[AusNOG] AusCERT Week in Review - Week Ending 27/02/2009 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Feb 27 17:27:13 EST 2009
AusCERT Week in Review
27 February 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0042 -- [Win][Mac][OSX] -- Vulnerability announced in
Microsoft
Excel
Date: 25 February 2009
URL: http://www.auscert.org.au/10544
Title: AA-2009.0043 -- [Win][Linux][HP-UX][Solaris][AIX] -- Privilege
escalation vulnerability in IBM websphere MQ
Date: 25 February 2009
URL: http://www.auscert.org.au/10546
Title: AA-2009.0039 -- [OpenBSD] -- OpenBSD patch corrects sudo
vulnerability
Date: 24 February 2009
URL: http://www.auscert.org.au/10538
Title: AA-2009.0040 -- [Win][Linux][Solaris][AIX] -- Vulnerability corrected
in IBM WebSphere Partner Gateway
Date: 24 February 2009
URL: http://www.auscert.org.au/10539
Title: AA-2009.0041 -- [Appliance] -- Avaya addresses vulnerabilities in
Digital Enhanced Cordless Telecommunications (DECT)
Date: 24 February 2009
URL: http://www.auscert.org.au/10542
Title: AA-2009.0035 -- [Win][UNIX/Linux] -- Security vulnerability corrected
in Ruby - Revision 22440
Date: 23 February 2009
URL: http://www.auscert.org.au/10530
Title: AA-2009.0037 -- [Win][UNIX/Linux] -- SQL injection vulnerabilities in
GForge
Date: 23 February 2009
URL: http://www.auscert.org.au/10534
Title: AA-2009.0038 -- [Win] -- Vulnerability corrected in LANDesk
Management
Suite
Date: 23 February 2009
URL: http://www.auscert.org.au/10535
External Security Bulletins:
----------------------------
Title: ESB-2008.0997 -- [Win][UNIX/Linux] -- Multiple vulnerabilities in
Drupal Core and third-party modules
Date: 22 February 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/10003
Title: ESB-2008.0957 -- [Win][UNIX/Linux] -- SIOC and EveryBlog (Drupal
third-party modules) Multiple vulnerabilities
Date: 22 February 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/9941
Title: ESB-2009.0187 -- [VMware ESX] -- ESX 2.5.5 patch 12 updates service
console package ed
Date: 27 February 2009
OS: Virtualisation
URL: http://www.auscert.org.au/10565
Title: ESB-2009.0186 -- [Cisco] -- Cisco Unified MeetingPlace Stored
Cross-Site Scripting Vulnerability
Date: 27 February 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10564
Title: ESB-2009.0185 -- [Win][UNIX/Linux] -- Tomcat information disclosure
vulnerability
Date: 27 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10563
Title: ESB-2009.0184 -- [Linux] -- A vulnerability has been identified and
corrected in valgrind
Date: 27 February 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10562
Title: ESB-2009.0183 -- [UNIX/Linux] -- Vulnerability identified in net-snmp
Date: 27 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10561
Title: ESB-2009.0182 -- [UNIX/Linux] -- Vulnerability identified in epiphany
Date: 27 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10560
Title: ESB-2009.0181 -- [Debian] -- New proftpd-dfsg packages fix SQL
injection vulnerabilites
Date: 27 February 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10559
Title: ESB-2009.0180 -- [Win] -- HP Virtual Rooms Client Running on Windows,
Remote Execution of Arbitrary Code
Date: 27 February 2009
OS: Windows 2000, Windows XP, Windows Vista
URL: http://www.auscert.org.au/10558
Title: ESB-2009.0179 -- [Solaris] -- Security Vulnerabilities in Tomcat 5.5
may Lead to Cross Site Scripting (XSS) or Directory Traversal
Date: 27 February 2009
OS: Solaris
URL: http://www.auscert.org.au/10557
Title: ESB-2009.0178 -- [Win] -- Update for Windows Autorun
Date: 26 February 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10556
Title: ESB-2009.0177 -- [Cisco] -- Multiple Vulnerabilities in the Cisco ACE
Application Control Engine Module and Cisco ACE 4710 Application
Control Engine
Date: 26 February 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10555
Title: ESB-2009.0176 -- [Cisco] -- Cisco Unified MeetingPlace Web
Conferencing
Authentication Bypass Vulnerability
Date: 26 February 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10554
Title: ESB-2009.0175 -- [Win] -- Updates available for RoboHelp and RoboHelp
Server Cross-Site Scripting issues
Date: 26 February 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10553
Title: ESB-2009.0174 -- [Win][UNIX/Linux][RedHat] -- Critical: flash-plugin
security update
Date: 26 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10552
Title: ESB-2009.0173 -- [Debian] -- New python-crypto packages fix denial of
service
Date: 26 February 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10551
Title: ESB-2009.0172 -- [Win] -- Drupal core - Local file inclusion on
Windows
Date: 26 February 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10550
Title: ESB-2009.0171 -- [Win][UNIX/Linux] -- Shibboleth IdP 2.X cross-site
request attack
Date: 25 February 2009
OS: Mac OS X, Windows XP, Windows 2000, Windows 2003, Windows Vista,
Server
2008, AIX, Red Hat Linux, Other Linux Variants, Debian GNU/Linux,
Ubuntu, HP-UX, FreeBSD, Other BSD Variants, OpenBSD, IRIX, Solaris,
HP
Tru64 UNIX
URL: http://www.auscert.org.au/10549
Title: ESB-2009.0170 -- [Win][Linux][Solaris][Mac][OSX] -- Adobe Flash
Player
Invalid Object Reference Vulnerability
Date: 26 February 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,
Windows Vista
URL: http://www.auscert.org.au/10548
Title: ESB-2009.0169 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Unauthorized Access, Denial of Service
(DoS)
Date: 25 February 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX,
Windows
Vista
URL: http://www.auscert.org.au/10547
Title: ESB-2009.0168 -- [RedHat] -- Important: kernel security update
Date: 25 February 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10545
Title: ESB-2009.0167 -- [Win][VMware ESX][Linux] -- VirtualCenter Update 4
updates Tomcat to 5.5.27
Date: 24 February 2009
OS: Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux
Variants, Windows XP, Virtualisation, Server 2008, Red Hat Linux,
Windows Vista
URL: http://www.auscert.org.au/10543
Title: ESB-2009.0166 -- [Win][UNIX/Linux] -- Vulnerability corrected in
PyCrypto
Date: 24 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10541
Title: ESB-2009.0165 -- [UNIX/Linux] -- GNU Emacs, XEmacs: Multiple
vulnerabilities
Date: 24 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10540
Title: ESB-2009.0164 -- [Appliance] -- Intercepting proxy servers may
incorrectly rely on HTTP headers to make connections
Date: 24 February 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10537
Title: ESB-2009.0163 -- [Win][UNIX/Linux] -- OpenSSH 5.2 released
Date: 23 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10536
Title: ESB-2009.0162 -- [Win][UNIX/Linux] -- Adobe Reader and Acrobat buffer
overflow vulnerability
Date: 23 February 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10533
Title: ESB-2009.0157 -- [FreeBSD] -- telnetd code execution vulnerability
Date: 23 February 2009
OS: FreeBSD
URL: http://www.auscert.org.au/10512
Title: ESB-2009.0114 -- [VMware ESX] -- ESX patches address an issue loading
corrupt virtual disks and update Service Console packages
Date: 27 February 2009
OS: Virtualisation
URL: http://www.auscert.org.au/10448
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090227/69d0a50c/attachment.html>
More information about the AusNOG
mailing list