Download
| Alert*
|
oval:org.secpod.oval:def:400414
This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:400376 This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd unauthorized file access problems. oval:org.secpod.oval:def:400346 A boundary error in ldns_rr_new_frm_str_internal could lead to a heap-based buffer overfow when processing RR records . oval:org.secpod.oval:def:400324 Security / Collective Update for Xen Xen: - bnc#702025 - VUL-0: xen: VT-d MSI trap injection - bnc#703924 - update block-npiv scripts to support BFA HBA - bnc#689954 - L3: Live migrations fail when guest crashes: domain_crash_sync called from entry.S - bnc#693472 - Bridge hangs cause redundant rin ... oval:org.secpod.oval:def:400003 openSUSE 11.3 is installed oval:org.secpod.oval:def:400309 opera 11.11 fixes a security vulnerability. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional techniques will have to be employed. oval:org.secpod.oval:def:400308 This update updates mozilla nss to 3.12.11. It blacklists the lately compromised DigiNotar Certificate Authority. oval:org.secpod.oval:def:400314 Mozilla Seamonkey was updated to version 2.4.1, which fixes some regressions found in the 2.4 release. oval:org.secpod.oval:def:400342 This update brings Mozilla Thunderbird to 3.1.13. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority oval:org.secpod.oval:def:400340 The mozilla NSS libraries were updated to 3.12.11 to align with newer Mozilla seamonkey and Firefox releases. Interesting changes are: - blacklisting malicious root certificates - several bugfixes oval:org.secpod.oval:def:400325 This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites. oval:org.secpod.oval:def:400297 This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA. oval:org.secpod.oval:def:400336 The last security version upgrade of MariaDB removed innodb support, breaking old databases. This update fixes this problem. - #704811: mariadb "security update" breaks database Special Instructions and Notes: This update triggers a restart of the software management stack. More updates w ... oval:org.secpod.oval:def:400353 Acrobat Reader was updated to version 9.4.7 to fix security issues oval:org.secpod.oval:def:400306 The update to Flash-Player 10.3.188.5 fixes various security issues: - CVE-2011-2130: CVSS v2 Base Score: 6.8 - CVE-2011-2134: CVSS v2 Base Score: 6.8 - CVE-2011-2135: CVSS v2 Base Score: 6.8 - CVE-2011-2136: CVSS v2 Base Score: 6.8 - CVE-2011-2137: CVSS v2 Base Score: 6.8 - CVE-2011-2138: CVSS ... oval:org.secpod.oval:def:400012 acrobat reader was updated to version 9.4.6 to fix several security issues that could allow attackers to execute arbitrary code or to cause a denial of service via specially crafted PDF documents. oval:org.secpod.oval:def:400349 flash-player update to version 11.1.102.55 to fix the following critical security issues: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460 oval:org.secpod.oval:def:400341 A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability could cause a crash and potentially allow an attac ... oval:org.secpod.oval:def:400331 acrobat reader was updated to version 9.4.6 to fix several security issues oval:org.secpod.oval:def:400348 The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote attackers ... oval:org.secpod.oval:def:400327 This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products oval:org.secpod.oval:def:400310 specially crafted DNS queries could crash the bind name server . oval:org.secpod.oval:def:400323 A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers to exit. CVE-2011-2464 has been assigned to this issue. Special Instructions and Notes: This update triggers a restart of the software management stack. More updates will be available ... oval:org.secpod.oval:def:400006 A remote Denial of Service vulnerability has been fixed in the BIND DNS nameserver. Specially crafted packets could cause bind servers to exit. CVE-2011-2464 This issue affected bind 9.6 and later, so SUSE Linux Enterprise 10 SP4, SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 and 11.4 were affecte ... oval:org.secpod.oval:def:400019 The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 server ... oval:org.secpod.oval:def:400014 When 802.11X authentication is used NetworkManager did not pin a certificate"s subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by the same CA as used in the original network CVE-2006-7246. If password based authen ... oval:org.secpod.oval:def:400011 Mozilla Firefox was updated to update 3.6.13 to fix several security issues. Also Mozilla Thunderbird and Seamonkey were updated on openSUSE. Following security issues were fixed: MFSA 2010-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox a ... oval:org.secpod.oval:def:400429 seamonkey version 2.6 fixes several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2 ... oval:org.secpod.oval:def:400417 seamonkey version 2.6 fixes several security issues: * MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards * MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2 ... oval:org.secpod.oval:def:400005 Mozilla Firefox and Thunderbird were updated to fix several security issues: * CVE-2011-2365 Miscellaneous memory safety hazards * CVE-2011-2373 Use-after-free vulnerability when viewing XUL document with script disabled * CVE-2011-2377 Memory corruption due to multipart/x-mixed-replace images * CVE ... oval:org.secpod.oval:def:400339 Mozilla Thunderbird was updated to the 3.1.11 release. It has new features, fixes lots of bugs, and also fixes the following security issues: * MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards * MFSA 2011-20/CVE-2011-2373 Use-after-free vulner ... oval:org.secpod.oval:def:400018 Mozilla released a round of security updates. Mozilla Firefox was updated to version 6 on openSUSE 11.4, Mozilla Firefox was updated to version 3.6.20 on openSUSE 11.3 and SUSE Linux Enterprise 10 and 11. Seamonkey was updated to 2.3 on openSUSE 11.3,11.4 Mozilla Thunderbird was updated to 3.1.2 on ... oval:org.secpod.oval:def:400347 Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Gary Kwong, Igor Bukanov, Nil ... oval:org.secpod.oval:def:400338 These particular issues may be triggered while viewing RSS feeds and displaying full remote content rather than the feed summary. Addons that expose browser functionality may also enable such issues to be exploited. * Miscellaneous memory safety hazards Mozilla developers and community members iden ... oval:org.secpod.oval:def:400332 Mozilla Seamonkey suite was updated to version 2.3. The update fixes bugs and security issues. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Aral Yaman repor ... oval:org.secpod.oval:def:400409 Various security vulnerabilities have been fixed in openssl: - DTLS plaintext recovery attack - uninitialized SSL 3.0 padding - malformed RFC 3779 data can cause assertion failures - SGC restart DoS attack - invalid GOST parameters DoS attack oval:org.secpod.oval:def:400013 Sun Java 1.6 was updated to Update 24 fixing various bugs and security issues. The update is rated critical by Sun oval:org.secpod.oval:def:400357 A stack-based buffer overflow in the glyph handling of libqt4"s harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue. oval:org.secpod.oval:def:400009 The Mozilla suite of browsers received security updates. Following updates are included in this update: Mozilla Firefox was updated on SUSE Linux Enterprise 10 and 11 to the 3.6.17 security release. Mozilla Firefox was updated on openSUSE 11.4 to the 4.0.1 security release. Mozilla Thunderbird was u ... oval:org.secpod.oval:def:400021 Flash Player has been updated to version 10.3, fixing bugs and security issues oval:org.secpod.oval:def:400300 - CVE-2011-1752: The mod_dav_svn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The mod_dav_svn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. - CVE-2011-1921: The mod_dav_svn Apach ... oval:org.secpod.oval:def:400367 The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read permissi ... oval:org.secpod.oval:def:400315 Wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues. oval:org.secpod.oval:def:400318 Oracle Java 6 Update 26 fixes several security vulnerabilities oval:org.secpod.oval:def:400408 A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned. oval:org.secpod.oval:def:400418 This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts . oval:org.secpod.oval:def:400413 This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts . oval:org.secpod.oval:def:400329 Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files . oval:org.secpod.oval:def:400330 Icedtea as included in java-1_6_0-openjdk was updated to fix several security issues: * S6213702, CVE-2011-0872: non-blocking sockets with TCP urgent disabled get still selected for read ops * S6618658, CVE-2011-0865: Vulnerability in deserialization * S7012520, CVE-2011-0815: Heap overflow vulner ... oval:org.secpod.oval:def:400316 A privileged guest user could cause a buffer overflow in the virtio subsystem of the host, therefore crashing the guest or potentially execute arbitrary code on the host . oval:org.secpod.oval:def:400319 Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures . oval:org.secpod.oval:def:400028 The unprivileged user exim is running as could tell the exim daemon to read a different config file and leverage that to escalate privileges to root CVE-2010-4345. A buffer overflow in exim allowed remote attackers to execute arbitrary code CVE-2010-4344. openSUSE 11.3 is not affected by this flaw. oval:org.secpod.oval:def:400344 This update of ecryptfs-utils fixes several security problems: - CVE-2011-1831 - Race condition when checking mountpoint during mount. - CVE-2011-1832 - Race condition when checking mountpoint during unmount. - CVE-2011-1833 - Race condition when checking source during mount. - CVE-2011-1834 - Impro ... oval:org.secpod.oval:def:400312 The pam_env module is vulnerable to a stack overflow and a DoS condition when parsing users .pam_environment files. Additionally a missing return value check inside pam_xauth has been fixed . oval:org.secpod.oval:def:400311 This update of libmodplug0 fixes the following issues: 1((src/load_wav.cpp(CVE-2011-2911 oval:org.secpod.oval:def:400317 This update fixes the following security issues: - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa - 718058: OSPF6D DoS while decoding Database Description packet - 718059: OSPFD DoS while decoding Hello packet - 718061: OSPFD DoS while decoding Link Sta ... oval:org.secpod.oval:def:400337 This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded, the complete co ... oval:org.secpod.oval:def:400320 This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code . oval:org.secpod.oval:def:400303 This update fixes a remote denial of service bug in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges oval:org.secpod.oval:def:400328 A possible stack overflow in apache2-mod_fcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue. oval:org.secpod.oval:def:400016 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.2 to address the issues. oval:org.secpod.oval:def:400335 Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper oval:org.secpod.oval:def:400032 This updated openSUSE 11.3 kernel fixes the following security bugs: CVE-2010-3310: local users could corrupt kernel heap memory via ROSE