Download
| Alert*
oval:org.secpod.oval:def:400399
Strongswan"s gmp plugin could treat empty RSA signature as valid ones oval:org.secpod.oval:def:400386 - update to 1.2.1 - Security Updates * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX * PR898: signed applications with big jnlp-file doesn"t start * PR811: javaws is not handling urls w ... oval:org.secpod.oval:def:400398 This update of icedtea-web fixed multiple hewap buffer overflows. oval:org.secpod.oval:def:400376 This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:400346 A boundary error in ldns_rr_new_frm_str_internal could lead to a heap-based buffer overfow when processing RR records . oval:org.secpod.oval:def:400467 This update of plib fixed two stack-based buffer overflows. oval:org.secpod.oval:def:400472 - Update to version 1.2.3. * Update configure.ac to avoid autoconf 2.68 warnings, by quoting the first AC_RUN_IFELSE argument, an AC_LANG_PROGRAM, with [ ], and providing an explicit "true" assumption for Berkeley DB capabilities to avoid cross-compilation warnings. * Security bugfix; , ... oval:org.secpod.oval:def:400324 Security / Collective Update for Xen Xen: - bnc#702025 - VUL-0: xen: VT-d MSI trap injection - bnc#703924 - update block-npiv scripts to support BFA HBA - bnc#689954 - L3: Live migrations fail when guest crashes: domain_crash_sync called from entry.S - bnc#693472 - Bridge hangs cause redundant rin ... oval:org.secpod.oval:def:400434 This update of csound fixes two stack-based buffer overflows that could be exploited via malformed hetro and pvoc files . oval:org.secpod.oval:def:400414 This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:400519 This update fixes a bug which allows an unauthenticated remote attacker to cause a stack overflow in server code, resulting in either server crash or even code execution as the user running firebird. oval:org.secpod.oval:def:400378 This version upgrade of horde3 to 3.3.13 fixes several issues and adds new features. oval:org.secpod.oval:def:400359 3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. oval:org.secpod.oval:def:400363 This update fixes a remotely exploitable overflow in DKIM handling. oval:org.secpod.oval:def:400343 This update brings Mozilla Firefox to 6.0.2. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority oval:org.secpod.oval:def:400342 This update brings Mozilla Thunderbird to 3.1.13. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority oval:org.secpod.oval:def:400463 Opera 12.11 is a recommended upgrade offering security and stability enhancements: -fixed an issue where HTTP response heap buffer overflow could allow execution of arbitrary code; -fixed an issue where error pages could be used to guess local file paths; see our advisory -fixed several issues relat ... oval:org.secpod.oval:def:400340 The mozilla NSS libraries were updated to 3.12.11 to align with newer Mozilla seamonkey and Firefox releases. Interesting changes are: - blacklisting malicious root certificates - several bugfixes oval:org.secpod.oval:def:400474 These updates address vulnerabilities that could cause Cross-Site Scripting and some other issues that could allow execution of arbitrary code. oval:org.secpod.oval:def:400325 This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites. oval:org.secpod.oval:def:400336 The last security version upgrade of MariaDB removed innodb support, breaking old databases. This update fixes this problem. - #704811: mariadb "security update" breaks database Special Instructions and Notes: This update triggers a restart of the software management stack. More updates w ... oval:org.secpod.oval:def:400309 opera 11.11 fixes a security vulnerability. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed. oval:org.secpod.oval:def:400308 This update updates mozilla nss to 3.12.11. It blacklists the lately compromised DigiNotar Certificate Authority. oval:org.secpod.oval:def:400314 Mozilla Seamonkey was updated to version 2.4.1, which fixes some regressions found in the 2.4 release. oval:org.secpod.oval:def:400298 openSUSE 11.4 is installed oval:org.secpod.oval:def:400297 This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA. oval:org.secpod.oval:def:400435 Opera was updated to version 12.1, fixing various bugs and security issues oval:org.secpod.oval:def:400353 Acrobat Reader was updated to version 9.4.7 to fix security issues oval:org.secpod.oval:def:400395 flash-player 11.1.102.63 fixes two security issues: - memory corruption vulnerability in Matrix3D could lead to code executionn - integer errors that could lead to information disclosure oval:org.secpod.oval:def:400349 flash-player update to version 11.1.102.55 to fix the following critical security issues: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460 oval:org.secpod.oval:def:400341 