[AusNOG] AusCERT Week in Review - Week Ending 10/02/2012 (AUSCERT#20073f686)

Fri Feb 10 18:04:50 EST 2012

AusCERT Week in Review
10 February 2012

Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2012.0019 - [Win][UNIX/Linux] Chrome: Denial of service - Remote
       with user interaction 
Date:  09 February 2012
URL:   http://www.auscert.org.au/15441

Title: ASB-2012.0018 - [Win][UNIX/Linux] Joomla!: Access confidential data -
       Remote/unauthenticated 
Date:  06 February 2012
URL:   http://www.auscert.org.au/15431


External Security Bulletins:
- ----------------------------
Title: ESB-2012.0151 - [Win][UNIX/Linux][RedHat] jbosscache: Access
privileged
       data - Existing account 
Date:  10 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15445

Title: ESB-2012.0150 - [Linux][RedHat] kernel: Multiple vulnerabilities 
Date:  10 February 2012
OS:    Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux 
URL:   http://www.auscert.org.au/15444

Title: ESB-2012.0149 - [Win][UNIX/Linux][Debian] cvs: Execute arbitrary
       code/commands - Remote/unauthenticated 
Date:  10 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15443

Title: ESB-2012.0148 - [Debian] icedove: Multiple vulnerabilities 
Date:  10 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15442

Title: ESB-2012.0147 - [Win][Linux] HP System Management Homepage (SMH):
       Access confidential data - Remote/unauthenticated 
Date:  09 February 2012
OS:    Windows 2003, Red Hat Linux, Windows 7, Debian GNU/Linux, Ubuntu,
       Windows XP, SUSE, Windows 2000, Windows Vista, Other Linux Variants,
       Windows Server 2008 
URL:   http://www.auscert.org.au/15440

Title: ESB-2012.0146 - [RedHat] mysql: Multiple vulnerabilities 
Date:  09 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15439

Title: ESB-2012.0145 - [RedHat] libxml2: Execute arbitrary code/commands -
       Remote with user interaction 
Date:  09 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15438

Title: ESB-2012.0144 - [Win][Solaris] Various Hewlett-Packard products:
Access
       confidential data - Remote/unauthenticated 
Date:  08 February 2012
OS:    Solaris, Windows 2003, Windows XP, Windows 2000, Windows 7, Windows
       Vista, Windows Server 2008 
URL:   http://www.auscert.org.au/15437

Title: ESB-2012.0143 - [HP-UX] Apache Tomcat: Multiple vulnerabilities 
Date:  08 February 2012
OS:    HP-UX 
URL:   http://www.auscert.org.au/15436

Title: ESB-2012.0142 - [RedHat] Red Hat Enterprise MRG: Execute arbitrary
       code/commands - Existing account 
Date:  07 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15435

Title: ESB-2012.0141 - [RedHat] Red Hat: Access privileged data - Existing
       account 
Date:  07 February 2012
OS:    Red Hat Linux 
URL:   http://www.auscert.org.au/15434

Title: ESB-2012.0140 - [Debian] apache2: Multiple vulnerabilities 
Date:  07 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15433

Title: ESB-2012.0139 - [Win][UNIX/Linux] Various Hewlett-Packard products.:
       Execute arbitrary code/commands - Remote/unauthenticated 
Date:  07 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
       Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
       Windows Server 2008, Other Linux Variants 
URL:   http://www.auscert.org.au/15432

Title: ESB-2012.0138 - [Mac][OSX] Apple Mac OS X: Multiple vulnerabilities 
Date:  06 February 2012
OS:    Mac OS X 
URL:   http://www.auscert.org.au/15430

Title: ESB-2012.0137 - [Debian] cacti: Multiple vulnerabilities 
Date:  06 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15429

Title: ESB-2012.0136 - [Debian] xen-qemu-dm-4.0: Root compromise - Existing
       account 
Date:  06 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15428

Title: ESB-2012.0135.2 - UPDATE [Debian] php5: Execute arbitrary
code/commands
       - Remote/unauthenticated 
Date:  07 February 2012
OS:    Debian GNU/Linux, Debian GNU/Linux 
URL:   http://www.auscert.org.au/15427

Title: ESB-2012.0134 - [Debian] iceape: Multiple vulnerabilities 
Date:  06 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15426

Title: ESB-2012.0133 - [Debian] iceweasel: Multiple vulnerabilities 
Date:  06 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15425

Title: ESB-2012.0132 - [Debian] tomcat6: Multiple vulnerabilities 
Date:  06 February 2012
OS:    Debian GNU/Linux 
URL:   http://www.auscert.org.au/15424

Title: ESB-2012.0131 - [AIX] AIX: Denial of service - Remote/unauthenticated

Date:  06 February 2012
OS:    AIX 
URL:   http://www.auscert.org.au/15423

Title: ESB-2012.0130 - [Win][UNIX/Linux] EMC Documentum xPlore: Access
       privileged data - Existing account 
Date:  06 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
       Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
       Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
       Other Linux Variants, Windows Server 2008 
URL:   http://www.auscert.org.au/15422

Title: ESB-2011.0063.2 - UPDATE [UNIX/Linux] libpng: Execute arbitrary
       code/commands - Remote with user interaction 
Date:  10 February 2012
OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
       GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
       Other Linux Variants, IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux,
Mac
       OS X, Debian GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE,
       OpenBSD, AIX, FreeBSD, Other Linux Variants 
URL:   http://www.auscert.org.au/13850


===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert at auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================