Report an Incident

If you are a CNI organisation and you have encountered or suspect a cyber threat, please complete and return an Incident Reporting Form.

All incident reports provided to the CCIP are treated in the strictest of confidence. Please see our Confidentiality Charter for more details. Read More


New at CCIP

Current e-Bulletin The CCIP e-Bulletin provides a snapshot of security related news
Read More


New Zealand Government Website

December 2008

The following table includes the Vulnerability Alerts for the month.

Note: These links reference external sites. CCIP can not accept responsibility for outdated links or such links contents.
Reference Description Date
RealNetworks
RealNetworks Helix Server Multiple Vulnerabilities
31/12/08
Slackware Linux
Slackware update for seamonkey
30/12/08
Debian
Debian update for php-xajax
30/12/08
Debian
Debian update for phppgadmin
29/12/08
Mozilla Organization
Mozilla Firefox "keypress" User Interface Event Dispatching Weakness
27/12/08
Red Hat
Fedora update for kvm
26/12/08
Sun Microsystems
Sun SNMP Management Agent Insecure Temporary Files
26/12/08
FreeBSD Project
FreeBSD ftpd Long Command Processing Vulnerability
26/12/08
Avaya
Avaya CMS Solaris "libICE" Denial of Service Vulnerability
26/12/08
Sun Microsystems
Sun Java System Access Manager XSLT Stylesheet Processing Vulnerability
26/12/08
Avaya
Avaya CMS Solaris Kerberos Credential Renewal Denial of Service
26/12/08
Avaya
Avaya CMS Solaris SSH CBC Mode Plaintext Recovery Vulnerability
26/12/08
Sun Microsystems
Sun Java Access Manager Unspecified Security Bypass
26/12/08
Red Hat
Fedora update for kernel
26/12/08
Red Hat
Fedora update for mediawiki
26/12/08
IBM
IBM Tivoli Netcool/Webtop Tomcat Vulnerability
26/12/08
Gentoo
Gentoo update for imlib2
24/12/08
Gentoo
Gentoo update for ampache
24/12/08
Gentoo
Gentoo update for vlc
24/12/08
Gentoo
Gentoo update for clamav
24/12/08
FreeBSD Project
FreeBSD netgraph / bluetooth Sockets Privilege Escalation
24/12/08
Microsoft
Microsoft SQL Server "sp_replwritetovarbin()" Buffer Overflow
23/12/08
Debian
Debian update for courier-authlib
23/12/08
Trend Micro
Trend Micro HouseCall ActiveX Control Arbitrary Code Execution
23/12/08
Debian
Debian update for moodle
23/12/08
Red Hat
Mico "set_answer_invoke()" Denial of Service Vulnerability
23/12/08
Red Hat
Fedora update for roundcubemail
23/12/08
Red Hat
Fedora update for openvpn
23/12/08
Gentoo
Gentoo phpCollab Multiple Vulnerabilities
23/12/08
Red Hat
phpCollab Multiple SQL Injection Vulnerabilities
23/12/08
Red Hat
Fedora update for seamonkey
23/12/08
Red Hat
Fedora update for firefox
23/12/08
Red Hat
Fedora update for firefox and xulrunner
23/12/08
Red Hat
Fedora update for moodle
23/12/08
Red Hat
Fedora update for git
23/12/08
Red Hat
Fedora update for phpPgAdmin
23/12/08
Avaya
Avaya CMS / IR Java JRE Zip Archive Parsing Vulnerability
23/12/08
Red Hat
Fedora update for drupal-views
23/12/08
Red Hat
Fedora update for rsyslog
23/12/08
Debian
Debian update for courier-authlib
22/12/08
Red Hat
Red Hat update for flash-plugin
22/12/08
Red Hat
Fedora update for libvirt
22/12/08
Debian
Debian update for avahi
22/12/08
Novell
SUSE update for flash-player
22/12/08
Debian
Debian update for perl
22/12/08
Debian
Debian update for proftpd-dfsg
22/12/08
Gentoo
Gentoo update for pdns
22/12/08
Trend Micro
Trend Micro HouseCall ActiveX Control "notifyOnLoadNative()" Vulnerability
21/12/08
Apache Software Foundation
Apache Tomcat Multiple Vulnerabilities
