linux Variants, Debian GNU/Linux,
       Ubuntu, Solaris 
URL:   http://www.auscert.org.au/9997

Title: ESB-2008.0992 -- [UNIX/Linux][Ubuntu] -- Amarok vulnerability 
Date:  22 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9994

Title: ESB-2008.0991 -- [RedHat] -- Moderate: ed security update 
Date:  22 October 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9993

Title: ESB-2008.0990 -- [RedHat] -- Moderate: ruby security update 
Date:  22 October 2008
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/9992

Title: ESB-2008.0989 -- [UNIX/Linux] -- Access bypass vulnerability reported
       in pam_mount 
Date:  21 October 2008
OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
       HP-UX, AIX 
URL:   http://www.auscert.org.au/9990

Title: ESB-2008.0988 -- [Debian] -- New qemu packages fix denial of service 
Date:  21 October 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9988

Title: ESB-2008.0987 -- [Debian] -- New cupsys packages fix several
       vulnerabilities 
Date:  21 October 2008
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/9987

Title: ESB-2008.0986 -- [Appliance][Cisco] -- Cisco Response to Outpost24 TCP
       State Table Manipulation Denial of Service Vulnerabilities 
Date:  20 October 2008
OS:    Cisco Products 
URL:   http://www.auscert.org.au/9985

Title: ESB-2008.0926 -- [Solaris] -- Solaris Cluster 3.1 and 3.2 with a
       Solaris rpc.metad Patch May Cause Cluster Node to Hang and metainit(1M)
       to Fail 
Date:  20 October 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/9901

Title: ESB-2007.0490 -- [Solaris] -- libpng(3) Contains a Denial of Service
       (DoS) Vulnerability 
Date:  20 October 2008
OS:    Solaris 
URL:   http://www.auscert.org.au/7800

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

More information about the AusNOG mailing list