[AusNOG] AusCERT Week in Review - Week Ending 13/03/2009 (AUSCERT#20073f686)
Paul Fahey
paul at auscert.org.au
Fri Mar 13 16:15:16 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0054 -- [Win] -- A vulnerability has been identified in IBM
Tivoli Storage Manager HSM for Windows client
Date: 13 March 2009
URL: http://www.auscert.org.au/10616
Title: AL-2009.0019 -- [Win][Netware][UNIX/Linux] -- Radiator 4.4 released
fixing a number of vulnerabilities
Date: 13 March 2009
URL: http://www.auscert.org.au/10642
Title: AA-2009.0057 -- [Win][Linux][HP-UX][Solaris][AIX] -- A vulnerability
has been identified in IBM WebSphere Process Server
Date: 12 March 2009
URL: http://www.auscert.org.au/10638
Title: AL-2009.0017 -- [Win] -- Vulnerabilities in Windows Kernel Could
Allow
Remote Code Execution
Date: 11 March 2009
URL: http://www.auscert.org.au/10617
Title: AL-2009.0018 -- [Win][UNIX/Linux] -- Critical update for Adobe Reader
9
and Acrobat 9
Date: 11 March 2009
URL: http://www.auscert.org.au/10621
Title: AA-2009.0055 -- [OpenBSD] -- A vulnerability has been identified in
bgpd
Date: 11 March 2009
URL: http://www.auscert.org.au/10629
Title: AA-2009.0056 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in MySQL
Date: 11 March 2009
URL: http://www.auscert.org.au/10630
Title: AA-2009.0053 -- [Win] -- Foxit Reader - Multiple vulnerabilities
corrected in new release
Date: 10 March 2009
URL: http://www.auscert.org.au/10609
Title: AL-2009.0016 -- [Win] -- Microsoft Bulletin Notification - March
Pre-release Announcement
Date: 10 March 2009
URL: http://www.auscert.org.au/10611
External Security Bulletins:
----------------------------
Title: ESB-2009.0240 -- [Ubuntu] -- curl regression
Date: 13 March 2009
OS: Ubuntu
URL: http://www.auscert.org.au/10641
Title: ESB-2009.0239 -- [RedHat] -- Important: kernel security and bug fix
update
Date: 13 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10640
Title: ESB-2009.0238 -- [UNIX/Linux][RedHat] -- Moderate: icu security
update
Date: 13 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10639
Title: ESB-2009.0237 -- [Win][UNIX/Linux] -- A vulnerability has been
identified in Forward (Drupal module)
Date: 12 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10637
Title: ESB-2009.0236 -- [Win][Mac][OSX] -- iTunes 8.1 has been released to
correct a number of vulnerabilities
Date: 12 March 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Mac OS X,
Windows
Vista
URL: http://www.auscert.org.au/10636
Title: ESB-2009.0235 -- [Win] -- WMI Mapper for HP Systems Insight Manager
Running on Windows, Remote Unauthorized Access to Data, Local
Unauthorized Access
Date: 12 March 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10635
Title: ESB-2009.0234 -- [HP-UX] -- HP-UX Running Java, Remote Execution of
Arbitrary Code and Other Vulnerabilities
Date: 12 March 2009
OS: HP-UX
URL: http://www.auscert.org.au/10634
Title: ESB-2009.0233 -- [Cisco] -- Cisco Unified Communications Manager IP
Phone Personal Address Book Synchronizer Privilege Escalation
Vulnerability
Date: 12 March 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10633
Title: ESB-2009.0232 -- [Linux] -- Security Vulnerability in Sun xVM
VirtualBox for the Linux Platform may Lead to Escalation of
Privileges
Date: 12 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10632
Title: ESB-2009.0231 -- [Solaris] -- Multiple Security Issues in the Doors
Kernel Functionality
Date: 12 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10631
Title: ESB-2009.0230 -- [Solaris] -- Security Vulnerability in the Solaris
NFS
Server Security Modes (nfssec(5)) may Lead to Unauthorized Access to
Shared Resources
Date: 13 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10628
Title: ESB-2009.0229 -- [Solaris] -- A Security Vulnerability in the Solaris
NFS Daemon (nfsd(1M)) May Allow Unauthorized Access to Data
Date: 13 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10627
Title: ESB-2009.0228 -- [Linux] -- A number of vulnerabilities have been
identified in the Linux kernel
Date: 11 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10626
Title: ESB-2009.0227 -- [Win][UNIX/Linux] -- A vulnerability has been
identifed in openoffice.org
Date: 11 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10625
Title: ESB-2009.0226 -- [UNIX/Linux][Debian] -- New mahara packages fix
cross-site scripting
Date: 11 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10624
Title: ESB-2009.0225 -- [UNIX/Linux][Debian] -- New znc packages fix
privilege
escalation
Date: 11 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10623