20/12/08
Novell
SUSE update for MozillaFirefox and seamonkey
20/12/08
Sun Microsystems
Sun Solaris "nscd" Security Bypass Vulnerability
20/12/08
Mozilla Organization
Mozilla Firefox 2 Multiple Vulnerabilities
20/12/08
Novell
Novell Identity Manager Cross-Site Scripting Vulnerabilities
20/12/08
Sophos
Sophos Anti-Virus Products CAB Archive Processing Vulnerability
20/12/08
Red Hat
Red Hat update for java-1.6.0-bea
19/12/08
Red Hat
Red Hat update for java-1.4.2-bea
19/12/08
Red Hat
Red Hat update for java-1.5.0-bea
19/12/08
Slackware Linux
Slackware update for mozilla-firefox
19/12/08
ESET
ESET Smart Security "epfw.sys" IOCTL Handler Privilege Escalation
19/12/08
Sun Microsystems
Sun Solaris IP Tunnel SIOCGTUNPARAM IOCTL Vulnerability
19/12/08
Adobe Systems
Adobe Flash Player for Linux SWF Processing Vulnerability
18/12/08
Microsoft
Internet Explorer Data Binding Memory Corruption Vulnerability
18/12/08
Red Hat
Red Hat update for seamonkey
18/12/08
Red Hat
Red Hat update for firefox
18/12/08
Mozilla Organization
Mozilla Thunderbird Multiple Vulnerabilities
17/12/08
Mozilla Organization
Mozilla SeaMonkey Multiple Vulnerabilities
17/12/08
Mozilla Organization
Mozilla Firefox 2 Multiple Vulnerabilities
17/12/08
Mozilla Organization
Mozilla Firefox 3 Multiple Vulnerabilities
17/12/08
Red Hat
Red Hat update for kernel
17/12/08
Gentoo
Gentoo update for jasper
17/12/08
Gentoo
Gentoo update for ruby
17/12/08
Microsoft
Internet Explorer Data Binding Memory Corruption Vulnerability
17/12/08
Microsoft
Internet Explorer Data Binding Memory Corruption Vulnerability
17/12/08
SuSE
SUSE update for IBM Java
17/12/08
SuSE
SUSE update for clamav
17/12/08
Novell
SUSE update for freeradius
17/12/08
Red Hat
Red Hat update for enscript
17/12/08
Avaya
Avaya CMS Sun Java JDK / JRE Multiple Vulnerabilities
17/12/08
Sun Microsystems
Sun Solaris Apache "mod_proxy_http" and "mod_proxy_ftp" Vulnerabilities
17/12/08
Sun Microsystems
Sun Solaris IPv4 Forwarding Denial of Service
17/12/08
Sun Microsystems
Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities
17/12/08
Red Hat
Red Hat update for kernel
17/12/08
Sun Microsystems
Sun Netra / Fire Servers IP Spoofing Vulnerability
17/12/08
Opera Software
Opera Multiple Vulnerabilities
17/12/08
Apple
Apple Safari Cross-Domain Cookie Injection Vulnerability
17/12/08
Apple
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
17/12/08
Debian
Debian update for linux-2.6
16/12/08
Citrix Systems
Citrix Application Gateway Broadcast Server SQL Injection Vulnerability
16/12/08
Gentoo
Gentoo update for povray
16/12/08
Red Hat
MediaWiki Multiple Vulnerabilities
16/12/08
Red Hat
Fedora update for drupal
16/12/08
Gentoo
Gentoo update for honeyd
16/12/08
Red Hat
Red Hat update for cups
16/12/08
Red Hat
Red Hat update for pidgin
16/12/08
Red Hat
Fedora update for gallery2
16/12/08
Red Hat
Fedora update for phpMyAdmin
16/12/08
Red Hat
Red Hat update for enscript
16/12/08
Gentoo
Gentoo update for aview
16/12/08
IBM
IBM Tivoli Provisioning Manager SOAP Authentication Security Issue
16/12/08
Sun Microsystems
Sun Solaris Kerberos Credential Renewal Denial of Service
13/12/08
IBM
IBM WebSphere Portal Unspecified Security Bypass Vulnerability
13/12/08
12/12/08
HP
HP-UX DCE Unspecified Denial of Service Vulnerability
12/12/08
Computer Associates (CA)
CA ARCserve Backup RPC "handle_t" Argument Vulnerability
12/12/08
Sun Microsystems
Sun Solaris SSH CBC Mode Plaintext Recovery Vulnerability
12/12/08
Sun Microsystems
Sun Java System Portal Server File Disclosure Vulnerability
