[AusNOG] AusCERT Week in Review - Week Ending 18/02/2011 (AUSCERT#20073f686)
Jonathan Levine
jonathan at auscert.org.au
Fri Feb 18 16:55:55 EST 2011
AusCERT Week in Review
18 February 2011
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0012.2 - UPDATE [Win][Linux] IBM Rational Team Concert:
Cross-site scripting - Remote with user interaction
Date: 15 February 2011
URL: http://www.auscert.org.au/13922
Title: ASB-2011.0014.2 - UPDATE [Win][UNIX/Linux] Google Chrome prior to
9.0.597.94: Multiple vulnerabilities
Date: 14 February 2011
URL: http://www.auscert.org.au/13961
Title: ASB-2011.0016 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Application Server: Denial of service - Remote with user interaction
Date: 14 February 2011
URL: http://www.auscert.org.au/13967
Title: ASB-2011.0017 - [Linux] Novell iPrint: Execute arbitrary
code/commands
- Remote/unauthenticated
Date: 14 February 2011
URL: http://www.auscert.org.au/13969
External Security Bulletins:
- ----------------------------
Title: ESB-2010.1173.2 - UPDATE [VMware ESX] VMware ESXi 4.1 Update
Installer:
Unauthorised access - Remote/unauthenticated
Date: 14 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13765
Title: ESB-2010.1105.2 - UPDATE [VMware ESX] VMware ESX 3.5: Multiple
vulnerabilities
Date: 16 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13685
Title: ESB-2010.0789.5 - UPDATE [VMware ESX] VMware ESX: Multiple
vulnerabilities
Date: 16 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13280
Title: ESB-2010.0630.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities
Date: 14 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13078
Title: ESB-2010.0314.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities
Date: 16 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/12609
Title: ESB-2011.0195 - [UNIX] HP NonStop Servers: Denial of service -
Remote/unauthenticated
Date: 18 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, HP-UX, Other BSD Variants, OpenBSD,
AIX,
FreeBSD
URL: http://www.auscert.org.au/13996
Title: ESB-2011.0194 - [Win][UNIX/Linux][Linux] IBM DB2: Denial of service -
Remote with user interaction
Date: 18 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13995
Title: ESB-2011.0193 - [Win][Netware][Linux] Novell ZenWorks: Execute
arbitrary code/commands - Remote/unauthenticated
Date: 18 February 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Novell Netware, Ubuntu,
Debian
GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows
Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13994
Title: ESB-2011.0192 - [Win][UNIX/Linux][RedHat] java-1.6.0-openjdk and
java-1.6.0-sun: Multiple vulnerabilities
Date: 18 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13993
Title: ESB-2011.0191 - [Win][UNIX/Linux] Messaging (Drupal third-party
module): Cross-site scripting - Remote with user interaction
Date: 17 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13992
Title: ESB-2011.0190 - [RedHat] fence: Overwrite arbitrary files - Existing
account
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13991
Title: ESB-2011.0189 - [RedHat] ccs: Overwrite arbitrary files - Existing
account
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13990
Title: ESB-2011.0188 - [RedHat] rgmanager: Multiple vulnerabilities
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13989
Title: ESB-2011.0187 - [RedHat] kernel: Multiple vulnerabilities
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13988
Title: ESB-2011.0186 - [RedHat] sendmail: Provide misleading information -
Remote with user interaction
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13987
Title: ESB-2011.0185 - [RedHat] bash: Overwrite arbitrary files - Existing
account
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13986
Title: ESB-2011.0184 - [RedHat] python: Multiple vulnerabilities
Date: 17 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13985
Title: ESB-2011.0183 - [UNIX/Linux][Debian] telepathy-gabble: Provide
misleading information - Remote/unauthenticated
