[AusNOG] AusCERT Week in Review - Week Ending 16/01/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Jan 16 16:08:15 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AU-2009.0005 -- AusCERT Update - [Solaris] - Updated - Security
Vulnerability in the ACL (acl(2)) Implementation for UFS File Systems
May Allow a Local User to Panic the System
Date: 16 January 2009
URL: http://www.auscert.org.au/10366
Title: AA-2009.0007 -- [IBM HMC] -- Vulnerability corrected in IBM HMC
Date: 16 January 2009
URL: http://www.auscert.org.au/10368
Title: AA-2009.0006 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM releases new
fix packs for DB2
Date: 15 January 2009
URL: http://www.auscert.org.au/10358
Title: AL-2009.0003 -- [Win] -- Microsoft Security Bulletin MS09-001 -
Critical - Vulnerabilities in SMB Could Allow Remote Code Execution
Date: 14 January 2009
URL: http://www.auscert.org.au/10343
Title: AU-2009.0004 -- AusCERT Update - [Win][UNIX/Linux] - Updated - Oracle
Critical Patch Update Pre-Release Notification
Date: 14 January 2009
URL: http://www.auscert.org.au/10344
Title: AL-2009.0001 -- [Win][UNIX/Linux] -- Oracle Critical Patch Update
Pre-Release Notification
Date: 13 January 2009
URL: http://www.auscert.org.au/10340
Title: AL-2009.0002 -- [Win] -- Microsoft Bulletin Notification - January
Pre-release Announcement
Date: 13 January 2009
URL: http://www.auscert.org.au/10341
Title: AA-2009.0005 -- [Win][Linux][Appliance] -- Vulnerability reported in
multiple BlackBerry products
Date: 13 January 2009
URL: http://www.auscert.org.au/10342
Title: AA-2008.0260 -- [Win] -- An SQL injection vulnerability has been
found
in Citrix Broadcast Server
Date: 11 January 2009
URL: http://www.auscert.org.au/10222
External Security Bulletins:
----------------------------
Title: ESB-2008.0892 -- [Solaris] -- Security Vulnerability in the ACL
(acl(2)) Implementation for UFS File Systems May Allow a Local User
to
Panic the System
Date: 15 January 2009
OS: Solaris
URL: http://www.auscert.org.au/9861
Title: ESB-2009.0064 -- [Solaris] -- Security vulnerability in Solaris
Related
to the Apache 1.3 mod_perl(3) Module Component "PerlRun.pm" may Lead
to
Denial of Service (DoS)
Date: 16 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10367
Title: ESB-2009.0063 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in Notify - (Drupal third-party module)
Date: 16 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10365
Title: ESB-2009.0062 -- [UNIX/Linux][Debian] -- New iceweasel packages fix
several vulnerabilities
Date: 16 January 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10364
Title: ESB-2009.0061 -- [UNIX/Linux][Debian] -- New amarok packages fix
arbitrary code execution
Date: 16 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10363
Title: ESB-2009.0060 -- [UNIX/Linux][Debian] -- New netatalk packages fix
arbitrary code execution
Date: 16 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10362
Title: ESB-2009.0059 -- [RedHat][Solaris] -- Moderate: rhpki security and
bug
fix update
Date: 16 January 2009
OS: Solaris, Red Hat Linux
URL: http://www.auscert.org.au/10361
Title: ESB-2009.0058 -- [Win][UNIX/Linux] -- Drupal Core - Multiple
Vulnerabilities
Date: 15 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10360
Title: ESB-2009.0057 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in Internationalization (Drupal third-party module)
Date: 15 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10359
Title: ESB-2009.0056 -- [UNIX/Linux] -- Multiple vulnerabilities reported in
qemu and kvm
Date: 15 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10357
Title: ESB-2009.0055 -- [Solaris] -- Security Vulnerabilities in the Solaris
lpadmin(1M) and ppdmgr(1M) Utilities May Lead to a Denial of Service
(DoS) Condition
Date: 15 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10355
Title: ESB-2009.0054 -- [Solaris] -- Security Vulnerability Relating to the
posix_fallocate(3C) System Call May Lead to a Denial of Service (DoS)
Date: 15 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10354
Title: ESB-2009.0053 -- [Cisco] -- Cisco IOS Cross-Site Scripting
Vulnerabilities
Date: 15 January 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10353
Title: ESB-2009.0052 -- [Cisco] -- IronPort Encryption Appliance / PostX and
PXE Encryption Vulnerabilities
