Download
| Alert*
oval:org.secpod.oval:def:400399
Strongswan"s gmp plugin could treat empty RSA signature as valid ones oval:org.secpod.oval:def:400381 Specially-crafted commits could trigger a heap-based buffer overflow oval:org.secpod.oval:def:400386 - update to 1.2.1 - Security Updates * CVE-2012-3422, RH840592: Potential read from an uninitialized memory location * CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings - NetX * PR898: signed applications with big jnlp-file doesn"t start * PR811: javaws is not handling urls w ... oval:org.secpod.oval:def:400398 This update of icedtea-web fixed multiple hewap buffer overflows. oval:org.secpod.oval:def:400446 This update of plib fixed two stack-based buffer overflows. oval:org.secpod.oval:def:400445 Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments. oval:org.secpod.oval:def:400455 This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues. oval:org.secpod.oval:def:400517 This update fixes a bug which allows an unauthenticated remote attacker to cause a stack overflow in server code, resulting in either server crash or even code execution as the user running firebird. oval:org.secpod.oval:def:400359 3 Security issues were fixed in rails 2.3 core components. 2 NULL query issues where fixed in the actionpack gem. 1 SQL injection was fixed in the activerecord gem. oval:org.secpod.oval:def:400363 This update fixes a remotely exploitable overflow in DKIM handling. oval:org.secpod.oval:def:400442 oval:org.secpod.oval:def:400350 oval:org.secpod.oval:def:400441 openSUSE 12.1 is installed oval:org.secpod.oval:def:400435 Opera was updated to version 12.1, fixing various bugs and security issues oval:org.secpod.oval:def:400428 Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959 CVE-2012-3960/CVE-2012-3961/ ... oval:org.secpod.oval:def:400525 NRPE allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid tha ... oval:org.secpod.oval:def:400360 This update addresses possible evasion cases in some archive formats and stability issues in portions of the bytecode engine. oval:org.secpod.oval:def:400431 This update of XEN fixed multiple security flaws that could be exploited by local attackers to cause a Denial of Service or potentially escalate privileges. Additionally, several other upstream changes were backported. oval:org.secpod.oval:def:400396 The Mozilla suite received following security updates : Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 Miscellaneous memory safety hazards * MFSA 2012-89 ... oval:org.secpod.oval:def:400505 pidgin was updated to fix security issues: - Fix a crash when receiving UPnP responses with abnormally long values. - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially craft ... oval:org.secpod.oval:def:400385 Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc#786522 A security issues was fixed: * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 Fixes for Location object issues The update also brings back Obsoletes for libpro ... oval:org.secpod.oval:def:400389 MozillaFirefox was updated to 14.0.1 to fix various bugs and security issues. Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evide ... oval:org.secpod.oval:def:400420 Seamonkey was updated to version 2.11 * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 Spoofing issue with location * MFSA 2012-47/CVE-2012-195 ... oval:org.secpod.oval:def:400407 Mozilla Thunderbird was updated to version 14.0 * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1 952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 Spoofing issue with location * MFSA 2012-47/CV ... oval:org.secpod.oval:def:400412 Mozilla XULRunner was updated to 14.0.1, fixing bugs and security issues: Following security issues were fixed: MFSA 2012-42: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence ... oval:org.secpod.oval:def:400379 The Opera web browser was updated to 11.62 fixing various bugs and security issues. oval:org.secpod.oval:def:400510 Adobe Flash Player was updated to 11.2.202.275: (bnc#808973) APSB13-09, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375 oval:org.secpod.oval:def:400401 Changes in MozillaFirefox: - update to Firefox 13.0 * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 Information disclosure though Windows file shares ... oval:org.secpod.oval:def:400406 The icedtea-web Java plugin was updated to 1.11.4 to fix critical security issues: * Security fixes - S7162476, CVE-2012-1682: XMLDecoder security issue via ClassFinder - S7163201, CVE-2012-0547: Simplify toolkit internals references * OpenJDK - S7182135: Impossible to use some editors directly - S7 ... oval:org.secpod.oval:def:400433 