Download
| Alert*
|
oval:org.secpod.oval:def:400075
Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. CVE-2008-5357, CVE-2008-5342, CVE-2008-2086, CVE-2008-5 ... oval:org.secpod.oval:def:400087 The Adobe Acrobat Reader &qt acroread &qt received fixes for two vulnerabilities in the JavaScript API that allowed attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1493 oval:org.secpod.oval:def:400090 Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with co ... oval:org.secpod.oval:def:400067 Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. We cannot upgrade to newer versions due to library dependencies. We strongly encourage user ... oval:org.secpod.oval:def:400078 Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim"s machine CVE-2009-0520, CVE-2009-0521. oval:org.secpod.oval:def:400059 Note: This advisory was resent because the list of packages was wrong. The flash-player is a web-browser plugin that allows displaying animated web-content and remote access to client hardware . A specially crafted Shockwave-Flash file could cause a buffer overflow in the flash-player plugin. This ... oval:org.secpod.oval:def:400062 The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that ver ... oval:org.secpod.oval:def:400083 Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that ... oval:org.secpod.oval:def:400095 The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated to Update 13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit and Java Runtime Environment 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and ... oval:org.secpod.oval:def:400092 Specially crafted zone update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if zone updates are not configured CVE-2009-0696. oval:org.secpod.oval:def:400079 This update of the Adobe Acrobat Reader acroread to version 8.1.6 fixes the following vulnerabilities: - CVE-2009-1855: stack overflow that could lead to code execution - CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution - CVE-2009-1857: memory corruption with potent ... oval:org.secpod.oval:def:400074 The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by untrusted applets and ... oval:org.secpod.oval:def:400065 The DHCP client could be crashed by a malicious DHCP server sending an overlong subnet field CVE-2009-0692. In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions do have buffer overflow ... oval:org.secpod.oval:def:400086 Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim"s system via specially crafted PDF files. oval:org.secpod.oval:def:400091 The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl. This advisory is fo ... oval:org.secpod.oval:def:400004 openSUSE 10.3 is installed oval:org.secpod.oval:def:400093 Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. CVE-2009-1185 Fixed packages have bee ... oval:org.secpod.oval:def:400094 The advisory was resent because the previous one contained the wrong Announcement ID. The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from th ... oval:org.secpod.oval:def:400064 Various Mozilla browser suite programs were updated to the last security release. The Mozilla Firefox 3.0.5 browser, Seamonkey 1.1.14 and xulrunner190 update were already published before Christmas, please see SUSE-SA:2008:058. Mozilla Firefox for older products was updated to 2.0.0.19 and Mozilla T ... oval:org.secpod.oval:def:400072 The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. Thi ... oval:org.secpod.oval:def:400089 The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution. - CVE-2009-0844: The SPNEGO GSS-API implementation can read beyond the end of a buffer which leads to a crash. - CVE-2009-084 ... oval:org.secpod.oval:def:400069 The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22, backporting various security fixes from the Firefox 3.0.8 browser version. Security issues identified as being fixed are: CVE-2009-0353: Mozilla developers identified and fixed several stabil ... oval:org.secpod.oval:def:400061 The openSUSE 10.3 kernel was updated to fix various security problems and bugs. Following security bugs were fixed: CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service by making two calls to svc_listen for the same socket, and then reading a /proc/net/ ... oval:org.secpod.oval:def:400068 The Mozilla Firefox was updated to current stable versions on all affected Linux products. openSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable branch version 3.0.14. These updates were already released on September 21st. The SUSE Linux Enterprise 11 products were upgraded to Mozil ... oval:org.secpod.oval:def:400096 The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. CVE-2009-2464 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes sh ... oval:org.secpod.oval:def:400084 The Linux kernel update fixes the following security issues: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1389: A crash on r8169 network cards when receiving large pac ... oval:org.secpod.oval:def:400097 This kernel update for openSUSE 10.3 fixes some bugs and several security problems. The following security issues are fixed: CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol implementation in the Linux kernel allows remote attackers to remotely e ... oval:org.secpod.oval:def:400077 The Apache web server was updated to fix various security issues: - the option IncludesNOEXEC could be bypassed via .htaccess - mod_proxy could run into an infinite loop when used as reverse proxy - mod_deflate continued to compress large files even after a network connection was closed, causing m ... |