A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability could cause a crash and potentially allow an attac ... oval:org.secpod.oval:def:400331 acrobat reader was updated to version 9.4.6 to fix several security issues oval:org.secpod.oval:def:400306 The update to Flash-Player 10.3.188.5 fixes various security issues: - CVE-2011-2130: CVSS v2 Base Score: 6.8 - CVE-2011-2134: CVSS v2 Base Score: 6.8 - CVE-2011-2135: CVSS v2 Base Score: 6.8 - CVE-2011-2136: CVSS v2 Base Score: 6.8 - CVE-2011-2137: CVSS v2 Base Score: 6.8 - CVE-2011-2138: CVSS ... oval:org.secpod.oval:def:400305 flash-player update to version 11.1.102.55 to fix the following critical security issues: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460 oval:org.secpod.oval:def:400536 flash-player was updated to security update to 11.2.202.285: * APSB13-14, CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335 oval:org.secpod.oval:def:400530 oval:org.secpod.oval:def:400428 Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959 CVE-2012-3960/CVE-2012-3961/ ... oval:org.secpod.oval:def:400348 The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote attackers ... oval:org.secpod.oval:def:400473 - added weechat-fix-hook_process-shell-injection.patch which fixes a shell injection vulnerability in the hook_process function - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings oval:org.secpod.oval:def:400523 NRPE allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid tha ... oval:org.secpod.oval:def:400360 This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine. oval:org.secpod.oval:def:400327 This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products oval:org.secpod.oval:def:400393 MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this occurs, ... oval:org.secpod.oval:def:400383 Mozilla Firefox was updated to version 10 to fix bugs and security issues. MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain ci ... oval:org.secpod.oval:def:400396 The Mozilla suite received following security updates : Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 Miscellaneous memory safety hazards * MFSA 2012-89 ... oval:org.secpod.oval:def:400352 Specially crafted ogg files could cause a heap-based buffer overflow in the vorbis audio compression library that could potentially be exploited by attackers to cause a crash or execute arbitrary code . oval:org.secpod.oval:def:400310 specially crafted DNS queries could crash the bind name server . oval:org.secpod.oval:def:400323 A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers to exit. CVE-2011-2464 has been assigned to this issue. Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available ... oval:org.secpod.oval:def:400426 A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service . Special Instructions and Notes: Please reboot the system after installing this update. oval:org.secpod.oval:def:400506 pidgin was updated to fix security issues: - Fix a crash when receiving UPnP responses with abnormally long values. - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially craft ... oval:org.secpod.oval:def:400371 Mozilla Firefox Version 9 fixes several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/C ... oval:org.secpod.oval:def:400429 seamonkey version 2.6 fixes several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2 ... oval:org.secpod.oval:def:400417 seamonkey version 2.6 fixes several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2 ... oval:org.secpod.oval:def:400385 Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc#786522 A security issues was fixed: * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 Fixes for Location object issues The update also brings back Obsoletes for libpro ... oval:org.secpod.oval:def:400476 update to Firefox/Thunderbird 17.0 and Seamonkey 2.14 * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 evalInSanbox location context incorrectly applied * MFSA 2012-9 ... oval:org.secpod.oval:def:400389 MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evide ... oval:org.secpod.oval:def:400420 Seamonkey was updated to version 2.11 * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 Spoofing issue with location * MFSA 2012-47/CVE-2012-195 ... oval:org.secpod.oval:def:400407 Mozilla Thunderbird was updated to version 14.0 * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 Spoofing issue with location * MFSA 2012-47/CV ... oval:org.secpod.oval:def:400339 Mozilla Thunderbird was updated to the 3.1.11 release. It has new features, fixes lots of bugs, and also fixes the following security issues: * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards * MFSA 2011-20/CVE-2011-2373 Use-after-free vulner ... oval:org.secpod.oval:def:400321 Mozilla Firefox was updated to version 6. It brings new features, fixes bugs and security issues. