[AusNOG] AusCERT Week in Review - Week Ending 27/03/2009 (AUSCERT#20073f686)
Patrick Mannion
patrick at auscert.org.au
Fri Mar 27 17:35:50 EST 2009
Alerts, Advisories and Updates:
-------------------------------
Title: AA-2009.0063 -- [Win][UNIX/Linux] -- Two vulnerabilities patched in
phpMyAdmin
Date: 27 March 2009
URL: http://www.auscert.org.au/10686
Title: AA-2009.0066 -- [Win][UNIX/Linux] -- OpenSSL: Multiple vulnerabilities
Date: 27 March 2009
URL: http://www.auscert.org.au/10708
Title: AA-2009.0067 -- [Win][Netware][Linux][Solaris][AIX] -- eDirectory:
Hotfix available to correct a security vulnerability
Date: 27 March 2009
URL: http://www.auscert.org.au/10709
Title: AL-2009.0022 -- [Win] -- IBM Access Support ActiveX Control: Execute
Arbitrary Code
Date: 27 March 2009
URL: http://www.auscert.org.au/10710
Title: AA-2009.0068 -- [Win][Netware][Linux] -- ZENworks: information
disclosure vulnerability
Date: 27 March 2009
URL: http://www.auscert.org.au/10711
Title: AA-2009.0064 -- [Win] -- Unauthorized read access vulnerability in IBM
Rational AppScan Enterprise
Date: 26 March 2009
URL: http://www.auscert.org.au/10689
Title: AL-2009.0021 -- [Win] -- Update on Conficker as April 2009 activation
date approaches
Date: 26 March 2009
URL: http://www.auscert.org.au/10702
Title: AA-2009.0065 -- [Win] -- Novell - vulnerabilities patched in Client for
Windows 4.8 and 4.9
Date: 26 March 2009
URL: http://www.auscert.org.au/10703
Title: AL-2009.0018 -- [Win][UNIX/Linux] -- Critical update for Adobe Reader 9
and Acrobat 9
Date: 25 March 2009
URL: http://www.auscert.org.au/10621
Title: AA-2009.0062 -- [Win][UNIX/Linux] -- HTTP Response Splitting and file
inclusion vulnerability in phpMyAdmin
Date: 25 March 2009
URL: http://www.auscert.org.au/10684
Title: AU-2009.0012 -- AusCERT Update - [Win][Linux][HP-UX][Solaris] -
HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node
Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service
(DoS)
Date: 24 March 2009
URL: http://www.auscert.org.au/10677
Title: AA-2009.0061 -- [Win][UNIX/Linux] -- New versions of PostgreSQL
released
Date: 24 March 2009
URL: http://www.auscert.org.au/10681
Title: AA-2008.0259 -- [Win][UNIX/Linux] -- phpBB version 3.0.4 has been
released correcting two vulnerabilities
Date: 23 March 2009
URL: http://www.auscert.org.au/10221
Title: AA-2009.0059 -- [Win][UNIX/Linux] -- Possible application source file
exposure in IBM WebSphere Application Server
Date: 23 March 2009
URL: http://www.auscert.org.au/10650
Title: AA-2009.0060 -- [Win][UNIX/Linux] -- TikiWiki 2.3 released
Date: 23 March 2009
URL: http://www.auscert.org.au/10672
External Security Bulletins:
----------------------------
Title: ESB-2008.1111 -- [Win][UNIX/Linux] -- Multiple vulnerabilities and
weaknesses were discovered in Drupal
Date: 26 March 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/10192
Title: ESB-2008.0592 -- [Win][Linux][HP-UX][Solaris] -- HPSBMA02338
SSRT080024, SSRT080041 rev.1 - HP OpenView Network Node Manager (OV
NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)
Date: 23 March 2009
OS: HP Tru64 UNIX, Solaris, IRIX, OpenBSD, Other BSD Variants, FreeBSD,
HP-UX, Ubuntu, Debian GNU/Linux, Other Linux Variants, Red Hat Linux,
AIX, Server 2008, Windows Vista, Windows 2003, Windows 2000, Windows
XP, Mac OS X
URL: http://www.auscert.org.au/9420
Title: ESB-2009.0288 -- [RedHat] -- NetworkManager: Moderate security update
Date: 27 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10707
Title: ESB-2009.0287 -- [Debian] -- Iceweasel: End-of-life announcement in
Debian 4.0
Date: 27 March 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10706
Title: ESB-2009.0286 -- [RedHat] -- acroread: Critical security update
Date: 26 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10705
Title: ESB-2009.0285 -- [Linux][Debian] -- systemtap: New packages fix local
privilege escalation
Date: 27 March 2009
OS: Red Hat Linux, Other Linux Variants, Debian GNU/Linux, Ubuntu
URL: http://www.auscert.org.au/10704
Title: ESB-2009.0284 -- [UNIX/Linux][Debian] -- New lcms packages fix
regression
Date: 26 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10701
Title: ESB-2009.0283 -- [Cisco] -- Multiple Cisco IOS Vulnerabilities
Date: 26 March 2009
OS: Cisco Products
URL: http://www.auscert.org.au/10700
Title: ESB-2009.0282 -- [Win][UNIX/Linux][RedHat][Solaris] -- Critical:
java-1.6.0-ibm security update
Date: 26 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10699
Title: ESB-2009.0281 -- [Win][Linux][Solaris] -- Multiple vulnerabilities in
Java Runtime Environment (JRE)
Date: 27 March 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10698
Title: ESB-2009.0280 -- [Win][Linux][Solaris] -- Security Vulnerabilities in
the Java Runtime Environment (JRE) With Storing and Processing Font
Files May Allow Denial of Service (DOS)
Date: 27 March 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10697
Title: ESB-2009.0279 -- [Win][Linux][Solaris] -- A Security Vulnerability in
