[AusNOG] AusCERT Week in Review - Week Ending 20/04/2012 (AUSCERT#20073F686)
Jonathan Levine
jonathan at auscert.org.au
Fri Apr 20 17:14:08 EST 2012
AusCERT Week in Review
20 April 2012
AusCERT in the Media:
- ---------------------
Experts question eHealth security
http://www.abc.net.au/news/2012-04-16/e-healths-security-questioned/3952818
Papers, Articles and other documents:
- -------------------------------------
Newsletter - Less painful passwords and do you have DNSChanger? -
SSO-NL2012-004
http://www.ssoalertservice.net.au/view/6b6f37f06ee9036525b2e82b37764648
Web Log Entries:
- ----------------
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0060 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple
vulnerabilities
Date: 18 April 2012
URL: http://www.auscert.org.au/15733
Title: ASB-2012.0059 - [Win][UNIX/Linux] MySQL 5.5.x: Reduced security -
Unknown/unspecified
Date: 16 April 2012
URL: http://www.auscert.org.au/15724
External Security Bulletins:
- ----------------------------
Title: ESB-2012.0390 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities
Date: 20 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15741
Title: ESB-2012.0389 - [Debian] openssl: Multiple vulnerabilities
Date: 20 April 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15740
Title: ESB-2012.0388 - [Win][UNIX/Linux] OpenSSL: Denial of service -
Remote/unauthenticated
Date: 20 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15739
Title: ESB-2012.0387 - [Debian] gajim: Reduced security -
Unknown/unspecified
Date: 19 April 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15738
Title: ESB-2012.0386 - [Win][VMware ESX][Netware][Linux][HP-UX] HP Onboard
Administrator: Denial of service - Remote/unauthenticated
Date: 19 April 2012
OS: Red Hat Linux, Windows 2003, Windows 7, Novell Netware, Debian
GNU/Linux, Ubuntu, HP-UX, Windows XP, Virtualisation, SUSE, Windows
2000, Windows Vista, Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15737
Title: ESB-2012.0385 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere
Application Server: Multiple vulnerabilities
Date: 18 April 2012
OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux,
Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista,
Windows Server 2008, Other Linux Variants
URL: http://www.auscert.org.au/15736
Title: ESB-2012.0384 - [OpenVMS] HP OpenVMS: Denial of service - Existing
account
Date: 18 April 2012
OS: HP-UX
URL: http://www.auscert.org.au/15735
Title: ESB-2012.0383 - [OpenVMS] HP Secure Web Server: Multiple
vulnerabilities
Date: 18 April 2012
OS: HP-UX
URL: http://www.auscert.org.au/15734
Title: ESB-2012.0382 - [RedHat] rhev-hypervisor5: Multiple vulnerabilities
Date: 18 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15732
Title: ESB-2012.0381 - [RedHat] kernel: Denial of service - Existing account
Date: 18 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15731
Title: ESB-2012.0380 - [Linux][RedHat] kernel: Denial of service -
Remote/unauthenticated
Date: 18 April 2012
OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/15730
Title: ESB-2012.0379 - [Win][UNIX/Linux] Apache HTTP Server: Execute
arbitrary
code/commands - Existing account
Date: 18 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15729
Title: ESB-2012.0378 - [Win][RedHat][HP-UX][Solaris][AIX][SUSE] IBM Tivoli
Directory Server: Multiple vulnerabilities
Date: 17 April 2012
OS: Solaris, Windows 2003, Windows 7, Windows XP, HP-UX, SUSE, Windows
2000, AIX, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/15728
Title: ESB-2012.0377 - ALERT [Win][Linux] HP System Management Homepage:
Multiple vulnerabilities
Date: 17 April 2012
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
Other Linux Variants
URL: http://www.auscert.org.au/15727
Title: ESB-2012.0376 - [Win][UNIX/Linux][Debian] gajim: Multiple
vulnerabilities
Date: 16 April 2012
OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
Other Linux Variants, Windows Server 2008
URL: http://www.auscert.org.au/15726
Title: ESB-2012.0375 - [OSX] Mac OS X Lion: Reduced security - Remote with
user interaction
Date: 16 April 2012
OS: Mac OS X
URL: http://www.auscert.org.au/15725
Title: ESB-2012.0374 - ALERT [RedHat] samba: Root compromise -
Remote/unauthenticated
Date: 16 April 2012
OS: Red Hat Linux
URL: http://www.auscert.org.au/15723
Title: ESB-2012.0373 - [Debian] apache2: Execute arbitrary code/commands -
Remote/unauthenticated
Date: 16 April 2012
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/15722
Title: ESB-2011.0370.2 - UPDATE [HP-UX] Apache: Multiple vulnerabilities
Date: 19 April 2012
OS: HP-UX, HP-UX
URL: http://www.auscert.org.au/14190
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert at auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
More information about the AusNOG
mailing list