Date: 17 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13984
Title: ESB-2011.0182 - [UNIX/Linux][Debian] openafs: Denial of service -
Remote/unauthenticated
Date: 17 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13983
Title: ESB-2011.0181 - [Debian] phpmyadmin: Execute arbitrary code/commands
-
Remote with user interaction
Date: 17 February 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13982
Title: ESB-2011.0180 - [Debian] chromium-browser: Multiple vulnerabilities
Date: 17 February 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13981
Title: ESB-2011.0179 - [UNIX/Linux][Debian] ffmpeg-debian: Multiple
vulnerabilities
Date: 17 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13980
Title: ESB-2011.0178 - [Win] Cisco Security Agent: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 17 February 2011
OS: Cisco Products, Windows 2003, Windows 7, Windows XP, Windows 2000,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/13979
Title: ESB-2011.0177 - [Win][UNIX/Linux] Oracle Java Runtime: Multiple
vulnerabilities
Date: 16 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/13978
Title: ESB-2011.0176 - [UNIX/Linux][Ubuntu] qemu-kvm: Unauthorised access -
Remote/unauthenticated
Date: 16 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/13977
Title: ESB-2011.0175 - [RedHat] flash-plugin: 1-Month End Of Life Notice
Date: 16 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13976
Title: ESB-2011.0174 - [RedHat] subversion: Multiple vulnerabilities
Date: 16 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13975
Title: ESB-2011.0173 - [RedHat] dhcp: Denial of service -
Remote/unauthenticated
Date: 16 February 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/13974
Title: ESB-2011.0172 - [UNIX/Linux][Debian] shadow: Root compromise -
Existing
account
Date: 16 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13973
Title: ESB-2011.0171 - [SUSE] flash-player: Execute arbitrary code/commands
-
Remote with user interaction
Date: 15 February 2011
OS: SUSE
URL: http://www.auscert.org.au/13972
Title: ESB-2011.0170 - [UNIX/Linux][Debian] python-django: Multiple
vulnerabilities
Date: 15 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13971
Title: ESB-2011.0169 - [UNIX/Linux][Debian] openssl: Denial of service -
Remote/unauthenticated
Date: 15 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Debian
GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
FreeBSD, Other Linux Variants
URL: http://www.auscert.org.au/13970
Title: ESB-2011.0168 - [Win][UNIX/Linux] phpMyAdmin: Execute arbitrary
code/commands - Remote with user interaction
Date: 14 February 2011
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/13968
Title: ESB-2011.0167 - [VMware ESX] VMware ESX, ESXi, vCenter Server and
vCenter Update Manager: Multiple vulnerabilities
Date: 14 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13966
Title: ESB-2011.0166 - [SUSE][OpenSUSE] kernel: Multiple vulnerabilities
Date: 14 February 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/13965
Title: ESB-2011.0165.2 - UPDATE [Debian] openjdk-6: Denial of service -
Remote
with user interaction
Date: 15 February 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13964
Title: ESB-2011.0164 - [Debian] tomcat6: Multiple vulnerabilities
Date: 14 February 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/13963
Title: ESB-2011.0120.2 - UPDATE [UNIX/Linux] OpenSSH: Access confidential
data
- Remote with user interaction
Date: 14 February 2011
OS: Other Linux Variants, FreeBSD, AIX, OpenBSD, SUSE, Other BSD
Variants,
HP-UX, Ubuntu, Debian GNU/Linux, Mac OS X, Red Hat Linux, Solaris, HP
Tru64 UNIX, IRIX
URL: http://www.auscert.org.au/13911
Title: ESB-2011.0010.2 - UPDATE [VMware ESX] VMWare: Multiple
vulnerabilities
Date: 14 February 2011
OS: Virtualisation
URL: http://www.auscert.org.au/13787
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFNXgkv/iFOrG6YcBERApypAKCseafN3cpsYqYfMqWlBtcFrCj0ZQCfZKKa
/fDUS960p4GXYhkJixrGBGI=
=i+yC
-----END PGP SIGNATURE-----
More information about the AusNOG
mailing list