Orbit

AusCERT Week in Review 19 June 2009

Web Log Entries: ---------------- Title: What that widget javascript doing down there? Date: 19 June 2009 URL: http://www.auscert.org.au/11170

Title: Botnet owners Unite! Date: 19 June 2009 URL: http://www.auscert.org.au/11174

Title: HyperVM and Kloxo Date: 15 June 2009 URL: http://www.auscert.org.au/11150

Alerts, Advisories and Updates: ------------------------------- Title: AA-2009.0139 -- [Win][UNIX/Linux] -- libpng: Reduced Security Date: 15 June 2009 URL: http://www.auscert.org.au/11111

External Security Bulletins: ---------------------------- Title: ESB-2009.0587 -- [Debian] -- xulrunner: Multiple Vulnerabilities Date: 19 June 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/11173

Title: ESB-2009.0586 -- [Debian] -- vlc: Multiple Vulnerabilities Date: 19 June 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/11172

Title: ESB-2009.0585 -- [RedHat] -- cyrus-imapd: Multiple Vulnerabilities Date: 19 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11171

Title: ESB-2009.0584 -- [Win] -- Shibboleth Service Provider: Provide Misleading Information Date: 18 June 2009 OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows Vista URL: http://www.auscert.org.au/11168

Title: ESB-2009.0583 -- [UNIX/Linux][Debian] -- gforge: Cross-site Scripting Date: 18 June 2009 OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX URL: http://www.auscert.org.au/11167

Title: ESB-2009.0582 -- [Appliance][Mac][OSX] -- iPhone: Multiple Vulnerabilities Date: 18 June 2009 OS: Mac OS X URL: http://www.auscert.org.au/11166

Title: ESB-2009.0581 -- [Linux][Debian][FreeBSD] -- ctorrent: Execute Arbitrary Code Date: 18 June 2009 OS: Ubuntu, Debian GNU/Linux, FreeBSD, Other Linux Variants, Red Hat Linux URL: http://www.auscert.org.au/11165

Title: ESB-2009.0580 -- [RedHat] -- acroread: Execute Arbitrary Code Date: 18 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11164

Title: ESB-2009.0579 -- [SUSE] -- Firefox: Multiple vulnerabilities Date: 17 June 2009 OS: Other Linux Variants URL: http://www.auscert.org.au/11163

Title: ESB-2009.0578 -- [SUSE] -- kernel: Multiple Vulnerabilities Date: 17 June 2009 OS: Other Linux Variants URL: http://www.auscert.org.au/11162

Title: ESB-2009.0577 -- [Win][UNIX/Linux] -- CA Service Desk (Tomcat): Cross-site Scripting Date: 17 June 2009 OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, Windows 2003, OpenBSD, Windows 2000, FreeBSD, Other Linux Variants, Windows XP, Windows Server 2008, Red Hat Linux, Mac OS X, HP-UX, AIX, Windows Vista URL: http://www.auscert.org.au/11161

Title: ESB-2009.0576 -- [RedHat] -- apr-util: Multiple Vulnerabilities Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11160

Title: ESB-2009.0575 -- [RedHat] -- httpd: Multiple Vulnerabilities Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11159

Title: ESB-2009.0574 -- [Debian] -- apache2: Execute Arbitrary Code Date: 17 June 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/11158

Title: ESB-2009.0573 -- [RedHat] -- cscope: Execute Arbitrary Code Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11157

Title: ESB-2009.0572 -- [RedHat] -- kernel: Multiple Vulnerabilities Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11156

Title: ESB-2009.0571 -- [RedHat] -- cscope: Execute Arbitrary Code Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11155

Title: ESB-2009.0570 -- [RedHat] -- wireshark: Execute Arbitrary Code Date: 17 June 2009 OS: Red Hat Linux URL: http://www.auscert.org.au/11154

Title: ESB-2009.0569 -- [Win] -- CA ARCserve Backup Message Engine: Denial of Service Date: 17 June 2009 OS: Windows 2003, Windows 2000, Windows XP, Windows Server 2008, Windows Vista URL: http://www.auscert.org.au/11153

Title: ESB-2009.0568 -- [Win][Linux][HP-UX][Solaris] -- HP OpenView SNMP Emanate Master Agent: Inappropriate Access Date: 16 June 2009 OS: Solaris, Ubuntu, Debian GNU/Linux, Windows 2003, Windows 2000, Other Linux Variants, Windows XP, Windows Server 2008, Red Hat Linux, HP-UX, Windows Vista URL: http://www.auscert.org.au/11152

Title: ESB-2009.0567 -- [Mac][OSX] -- Java for Mac OS X: Multiple Vulnerabilities Date: 16 June 2009 OS: Mac OS X URL: http://www.auscert.org.au/11151

Title: ESB-2009.0566 -- [UNIX/Linux][Debian] -- libtorrent-rasterbar: Denial of Service Date: 15 June 2009 OS: Solaris, HP Tru64 UNIX, Ubuntu, Debian GNU/Linux, Other BSD Variants, IRIX, OpenBSD, FreeBSD, Other Linux Variants, Red Hat Linux, Mac OS X, HP-UX, AIX URL: http://www.auscert.org.au/11149

Title: ESB-2009.0565 -- [Debian] -- libsndfile: Execute Arbitrary Code Date: 15 June 2009 OS: Debian GNU/Linux URL: http://www.auscert.org.au/11148

=========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072

Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================