Changes in chromium: - Update to 19.0.1066 * Fixed Chrome install/update resets Google search preferences * Don"t trigger accelerated compositing on 3D CSS when using swiftshader * Fixed a GPU crash * More fixes for Back button frequently hangs * Bastion now works * Fixed Composited layer sorti ... oval:org.secpod.oval:def:400366 Chromium update to 21.0.1145 * Fixed several issues around audio not playing with videos * Crash Fixes * Improvements to trackpad on Cr-48 * Security Fixes - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corru ... oval:org.secpod.oval:def:400430 Version upgrade of chromium to address multiple security vulnerabilities. oval:org.secpod.oval:def:400403 Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347<https://code.google.com/p/chromium/issues/detail?id= 121347>] Medium CVE-2012-2865: Out-of ... oval:org.secpod.oval:def:400411 Chromium was upgraded to version 24.0.1290 which fixed multiple security flaws. oval:org.secpod.oval:def:400451 Chromium was updated to 25.0.1343 * Security Fixes : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer unde ... oval:org.secpod.oval:def:400456 A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. oval:org.secpod.oval:def:400439 This version upgrade to 1.11.5 fixed various security and non-security issues. oval:org.secpod.oval:def:400358 - docs-xml: fix default name resolve order; . - s3-aio-fork: Fix a segfault in vfs_aio_fork; . - docs: remove whitespace in example samba.ldif; . - s3-smbd: move print_backend_init behind init_system_info; . - s3-docs: Prepend "/" to filename argument; . - Restrict self granting privileges where sec ... oval:org.secpod.oval:def:400404 This version upgrade of java-1_6_0-openjdk fixes multiple security flaws: - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability improveme ... oval:org.secpod.oval:def:400424 Acroread update to version 9.5.1 to fix several security issues oval:org.secpod.oval:def:400374 Adobe Flash Player 11.1.102.63 fixes a memory corruption vulnerability in the NetStream class that could lead to code execution oval:org.secpod.oval:def:400482 libvirt was updated to fix some bugs and security issues: Security issues fixed: - Fix crash on error paths of message dispatching, CVE-2013-0170 bnc#800976 - security: Fix libvirtd crash possibility CVE-2012-4423 bnc#780432 Also bugs were fixed: - qemu: Fix probing for guest capabilities bnc#772586 ... oval:org.secpod.oval:def:400427 Security Update for Xen Following bug and security fixes were applied: - bnc#776995 - attaching scsi control luns with pvscsi - xend/pvscsi: fix passing of SCSI control LUNs xen-bug776995-pvscsi-no-devname.patch - xend/pvscsi: fix usage of persistant device names for SCSI devices xen-bug776995-pvscs ... oval:org.secpod.oval:def:400402 qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release . oval:org.secpod.oval:def:400415 This update fixed CVE-2012-3524 , which can be used by local attackers to escalate privileges to root. oval:org.secpod.oval:def:400372 Multiple integer overflows in various decoder plug-ins of GIMP have been fixed. oval:org.secpod.oval:def:400447 This update of libotr fixed multiple buffer overflows. oval:org.secpod.oval:def:400375 The xmlrpc interface of cobbler was prone to command injectoin oval:org.secpod.oval:def:400384 when used in CGI mode remote attackers could inject command line arguments to php oval:org.secpod.oval:def:400437 Specially crafted font files could cause buffer overflows in freetype oval:org.secpod.oval:def:400369 - Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; ; . - s3-winb ... oval:org.secpod.oval:def:400361 - Update to 19.0.1079 Security Fixes : * High CVE-2011-3050: Use-after-free with first-letter handling * High CVE-2011-3045: libpng integer issue from upstream * High CVE-2011-3051: Use-after-free in CSS cross-fade handling * High CVE-2011-3052: Memory corruption in WebGL canvas handling * High CVE- ... oval:org.secpod.oval:def:400391 flash-player update to 11.2.202.235 fixes a potential remote code execution vulnerability oval:org.secpod.oval:def:400356 Adobe Flash Player was updated to 11.2.202.236, fixing lots of bugs and critical security issues. We also disabled inclusion of mms.cfg again, as it caused trouble on hardware accelerated systems. oval:org.secpod.oval:def:400394 Adobe Flash Player was updated to 11.2.202.238 fixing various bugs and security issues. oval:org.secpod.oval:def:400390 Flash Player was updated to 11.2.202.243 * CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CV ... oval:org.secpod.oval:def:400440 Flash Player was updated to 11.2.202.251 , fixing