[AusNOG] AusCERT Week in Review - Week Ending 13/04/2012 (AUSCERT#20073F686)
Jonathan Levine
jonathan at auscert.org.au
Fri Apr 13 16:36:20 EST 2012
AusCERT Week in Review
13 April 2012
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0005.3 - UPDATE [Win][UNIX/Linux] Wireshark: Denial of
service
- Remote with user interaction
Date: 12 April 2012
URL: http://www.auscert.org.au/15327
Title: ASB-2012.0043.2 - UPDATE [Win][UNIX/Linux] Wireshark: Denial of
service
- Remote with user interaction
Date: 12 April 2012
URL: http://www.auscert.org.au/15651
Title: ASB-2012.0054 - [Win][UNIX/Linux] Novell ZENworks Configuration
Management: Multiple vulnerabilities
Date: 12 April 2012
URL: http://www.auscert.org.au/15708
Title: ASB-2012.0055 - [Win][Netware][RedHat][SUSE] Novell iManager: Denial
of
service - Existing account
Date: 12 April 2012
URL: http://www.auscert.org.au/15709
Title: ASB-2012.0056 - [Win][RedHat][Solaris] RealNetworks Helix Server &
Helix Mobile Server: Multiple vulnerabilities
Date: 12 April 2012
URL: http://www.auscert.org.au/15710
Title: ASB-2012.0057 - [Win][UNIX/Linux] Oracle MySQL Server: Reduced
security
- Unknown/unspecified
Date: 12 April 2012
URL: http://www.auscert.org.au/15711
Title: ASB-2012.0058 - [Win][UNIX/Linux] Novell ZENworks Configuration
Management: Access confidential data - Remote/unauthenticated
Date: 12 April 2012
URL: http://www.auscert.org.au/15715
Title: ASB-2012.0051 - [Win][UNIX/Linux] Google Chrome: Multiple
vulnerabilities
Date: 10 April 2012
URL: http://www.auscert.org.au/15691
Title: ASB-2012.0052 - [Win][UNIX/Linux] Wireshark: Denial of service -
Remote
with user interaction
Date: 10 April 2012
URL: http://www.auscert.org.au/15694
Title: ASB-2012.0053 - [Appliance] Siemens Scalance X Switches: Denial of
service - Remote/unauthenticated
Date: 10 April 2012
URL: http://www.auscert.org.au/15695
External Security Bulletins:
- ----------------------------
Title: ESB-2012.0371 - [Win][VMware ESX][UNIX/Linux] VMware products:
Increased privileges - Existing account
Date: 13 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, Virtualisation, SUSE, Windows 2000, OpenBSD, AIX, Windows
Vista, FreeBSD, Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15719
Title: ESB-2012.0370 - [RedHat] Red Hat Enterprise MRG Management Console:
Cross-site scripting - Existing account
Date: 13 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15718
Title: ESB-2012.0369 - [Debian] samba: Root compromise -
Remote/unauthenticated
Date: 13 April 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15717
Title: ESB-2012.0368 - [Mac][OSX] Java: Reduced security - Remote with user
interaction
Date: 13 April 2012
OS: Mac OS X
URL: http://www.auscert.org.au/15716
Title: ESB-2012.0367 - [Debian] sqlalchemy: Execute arbitrary code/commands
-
Remote/unauthenticated
Date: 12 April 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15714
Title: ESB-2012.0366 - [Appliance] HP Procurve 5400 zl Series Switches:
Reduced security - Existing account
Date: 12 April 2012
OS: HP-UX
URL: http://www.auscert.org.au/15713
Title: ESB-2012.0365 - [RedHat] tomcat5 & tomcat6: Denial of service -
Remote/unauthenticated
Date: 12 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15712
Title: ESB-2012.0364 - [UNIX/Linux][Ubuntu] puppet: Multiple vulnerabilities
Date: 11 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
Other Linux Variants
URL: http://www.auscert.org.au/15707
Title: ESB-2012.0363 - [RedHat] acroread: Multiple vulnerabilities
Date: 11 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15706
Title: ESB-2012.0362 - [RedHat] libtiff: Multiple vulnerabilities
Date: 11 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15705
Title: ESB-2012.0361 - [RedHat] freetype: Multiple vulnerabilities
Date: 11 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15704
Title: ESB-2012.0360 - ALERT [Win][UNIX/Linux][RedHat] samba & samba3x:
Multiple Vulnerabilities
Date: 11 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15703
Title: ESB-2012.0359 - [Win][Linux][OSX] Adobe Reader & Acrobat: Multiple
Vulnerabilities
Date: 11 April 2012
OS: Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Debian GNU/Linux,
Ubuntu, Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux
Variants, Windows Server 2008
URL: http://www.auscert.org.au/15702
Title: ESB-2012.0358 - [Win] Microsoft Office & Works: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15701
Title: ESB-2012.0357 - ALERT [Win] Microsoft Windows Common Controls:
Execute
arbitrary code/commands - Remote with user interaction
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15700
Title: ESB-2012.0356 - [Win] Microsoft Forefront Unified Access Gateway:
Multiple vulnerabilities
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15699
Title: ESB-2012.0355 - [Win] Microsoft .NET Framework: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15698
Title: ESB-2012.0354 - [Win] Microsoft Windows: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15697
Title: ESB-2012.0353 - [Win] Microsoft Internet Explorer: Execute arbitrary
code/commands - Remote with user interaction
Date: 11 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15696
Title: ESB-2012.0352 - [Juniper] Juniper IVE OS: Multiple Vulnerabilities
Date: 10 April 2012
URL: http://www.auscert.org.au/15693
Title: ESB-2012.0351 - [Win][UNIX/Linux][Debian] inspircd: Execute arbitrary
code/commands - Remote/unauthenticated
Date: 10 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15692
Title: ESB-2012.0350 - ALERT [Win] Microsoft: Microsoft Security Bulletin
Advance Notification for April 2012
Date: 10 April 2012
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/15690
Title: ESB-2012.0326.2 - UPDATE [Win][UNIX/Linux] Adobe Flash Player:
Multiple
vulnerabilities
Date: 10 April 2012
OS: IRIX, Solaris, HP Tru64 UNIX, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, FreeBSD, Windows Vista,
Windows Server 2008, Other Linux Variants, IRIX, HP Tru64 UNIX,
Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Debian
GNU/Linux, Ubuntu, Windows XP, HP-UX, Other BSD Variants, SUSE,
Windows
2000, OpenBSD, AIX, FreeBSD, Windows Vista, Other Linux Variants,
Windows Server 2008
URL: http://www.auscert.org.au/15657
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list