Download
| Alert*
|
oval:org.secpod.oval:def:302894
A vulnerability has been found and corrected in freeradius: The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X ... oval:org.secpod.oval:def:302813 A vulnerability has been found and corrected in cyrus-imapd: The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service via a crafted References header in an e-mail message . The upda ... oval:org.secpod.oval:def:302820 A vulnerability has been found and corrected in fcgi: The FCGI module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. The update ... oval:org.secpod.oval:def:302974 A vulnerability has been found and corrected in graphicsmagick: The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that trigger ... oval:org.secpod.oval:def:302944 A vulnerability was found and corrected in bash: A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditinal command expressions. A remote attacker could provid ... oval:org.secpod.oval:def:302953 A vulnerability has been discovered and corrected in mono: Cross-site scripting vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted ... oval:org.secpod.oval:def:302956 Multiple vulnerabilities has been discovered and corrected in python-django: The django.http.HttpResponseRedirect and django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers ... oval:org.secpod.oval:def:302986 Multiple host header poisoning flaws were found and fixed in Django. The updated packages have been upgraded to the 1.3.5 version which is not affected by these issues. oval:org.secpod.oval:def:302865 Multiple vulnerabilities has been found and corrected in libzip: libzip uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files . libzip has a numeric overflow condition, which, for example, results in improper restrictions of operations within the bounds of a ... oval:org.secpod.oval:def:302980 Multiple double free, buffer overflow, invalid free and improper overflow checks vulnerabilities was found and corrected in libssh . The updated packages have been upgraded to the 0.5.3 version which is not affected by these issues. oval:org.secpod.oval:def:302995 A vulnerability has been found and corrected in libssh: The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service via a Client: Diffie-Hellman Key Exchange Init packet. The updated packages h ... oval:org.secpod.oval:def:302959 Multiple vulnerabilities has been found and corrected in ffmpeg. This advisory provides updated versions which resolves various security issues. oval:org.secpod.oval:def:302790 Mandriva Linux 2011.0 is installed oval:org.secpod.oval:def:302906 Security issues were identified and fixed in mozilla firefox and thunderbird: Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 ... oval:org.secpod.oval:def:302905 A vulnerability has been discovered and corrected in nut: Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service via a long string containing non-printable characters . T ... oval:org.secpod.oval:def:302989 Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of doma ... oval:org.secpod.oval:def:302910 Multiple vulnerabilities has been discovered and corrected in postgresql: Fix incorrect password transformation in contrib/pgcrypto's DES crypt function . If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much weaker than i ... oval:org.secpod.oval:def:302909 Security issues were identified and fixed in libreoffice: An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code . An integer overflow flaw, leading to buffer overflow, was found in t ... oval:org.secpod.oval:def:302908 Multiple vulnerabilities has been identified and fixed in php: There is a programming error in the DES implementation used in crypt in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only ... oval:org.secpod.oval:def:302907 A vulnerability was discovered and corrected in bind: ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial ... oval:org.secpod.oval:def:302927 A vulnerability has been discovered and corrected in arpwatch: arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon . The updated pa ... oval:org.secpod.oval:def:302854 A vulnerability has been found and corrected in libvpx: VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service via unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in ... oval:org.secpod.oval:def:302876 A vulnerability has been found and corrected in mutt: Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than ... oval:org.secpod.oval:def:302889 A vulnerability has been found and corrected in libvpx: VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service via unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in ... oval:org.secpod.oval:def:302930 A vulnerability has been discovered and corrected in libgdata: It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the libgdata ... oval:org.secpod.oval:def:302964 A security issue was identified and fixed in ISC INN: The STARTTLS implementation in INN's NNTP server for readers, nnrpd, before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command th ... oval:org.secpod.oval:def:302969 A vulnerability has been found and corrected in imagemagick: The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service via a crafted PNG file that triggers inco ... oval:org.secpod.oval:def:302900 Multiple vulnerabilities has been discovered and corrected in ncpfs: ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigge ... oval:org.secpod.oval:def:302949 Multiple vulnerabilities has been discovered and corrected in acpid: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges . Helmut Grohne and Michael Biebl discovered th ... oval:org.secpod.oval:def:302809 A vulnerability has been found and corrected in libsoup: Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e in a URI . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302791 A vulnerability has been found and corrected in nginx: Specially crafted backend response could result in sensitive information leak . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302934 A vulnerability has been discovered and corrected in python-pycrypto: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks ... oval:org.secpod.oval:def:302878 A vulnerability has been found and corrected in systemd: A TOCTOU race condition was found in the way the systemd-logind login manager of the systemd, a system and service manager for Linux, performed removal of particular records related with user session upon user logout. A local attacker could us ... oval:org.secpod.oval:def:302954 A vulnerability has been discovered and corrected in openslp: The extension parser in slp_v2message.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service via a packet with a next extension offset that references this extension or a previous extension . The updated packages have be ... oval:org.secpod.oval:def:302899 Multiple vulnerabilities has been discovered and corrected in util-linux: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a proce ... oval:org.secpod.oval:def:302976 Multiple vulnerabilities has been discovered and corrected in hostapd: hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials . Heap-based buffer overflow in the eap ... oval:org.secpod.oval:def:302950 It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user . The updated packages have been patch ... oval:org.secpod.oval:def:302951 A vulnerability was found and corrected in libotr: Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to ... oval:org.secpod.oval:def:302987 Multiple vulnerabilities has been discovered and corrected in apache-mod_security: ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-T ... oval:org.secpod.oval:def:302816 Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302839 A vulnerability has been found and corrected in libtasn1: The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service ... oval:org.secpod.oval:def:302817 A vulnerability has been found and corrected in cvs: A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the ... oval:org.secpod.oval:def:302815 A vulnerability has been found and corrected in t1lib: t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document . The updated packages have been patched t ... oval:org.secpod.oval:def:302826 It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform a ... oval:org.secpod.oval:def:302823 Multiple vulnerabilities has been found and corrected in t1lib: A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could ... oval:org.secpod.oval:def:302965 A security issue was identified and fixed in openjpeg: A heap-based buffer overflow was found in the way OpenJPEG, an open-source JPEG 2000 codec written in C language, performed parsing of JPEG2000 image files. A remote attacker could provide a specially crafted JPEG 2000 file, which when opened in ... oval:org.secpod.oval:def:302971 Multiple security issues were identified and fixed in OpenJDK : Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not ... oval:org.secpod.oval:def:302902 Multiple vulnerabilities has been discovered and corrected in pidgin: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests . Incoming messages with certain characters or character encodings c ... oval:org.secpod.oval:def:302887 A vulnerability has been found and corrected in cifs-utils: A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this ... oval:org.secpod.oval:def:302924 Multiple vulnerabilities has been discovered and corrected in openjpeg: OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked aga ... oval:org.secpod.oval:def:302921 A vulnerability has been discovered and corrected in krb5: Fix a kadmind denial of service issue , which could only be triggered by an administrator with the create privilege . