[pacnog] AusCERT Week in Review - Week Ending 06/05/2011 (AUSCERT#20073F

  • To: <auscert at auscert dot org dot au>
  • Subject: [pacnog] AusCERT Week in Review - Week Ending 06/05/2011 (AUSCERT#20073F686)
  • From: "Zane Jarvis" <zane at auscert dot org dot au>
  • Date: Fri, 6 May 2011 17:04:03 +1000
  • Delivered-to: pacnog at mailman dot apnic dot net
  • In-reply-to: <201105060700.p46702oj058532 at app.auscert dot org dot au>
  • List-archive: <http://mailman.apnic.net/mailing-lists/pacnog>
  • List-help: <mailto:pacnog-request@pacnog.org?subject=help>
  • List-id: Pacific Network Operators Group <pacnog.pacnog.org>
  • List-post: <mailto:pacnog@pacnog.org>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/pacnog>, <mailto:pacnog-request@pacnog.org?subject=unsubscribe>
  • References: <201105060700.p46702oj058532@app.auscert.org.au>
  • Thread-index: AcwLuzpNZqG5d+dnQfit/3DybV2ItwAAGSag
    • 06 May 2011
      
      
      Good afternoon,
      
      This week has been relatively uneventful with regards to major
      vulnerabilities. 
      
      Next week is Microsoft patch week and we will probably see a lot more
      bulletins because of this.
      
      Regards,
      Zane.
      
      
      
      Alerts, Advisories and Updates:
      - -------------------------------
      Title: ASB-2011.0035 - [Win] Rational System Architect: Execute arbitrary
             code/commands - Remote with user interaction
      Date:  04 May 2011
      URL:   http://www.auscert.org.au/14330
      
      
      External Security Bulletins:
      - ----------------------------
      Title: ESB-2011.0504 - [UNIX/Linux] BIND 9.8.0: Denial of service -
             Remote/unauthenticated 
      Date:  06 May 2011
      OS:    IRIX, Solaris, HP Tru64 UNIX, Red Hat Linux, Mac OS X, Debian
             GNU/Linux, Ubuntu, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX,
             FreeBSD, Other Linux Variants 
      URL:   http://www.auscert.org.au/14336
      
      Title: ESB-2011.0503 - [Cisco] Cisco IOS: Denial of service -
             Remote/unauthenticated 
      Date:  06 May 2011
      OS:    Cisco Products 
      URL:   http://www.auscert.org.au/14335
      
      Title: ESB-2011.0502 - [RedHat] python: Multiple vulnerabilities 
      Date:  06 May 2011
      OS:    Red Hat Linux 
      URL:   http://www.auscert.org.au/14334
      
      Title: ESB-2011.0501 - [RedHat] java-1.4.2-ibm: Reduced security -
             Remote/unauthenticated 
      Date:  06 May 2011
      OS:    Red Hat Linux 
      URL:   http://www.auscert.org.au/14333
      
      Title: ESB-2011.0500 - [RedHat] xmlsec1: Overwrite arbitrary files -
             Remote/unauthenticated 
      Date:  05 May 2011
      OS:    Red Hat Linux 
      URL:   http://www.auscert.org.au/14332
      
      Title: ESB-2011.0499 - [Win][UNIX/Linux] Menu Access (Drupal Third party
             module): Cross-site scripting - Remote with user interaction 
      Date:  05 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
             Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
             Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
             Windows Server 2008, Other Linux Variants 
      URL:   http://www.auscert.org.au/14331
      
      Title: ESB-2011.0498 - [SUSE] Suse Summary Advisory: Multiple
      vulnerabilities 
      Date:  04 May 2011
      OS:    SUSE 
      URL:   http://www.auscert.org.au/14329
      
      Title: ESB-2011.0497 - [Win][UNIX/Linux] RSA Data Loss Prevention Enterprise
             Manager: Cross-site scripting - Remote/unauthenticated 
      Date:  04 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7,
             Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD
             Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD,
             Windows Server 2008, Other Linux Variants 
      URL:   http://www.auscert.org.au/14328
      
