[AusNOG] AusCERT Week in Review - Week Ending 03/04/06 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Mon Apr 6 09:28:13 EST 2009


Alerts, Advisories and Updates:

-------------------------------

Title: AA-2009.0074 -- [Win] -- [Windows Services for UNIX, Subsystem for

       UNIX-based Applications]: Execute Arbitrary Code 

Date:  03 April 2009

URL:   http://www.auscert.org.au/10736

 

Title: AA-2009.0079 -- [Appliance] -- Ingate Firewall and Ingate SIParator:

       Administrator Compromise 

Date:  03 April 2009

URL:   http://www.auscert.org.au/10754

 

Title: AA-2009.0060 -- [Win][UNIX/Linux] -- TikiWiki 2.3 released 

Date:  02 April 2009

URL:   http://www.auscert.org.au/10672

 

Title: AA-2009.0077 -- [Win][UNIX/Linux] -- Tivoli Storage Manager: Denial
of

       Service, Inappropriate Access 

Date:  02 April 2009

URL:   http://www.auscert.org.au/10745

 

Title: AA-2009.0078 -- [Win][UNIX/Linux] -- IBM WebSphere Application
Server:

       Multiple Vulnerabilities 

Date:  02 April 2009

URL:   http://www.auscert.org.au/10748

 

Title: AL-2009.0023 -- [Win] -- Fake Facebook friend requests lead to
malware 

Date:  02 April 2009

URL:   http://www.auscert.org.au/10747

 

Title: AA-2009.0075 -- [Win][UNIX/Linux] -- [DB2 UDB V8.x]: End of Support

       Announced 

Date:  01 April 2009

URL:   http://www.auscert.org.au/10740

 

Title: AA-2009.0076 -- [Win][Linux][Mac][OSX] -- MapServer - multiple

       vulnerabilities patched 

Date:  01 April 2009

URL:   http://www.auscert.org.au/10741

 

Title: AU-2009.0014 -- AusCERT Update - [Win][UNIX/Linux] - Mozilla Firefox

       and SeaMonkey - Further Proof of Concept code available 

Date:  31 March 2009

URL:   http://www.auscert.org.au/10733

 

Title: AA-2009.0073 -- [Appliance] -- 3Com Switch 5500 / 5500G Logbuffer

       Password Disclosure 

Date:  31 March 2009

URL:   http://www.auscert.org.au/10734

 

Title: AU-2009.0013 -- AusCERT Update - [Win] - Update on Conficker/Downadup

       mitigation methods - Network scanning tools now available 

Date:  31 March 2009

URL:   http://www.auscert.org.au/10727

 

Title: AU-2009.0012 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] -

       HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node

       Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of
Service

       (DoS) 

Date:  30 March 2009

URL:   http://www.auscert.org.au/10677

 

Title: AA-2009.0070 -- [Win][UNIX/Linux] -- Mozilla Firefox and SeaMonkey:

       Execute Arbitrary Code (firefox patch available) 

Date:  30 March 2009

URL:   http://www.auscert.org.au/10715

 

Title: AA-2009.0071 -- [Linux] -- kernel: Multiple vulnerabilities
identified 

Date:  30 March 2009

URL:   http://www.auscert.org.au/10720

 

Title: AA-2009.0072 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM WebSphere

       Application Server: Cross-Site Scripting 

Date:  30 March 2009

URL:   http://www.auscert.org.au/10726

 

 

External Security Bulletins:

----------------------------

Title: ESB-2009.0317 -- [UNIX/Linux] -- Suse: Update for Multiple Packages 

Date:  03 April 2009

OS:    HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,

       HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,

       AIX 

URL:   http://www.auscert.org.au/10757

 

Title: ESB-2009.0316 -- [Win] -- Citrix Presentation Server: Credential

       Handling Weakness 

Date:  03 April 2009

OS:    Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows

       Vista 

URL:   http://www.auscert.org.au/10756

 

Title: ESB-2009.0315 -- [Win][UNIX/Linux] -- Trillian: buffer overflow

       vulnerability 

Date:  03 April 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,

       HP-UX, AIX, Windows Vista 

URL:   http://www.auscert.org.au/10755

 

Title: ESB-2009.0314 -- [Win][UNIX/Linux] -- Bugzilla: "attachment.cgi"