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman re ... oval:org.secpod.oval:def:400338 These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. * Miscellaneous memory safety hazards Mozilla developers and community members iden ... oval:org.secpod.oval:def:400332 Mozilla Seamonkey suite was updated to version 2.3. The update fixes bugs and security issues. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman repor ... oval:org.secpod.oval:def:400379 The Opera web browser was updated to 11.62 fixing various bugs and security issues. oval:org.secpod.oval:def:400514 Adobe Flash Player was updated to 11.2.202.275: (bnc#808973) APSB13-09, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375 oval:org.secpod.oval:def:400409 Various security vulnerabilities have been fixed in openssl: - DTLS plaintext recovery attack - uninitialized SSL 3.0 padding - malformed RFC 3779 data can cause assertion failures - SGC restart DoS attack - invalid GOST parameters DoS attack oval:org.secpod.oval:def:400406 The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: * Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references * OpenJDK - S7182135: Impossible to use some editors directly - S7 ... oval:org.secpod.oval:def:400357 A stack-based buffer overflow in the glyph handling of libqt4"s harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. oval:org.secpod.oval:def:400465 A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. oval:org.secpod.oval:def:400377 java 1.6.0 openjdk / icedtea was updated to 1.11.5 * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are being c ... oval:org.secpod.oval:def:400422 This update of apache2 fixes regressions and several security problems: bnc#728876, fix graceful reload bnc#741243, CVE-2012-0031: Fixed a scoreboard corruption by child causes crash of privileged parent during shutdown. bnc#743743, CVE-2012-0053: Fixed an issue in error responses that could expos ... oval:org.secpod.oval:def:400315 Wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. oval:org.secpod.oval:def:400358 - docs-xml: fix default name resolve order; . - s3-aio-fork: Fix a segfault in vfs_aio_fork; . - docs: remove whitespace in example samba.ldif; . - s3-smbd: move print_backend_init behind init_system_info; . - s3-docs: Prepend "/" to filename argument; . - Restrict self granting privileges where sec ... oval:org.secpod.oval:def:400565 Adobe Flash Player was updated to 11.2.202.327: * APSB13-26, CVE-2013-5329, CVE-2013-5330 oval:org.secpod.oval:def:400387 java-1_6_0-openjdk was updated to the b24 release, fixing multiple security issues: * Security fixes - S7082299, CVE-2011-3571: Fix inAtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012- ... oval:org.secpod.oval:def:400397 Mozilla XULRunner was updated to 1.9.2.27 to fix a security issue with the embedded libpng, where a integer overflow could allow remote attackers to crash the browser or potentially execute code , oval:org.secpod.oval:def:400362 Samba upgrade to version 3.6.3 fixes the following security issue: - PIDL based autogenerated code allows overwriting beyond of allocated array. Remove attackers could exploit that to execute arbitrary code as root Please see /usr/share/doc/packages/samba/WHATSNEW.txt from the samba-doc package or ... oval:org.secpod.oval:def:400329 Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files . oval:org.secpod.oval:def:400326 Subversion was updated to version 1.6.17 to fix several security issues: - CVE-2011-1752: The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes a ... oval:org.secpod.oval:def:400330 Icedtea as included in java-1_6_0-openjdk was updated to fix several security issues: * S6213702, CVE-2011-0872: non-blocking sockets with TCP urgent disabled get still selected for read ops * S6618658, CVE-2011-0865: Vulnerability in deserialization * S7012520, CVE-2011-0815: Heap overflow vulner ... oval:org.secpod.oval:def:400318 Oracle Java 6 Update 26 fixes several security vulnerabilities oval:org.secpod.oval:def:400405 A heap-based buffer overflow in libpng was fixed that could potentially be exploited by attackers to execute arbitrary code or cause an application to crash . libpng 1.2 was updated to 1.2.47 to fix this issue. oval:org.secpod.oval:def:400408 A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. oval:org.secpod.oval:def:400418 This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts . oval:org.secpod.oval:def:400413 This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts . oval:org.secpod.oval:def:400404 This version upgrade of java-1_6_0-openjdk fixes multiple security flaws: - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme ... oval:org.secpod.oval:def:400424 Acroread update to version 9.5.1 to fix several security issues oval:org.secpod.oval:def:400374 Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution oval:org.secpod.oval:def:400432 flash-player was updated to the security update to 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found on: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml These vulnerabilities could cause a crash and potentially allow an attacker ... oval:org.secpod.oval:def:400392 Security Update for Xen Following fixes were done: - bnc#776995 - attaching scsi control luns with pvscsi - xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch - xend/pvscsi: fix usage of persistant device names for SCSI devices xen-bug776995-pvscsi-persistent-names.p ... oval:org.secpod.oval:def:400402 qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release . oval:org.secpod.oval:def:400415 This update fixed CVE-2012-3524 , which can be used by local attackers to escalate privileges to root. oval:org.secpod.oval:def:400419 The following security issue was fixed in ghostscript: Multiple integer underflows in the icmLut_allocate function in International Color Consortium Format library , as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service and possibly exe ... oval:org.secpod.oval:def:400372 Multiple integer overflows in various decoder plug-ins of GIMP have been fixed. oval:org.secpod.oval:def:400469 This update of libotr fixed multiple buffer overflows. oval:org.secpod.oval:def:400316 A privileged guest user could cause a buffer overflow in the virtio subsystem of the host, therefore crashing the guest or potentially execute arbitrary code on the host . oval:org.secpod.oval:def:400375 The xmlrpc interface of cobbler was prone to command injectoin oval:org.secpod.oval:def:400384 when used in CGI mode remote attackers could inject command line arguments to php oval:org.secpod.oval:def:400437 Specially crafted font files could cause buffer overflows in freetype oval:org.secpod.oval:def:400355 This version upgrade of horde3-dimp to 4.3.11 fixes several issues and adds new features. oval:org.secpod.oval:def:400438 This update fixes a regression in parameter passing . In addition, multiple weaknesses in HTTP DIGESTS are fixed . CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33 and 7.x before 7.0.12 does not check qop values, which might ... oval:org.secpod.oval:def:400319 Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures . oval:org.secpod.oval:def:400302 jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user . oval:org.secpod.oval:def:400344 This update of ecryptfs-utils fixes several security problems: - CVE-2011-1831 - Race condition when checking mountpoint during mount. - CVE-2011-1832 - Race condition when checking mountpoint during unmount. - CVE-2011-1833 - Race condition when checking source during mount. - CVE-2011-1834 - Impro ... oval:org.secpod.oval:def:400304 The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. oval:org.secpod.oval:def:400311 This update of libmodplug0 fixes the following issues: 1((src/load_wav.cpp(CVE-2011-2911 oval:org.secpod.oval:def:400317 This update fixes the following security issues: - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa - 718058: OSPF6D DoS while decoding Database Description packet - 718059: OSPFD DoS while decoding Hello packet - 718061: OSPFD DoS while decoding Link Sta ... oval:org.secpod.oval:def:400337 This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete co ... oval:org.secpod.oval:def:400320 This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code . oval:org.secpod.oval:def:400303 This update fixes a remote denial of service bug in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges oval:org.secpod.oval:def:400391 flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability oval:org.secpod.oval:def:400356 Adobe Flash Player was updated to 11.2.202.236, fixing lots of bugs and critical security issues. We also disabled inclusion of mms.cfg again, as it caused trouble on hardware accelerated systems. oval:org.secpod.oval:def:400394 Adobe Flash Player was updated to 11.2.202.238 fixing various bugs and security issues. oval:org.secpod.oval:def:400390 Flash Player was updated to 11.2.202.243 * CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CV ... oval:org.secpod.oval:def:400464 Update to 11.2.202.251: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system oval:org.secpod.oval:def:400471 This version upgrade of flash-player fixed multiple unspecified code execution vulnerabilities. oval:org.secpod.oval:def:400479 Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. oval:org.secpod.oval:def:400484 oval:org.secpod.oval:def:400489 acroread was updated to 9.5.4 to fix remote code execution problems oval:org.secpod.oval:def:400491 Flash Player was updated to 11.2.202.273 to fix critical security issues: * APSB13-08, CVE-2013-0504, CVE-2013-0643, CVE-2013-0648 More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.h