Download
| Alert*
|
oval:org.secpod.oval:def:400070
The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues: CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to ... oval:org.secpod.oval:def:400075 Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. CVE-2008-5357, CVE-2008-5342, CVE-2008-2086, CVE-2008-5 ... oval:org.secpod.oval:def:400098 The Mozilla Firefox browsers and XUL engines were updated to the current stable releases fixing lots of bugs and various security issues. SUSE Linux Enterprise 10 SP2, SP3, SUSE Linux Enterprise 11 and openSUSE 11.2 were updated to Firefox 3.5.6. openSUSE 11.0 and 11.1 were updated to Firefox 3.0.16 ... oval:org.secpod.oval:def:400076 The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes two critical security issues: CVE-2009-1044: Security researcher Nils reported via TippingPoint"s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects w ... oval:org.secpod.oval:def:400087 The Adobe Acrobat Reader &qt acroread &qt received fixes for two vulnerabilities in the JavaScript API that allowed attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1493 oval:org.secpod.oval:def:400090 Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with co ... oval:org.secpod.oval:def:400002 openSUSE 11.0 is installed oval:org.secpod.oval:def:400067 Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. We cannot upgrade to newer versions due to library dependencies. We strongly encourage user ... oval:org.secpod.oval:def:400078 Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim"s machine CVE-2009-0520, CVE-2009-0521. oval:org.secpod.oval:def:400059 Note: This advisory was resent because the list of packages was wrong. The flash-player is a web-browser plugin that allows displaying animated web-content and remote access to client hardware . A specially crafted Shockwave-Flash file could cause a buffer overflow in the flash-player plugin. This ... oval:org.secpod.oval:def:400053 Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: S ... oval:org.secpod.oval:def:400042 Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. Following security issues have been fixed: CVE-2010-0159: Mozilla develope ... oval:org.secpod.oval:def:400062 The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that ver ... oval:org.secpod.oval:def:400083 Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that ... oval:org.secpod.oval:def:400095 The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated to Update 13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit and Java Runtime Environment 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and ... oval:org.secpod.oval:def:400092 Specially crafted zone update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if zone updates are not configured CVE-2009-0696. oval:org.secpod.oval:def:400036 Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once per browsing sessi ... oval:org.secpod.oval:def:400079 This update of the Adobe Acrobat Reader acroread to version 8.1.6 fixes the following vulnerabilities: - CVE-2009-1855: stack overflow that could lead to code execution - CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution - CVE-2009-1857: memory corruption with potent ... oval:org.secpod.oval:def:400074 The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by untrusted applets and ... oval:org.secpod.oval:def:400065 The DHCP client could be crashed by a malicious DHCP server sending an overlong subnet field CVE-2009-0692. In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions do have buffer overflow ... oval:org.secpod.oval:def:400086 Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim"s system via specially crafted PDF files. oval:org.secpod.oval:def:400091 The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl. This advisory is fo ... oval:org.secpod.oval:def:400093 Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. CVE-2009-1185 Fixed packages have bee ... oval:org.secpod.oval:def:400094 The advisory was resent because the previous one contained the wrong Announcement ID. The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from th ... oval:org.secpod.oval:def:400064 Various Mozilla browser suite programs were updated to the last security release. The Mozilla Firefox 3.0.5 browser, Seamonkey 1.1.14 and xulrunner190 update were already published before Christmas, please see SUSE-SA:2008:058. Mozilla Firefox for older products was updated to 2.0.0.19 and Mozilla T ... oval:org.secpod.oval:def:400027 The Samba server was updated to fix security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chain_reply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra care that a mo ... oval:org.secpod.oval:def:400030 This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTab ... oval:org.secpod.oval:def:400063 The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory ... oval:org.secpod.oval:def:400057 Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. oval:org.secpod.oval:def:400072 The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. Thi ... oval:org.secpod.oval:def:400060 The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already . Also this can only happen if the server is setup for DNSSEC. Due to this limitatio ... oval:org.secpod.oval:def:400085 The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues: * CVE-2009-1833 Crashes with evidence of memory corruption * CVE-2009-1834 URL spoofing with invalid unicode characters * CVE-2009-1835 Arbitrary domain cookie access by local file: resources * CVE ... oval:org.secpod.oval:def:400089 The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution. - CVE-2009-0844: The SPNEGO GSS-API implementation can read beyond the end of a buffer which leads to a crash. - CVE-2009-084 ... oval:org.secpod.oval:def:400058 The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. Updates are provided for openSUSE 11.0 and 11.1 currently, backports for other Mozilla Firefox browsers and Mozilla Suite programs will follow. CVE-2009-0773 / CVE-2009-0774: Mozilla developers iden ... oval:org.secpod.oval:def:400031 Acrobat Reader was updated to version 9.3.3 to fix lots of security issues and bugs, several of whom could be used to execute code by trick the target user to open specially crafted PDFs oval:org.secpod.oval:def:400043 Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The Flash Plugin was upgraded to version 10.1.53.64. The following CVE numbers have been assigned: CVE-2010-2160, CVE-2010-2164 ... oval:org.secpod.oval:def:400049 Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code CVE-2009-3953, CVE-2009-3957, CVE-2009-4324. Acrobat reader was updated to version 9.3 to fix the security issues. Note: Due to integration issues with the major version update of acr ... oval:org.secpod.oval:def:400038 The openSUSE 11.0 kernel was updated to fix following security issues: CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System filesystem, related to the hfs_readdir funct ... oval:org.secpod.oval:def:400099 This update fixes various security issues and several bugs in the openSUSE 11.0 kernel. The kernel was also updated to the stable version 2.6.25.20, including its bugfixes. Following security issues were fixed: CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt. ... oval:org.secpod.oval:def:400035 This kernel update for openSUSE 11.0 fixes some bugs and several security problems. The following security issues are fixed: CVE-2009-4536: drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data a ... oval:org.secpod.oval:def:400068 The Mozilla Firefox was updated to current stable versions on all affected Linux products. openSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable branch version 3.0.14. These updates were already released on September 21st. The SUSE Linux Enterprise 11 products were upgraded to Mozil ... oval:org.secpod.oval:def:400096 The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. CVE-2009-2464 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes sh ... oval:org.secpod.oval:def:400073 This kernel update for openSUSE 11.0 fixes some bugs and several security problems. The following security issues are fixed: CVE-2009-0065: Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol implementation in the Linux kernel allows remote attackers to remotely e ... oval:org.secpod.oval:def:400077 The Apache web server was updated to fix various security issues: - the option IncludesNOEXEC could be bypassed via .htaccess - mod_proxy could run into an infinite loop when used as reverse proxy - mod_deflate continued to compress large files even after a network connection was closed, causing m ... oval:org.secpod.oval:def:400082 The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache"s mod_ssl was vulnerable to th ... oval:org.secpod.oval:def:400084 The Linux kernel update fixes the following security issues: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1389: A crash on r8169 network cards when receiving large pac ... oval:org.secpod.oval:def:400047 The Mozilla Firefox browser was updated to version 3.5.9 fixing lots of bugs and security issues. On openSUSE 11.0 and 11.1 the browser was updated from the 3.0 branch to 3.5.9 Also the Mozilla NSS libraries were updated to version 3.12.6 to fix the CVE-2009-3555 TLS renegotiation issue. Mozilla Thu ... |
