Download
| Alert*
|
oval:org.secpod.oval:def:400070
The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues: CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to ... oval:org.secpod.oval:def:400098 The Mozilla Firefox browsers and XUL engines were updated to the current stable releases fixing lots of bugs and various security issues. SUSE Linux Enterprise 10 SP2, SP3, SUSE Linux Enterprise 11 and openSUSE 11.2 were updated to Firefox 3.5.6. openSUSE 11.0 and 11.1 were updated to Firefox 3.0.16 ... oval:org.secpod.oval:def:400000 openSUSE 11.2 is installed oval:org.secpod.oval:def:400053 Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: S ... oval:org.secpod.oval:def:400034 The value of SMTPD_LISTEN_REMOTE accidentally defaulted to "yes". The postfix smtp daemon therefore was reachable over the network by default. This update resets the value to "no" in /etc/sysconfig/mail. If you intentionally want postfix to listen for remote connections you need to manually set it t ... oval:org.secpod.oval:def:400042 Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. Following security issues have been fixed: CVE-2010-0159: Mozilla develope ... oval:org.secpod.oval:def:400019 The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 server ... oval:org.secpod.oval:def:400011 Mozilla Firefox was updated to update 3.6.13 to fix several security issues. Also Mozilla Thunderbird and Seamonkey were updated on openSUSE. Following security issues were fixed: MFSA 2010-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox a ... oval:org.secpod.oval:def:400036 Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once per browsing sessi ... oval:org.secpod.oval:def:400013 Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun oval:org.secpod.oval:def:400009 The Mozilla suite of browsers received security updates. Following updates are included in this update: Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release. Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release. Mozilla Thunderbird was u ... oval:org.secpod.oval:def:400088 A security update was released for the Adobe Flash Player 10. Specially crafted Flash files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. Fixed packages for Adobe Flash Player 9 will hopefully be released in the new year. oval:org.secpod.oval:def:400028 The unprivileged user exim is running as could tell the exim daemon to read a different config file and leverage that to escalate privileges to root CVE-2010-4345. A buffer overflow in exim allowed remote attackers to execute arbitrary code CVE-2010-4344. openSUSE 11.3 is not affected by this flaw. oval:org.secpod.oval:def:400030 This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTab ... oval:org.secpod.oval:def:400057 Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. oval:org.secpod.oval:def:400016 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.2 to address the issues. oval:org.secpod.oval:def:400020 The openSUSE 11.2 kernel was updated to fix lots of security issues. This will probably be the last 11.2 kernel update released by the SUSE Security Team, as our suppport for 11.2 ends in 1 month. Following security issues were fixed: CVE-2011-1493: In the rose networking stack, when parsing the FAC ... oval:org.secpod.oval:def:400054 The openSUSE 11.2 and 11.3 kernels were updated to fix 2 critical security issues and some small bugs. Following security issues were fixed: CVE-2010-3904: A local privilege escalation in RDS sockets allowed local attackers to gain root privileges. We thank Dan Rosenberg for reporting this problem. ... oval:org.secpod.oval:def:400015 This update of the openSUSE 11.2 kernel fixes various bugs and lots of security issues. Following security issues have been fixed: CVE-2010-4258: A local attacker could use a Oops caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lead to privilege es ... oval:org.secpod.oval:def:400060 The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already . Also this can only happen if the server is setup for DNSSEC. Due to this limitatio ... oval:org.secpod.oval:def:400017 Specially crafted Flash files as delivered by web sites or as .swf-files could exploit the flash player to execute arbitrary code with the privileges of the user viewing these files. CVE-2011-0611 has been assigned to this issue. oval:org.secpod.oval:def:400033 Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Mozilla Thunderbird was updated to version 3.0.8 on openSUSE, fixing the same bugs. Mozilla Seamonkey was updated to version 2.0.8 on openSUSE, fixing the same bugs. A Firefox update for SUSE Linux Enterprise 10 ... oval:org.secpod.oval:def:400029 Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors Allowed attackers to cause a memory corruption or possibly even execute arbitrar ... oval:org.secpod.oval:def:400024 Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues. Mozilla Firefox was brought to the 3.5.11 security release. Mozilla Firefox on openSUSE 11.3 was brought to the 3.6.8 security release. Mozilla Thunderbird was brought to the ... oval:org.secpod.oval:def:400022 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code CVE-2010-2862. This update also incorporate the Adobe Flash Player update APSB10-16 for the bundled flash player parts CVE-2010-2188, CVE-2010-2216 oval:org.secpod.oval:def:400031 Acrobat Reader was updated to version 9.3.3 to fix lots of security issues and bugs, several of whom could be used to execute code by trick the target user to open specially crafted PDFs oval:org.secpod.oval:def:400041 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4 which addresses the issues oval:org.secpod.oval:def:400040 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.1 which addresses the issues. oval:org.secpod.oval:def:400045 Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. There currently is no updated version available for the Flash Player version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far. It will be released as soon as it is available. oval:org.secpod.oval:def:400043 Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The Flash Plugin was upgraded to version 10.1.53.64. The following CVE numbers have been assigned: CVE-2010-2160, CVE-2010-2164 ... oval:org.secpod.oval:def:400049 Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code CVE-2009-3953, CVE-2009-3957, CVE-2009-4324. Acrobat reader was updated to version 9.3 to fix the security issues. Note: Due to integration issues with the major version update of acr ... oval:org.secpod.oval:def:400051 Adobe Flash Player was updated to version 10.1.85.3 to fix a vulnerability that allowed remote attackers to crash the player or potentially even cause execution of arbitrary code CVE-2010-2884. oval:org.secpod.oval:def:400026 This update of the openSUSE 11.2 kernel brings the kernel to version 2.6.31.12 and contains a lot of bug and security fixes. CVE-2010-0299: The permission of the devtmpfs root directory was incorrectly 1777 . If it was used, local attackers could escalate privileges. CVE-2009-3939: The poll_mode_io ... oval:org.secpod.oval:def:400025 The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 fixing lots of bugs and several security issues. Following security issues were fixed: CVE-2009-4131: A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite f ... oval:org.secpod.oval:def:400052 This update of the openSUSE 11.2 kernel contains a lot of bug and security fixes. Following security issues were fixed: CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel does not properly handle certain unlock operations for a Priority Inheritance futex, which allows l ... oval:org.secpod.oval:def:400082 The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache"s mod_ssl was vulnerable to th ... oval:org.secpod.oval:def:400048 This openSUSE 11.2 kernel was updated to 2.6.31.14, fixing several security issues and bugs. A lot of ext4 filesystem stability fixes were also added. Following security issues have been fixed: CVE-2010-3301: Mismatch between 32bit and 64bit register usage in the system call entry path could be used ... oval:org.secpod.oval:def:400047 The Mozilla Firefox browser was updated to version 3.5.9 fixing lots of bugs and security issues. On openSUSE 11.0 and 11.1 the browser was updated from the 3.0 branch to 3.5.9 Also the Mozilla NSS libraries were updated to version 3.12.6 to fix the CVE-2009-3555 TLS renegotiation issue. Mozilla Thu ... oval:org.secpod.oval:def:400056 The Linux C library glibc was updated to fix critical security issues and several bugs: CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This specific issue ... |