      Title: ESB-2011.0496 - [UNIX/Linux] OpenSSH prior to 5.8p2: Access
             confidential data - Existing account 
      Date:  03 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
             Other Linux Variants 
      URL:   http://www.auscert.org.au/14327
      
      Title: ESB-2011.0495 - [Win][Linux] Embarcadero Interbase: Multiple
             vulnerabilities 
      Date:  03 May 2011
      OS:    Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
             Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
             Other Linux Variants 
      URL:   http://www.auscert.org.au/14326
      
      Title: ESB-2011.0494 - [Win][UNIX/Linux][RedHat] libvirt: Denial of service
      -
             Remote/unauthenticated 
      Date:  03 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
             Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD
             Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
             Other Linux Variants, Windows Server 2008 
      URL:   http://www.auscert.org.au/14325
      
      Title: ESB-2011.0493 - [UNIX/Linux][RedHat] gstreamer-plugins: Execute
             arbitrary code/commands - Remote with user interaction 
      Date:  03 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Mac OS X, Ubuntu, Debian
             GNU/Linux, HP-UX, Other BSD Variants, SUSE, OpenBSD, AIX, FreeBSD,
             Other Linux Variants 
      URL:   http://www.auscert.org.au/14324
      
      Title: ESB-2011.0492 - [Debian] qemu-kvm: Multiple vulnerabilities 
      Date:  03 May 2011
      OS:    Debian GNU/Linux 
      URL:   http://www.auscert.org.au/14323
      
      Title: ESB-2011.0491 - [Win][UNIX/Linux][Debian] spip: Denial of service -
             Remote/unauthenticated 
      Date:  03 May 2011
      OS:    IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7,
             Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD
             Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista,
             Other Linux Variants, Windows Server 2008 
      URL:   http://www.auscert.org.au/14322
      
      Title: ESB-2011.0490 - iceweasel: Multiple vulnerabilities 
      Date:  03 May 2011
      OS:    Debian GNU/Linux 
      URL:   http://www.auscert.org.au/14321
      
      Title: ESB-2011.0489 - [Debian] iceape: Multiple vulnerabilities 
      Date:  03 May 2011
      OS:    Debian GNU/Linux 
      URL:   http://www.auscert.org.au/14320
      
      Title: ESB-2011.0475.2 - UPDATE [Win][UNIX/Linux] SiteScope: Cross-site
             scripting - Remote with user interaction 
      Date:  05 May 2011
      OS:    Windows Server 2008, Other Linux Variants, Windows Vista, FreeBSD,
      AIX,
             OpenBSD, Windows 2000, SUSE, Other BSD Variants, HP-UX, Windows XP,
             Ubuntu, Debian GNU/Linux, Mac OS X, Windows 7, Red Hat Linux, Windows
             2003, Solaris, HP Tru64 UNIX, IRIX 
      URL:   http://www.auscert.org.au/14302
      
      Title: ESB-2011.0464.2 - UPDATE [Win][Linux] HP Proliant Support Pack:
             Multiple vulnerabilities 
      Date:  04 May 2011
      OS:    Windows Server 2008, Other Linux Variants, Windows Vista, Windows
      2000,
             SUSE, Windows XP, HP-UX, Ubuntu, Debian GNU/Linux, Windows 7, Red Hat
             Linux, Windows 2003 
      URL:   http://www.auscert.org.au/14290
      
      
      
      ===========================================================================
      Australian Computer Emergency Response Team
      The University of Queensland
      Brisbane
      Qld 4072
      
      Internet Email: auscert at auscert dot org dot au
      Facsimile:      (07) 3365 7031
      Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                      AusCERT personnel answer during Queensland business hours
                      which are GMT+10:00 (AEST).
                      On call after hours for member emergencies only.
      ===========================================================================