[AusNOG] AusCERT Week in Review - Week Ending 03/04/06 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Mon Apr 6 09:28:13 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0074 -- [Win] -- [Windows Services for UNIX, Subsystem for
UNIX-based Applications]: Execute Arbitrary Code
Date: 03 April 2009
URL: http://www.auscert.org.au/10736
Title: AA-2009.0079 -- [Appliance] -- Ingate Firewall and Ingate SIParator:
Administrator Compromise
Date: 03 April 2009
URL: http://www.auscert.org.au/10754
Title: AA-2009.0060 -- [Win][UNIX/Linux] -- TikiWiki 2.3 released
Date: 02 April 2009
URL: http://www.auscert.org.au/10672
Title: AA-2009.0077 -- [Win][UNIX/Linux] -- Tivoli Storage Manager: Denial
of
Service, Inappropriate Access
Date: 02 April 2009
URL: http://www.auscert.org.au/10745
Title: AA-2009.0078 -- [Win][UNIX/Linux] -- IBM WebSphere Application
Server:
Multiple Vulnerabilities
Date: 02 April 2009
URL: http://www.auscert.org.au/10748
Title: AL-2009.0023 -- [Win] -- Fake Facebook friend requests lead to
malware
Date: 02 April 2009
URL: http://www.auscert.org.au/10747
Title: AA-2009.0075 -- [Win][UNIX/Linux] -- [DB2 UDB V8.x]: End of Support
Announced
Date: 01 April 2009
URL: http://www.auscert.org.au/10740
Title: AA-2009.0076 -- [Win][Linux][Mac][OSX] -- MapServer - multiple
vulnerabilities patched
Date: 01 April 2009
URL: http://www.auscert.org.au/10741
Title: AU-2009.0014 -- AusCERT Update - [Win][UNIX/Linux] - Mozilla Firefox
and SeaMonkey - Further Proof of Concept code available
Date: 31 March 2009
URL: http://www.auscert.org.au/10733
Title: AA-2009.0073 -- [Appliance] -- 3Com Switch 5500 / 5500G Logbuffer
Password Disclosure
Date: 31 March 2009
URL: http://www.auscert.org.au/10734
Title: AU-2009.0013 -- AusCERT Update - [Win] - Update on Conficker/Downadup
mitigation methods - Network scanning tools now available
Date: 31 March 2009
URL: http://www.auscert.org.au/10727
Title: AU-2009.0012 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] -
HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node
Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of
Service
(DoS)
Date: 30 March 2009
URL: http://www.auscert.org.au/10677
Title: AA-2009.0070 -- [Win][UNIX/Linux] -- Mozilla Firefox and SeaMonkey:
Execute Arbitrary Code (firefox patch available)
Date: 30 March 2009
URL: http://www.auscert.org.au/10715
Title: AA-2009.0071 -- [Linux] -- kernel: Multiple vulnerabilities
identified
Date: 30 March 2009
URL: http://www.auscert.org.au/10720
Title: AA-2009.0072 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM WebSphere
Application Server: Cross-Site Scripting
Date: 30 March 2009
URL: http://www.auscert.org.au/10726
External Security Bulletins:
----------------------------
Title: ESB-2009.0317 -- [UNIX/Linux] -- Suse: Update for Multiple Packages
Date: 03 April 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX
URL: http://www.auscert.org.au/10757
Title: ESB-2009.0316 -- [Win] -- Citrix Presentation Server: Credential
Handling Weakness
Date: 03 April 2009
OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows
Vista
URL: http://www.auscert.org.au/10756
Title: ESB-2009.0315 -- [Win][UNIX/Linux] -- Trillian: buffer overflow
vulnerability
Date: 03 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10755
Title: ESB-2009.0314 -- [Win][UNIX/Linux] -- Bugzilla: "attachment.cgi"
Cross-Site Request Forgery Vulnerability
Date: 03 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10753
Title: ESB-2009.0313 -- [Appliance] -- SES SIP Server: Input Validation
Vulnerabilities
Date: 03 April 2009
URL: http://www.auscert.org.au/10751
Title: ESB-2009.0312 -- [Debian] -- icu: Cross-Site Scripting
Date: 03 April 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10750
Title: ESB-2009.0311 -- [Win][UNIX/Linux] -- SAPgui EAI WebViewer3D: ActiveX
control stack buffer overflow
Date: 03 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10749
Title: ESB-2009.0310 -- [HP-UX] -- OpenSSL: Remote Unauthorized Access
Date: 02 April 2009
OS: HP-UX
URL: http://www.auscert.org.au/10746
Title: ESB-2009.0309 -- [RedHat] -- kernel: security and bug fix update
Date: 02 April 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10744
Title: ESB-2009.0308 -- [Solaris] -- Sun Calendar Express Web Server:
Multiple
vulnerabilities
Date: 03 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10743
Title: ESB-2009.0307 -- [VMware ESX] -- ESX: updates for openssl, bind and
vim
Date: 01 April 2009
OS: Virtualisation
URL: http://www.auscert.org.au/10742
Title: ESB-2009.0306 -- [UNIX/Linux] -- gedit - Untrusted search path
Date: 01 April 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10739
Title: ESB-2009.0305 -- [Solaris] -- dircmp (1) shell script - may Allow
Overwriting of Arbitrary Files
Date: 03 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10737
Title: ESB-2009.0304 -- [UNIX/Linux] -- Kerberos (krb5) - Denial of Service
Date: 01 April 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10735
Title: ESB-2009.0303 -- [RedHat] -- openswan - Important security update
Date: 31 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10732
Title: ESB-2009.0302 -- [Linux][Debian] -- openswan: New packages fix denial
of service
Date: 31 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10731
Title: ESB-2009.0301 -- [Linux][Debian] -- strongswan: New packages fix
denial
of service
Date: 31 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10730
Title: ESB-2009.0300 -- [Debian] -- nss-ldapd: New packages fix information
disclosure
Date: 31 March 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10729
Title: ESB-2009.0299 -- [UNIX/Linux] -- auth2db: New packages fix SQL
injection
Date: 02 April 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10728
Title: ESB-2009.0298 -- [FreeBSD] -- kernel: Denial of Service
Date: 30 March 2009
OS: FreeBSD
URL: http://www.auscert.org.au/10725
Title: ESB-2009.0297 -- [Ubuntu] -- xine-lib: Execute Arbitrary Code
Date: 30 March 2009
OS: Ubuntu
URL: http://www.auscert.org.au/10724
Title: ESB-2009.0296 -- [Solaris] -- OpenSolaris: Root Compromise
Date: 01 April 2009
OS: Solaris
URL: http://www.auscert.org.au/10723
Title: ESB-2009.0295 -- [RedHat] -- Mozilla Firefox and Seamonkey: Execute
Arbitrary Code
Date: 30 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10722
Title: ESB-2009.0294 -- [RedHat] -- kernel-rt: Important security and bug
fix
update
Date: 30 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10721
Title: ESB-2009.0293 -- [RedHat] -- systemtap: Moderate security update
Date: 30 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10719
Title: ESB-2009.0292 -- [UNIX/Linux][RedHat] -- net-snmp: Moderate security
update
Date: 30 March 2009
OS: Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD,
Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX
URL: http://www.auscert.org.au/10718
Title: ESB-2009.0291 -- [UNIX/Linux][Debian] -- xulrunner: New packages fix
multiple vulnerabilities
Date: 30 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10717
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090406/b5eb54ba/attachment.html>
More information about the AusNOG
mailing list