       Cross-Site Request Forgery Vulnerability 

Date:  03 April 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,

       HP-UX, AIX, Windows Vista 

URL:   http://www.auscert.org.au/10753

 

Title: ESB-2009.0313 -- [Appliance] -- SES SIP Server: Input Validation

       Vulnerabilities 

Date:  03 April 2009

URL:   http://www.auscert.org.au/10751

 

Title: ESB-2009.0312 -- [Debian] -- icu: Cross-Site Scripting 

Date:  03 April 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10750

 

Title: ESB-2009.0311 -- [Win][UNIX/Linux] -- SAPgui EAI WebViewer3D: ActiveX

       control stack buffer overflow 

Date:  03 April 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X,

       HP-UX, AIX, Windows Vista 

URL:   http://www.auscert.org.au/10749

 

Title: ESB-2009.0310 -- [HP-UX] -- OpenSSL: Remote Unauthorized Access 

Date:  02 April 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/10746

 

Title: ESB-2009.0309 -- [RedHat] -- kernel: security and bug fix update 

Date:  02 April 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10744

 

Title: ESB-2009.0308 -- [Solaris] -- Sun Calendar Express Web Server:
Multiple

       vulnerabilities 

Date:  03 April 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10743

 

Title: ESB-2009.0307 -- [VMware ESX] -- ESX: updates for openssl, bind and
vim

Date:  01 April 2009

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10742

 

Title: ESB-2009.0306 -- [UNIX/Linux] -- gedit - Untrusted search path 

Date:  01 April 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10739

 

Title: ESB-2009.0305 -- [Solaris] -- dircmp (1) shell script - may Allow

       Overwriting of Arbitrary Files 

Date:  03 April 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10737

 

Title: ESB-2009.0304 -- [UNIX/Linux] -- Kerberos (krb5) - Denial of Service 

Date:  01 April 2009

OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

       UNIX, Solaris 

URL:   http://www.auscert.org.au/10735

 

Title: ESB-2009.0303 -- [RedHat] -- openswan - Important security update 

Date:  31 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10732

 

Title: ESB-2009.0302 -- [Linux][Debian] -- openswan: New packages fix denial

       of service 

Date:  31 March 2009

OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 

URL:   http://www.auscert.org.au/10731

 

Title: ESB-2009.0301 -- [Linux][Debian] -- strongswan: New packages fix
denial

       of service 

Date:  31 March 2009

OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 

URL:   http://www.auscert.org.au/10730

 

Title: ESB-2009.0300 -- [Debian] -- nss-ldapd: New packages fix information

       disclosure 

Date:  31 March 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10729

 

Title: ESB-2009.0299 -- [UNIX/Linux] -- auth2db: New packages fix SQL

       injection 

Date:  02 April 2009

OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

       UNIX, Solaris 

URL:   http://www.auscert.org.au/10728

 

Title: ESB-2009.0298 -- [FreeBSD] -- kernel: Denial of Service 

Date:  30 March 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10725

 

Title: ESB-2009.0297 -- [Ubuntu] -- xine-lib: Execute Arbitrary Code 

Date:  30 March 2009

OS:    Ubuntu 

URL:   http://www.auscert.org.au/10724

 

Title: ESB-2009.0296 -- [Solaris] -- OpenSolaris: Root Compromise 

Date:  01 April 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10723

 

Title: ESB-2009.0295 -- [RedHat] -- Mozilla Firefox and Seamonkey: Execute

       Arbitrary Code 

Date:  30 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10722

 

Title: ESB-2009.0294 -- [RedHat] -- kernel-rt: Important security and bug
fix

       update 

Date:  30 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10721

 

Title: ESB-2009.0293 -- [RedHat] -- systemtap: Moderate security update 

Date:  30 March 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10719

 

Title: ESB-2009.0292 -- [UNIX/Linux][RedHat] -- net-snmp: Moderate security

       update 

Date:  30 March 2009

OS:    Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD,

       Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX 

URL:   http://www.auscert.org.au/10718

 

Title: ESB-2009.0291 -- [UNIX/Linux][Debian] -- xulrunner: New packages fix

       multiple vulnerabilities 

Date:  30 March 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10717

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090406/b5eb54ba/attachment.html>


More information about the AusNOG mailing list