Orbit

AusCERT Week in Review 20 April 2012

AusCERT in the Media: - --------------------- Experts question eHealth security http://www.abc.net.au/news/2012-04-16/e-healths-security-questioned/3952818

Papers, Articles and other documents: - ------------------------------------- Newsletter - Less painful passwords and do you have DNSChanger? - SSO-NL2012-004 http://www.ssoalertservice.net.au/view/6b6f37f06ee9036525b2e82b37764648

Web Log Entries: - ----------------

Alerts, Advisories and Updates: - ------------------------------- Title: ASB-2012.0060 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities Date: 18 April 2012 URL: http://www.auscert.org.au/15733

Title: ASB-2012.0059 - [Win][UNIX/Linux] MySQL 5.5.x: Reduced security - Unknown/unspecified Date: 16 April 2012 URL: http://www.auscert.org.au/15724

External Security Bulletins: - ---------------------------- Title: ESB-2012.0390 - [Win][UNIX/Linux] Bugzilla: Multiple vulnerabilities Date: 20 April 2012 OS: IRIX, HP Tru64 UNIX, Solaris, Windows 2003, Red Hat Linux, Windows 7, Mac OS X, Ubuntu, Debian GNU/Linux, Windows XP, HP-UX, Other BSD Variants, SUSE, Windows 2000, OpenBSD, AIX, Windows Vista, FreeBSD, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/15741

Title: ESB-2012.0389 - [Debian] openssl: Multiple vulnerabilities Date: 20 April 2012 OS: Debian GNU/Linux URL: http://www.auscert.org.au/15740

Title: ESB-2012.0388 - [Win][UNIX/Linux] OpenSSL: Denial of service - Remote/unauthenticated Date: 20 April 2012 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux Variants, Windows Server 2008 URL: http://www.auscert.org.au/15739

Title: ESB-2012.0387 - [Debian] gajim: Reduced security - Unknown/unspecified Date: 19 April 2012 OS: Debian GNU/Linux URL: http://www.auscert.org.au/15738

Title: ESB-2012.0386 - [Win][VMware ESX][Netware][Linux][HP-UX] HP Onboard Administrator: Denial of service - Remote/unauthenticated Date: 19 April 2012 OS: Red Hat Linux, Windows 2003, Windows 7, Novell Netware, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Virtualisation, SUSE, Windows 2000, Windows Vista, Other Linux Variants, Windows Server 2008 URL: http://www.auscert.org.au/15737

Title: ESB-2012.0385 - [Win][Linux][HP-UX][Solaris][AIX] IBM WebSphere Application Server: Multiple vulnerabilities Date: 18 April 2012 OS: Solaris, Red Hat Linux, Windows 2003, Windows 7, Debian GNU/Linux, Ubuntu, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/15736

Title: ESB-2012.0384 - [OpenVMS] HP OpenVMS: Denial of service - Existing account Date: 18 April 2012 OS: HP-UX URL: http://www.auscert.org.au/15735

Title: ESB-2012.0383 - [OpenVMS] HP Secure Web Server: Multiple vulnerabilities Date: 18 April 2012 OS: HP-UX URL: http://www.auscert.org.au/15734

Title: ESB-2012.0382 - [RedHat] rhev-hypervisor5: Multiple vulnerabilities Date: 18 April 2012 OS: Red Hat Linux URL: http://www.auscert.org.au/15732

Title: ESB-2012.0381 - [RedHat] kernel: Denial of service - Existing account

Date: 18 April 2012 OS: Red Hat Linux URL: http://www.auscert.org.au/15731

Title: ESB-2012.0380 - [Linux][RedHat] kernel: Denial of service - Remote/unauthenticated Date: 18 April 2012 OS: Red Hat Linux, SUSE, Other Linux Variants, Ubuntu, Debian GNU/Linux URL: http://www.auscert.org.au/15730

Title: ESB-2012.0379 - [Win][UNIX/Linux] Apache HTTP Server: Execute arbitrary code/commands - Existing account Date: 18 April 2012 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7, Mac OS X, Ubuntu, Debian GNU/Linux, HP-UX, Windows XP, Other BSD Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux Variants, Windows Server 2008 URL: http://www.auscert.org.au/15729

Title: ESB-2012.0378 - [Win][RedHat][HP-UX][Solaris][AIX][SUSE] IBM Tivoli Directory Server: Multiple vulnerabilities Date: 17 April 2012 OS: Solaris, Windows 2003, Windows 7, Windows XP, HP-UX, SUSE, Windows 2000, AIX, Windows Vista, Windows Server 2008 URL: http://www.auscert.org.au/15728

Title: ESB-2012.0377 - ALERT [Win][Linux] HP System Management Homepage: Multiple vulnerabilities Date: 17 April 2012 OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux, Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008, Other Linux Variants URL: http://www.auscert.org.au/15727

Title: ESB-2012.0376 - [Win][UNIX/Linux][Debian] gajim: Multiple vulnerabilities Date: 16 April 2012 OS: IRIX, HP Tru64 UNIX, Solaris, Red Hat Linux, Windows 2003, Windows 7, Mac OS X, Debian GNU/Linux, Ubuntu, HP-UX, Windows XP, Other BSD Variants, SUSE, OpenBSD, Windows 2000, AIX, FreeBSD, Windows Vista, Other Linux Variants, Windows Server 2008 URL: http://www.auscert.org.au/15726

Title: ESB-2012.0375 - [OSX] Mac OS X Lion: Reduced security - Remote with user interaction Date: 16 April 2012 OS: Mac OS X URL: http://www.auscert.org.au/15725

Title: ESB-2012.0374 - ALERT [RedHat] samba: Root compromise - Remote/unauthenticated Date: 16 April 2012 OS: Red Hat Linux URL: http://www.auscert.org.au/15723

Title: ESB-2012.0373 - [Debian] apache2: Execute arbitrary code/commands - Remote/unauthenticated Date: 16 April 2012 OS: Debian GNU/Linux URL: http://www.auscert.org.au/15722

Title: ESB-2011.0370.2 - UPDATE [HP-UX] Apache: Multiple vulnerabilities Date: 19 April 2012 OS: HP-UX, HP-UX URL: http://www.auscert.org.au/14190

=========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072

Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================