copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AusCERT week in Review for 3rd February 2012

Date: 03 February 2012

Click here for printable version

With the Christmas break now a distant memory, vulnerabilities and patches are flowing freely.

This week we saw the Mozilla family of Firefox, Thunderbird and Seamonkey hit double digits with version 10.0 of their respective products. (ASB-2012.0014)

The venerable Apache released its latest, seemingly brought to you courtesy of the number 2, with Apache HTTP Server 2.2.22. (ESB-2012.0101) :)

Apple released OS X Lion v10.7.3 and Security Update 2012-001 fixing the usual smorgasbord of vulnerabilities. Get it while it's warm. [3] (ESB-2012.0114)

Sudo make me a sandwich would have given more than you bargained for thanks to CVE 2012-0809. Thankfully that's now patched with sudo 1.8.3p2.(ASB-2012.0015)

Lastly, and most importantly, a denial of service bug in PHP 5 became a remotely exploitable execute arbitrary code vulnerability thanks to CVE-2011-4885. Stefan Esser discovered this vulnerability, and has advised that it is greatly mitigated by the use of Suhosin-Extension, even in the default configuration. For Debian and Redhat patches are available and should be applied as a matter of priority!

Stay safe,

Marco