sockets. CVE-2010-2962: local users could write to any kernel memory location via the i915 GEM ioctl interface. Exploitability requires the presence of a i915 com ... oval:org.secpod.oval:def:400039 This update of the openSUSE 11.3 kernel fixes two local root exploits, various other security issues and some bugs. Following security issues are fixed by this update: CVE-2010-3301: Mismatch between 32bit and 64bit register usage in the system call entry path could be used by local attackers to gai ... oval:org.secpod.oval:def:400037 This update of the openSUSE 11.3 kernel brings the kernel to version 2.6.34.4 and contains a lot of bug and security fixes CVE-2010-3110: Missing bounds checks in several ioctls of the Novell Client novfs /proc interface allowed unprivileged local users to crash the kernel or even execute code in ke ... oval:org.secpod.oval:def:400008 The openSUSE 11.3 kernel was updated to 2.6.34.8 to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-1493: In the rose networking stack, when parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than e ... oval:org.secpod.oval:def:400010 The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable &qt custom_debug &qt file, allowing local privilege escalation. CVE-2010-4258: A local at ... oval:org.secpod.oval:def:400055 The openSUSE 11.3 kernel was updated to version 2.6.34.7. The update fixes lots of bugs and security issues. A major regression in handling some USB Input devices introduced by the previous update was fixed. We also fixed a lot of bugs in the ATH5K wireless driver. Following security issues were fi ... oval:org.secpod.oval:def:400054 The openSUSE 11.2 and 11.3 kernels were updated to fix 2 critical security issues and some small bugs. Following security issues were fixed: CVE-2010-3904: A local privilege escalation in RDS sockets allowed local attackers to gain root privileges. We thank Dan Rosenberg for reporting this problem. ... oval:org.secpod.oval:def:400017 Specially crafted Flash files as delivered by web sites or as .swf-files could exploit the flash player to execute arbitrary code with the privileges of the user viewing these files. CVE-2011-0611 has been assigned to this issue. oval:org.secpod.oval:def:400033 Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Mozilla Thunderbird was updated to version 3.0.8 on openSUSE, fixing the same bugs. Mozilla Seamonkey was updated to version 2.0.8 on openSUSE, fixing the same bugs. A Firefox update for SUSE Linux Enterprise 10 ... oval:org.secpod.oval:def:400370 The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it"s possible to corrupt memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-2525 ... oval:org.secpod.oval:def:400029 Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors Allowed attackers to cause a memory corruption or possibly even execute arbitrar ... oval:org.secpod.oval:def:400024 Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues. Mozilla Firefox was brought to the 3.5.11 security release. Mozilla Firefox on openSUSE 11.3 was brought to the 3.6.8 security release. Mozilla Thunderbird was brought to the ... oval:org.secpod.oval:def:400022 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code CVE-2010-2862. This update also incorporate the Adobe Flash Player update APSB10-16 for the bundled flash player parts CVE-2010-2188, CVE-2010-2216 oval:org.secpod.oval:def:400041 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4 which addresses the issues oval:org.secpod.oval:def:400040 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.1 which addresses the issues. oval:org.secpod.oval:def:400045 Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. There currently is no updated version available for the Flash Player version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far. It will be released as soon as it is available. oval:org.secpod.oval:def:400051 Adobe Flash Player was updated to version 10.1.85.3 to fix a vulnerability that allowed remote attackers to crash the player or potentially even cause execution of arbitrary code CVE-2010-2884. oval:org.secpod.oval:def:400301 This update adds openssl patches since 2007 for: - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180 oval:org.secpod.oval:def:400307 Seamonkey was upgraded to version 2.5 in order to fix the following security problems: * MFSA 2011-47/CVE-2011-3648 Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 Memory corruptio ... oval:org.secpod.oval:def:400436 Specially crafted time zone files could cause a heap overflow in glibc . oval:org.secpod.oval:def:400345 Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption unde ... oval:org.secpod.oval:def:400322 Mozilla Thunderbird was updated to version 3.1.14, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption ... oval:org.secpod.oval:def:400056 The Linux C library glibc was updated to fix critical security issues and several bugs: CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This specific issue ... oval:org.secpod.oval:def:400334 MozillaFirefox has been updated to version 3.6.24 to fix the following security issues: * MFSA 2011-46/CVE-2011-3647 loadSubScript unwraps XPCNativeWrapper scope parameter * MFSA 2011-47/CVE-2011-3648 Potential XSS against sites using Shift-JIS * MFSA 2011-49/CVE-2011-3650 Memory corruption while ... oval:org.secpod.oval:def:400333 Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption und ... oval:org.secpod.oval:def:400007 The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters . Affected passwords are potentially faster to crack via brute force methods CVE-2011-2483. SUSE"s crypt implementation supports the blowfish password hashing function and sys ... |