severe security issues: * CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280 oval:org.secpod.oval:def:400453 This version upgrade of flash-player fixed multiple unspecified code execution vulnerabiliies. oval:org.secpod.oval:def:400480 Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. oval:org.secpod.oval:def:400485 oval:org.secpod.oval:def:400490 acroread was updated to 9.5.4 to fix remote code execution problems oval:org.secpod.oval:def:400492 Flash Player was updated to 11.2.202.273 to fix critical security issues: * APSB13-08, CVE-2013-0504, CVE-2013-0643, CVE-2013-0648 More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.h tml oval:org.secpod.oval:def:400382 This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code. oval:org.secpod.oval:def:400483 OpenJDK was updated to 1.12.2 to fix bugs and security issues * Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time - S6776941: CVE-2013-0427: ... oval:org.secpod.oval:def:400368 php5 security update oval:org.secpod.oval:def:400488 MozillaFirefox was updated to Firefox 19.0 MozillaThunderbird was updated to Thunderbird 17.0.3 seamonkey was updated to SeaMonkey 2.16 xulrunner was updated to 17.0.3esr chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0: * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memor ... oval:org.secpod.oval:def:400494 java-1_6_0-openjdk was updated to IcedTea 1.12.3 containing security and bugfixes: * Security fixes - S8006446: Restrict MBeanServer access - S8006777: Improve TLS handling of invalid messages Lucky 13 - S8007688: Blacklist known bad certificate * Backports - S8007393: Possible race condition af ... oval:org.secpod.oval:def:400460 MariaDB was updated to 5.2.13 oval:org.secpod.oval:def:400462 The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/C ... oval:org.secpod.oval:def:400354 Fixing CVE-2012-2122: authentication bypass due to incorrect type casting oval:org.secpod.oval:def:400449 This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk CVE-2012-4544-xsa25.patch - bnc#779212 - CVE-2012-4411: XEN / qemu: guest adminis ... oval:org.secpod.oval:def:400459 mysql community server was updated to 5.5.28, fixing bugs and security issues oval:org.secpod.oval:def:400458 XEN was updated to fix various denial of service issues. - bnc#789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability - bnc#789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs - bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_ ... oval:org.secpod.oval:def:400526 The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla ... oval:org.secpod.oval:def:400508 java-1_6_0-openjdk aka IcedTea was updated to 1.12.4 - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion oval:org.secpod.oval:def:400516 seamonkey was updated to version 2.16.1 fixing a severe security issue. * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400515 Mozilla Firefox was updated to 19.0.2 fixing: * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor could be used for code execution * blocklist updates oval:org.secpod.oval:def:400513 xulrunner was updated to 17.0.4esr to fix a important security issue: * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400518 Perl was updated to fix 3 security issues: - fix rehash denial of service [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug w ... oval:org.secpod.oval:def:400512 MozillaThunderbird was updated to 17.0.4 * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400373 The bind nameserver was updated to fix specially crafted DNS data can cause a lockup in named. oval:org.secpod.oval:def:400423 A remote denial of service attack was fixed in the BIND DNS nameserver, which could be caused by attackers providing a specifically prepared zone file for recursive transfer oval:org.secpod.oval:def:400410 A remote denial of service in the bind nameserver via zero length rdata fields was fixed. oval:org.secpod.oval:def:400542 The openSUSE 12.1 kernel was updated to fix a critical security issue and also some reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi tar ... oval:org.secpod.oval:def:400507 The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0160: ... oval:org.secpod.oval:def:400486 This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2 ... oval:org.secpod.oval:def:400527 postgresql was updated to version 9.1.9 : * CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server"s data directory, even if the request is event ... oval:org.secpod.oval:def:400534 The openSUSE 12.1 kernel was updated to fix a severe secrutiy issue and various bugs. Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_ ... |