[AusNOG] AusCERT Week in Review - Week Ending 09/01/2009 (AUSCERT#20073f686)

Paul Fahey paul at auscert.org.au
Fri Jan 9 16:29:29 EST 2009


Alerts, Advisories and Updates:

-------------------------------

Title: AU-2009.0003 -- AusCERT Update - [Win][Appliance][Solaris] - Updated
-

       Checkpoint VPN-1 PAT information disclosure 

Date:  08 January 2009

URL:   http://www.auscert.org.au/10315

 

Title: AA-2008.0253 -- [Win][UNIX/Linux] -- A vulnerability has been

       identified in PHP 5.2.7. 

Date:  07 January 2009

URL:   http://www.auscert.org.au/10186

 

Title: AU-2009.0002 -- AusCERT Update - [Debian] - Updated - New xterm

       packages fix remote code execution 

Date:  07 January 2009

URL:   http://www.auscert.org.au/10296

 

Title: AU-2009.0001 -- AusCERT Update - [Win] - Update to Firefox 2.x

       vulnerability on Windows 

Date:  06 January 2009

URL:   http://www.auscert.org.au/10295

 

Title: AL-2008.0129 -- [Win][UNIX/Linux] -- A number of vulnerabilities have

       been identified in Mozilla Firefox, SeaMonkey and Thunderbird 

Date:  05 January 2009

URL:   http://www.auscert.org.au/10237

 

Title: AA-2009.0003 -- [Win][UNIX/Linux] -- Denial of Service vulnerabilitiy

       in UW IMAP 

Date:  05 January 2009

URL:   http://www.auscert.org.au/10291

 

Title: AA-2009.0004 -- [Linux] -- Linux Kernel 2.6.28 Released 

Date:  05 January 2009

URL:   http://www.auscert.org.au/10292

 

Title: AA-2008.0261 -- [Win][Linux][Solaris][AIX] -- Various Tivoli products

       do not correctly authenticate users who attempt to run SOAP commands 

Date:  04 January 2009

URL:   http://www.auscert.org.au/10224

 

 

External Security Bulletins:

----------------------------

Title: ESB-2009.1163 -- [Solaris] -- Insecure Temporary File Usage

       Vulnerability in Sun SNMP Management Agent 

Date:  05 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10278

 

Title: ESB-2009.1160 -- [FreeBSD] -- netgraph / bluetooth privilege
escalation

Date:  05 January 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10272

 

Title: ESB-2008.1071 -- [Win][Appliance][Solaris] -- Checkpoint VPN-1 PAT

       information disclosure 

Date:  07 January 2009

OS:    Solaris, Server 2008, Windows Vista, Windows 2003, Windows 2000,

       Windows XP 

URL:   http://www.auscert.org.au/10113

 

Title: ESB-2009.0027 -- [Win][UNIX/Linux] -- Openfire multiple
vulnerabilities

Date:  09 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10320

 

Title: ESB-2009.0026 -- [UNIX/Linux] -- Asterisk - Information leak in IAX2

       authentication 

Date:  09 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10319

 

Title: ESB-2009.0025 -- [UNIX/Linux][Ubuntu] -- NTP vulnerability 

Date:  09 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10318

 

Title: ESB-2009.0024 -- [RedHat] -- Moderate: bind security update 

Date:  09 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10317

 

Title: ESB-2009.0023 -- [RedHat] -- Important: kernel security update 

Date:  09 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10316

 

Title: ESB-2009.0022 -- [Win] -- CA Service Metric Analysis and CA Service

       Level Management smmsnmpd Arbitrary Command Execution 

Date:  08 January 2009

OS:    Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista 

URL:   http://www.auscert.org.au/10314

 

Title: ESB-2009.0021 -- [Solaris] -- Multiple Security Vulnerabilities in
the

       Flash Player Plugin for Solaris 

Date:  08 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10313

 

Title: ESB-2009.0020 -- [FreeBSD] -- OpenSSL incorrectly checks for
malformed

       signatures 

Date:  08 January 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10312

 