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302939 Multiple vulnerabilities has been discovered and corrected in icedtea-web: An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it ... oval:org.secpod.oval:def:302929 A vulnerability has been discovered and corrected in perl-DBD-Pg: Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD- ... oval:org.secpod.oval:def:302968 A security issue was identified and fixed in gc: Multiple integer overflows in the GC_generic_malloc and calloc funtions in malloc.c, and the GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC before 7.2 make it easier for context-dependent attackers to perform mem ... oval:org.secpod.oval:def:302818 Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file . cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of servic ... oval:org.secpod.oval:def:302947 Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service , and possibly execute arbitrary code, via crafted data that leads to a buffer underflow . A missing DHCP option checking / sanitization flaw was rep ... oval:org.secpod.oval:def:302945 Multiple vulnerabilities was found and corrected in busybox: The decompress function in ncompress allows remote attackers to cause a denial of service , and possibly execute arbitrary code, via crafted data that leads to a buffer underflow . A missing DHCP option checking / sanitization flaw was rep ... oval:org.secpod.oval:def:302856 Multiple vulnerabilities has been found and corrected in imagemagick: A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to cr ... oval:org.secpod.oval:def:302808 A vulnerability has been found and corrected in libxslt: libxslt allows remote attackers to cause a denial of service via unspecified vectors . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302837 A vulnerability has been found and corrected in libpng: A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, po ... oval:org.secpod.oval:def:302862 Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances ... oval:org.secpod.oval:def:302978 A vulnerability has been discovered and corrected in libproxy: Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file . The updated packages have been patched to correct this is ... oval:org.secpod.oval:def:302972 A vulnerability has been found and corrected in html2ps: Directory traversal vulnerability in html2ps before 1.0b7 allows remote attackers to read arbitrary files via directory traversal sequences in SSI directives . The updated packages have been upgraded to the 1.0b7 version which is not affected ... oval:org.secpod.oval:def:302970 A security issue was identified and fixed in ghostscript: An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library . An attacker could create a specially-crafted PostScript or PDF file with embedded images that w ... oval:org.secpod.oval:def:302926 Multiple vulnerabilities has been discovered and corrected in libexif: A heap-based out-of-bounds array read in the exif_entry_get_value function in libexif/exif-entry.c in libexif 0.6.20 and earlier allows remote attackers to cause a denial of service or possibly obtain potentially sensitive inform ... oval:org.secpod.oval:def:302925 A vulnerability has been discovered and corrected in exif: An integer overflow in the function jpeg_data_load_data in the exif program could cause a data read beyond the end of a buffer, causing an application crash or leakage of potentially sensitive information when parsing a crafted JPEG file . T ... oval:org.secpod.oval:def:302867 A vulnerability has been found and corrected in GnuTLS: gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service via a crafted record, as demonstrated by a craf ... oval:org.secpod.oval:def:302803 A vulnerability has been found and corrected in ASF APR: tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via cra ... oval:org.secpod.oval:def:302805 A vulnerability has been found and corrected in GnuTLS: Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denia ... oval:org.secpod.oval:def:302928 A vulnerability has been discovered and corrected in libxslt: The XSL implementation in libxslt allows remote attackers to cause a denial of service via unspecified vectors . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302941 A vulnerability was found and corrected in libxml2: Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302799 A vulnerability has been found and corrected in ruby: Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash ... oval:org.secpod.oval:def:302981 A vulnerability was found and corrected in libxml2: A heap-buffer overflow was found in the way libxml2 decoded certain XML entites. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, pote ... oval:org.secpod.oval:def:302915 A vulnerability has been discovered and corrected in libxml2: An Off-by-one error in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302880 A vulnerability has been found and corrected in libxml2: A heap-based buffer overflow in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302833 Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call ... oval:org.secpod.oval:def:302789 Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call ... oval:org.secpod.oval:def:302804 A vulnerability has been found and corrected in libvorbis: If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application . The updated pac ... oval:org.secpod.oval:def:302892 Security issues were identified and fixed in mozilla firefox and thunderbird: Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors ... oval:org.secpod.oval:def:302796 Security issues were identified and fixed in mozilla firefox and thunderbird: Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windo ... oval:org.secpod.oval:def:302936 Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances ... oval:org.secpod.oval:def:302932 Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances ... oval:org.secpod.oval:def:302958 Security issues were identified and fixed in mozilla firefox: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume ... oval:org.secpod.oval:def:302957 Security issues were identified and fixed in mozilla thunderbird: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we pre ... oval:org.secpod.oval:def:302830 Multiple vulnerabilities has been discovered and corrected in pidgin: The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service by changing a nickname while in an XMPP chat room . The msn_oim_report_to_user function in oim.c ... oval:org.secpod.oval:def:302911 Multiple security issues were identified and fixed in OpenJDK : * S7079902, CVE-2012-1711: Refine CORBA data models * S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations * S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement * S7143606, CVE-2012-1717: File.createTempFile ... oval:org.secpod.oval:def:302942 Multiple vulnerabilities was found and corrected in Wireshark: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file . It may be possible to make Wireshark consume excessive CPU resources by injecting a ... oval:org.secpod.oval:def:302940 A Security issue was identified and fixed in libreoffice: Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when open ... oval:org.secpod.oval:def:302923 A vulnerability has been discovered and corrected in pidgin: Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code . This update provides pidgin 2.10.6, which is not vulnerable to this issue. oval:org.secpod.oval:def:302977 Multiple security issues were identified and fixed in OpenJDK : * S6631398, CVE-2012-3216: FilePermission improved path checking * S7093490: adjust package access in rmiregistry * S7143535, CVE-2012-5068: ScriptEngine corrected permissions * S7167656, CVE-2012-5077: Multiple Seeders are being create ... oval:org.secpod.oval:def:302794 A vulnerability has been found and corrected in php: PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code wi ... oval:org.secpod.oval:def:303000 Multiple vulnerabilities has been found and corrected in apache : Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp . XSS in mod_proxy_balancer manager interface . Additionally the ASF bug 53219 was resolved which p ... oval:org.secpod.oval:def:302963 A security issue was identified and fixed in xinetd: builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1 . Th ... oval:org.secpod.oval:def:302840 Multiple security issues were identified and fixed in OpenJDK : Fix issues in java sound . Fix in AtomicReferenceArray . Add property to limit number of request headers to the HTTP Server . Incorect checking for graphics rendering object . Multiple unspecified vulnerabilities allows remote attackers ... oval:org.secpod.oval:def:302961 A vulnerability has been found and corrected in freeradius: Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long not after t ... oval:org.secpod.oval:def:302967 Multiple vulnerabilities has been found and corrected in apache : Insecure handling of LD_LIBRARY_PATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted direct ... oval:org.secpod.oval:def:302844 A vulnerability has been found and corrected in openssl: A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302851 A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302857 Multiple vulnerabilities has been identified and fixed in php: The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls th ... oval:org.secpod.oval:def:302855 Multiple vulnerabilities has been found and corrected in perl: Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service via a crafted Unicode string, which t ... oval:org.secpod.oval:def:302985 A vulnerability was discovered and corrected in perl-CGI: CGI.pm module before 3.63 for Perl does not properly escape newlines in Set-Cookie or P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm . The updated packages have b ... oval:org.secpod.oval:def:302984 A vulnerability was discovered and corrected in cups: CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitr ... oval:org.secpod.oval:def:302983 A vulnerability was discovered and corrected in mysql: Stack-based buffer overflow in MySQL 5.5.19, 5.1.53, and possibly other versions, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code v ... oval:org.secpod.oval:def:302996 Multiple vulnerabilities has been found and corrected in freetype2: A Null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an appli ... oval:org.secpod.oval:def:302993 This is a maintenance and bugfix release that upgrades mysql to the latest version which resolves various upstream bugs and a total of 18 security related bugs . Please consult the Oracle security matrix for further information regarding these security issues and the MySQL release notes. oval:org.secpod.oval:def:302992 Multiple security issues were identified and fixed in OpenJDK : * S6563318, CVE-2013-0424: RMI data sanitization * S6664509, CVE-2013-0425: Add logging context * S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time * S6776941: CVE-2013-0427: Improve thread po ... oval:org.secpod.oval:def:302991 A vulnerability has been found and corrected in perl: Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code ... oval:org.secpod.oval:def:302917 A vulnerability has been discovered and corrected in net-snmp: An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker havi ... oval:org.secpod.oval:def:302999 Multiple security issues were identified and fixed in OpenJDK : * S8006446: Restrict MBeanServer access * S8006777: Improve TLS handling of invalid messages * S8007688: Blacklist known bad certificate * S7123519: problems with certification path * S8007393: Possible race condition after JDK-6664509 ... oval:org.secpod.oval:def:302881 A vulnerability has been found and corrected in openssl: OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108 . The upda ... oval:org.secpod.oval:def:302806 Multiple vulnerabilities has been found and corrected in openssl: The implementation of Cryptographic Message Syntax and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data v ... oval:org.secpod.oval:def:302895 A vulnerability has been found and corrected in sudo: A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in ... oval:org.secpod.oval:def:302893 Multiple vulnerabilities has been found and corrected in openssl: The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack . Double free vu ... oval:org.secpod.oval:def:302938 A vulnerability has been discovered and corrected in krb5: The MIT krb5 KDC daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious ... oval:org.secpod.oval:def:302948 Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division . The MongoDB dissector could go into a large loop . The XTP dissector could go into an infinite loop . The AFP dissector could go into a large loop . The RTPS2 dissector could overflo ... oval:org.secpod.oval:def:303001 Multiple vulnerabilities has been discovered and corrected in php: PHP does not validate the configration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations . PHP allows the use of external ... oval:org.secpod.oval:def:302838 Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspect ... oval:org.secpod.oval:def:302955 Multiple vulnerabilities has been discovered and corrected in gimp: A heap-based buffer overflow flaw, leading to invalid free, was found in the way KISS CEL file format plug-in of Gimp, the GNU Image Manipulation Program, performed loading of certain palette files. A remote attacker could provide a ... oval:org.secpod.oval:def:302962 A security issue was identified and fixed in dhcp: ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced . The up ... oval:org.secpod.oval:def:302849 A vulnerability has been found and corrected in samba: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to e ... oval:org.secpod.oval:def:302847 Security issues were identified and fixed in mozilla firefox and thunderbird: An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages ... oval:org.secpod.oval:def:302966 A vulnerability was discovered and corrected in bind: A nameserver can be caused to exit with a REQUIRE exception if it can be induced to load a specially crafted resource record . The updated packages have been upgraded to bind 9.7.6-P3 which is not vulnerable to this issue. Update: Packages for Ma ... oval:org.secpod.oval:def:302852 Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark which is not vulnerable to these issues. oval:org.secpod.oval:def:302973 A vulnerability was discovered and corrected in bind: A certain combination of records in the RBT could cause named to hang while populating the additional section of a response. [RT #31090] . The updated packages have been upgraded to bind 9.7.6-P4 and 9.8.3-P4 which is not vulnerable to this issue ... oval:org.secpod.oval:def:302850 A potential memory corruption has been found and corrected in libpng . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302979 Multiple vulnerabilities was found and corrected in libtiff: Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image using the PixarLog Compression format . ppm2tiff does n ... oval:org.secpod.oval:def:302861 Multiple vulnerabilities has been found and corrected in apache: Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file w ... oval:org.secpod.oval:def:302982 A vulnerability was discovered and corrected in bind: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensiv ... oval:org.secpod.oval:def:302860 A vulnerability has been found and corrected in samba: Security checks were incorrectly applied to the Local Security Authority remote proceedure calls CreateAccount, OpenAccount, AddAccountRights and RemoveAccountRights allowing any authenticated user to modify the privileges database . The updat ... oval:org.secpod.oval:def:302988 A vulnerability was found and corrected in libtiff: A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, ex ... oval:org.secpod.oval:def:302997 Multiple vulnerabilities has been found and corrected in samba : The Samba Web Administration Tool in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a FRAME or IFRAME element . Cross-site request forgery vulnerabilit ... oval:org.secpod.oval:def:302873 Multiple vulnerabilities was found and corrected in Wireshark: * The ANSI A dissector could dereference a NULL pointer and crash. * The IEEE 802.11 dissector could go into an infinite loop. * The pcap and pcap-ng file parsers could crash trying to read ERF data. * The MP2T dissector could try to all ... oval:org.secpod.oval:def:302990 A vulnerability has been found and corrected in gnupg: Versions of GnuPG <= 1.4.12 are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated. An OpenPGP key can be fuzzed in such a way that gpg segfaults when importing ... oval:org.secpod.oval:def:302998 Multiple vulnerabilities has been found and corrected in squid : Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service via invalid Content-Length headers, long ... oval:org.secpod.oval:def:302922 A vulnerability has been discovered and corrected in automake: A race condition in automake could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302888 Security issues were identified and fixed in mozilla firefox and thunderbird: An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable . The mozilla firefox and thunderbird packages ... oval:org.secpod.oval:def:302931 Multiple vulnerabilities has been discovered and corrected in php: Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow . The SQLite functionality in ... oval:org.secpod.oval:def:302897 Multiple vulnerabilities was found and corrected in Wireshark: It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injectin ... oval:org.secpod.oval:def:302891 A vulnerability has been found and corrected in libtiff: An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302935 A vulnerability was discovered and corrected in bind: High numbers of queries with DNSSEC validation enabled can cause an assertion failure in named, caused by using a bad cache data structure before it has been initialized . The updated packages have been upgraded to bind 9.7.6-P2 and 9.8.3-P2 whic ... oval:org.secpod.oval:def:302933 Multiple vulnerabilities has been discovered and corrected in ISC DHCP: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attac ... oval:org.secpod.oval:def:302946 A vulnerability was found and corrected in openldap: slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302943 A vulnerability was found and corrected in libtiff: A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF ... oval:org.secpod.oval:def:302797 A vulnerability has been found and corrected in php: PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code wi ... oval:org.secpod.oval:def:302975 Multiple vulnerabilities has been discovered and corrected in libxslt: Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors . libxslt 1.1.26 and earlier does not properly manage memory, which might allow ... oval:org.secpod.oval:def:302937 A vulnerability has been discovered and corrected in libjpeg-turbo: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that ... oval:org.secpod.oval:def:302952 Multiple vulnerabilities has been discovered and corrected in postgresql: Prevent access to external files/URLs via contrib/xml2's xslt_process . libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read ... oval:org.secpod.oval:def:302874 Multiple vulnerabilities has been discovered and corrected in postgresql: Permissions on a function called by a trigger are not properly checked . SSL certificate name checks are truncated to 32 characters, allowing connection spoofing under some circumstances when using third party certificate auth ... oval:org.secpod.oval:def:302994 A vulnerability has been discovered and corrected in postgresql: PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enum_recv function in backend/utils/adt/enum.c, which causes it to be invoked with incor ... oval:org.secpod.oval:def:302920 Multiple vulnerabilities has been discovered and corrected in libtiff: libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application link ... oval:org.secpod.oval:def:302841 An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had ac ... oval:org.secpod.oval:def:302821 An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had ac ... oval:org.secpod.oval:def:302828 Multiple vulnerabilities has been found and corrected in apache : The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cau ... oval:org.secpod.oval:def:302836 A memory leak and a hash table collision flaw in expat could cause denial os service attacks . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:302960 Multiple vulnerabilities has been found and corrected in fetchmail: Fetchmail version 6.3.9 enabled all SSL workarounds which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can m ... oval:org.secpod.oval:def:302916 Multiple vulnerabilities has been discovered and corrected in python: The _ssl module would always disable the CBC IV attack countermeasure . A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to ... oval:org.secpod.oval:def:302886 Multiple vulnerabilities has been found and corrected in curl: curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem . curl is vulnerable to a data injection attack for certain protocols through control ... |