Date: 15 January 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10352
Title: ESB-2009.0051 -- [Cisco] -- Cisco ONS Platform Crafted Packet
Vulnerability
Date: 15 January 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10351
Title: ESB-2009.0050 -- [UNIX/Linux][Debian] -- New xulrunner packages fix
several vulnerabilities
Date: 15 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10350
Title: ESB-2009.0049 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 15 January 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10349
Title: ESB-2009.0048 -- [UNIX/Linux][Ubuntu] -- HPLIP vulnerability
Date: 14 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10348
Title: ESB-2009.0047 -- [FreeBSD] -- BIND DNSSEC incorrect checks for
malformed signatures
Date: 14 January 2009
OS: FreeBSD
URL: http://www.auscert.org.au/10347
Title: ESB-2009.0046 -- [FreeBSD] -- ntpd cryptographic signature bypass
Date: 14 January 2009
OS: FreeBSD
URL: http://www.auscert.org.au/10346
Title: ESB-2009.0045 -- [UNIX/Linux][RedHat] -- Critical: java-1.6.0-ibm,
java-1.5.0-ibm security updates
Date: 14 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10345
Title: ESB-2009.0044 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Denial of Service (DoS)
Date: 13 January 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX,
Windows
Vista
URL: http://www.auscert.org.au/10339
Title: ESB-2009.0043 -- [Win][UNIX/Linux] -- MPlayer: Multiple
vulnerabilities
Date: 13 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10338
Title: ESB-2009.0042 -- [UNIX/Linux] -- pdnsd: Denial of Service and cache
poisoning
Date: 13 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10337
Title: ESB-2009.0041 -- [UNIX/Linux] -- JHead: Multiple vulnerabilities
Date: 13 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10336
Title: ESB-2009.0040 -- [Debian] -- New bind9 packages fix cryptographic
weakness
Date: 13 January 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10335
Title: ESB-2009.0039 -- [Debian] -- New ntp packages fix cryptographic
weakness
Date: 13 January 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10334
Title: ESB-2009.0038 -- [Debian] -- New OpenSSL packages fix cryptographic
weakness
Date: 13 January 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10333
Title: ESB-2009.0037 -- [RedHat] -- Moderate: avahi security update
Date: 13 January 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10332
Title: ESB-2009.0036 -- [RedHat] -- Moderate: squirrelmail security update
Date: 13 January 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10331
Title: ESB-2009.0035 -- [Solaris] -- The Solaris rpc.metad(1M) Daemon is
Vulnerable to a Denial of Service (DoS) Attack
Date: 12 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10329
Title: ESB-2009.0034 -- [Solaris] -- Security Vulnerability in samba(7)
Specially Crafted Packet May Expose Arbitrary Buffer of Data
Date: 12 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10328
Title: ESB-2009.0033 -- [Solaris] -- Security Vulnerability in
aio_suspend(3RT) May Lead to a System Panic, Resulting in a Denial of
Service (DoS)
Date: 12 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10327
Title: ESB-2009.0032 -- [UNIX/Linux] -- Vulnerability reported in pam_mount
Date: 12 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10326
Title: ESB-2009.0031 -- [Win][UNIX/Linux] -- Multiple vulnerabilities
reported
in Python
Date: 12 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10325
Title: ESB-2009.0030 -- [UNIX/Linux][Debian] -- New lasso packages fix
validation bypass
Date: 12 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10324
Title: ESB-2009.0029 -- [UNIX/Linux][Debian] -- New zaptel packages fix
privilege escalation
Date: 12 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10323
Title: ESB-2009.0028 -- [UNIX/Linux][Debian] -- New gforge packages fix SQL
injection
Date: 12 January 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10322
Title: ESB-2009.0006 -- [Solaris] -- A Security Vulnerability in the NFS
Version 4 Client Within Solaris May Lead to a System Panic
Date: 12 January 2009
OS: Solaris
URL: http://www.auscert.org.au/10298
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090116/ceb0a3ec/attachment.html>
More information about the AusNOG
mailing list