copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AusCERT Week in Review for 4th May 2012

Date: 04 May 2012

Click here for printable version

Greetings,

As you're probably aware, registration is currently open for the 11th Annual AusCERT Information Security Conference, which is taking place 13th - 18th May at the RACV Royal Pines Resort on Queensland's Gold Coast. We've got a great programme this year and we'd love to see you there!

Registration is available at:
AusCERT 2012 Conference Registration Page

Here's a quick round-up of some of the more interesting vulnerabilities and bulletins from the week:

VMware has been busy this week, releasing two bulletins covering a multitude of vulnerabilities in VMware ESX, VMware ESXi, VMware Workstation, and VMware Player. Some of the impacts of these vulnerabilities include code execution, denial of service and even a root compromise!

Oracle released an out-of-band update for Oracle Database 10g and 11g, addressing a critical remote code execution vulnerability for which proof of concept code exists. The vulnerability was originally reported to Oracle back in 2008, and was unpatched until now.

It wouldn't be a normal week without an obligatory browser update, this week's coming from Google Chrome. This update corrects five vulnerabilities in Chrome which could potentially allow for code execution and denial of service.

The most interesting of vulnerabilities this week, was a 0-day vulnerability identified in PHP's CGI. New versions of PHP 5.3.12 and 5.4.2 have been released which the vendor has stated correct the issue, however there has been some chatter stating that the patches don't actually fix the problem. It has been advised that administrators apply both the patches and the relevant mitigations available.

Have a great weekend!
Jonathan