[AusNOG] AusCERT Week in Review - Week Ending 06/02/2009 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Feb 6 17:12:17 EST 2009 

Alerts, Advisories and Updates:

-------------------------------

Title: AL-2009.0125 -- [RedHat] -- Moderate: sudo security update 

Date:  06 February 2009

URL:   http://www.auscert.org.au/10461

 

Title: AL-2009.0124 -- [Win][UNIX/Linux] -- Critical: firefox security
update 

Date:  04 February 2009

URL:   http://www.auscert.org.au/10457

 

Title: AA-2009.0014 -- [Win][Netware][Linux][Mac][OSX] -- Novell GroupWise

       WebAccess contains multiple vulnerabilities 

Date:  04 February 2009

URL:   http://www.auscert.org.au/10453

 

Title: AA-2009.0015 -- [Win][UNIX/Linux] -- WebSphere Application Server

       Unspecified Information Disclosure 

Date:  04 February 2009

URL:   http://www.auscert.org.au/10454

 

Title: AA-2009.0016 -- [Win][UNIX/Linux] -- Bugzilla Cross-Site Request

       Forgery Vulnerability 

Date:  04 February 2009

URL:   http://www.auscert.org.au/10456

 

Title: AA-2009.0013 -- [Appliance] -- Xerox has released a security bulletin

       detailing a vulnerability in WorkCentre devices 

Date:  03 February 2009

URL:   http://www.auscert.org.au/10450

 

 

External Security Bulletins:

----------------------------

Title: ESB-2009.0121 -- [UNIX/Linux] -- vulnerability reported in sudo 

Date:  06 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10462

 

Title: ESB-2009.0120 -- [Cisco] -- Multiple Vulnerabilities in Cisco
Wireless

       LAN Controllers 

Date:  06 February 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10460

 

Title: ESB-2009.0119 -- [Win][UNIX/Linux] -- Views bulk operations (Drupal

       third party module) - Cross site scripting 

Date:  05 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10459

 

Title: ESB-2009.0118 -- [RedHat] -- Critical: firefox security update 

Date:  05 February 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10458

 

Title: ESB-2009.0117 -- [HP-UX] -- HP-UX Running IPv6, Remote Denial of

       Service (DoS) and Unauthorized Access 

Date:  04 February 2009

OS:    HP-UX 

URL:   http://www.auscert.org.au/10452

 

Title: ESB-2009.0116 -- [HP NonStop Server] -- HP NonStop Server running
BIND,

       Remote DNS Cache Poisoning 

Date:  04 February 2009

OS:    HP Tru64 UNIX, HP-UX 

URL:   http://www.auscert.org.au/10451

 

Title: ESB-2009.0115 -- [Win][UNIX/Linux] -- New vnc4 packages fix remote
code

       execution 

Date:  03 February 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10449

 

Title: ESB-2009.0114 -- [VMware ESX] -- ESX patches address an issue loading

       corrupt virtual disks and update Service Console packages 

Date:  03 February 2009

OS:    Virtualisation 

URL:   http://www.auscert.org.au/10448

 

Title: ESB-2009.0113 -- [Linux] -- Linux kernel vulnerabilities 

Date:  03 February 2009

OS:    Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux 

URL:   http://www.auscert.org.au/10447

 

Title: ESB-2009.0112 -- [Win][Linux] -- Novell Updates for GroupWise 

Date:  02 February 2009

OS:    Ubuntu, Debian GNU/Linux, Windows 2003, Other Linux Variants, Windows

       XP, Server 2008, Red Hat Linux, Windows Vista 

URL:   http://www.auscert.org.au/10446

 

Title: ESB-2009.0111 -- [Solaris] -- Security Vulnerability in the Solaris

       IP(7p) Implementation may Lead to a Denial of Service 

Date:  02 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10445

 

Title: ESB-2009.0110 -- [Solaris] -- Security Vulnerability in OpenSSL due
to

       Improper Usage of Signature 

Date:  02 February 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10444

 

Title: ESB-2009.0057 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in Internationalization (Drupal third-party module) 

Date:  06 February 2009

OS:    Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,

       Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,

       Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP

       Tru64 UNIX, Solaris 

URL:   http://www.auscert.org.au/10359

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

===========================================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090206/dfdae622/attachment.html>

More information about the AusNOG mailing list