the Java Runtime Environment (JRE) HTTP Server Implementation May Allow
a Denial of Service (DoS) Condition on a JAX-WS Service Endpoint
Date: 27 March 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10693
Title: ESB-2009.0278 -- [Win][Linux][Solaris] -- Integer and Buffer Overflow
Vulnerabilities in the Java Runtime Environment (JRE) "unpack200" JAR
Unpacking Utility May Lead to Escalation of Privileges
Date: 27 March 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10692
Title: ESB-2009.0277 -- [Win][Linux][Solaris] -- Multiple Security
Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
Date: 27 March 2009
OS: Windows Vista, Red Hat Linux, Server 2008, Windows XP, Other Linux
Variants, Windows 2000, Windows 2003, Debian GNU/Linux, Ubuntu, Solaris
URL: http://www.auscert.org.au/10691
Title: ESB-2009.0276 -- [Solaris] -- A Security Vulnerability in the Java
Runtime Environment (JRE) Virtual Machine With Code Generation May
Allow Escalation of Privileges
Date: 27 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10690
Title: ESB-2009.0275 -- [Solaris] -- Multiple Security Vulnerabilities in the
Adobe Flash Player for Solaris 10
Date: 25 March 2009
OS: Solaris
URL: http://www.auscert.org.au/10688
Title: ESB-2009.0274 -- [RedHat] -- Moderate: thunderbird security update
Date: 25 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10687
Title: ESB-2009.0273 -- [RedHat] -- Moderate: glib2 security update
Date: 25 March 2009
OS: Red Hat Linux
URL: http://www.auscert.org.au/10685
Title: ESB-2009.0272 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView Network
Node Manager (OV NNM), Remote Execution of Arbitrary Code
Date: 25 March 2009
OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other
Linux Variants, Windows XP, Server 2008, Red Hat Linux, HP-UX, Windows
Vista
URL: http://www.auscert.org.au/10683
Title: ESB-2009.0271 -- [HP-UX] -- HP-UX Running VERITAS File System
(VRTSvxfs) or VERITAS Oracle Disk Manager (VRTSodm), Local Escalation
of Privilege
Date: 25 March 2009
OS: HP-UX
URL: http://www.auscert.org.au/10682
Title: ESB-2009.0270 -- [UNIX/Linux] -- A security vulnerability has been
identified and fixed in pam
Date: 24 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10680
Title: ESB-2009.0269 -- [Win][UNIX/Linux] -- Sun Java System Identity Manager
Security Vulnerabilities
Date: 27 March 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10679
Title: ESB-2009.0268 -- [UNIX/Linux][Debian] -- New webcit packages fix
potential remote code execution
Date: 24 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10678
Title: ESB-2009.0267 -- [Win][UNIX/Linux] -- BIND 9.5.1-P2 and 9.4.3-P2 are
now available
Date: 24 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux
Variants, Windows XP, Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX,
Windows Vista
URL: http://www.auscert.org.au/10676
Title: ESB-2009.0266 -- [Win][UNIX/Linux] -- Vulnerabilities identified in
Printer, e-mail and PDF versions, and Content Construction Kit (Drupal
third-party modules)
Date: 25 March 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10675
Title: ESB-2009.0265 -- [Win][RedHat][OSX] -- Symantec pcAnywhere Format
String Denial of Service
Date: 23 March 2009
OS: Windows 2003, Windows 2000, Windows XP, Server 2008, Red Hat Linux, Mac
OS X, Windows Vista
URL: http://www.auscert.org.au/10674
Title: ESB-2009.0264 -- [Debian] -- New glib2.0 packages fix arbitrary code
execution
Date: 23 March 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10673
Title: ESB-2009.0263 -- [Debian] -- New Linux 2.6.26 packages fix several
vulnerabilities
Date: 23 March 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10671
Title: ESB-2009.0262 -- [UNIX/Linux][Debian] -- New xulrunner packages fix
several vulnerabilities
Date: 23 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10670
Title: ESB-2009.0261 -- [UNIX/Linux][FreeBSD] -- Local privilege escalation
Date: 23 March 2009
OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants,
IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X,
HP-UX, AIX
URL: http://www.auscert.org.au/10669
Title: ESB-2009.0260 -- [Debian] -- New libpng packages fix several
vulnerabilities
Date: 23 March 2009
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/10668
Title: ESB-2009.0251 -- [UNIX/Linux][Ubuntu] -- GLib vulnerability
Date: 25 March 2009
OS: AIX, HP-UX, Mac OS X, Red Hat Linux, Other Linux Variants, FreeBSD,
OpenBSD, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP Tru64
UNIX, Solaris
URL: http://www.auscert.org.au/10656
Title: ESB-2009.0027 -- [Win][UNIX/Linux] -- Openfire multiple vulnerabilities
Date: 24 March 2009
OS: Windows Vista, AIX, HP-UX, Mac OS X, Red Hat Linux, Server 2008,
Windows XP, Other Linux Variants, FreeBSD, Windows 2000, OpenBSD,
Windows 2003, IRIX, Other BSD Variants, Debian GNU/Linux, Ubuntu, HP
Tru64 UNIX, Solaris
URL: http://www.auscert.org.au/10320
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list