Title: ESB-2009.0019 -- [FreeBSD] -- Cross-site request forgery in

       lukemftpd(8) 

Date:  08 January 2009

OS:    FreeBSD 

URL:   http://www.auscert.org.au/10311

 

Title: ESB-2009.0018 -- [Win][UNIX/Linux] -- Project release, Project issue

       tracking (Drupal third-party modules) Multiple Vulnerabilities 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10310

 

Title: ESB-2009.0017 -- [Win][UNIX/Linux] -- New versions of BIND released
to

       correct a security vulnerability 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10309

 

Title: ESB-2009.0016 -- [Cisco] -- Cisco Global Site Selector Appliances DNS

       Vulnerability 

Date:  08 January 2009

OS:    Cisco Products 

URL:   http://www.auscert.org.au/10308

 

Title: ESB-2009.0015 -- [UNIX/Linux][Debian] -- New iceape packages fix

       several vulnerabilities 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10307

 

Title: ESB-2009.0014 -- [UNIX/Linux][Debian] -- New icedove packages fix

       several vulnerabilities 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10306

 

Title: ESB-2009.0013 -- [RedHat] -- Important: xterm and hanterm-xf security

       update 

Date:  08 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10305

 

Title: ESB-2009.0012 -- [RedHat] -- Moderate: lcms security update 

Date:  08 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10304

 

Title: ESB-2009.0011 -- [RedHat] -- Moderate: dbus security update 

Date:  08 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10303

 

Title: ESB-2009.0010 -- [UNIX/Linux][RedHat] -- Moderate: gnome-vfs,

       gnome-vfs2 security update 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10302

 

Title: ESB-2009.0009 -- [Win][UNIX/Linux][RedHat] -- Important: openssl

       security update 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux

       Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,

       Windows Vista 

URL:   http://www.auscert.org.au/10301

 

Title: ESB-2009.0008 -- [UNIX/Linux][RedHat] -- Moderate: xen security and
bug

       fix update 

Date:  08 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Virtualisation, Red Hat

       Linux, Mac OS X, HP-UX, AIX 

URL:   http://www.auscert.org.au/10300

 

Title: ESB-2009.0007 -- [RedHat] -- Moderate: thunderbird security update 

Date:  08 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10299

 

Title: ESB-2009.0006 -- [Solaris] -- A Security Vulnerability in the NFS

       Version 4 Client Within Solaris May Lead to a System Panic 

Date:  07 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10298

 

Title: ESB-2009.0005 -- [Solaris] -- An Issue in the Solaris LDAP Daemon May

       Cause the System to Hang 

Date:  07 January 2009

OS:    Solaris 

URL:   http://www.auscert.org.au/10297

 

Title: ESB-2009.0004 -- [RedHat] -- Important: kernel security update 

Date:  06 January 2009

OS:    Red Hat Linux 

URL:   http://www.auscert.org.au/10294

 

Title: ESB-2009.0003 -- [UNIX/Linux][Ubuntu] -- Samba vulnerability 

Date:  06 January 2009

OS:    Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,

       IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,

       HP-UX, AIX 

URL:   http://www.auscert.org.au/10293

 

Title: ESB-2009.0002 -- [Debian] -- New Ruby packages fix denial of service 

Date:  05 January 2009

OS:    Debian GNU/Linux 

URL:   http://www.auscert.org.au/10290

 

Title: ESB-2009.0001 -- [UNIX/Linux][Debian] -- New xterm packages fix
remote

       code execution 

Date:  07 January 2009

OS:    AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,

       OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64

       UNIX, Solaris 

URL:   http://www.auscert.org.au/10289

 

 

 

===========================================================================

Australian Computer Emergency Response Team

The University of Queensland

Brisbane

Qld 4072

 

Internet Email: auscert at auscert.org.au

Facsimile:      (07) 3365 7031

Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)

                AusCERT personnel answer during Queensland business hours

                which are GMT+10:00 (AEST).

                On call after hours for member emergencies only.

=========================================================================== 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090109/00572db0/attachment.html>


More information about the AusNOG mailing list