Title: ESB-2009.0224 -- [Win][Linux][HP-UX][Solaris][AIX] -- IBM Tivoli
Storage Manager Express Heap Buffer Overflow Vulnerability
Date: 11 March 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X,
HP-UX, AIX, Windows Vista
URL: http://www.auscert.org.au/10622
Title: ESB-2009.0223 -- [UNIX/Linux] -- Asterisk Remote Crash Vulnerability
in
SIP channel driver
Date: 13 March 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10620
Title: ESB-2009.0222 -- [Win] -- Vulnerabilities in DNS and WINS Server
Could
Allow Spoofing
Date: 11 March 2009
OS: Windows 2003, Windows 2000, Server 2008
URL: http://www.auscert.org.au/10619
Title: ESB-2009.0221 -- [Win] -- Vulnerability in SChannel Could Allow
Spoofing
Date: 11 March 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Windows Vista
URL: http://www.auscert.org.au/10618
Title: ESB-2009.0220 -- [Linux] -- A number of vulnerabilities have been
identified in Mozilla Firefox as used by Avaya
Date: 10 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux
URL: http://www.auscert.org.au/10615
Title: ESB-2009.0219 -- [Linux] -- Openswan: Insecure temporary file
creation
Date: 10 March 2009
OS: Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux, Mac OS
X
URL: http://www.auscert.org.au/10614
Title: ESB-2009.0218 -- [UNIX/Linux] -- MPFR: Denial of Service
Date: 10 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX
URL: http://www.auscert.org.au/10613
Title: ESB-2009.0217 -- [Win][UNIX/Linux] -- OptiPNG: User-assisted
execution
of arbitrary code
Date: 10 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10612
Title: ESB-2009.0216 -- [Win][UNIX/Linux] -- Irrlicht: User-assisted
execution
of arbitrary code
Date: 10 March 2009
OS: Windows ME, Windows Vista, Mac OS X, Windows NT 4, Red Hat Linux,
Server 2008, Windows XP, Other Linux Variants, Windows 2000, Windows
2003, Debian GNU/Linux, Ubuntu, Windows 98/98SE
URL: http://www.auscert.org.au/10610
Title: ESB-2009.0215 -- [UNIX/Linux] -- vulnerabilities in poppler
Date: 09 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS
X,
HP-UX, AIX
URL: http://www.auscert.org.au/10608
Title: ESB-2009.0214 -- [Solaris] -- Denial of Service (DoS) Vulnerability
in
NFSv4 Server Kernel Module
Date: 13 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10607
Title: ESB-2009.0213 -- [Solaris] -- Kernel Patches/Changes may Stop Sun
Cluster Node From Joining the Cluster
Date: 09 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10606
Title: ESB-2009.0212 -- [Solaris] -- Vulnerability in the xterm(1) program
may
lead to execution of arbitrary code
Date: 09 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10605
Title: ESB-2009.0211 -- [Win][UNIX/Linux] -- Apache Tomcat cross-site
scripting vulnerability
Date: 09 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX,
AIX,
Windows Vista
URL: http://www.auscert.org.au/10604
Title: ESB-2009.0210 -- [Win][UNIX/Linux][RedHat] -- Moderate: JBoss
Enterprise Application Platform update
Date: 09 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10603
Title: ESB-2009.0207 -- [Solaris] -- A Security Vulnerability With the
Solaris
Crypto Driver May Cause a System Panic
Date: 11 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10597
Title: ESB-2009.0206 -- [Solaris] -- Cross Site Scripting (XSS)
Vulnerability
in Sun Management Center (SunMC) Performance Reporting Module
Date: 13 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10596
Title: ESB-2009.0189 -- [Win][UNIX/Linux] -- Taxonomy Theme (Drupal
Third-party module) - Cross site scripting
Date: 10 March 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10568
Title: ESB-2009.0188 -- [UNIX/Linux] -- New dkim-milter packages fix denial
of
service
Date: 09 March 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10567
Title: ESB-2009.0164 -- [Win][UNIX/Linux][Appliance] -- Intercepting proxy
servers may incorrectly rely on HTTP headers to make connections
Date: 10 March 2009
OS: Ubuntu, Windows 98/98SE, HP Tru64 UNIX, Solaris, Debian GNU/Linux,
Other BSD Variants, IRIX, Windows 2003, OpenBSD, Windows 2000,
FreeBSD,
Other Linux Variants, Windows XP, Server 2008, Cisco Products, Red
Hat
Linux, Windows NT 4, Mac OS X, HP-UX, AIX, Windows Vista, Windows ME
URL: http://www.auscert.org.au/10537
Title: ESB-2009.0153 -- [Solaris] -- A Security Vulnerability in the Solaris
Kerberos PAM Module May Allow Use of a User Specified Kerberos
Configuration File, Leading to Escalation of Privileges
Date: 12 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10506
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090313/71b79f7e/attachment.html>
More information about the AusNOG
mailing list