Download
| Alert*
oval:org.secpod.oval:def:89050847
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: Changes in MozillaFirefox: Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library . - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB . - CVE-2019-1175 ... oval:org.secpod.oval:def:89050429 This update for python3 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk . - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ . - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat . oval:org.secpod.oval:def:89050813 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input oval:org.secpod.oval:def:59311 The host is missing a critical security update according to Mozilla advisory, MFSA2019-34. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords. oval:org.secpod.oval:def:59325 The host is missing a critical security update according to Mozilla advisory, MFSA2019-34. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords. oval:org.secpod.oval:def:2105077 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. oval:org.secpod.oval:def:67967 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:205384 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:69908 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:705174 expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file. oval:org.secpod.oval:def:705251 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1601378 It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. In libexp ... oval:org.secpod.oval:def:205382 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ... oval:org.secpod.oval:def:58850 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:504710 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:205667 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:205389 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:1502706 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705443 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502707 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:59350 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:60185 The host is missing a security update according to the Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:59351 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:1504409 [2.1.0-12] - add security fixes for CVE-2018-20843, CVE-2019-15903 oval:org.secpod.oval:def:60181 The host is installed with Apple iTunes before 12.10.3 or Apple iCloud before 7.16 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly handle an issue in older versions of expat. Successful exploitation could allow attackers to obtai ... oval:org.secpod.oval:def:59392 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:59434 The host is missing a critical security update according to Mozilla advisory, MFSA2019-35. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:59435 The host is missing a critical security update according to Mozilla advisory, MFSA2019-35. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:59312 The host is missing a critical security update according to Mozilla advisory, MFSA2019-33. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords. oval:org.secpod.oval:def:504327 Expat is a C library for parsing XML documents. Security Fix: * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS * expat: heap-based buffer over-read via crafted XML input For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... oval:org.secpod.oval:def:69787 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we"re now following the 68.x releases. oval:org.secpod.oval:def:1700287 Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output cou ... oval:org.secpod.oval:def:69788 DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster. oval:org.secpod.oval:def:60011 The host is installed with Apple Mac OS X 10.13.6, 10.14.6 or 10.15.x before 10.15.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle the parsing of a maliciously crafted XML file. Successful exploitation allows an attacker ... oval:org.secpod.oval:def:604617 DSA 4571-1 updated Thunderbird to the 68.x series, which is incompatible with the Enigmail release shipped in Debian Buster. oval:org.secpod.oval:def:69769 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service. Debian follows the extended support releases of Firefox. Support for the 60.x series has ... oval:org.secpod.oval:def:604538 It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed. oval:org.secpod.oval:def:66458 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ... oval:org.secpod.oval:def:89003323 This update for MozillaFirefox to 68.2.0 ESR fixes the following issues: Mozilla Firefox was updated to version 68.2.0 ESR . Security issues fixed: - CVE-2019-15903: Fixed a heap overflow in the expat library . - CVE-2019-11757: Fixed a use-after-free when creating index updates in IndexedDB . - CVE ... oval:org.secpod.oval:def:89000055 This update for python36 to version 3.6.10 fixes the following issues: - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk . - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs . - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat . oval:org.secpod.oval:def:604610 Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service. Debian follows the Thunderbird upstream releases. Support for the 60.x series has ended, so starting with this update we"re now following the 68.x releases. oval:org.secpod.oval:def:89003208 This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents oval:org.secpod.oval:def:59326 The host is missing a critical security update according to Mozilla advisory, MFSA2019-33. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to steal stored passwords. oval:org.secpod.oval:def:59602 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:117137 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:503442 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:59321 Mozilla Firefox 70, Mozilla Firefox ESR 68.2, Mozilla Thunderbird 68.2 and Apple Mac OS X 10.13.6, 10.14.6 or 10.15.x before 10.15.2: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to code XML_GetCurre ... oval:org.secpod.oval:def:59761 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber then resulted in a heap-based buffer over-read. oval:org.secpod.oval:def:70197 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1601399 It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. In libexp ... oval:org.secpod.oval:def:503368 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ... oval:org.secpod.oval:def:604575 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service. Debian follows the extended support releases of Firefox. Support for the 60.x series has ... oval:org.secpod.oval:def:60186 The host is missing a security update according to the Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:66767 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:503371 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:70145 thunderbird - Mozilla Open Source mail and newsgroup client. Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:503372 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index updates in IndexedDB * Mozilla: Potentially exploita ... oval:org.secpod.oval:def:59336 Mozilla Firefox 70, Mozilla Firefox ESR 68.2, Mozilla Thunderbird 68.2, Google Chrome, Apple iTunes and iCloud: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to code XML_GetCurrentLineNumber/code or c ... oval:org.secpod.oval:def:59413 The host is missing a high severity security update according to Google advisory. The update is required to fix multiple vulnerabilities. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to have unspecified impact. oval:org.secpod.oval:def:503370 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 * Mozilla: Use-after-free when creating index upda ... oval:org.secpod.oval:def:58880 expat: XML parsing C library Expat could be made to expose sensitive information if it received a specially crafted XML file. oval:org.secpod.oval:def:1504356 [2.2.5-4] - add security fixes for CVE-2018-20843, CVE-2019-15903 oval:org.secpod.oval:def:59966 The host is missing a security update according to Apple advisory, APPLE-SA-2019-12-10-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code or ... oval:org.secpod.oval:def:117162 This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parsed. ... oval:org.secpod.oval:def:1700427 It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. In libexp ... oval:org.secpod.oval:def:68072 thunderbird - Mozilla Open Source mail and newsgroup client. Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:2500066 Expat is a C library for parsing XML documents. |