tml oval:org.secpod.oval:def:400382 This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code. oval:org.secpod.oval:def:400487 OpenJDK was updated to 1.12.1 to fix bugs and security issues * Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: ... oval:org.secpod.oval:def:400466 The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards ... oval:org.secpod.oval:def:400475 XEN was updated to fix various denial of service issues. - bnc#789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability - bnc#789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs - bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_ ... oval:org.secpod.oval:def:400528 The Mozilla suite received security and bugfix updates: Firefox was updated to version 20.0. Thunderbird was updated to version 17.0.5. Seamonkey was updated to version 2.17 mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6. mozilla-nspr was updated to version 4.9. ... oval:org.secpod.oval:def:400522 Perl was updated to fix 3 security issues: - fix rehash denial of service [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] oval:org.secpod.oval:def:400509 Update to - Firefox 19.0.2 - Seamonkey 2.16.1 - Thunderbird 17.0.4 which fix a use-after-free in HTML Editor which could allow for arbitrary code execution. oval:org.secpod.oval:def:400500 java-1_6_0-openjdk was updated to IcedTea 1.12.3 containing security and bugfixes: * Security fixes - S8006446: Restrict MBeanServer access - S8006777: Improve TLS handling of invalid messages Lucky 13 - S8007688: Blacklist known bad certificate * Backports - S8007393: Possible race condition af ... oval:org.secpod.oval:def:400511 java-1_6_0-openjdk aka IcedTea was updated to 1.12.4 - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion oval:org.secpod.oval:def:400373 The bind nameserver was updated to fix specially crafted DNS data can cause a lockup in named. oval:org.secpod.oval:def:400564 Update NSPR to 4.10.1 Update Thunderbird to 24.1.0 Update Firefox to 24.1.0esr Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 Spoofing addressbar through SELECT elem ... oval:org.secpod.oval:def:400423 A remote denial of service attack was fixed in the BIND DNS nameserver, which could be caused by attackers providing a specifically prepared zone file for recursive transfer oval:org.secpod.oval:def:400410 A remote denial of service in the bind nameserver via zero length rdata fields was fixed. oval:org.secpod.oval:def:400335 Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper oval:org.secpod.oval:def:400400 The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it"s possible to corrupt memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-2699: Fernan ... oval:org.secpod.oval:def:400481 This update updates the RubyOnRails 2.3 stack to 2.3.16. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2012-2695: A SQL injection via nested hashes in conditions was ... oval:org.secpod.oval:def:400529 Postgresql was updated to version 9.0.13 : * CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server"s data directory, even if the request is even ... oval:org.secpod.oval:def:400301 This update adds openssl patches since 2007 for: - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 oval:org.secpod.oval:def:400535 The Linux kernel was updated to 3.0.74 to fix various bugs and security issues. oval:org.secpod.oval:def:400468 MariaDB was updated to 5.1.66: https://kb.askmonty.org/en/mariadb-5166-release-notes/ https://kb.askmonty.org/en/mariadb-5166-changelog/ oval:org.secpod.oval:def:400470 mysql community server was updated to 5.1.67, fixing bugs and security issues oval:org.secpod.oval:def:400354 Fixing CVE-2012-2122: authentication bypass due to incorrect type casting oval:org.secpod.oval:def:400401 Changes in MozillaFirefox: - update to Firefox 13.0 * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 Information disclosure though Windows file shares ... oval:org.secpod.oval:def:400345 Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption unde ... oval:org.secpod.oval:def:400322 Mozilla Thunderbird was updated to version 3.1.14, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption ... oval:org.secpod.oval:def:400307 Seamonkey was upgraded to version 2.5 in order to fix the following security problems: * MFSA 2011-47/CVE-2011-3648 Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 Memory corruptio ... oval:org.secpod.oval:def:400313 MozillaFirefox was updated to version 8 to fix the following security issues: * MFSA 2011-47/CVE-2011-3648 Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 Memory corruption while ... oval:org.secpod.oval:def:400299 Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption ... oval:org.secpod.oval:def:400436 Specially crafted time zone files could cause a heap overflow in glibc . |