12/12/08
Sun Microsystems
Sun Ray Windows Connector Information Disclosure Vulnerability
12/12/08
Sun Microsystems
Sun Ray Server Software Two Vulnerabilities
12/12/08
HP
HP DECnet-Plus for OpenVMS Security Bypass
10/12/08
Aruba Networks
Aruba Mobility Controller EAP Frame Denial of Service
09/12/08
Debian
Debian update for streamripper
09/12/08
HP
HP OpenView Products Shared Trace Service Denial of Service
09/12/08
Red Hat
Fedora update for vinagre
09/12/08
Red Hat
Fedora update for awstats
09/12/08
Red Hat
Red Hat update for tomcat
09/12/08
Cisco
Linksys WVC54GC Information Disclosure and ActiveX Control Buffer Overflow
09/12/08
IBM
IBM WebSphere Application Server Multiple Vulnerabilities
09/12/08
Red Hat
Fedora update for squirrelmail
09/12/08
Gentoo
TWiki Cross-Site Scripting and Command Injection Vulnerabilities
09/12/08
Gentoo
Gentoo update for mgetty
09/12/08
Sun Microsystems
Sun Solaris OpenSSL PKCS#11 Denial of Service Vulnerability
08/12/08
Red Hat
Fedora update for java-1.6.0-openjdk
08/12/08
Red Hat
Fedora update for dbus
08/12/08
Avaya
Avaya Products ed "strip_escapes()" Buffer Overflow Security Issue
06/12/08
Debian
Debian update for linux-2.6.24
06/12/08
Debian
Debian update for clamav
05/12/08
Red Hat
Pi3Web ISAPI Requests Handling Denial of Service Vulnerability
05/12/08
Red Hat
Red Hat update for java-1.5.0-sun / java-1.6.0-sun
05/12/08
IBM
IBM HMC HTTP TRACE Response Cross-Site Scripting Weakness
05/12/08
Sun Microsystems
Sun Java JDK / JRE Multiple Vulnerabilities
05/12/08
Sun Microsystems
Sun Solaris rpc.ypupdated Arbitrary Command Execution
05/12/08
Debian
Debian update for perl
04/12/08
Debian
mvnForum Unspecified Cross-Site Scripting and Request Forgery
04/12/08
Debian
Debian update for awstats
04/12/08
HP
HP-UX Unspecified Local Denial of Service Vulnerability
04/12/08
VMware
VMware ESX Server update for bzip2
03/12/08
VMware
VMware ESX / ESXi Virtual Hardware Memory Corruption Vulnerability
03/12/08
VMware
VMware ESX Server update for libxml2
03/12/08
Red Hat
Fedora update for lynx
03/12/08
Red Hat
Fedora update for wordpress
03/12/08
Gentoo
Gentoo update for optipng
03/12/08
Gentoo
Gentoo update for ipsec-tools
03/12/08
Gentoo
Gentoo update for lighttpd
03/12/08
Gentoo
Gentoo update for enscript
03/12/08
Gentoo
Gentoo update for mantisbt
03/12/08
Gentoo
Gentoo update for libxml2
03/12/08
Red Hat
Fedora update for samba
03/12/08
OSI Soft
PI Network Manager Patch 3.4.375.90 is released
3/12/08
Cisco
Linksys WRT160N Cross-Site Scripting Vulnerability
03/12/08
IBM
IBM Rational ClearQuest Multiple Vulnerabilities
03/12/08
Debian
Debian update for flamethrower
03/12/08
IBM
IBM Rational ClearCase Cross-Site Scripting Vulnerability
03/12/08
NetGear
Netgear WGR614v8 / WGR14v9 Web Interface Request Denial of Service
02/12/08
Debian
Debian update for phpmyadmin
02/12/08
Slackware Linux
Slackware update for ruby
02/12/08
Debian
Debian update for wireshark
02/12/08
IBM
IBM WebSphere Application Server mod_proxy_ftp Cross-Site Scripting
02/12/08
Debian
Debian update for jailer
01/12/08
Slackware Linux
VLC Media Player Real Demuxer Integer Overflow Vulnerability
01/12/08
Slackware Linux
Slackware update for samba
01/12/08
Debian
Debian update for imlib2
01/12/08
IBM
Web Calendar Pro Multiple SQL Injection Vulnerabilities
01/12/08
Research In Motion
BlackBerry Desktop Software FlexNET Connect ActiveX Control Vulnerability
01/12/08
IBM
IBM AIX Multiple Privilege Escalation Vulnerabilities
01/12/08