Download
| Alert*
|
oval:org.secpod.oval:def:400380
Specially-crafted commits could trigger a heap-based buffer overflow oval:org.secpod.oval:def:400446 This update of plib fixed two stack-based buffer overflows. oval:org.secpod.oval:def:400444 Specially-crafted commits can cause code to be executed on the clients due to improperly quoted arguments. oval:org.secpod.oval:def:400452 This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues. oval:org.secpod.oval:def:400517 This update fixes a bug which allows an unauthenticated remote attacker to cause a stack overflow in server code, resulting in either server crash or even code execution as the user running firebird. oval:org.secpod.oval:def:400363 This update fixes a remotely exploitable overflow in DKIM handling. oval:org.secpod.oval:def:400442 oval:org.secpod.oval:def:400443 openSUSE 12.2 is installed oval:org.secpod.oval:def:400576 The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. * distrust: AC DG Tresor SSL * new: CA_Disig_R ... oval:org.secpod.oval:def:400450 This update of libssh fixed various memory management issues that could have security implications. oval:org.secpod.oval:def:400454 This update of libssh fixed various memory management issues that could have security implications . oval:org.secpod.oval:def:400541 flash-player was updated to security update to 11.2.202.285 * APSB13-14, CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335 oval:org.secpod.oval:def:400421 Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959 CVE-2012-3960/CVE-2012-3961/ ... oval:org.secpod.oval:def:400525 NRPE allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as check_http, to execute arbitrary commands under the uid tha ... oval:org.secpod.oval:def:400577 Fixed CVE-2013-3709: make the secret token file readable only for the webyast user to avoid forging the session cookie oval:org.secpod.oval:def:400396 The Mozilla suite received following security updates : Mozilla Firefox was updated to 16.0.1. Mozilla Seamonkey was updated to 2.13.1. Mozilla Thunderbird was updated to 16.0.1. Mozilla XULRunner was updated to 16.0.1. * MFSA 2012-88/CVE-2012-4191 Miscellaneous memory safety hazards * MFSA 2012-89 ... oval:org.secpod.oval:def:400505 pidgin was updated to fix security issues: - Fix a crash when receiving UPnP responses with abnormally long values. - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially craft ... oval:org.secpod.oval:def:400385 Mozilla Firefox, Thunderbird and XULRunner were updated to 16.0.2. Mozilla Seamonkey was updated to 2.13.2. Tracker bug: bnc#786522 A security issues was fixed: * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 Fixes for Location object issues The update also brings back Obsoletes for libpro ... oval:org.secpod.oval:def:400510 Adobe Flash Player was updated to 11.2.202.275: (bnc#808973) APSB13-09, CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375 oval:org.secpod.oval:def:400562 Adobe flash-player has been updated to version 11.2.202.310 which fixes bugs and security issues. These updates resolve memory corruption vulnerabilities that could lead to code execution oval:org.secpod.oval:def:400403 Chromium was updated to 21.0.1180.88 to fix various bugs and security issues. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix. - [$500] [121347<https://code.google.com/p/chromium/issues/detail?id= 121347>] Medium CVE-2012-2865: Out-of ... oval:org.secpod.oval:def:400411 Chromium was upgraded to version 24.0.1290 which fixed multiple security flaws. oval:org.secpod.oval:def:400451 Chromium was updated to 25.0.1343 * Security Fixes : - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for Intel GPUs - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia - CVE-2012-5132: Browser crash with chunked encoding - CVE-2012-5134: Buffer unde ... oval:org.secpod.oval:def:400456 A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. oval:org.secpod.oval:def:400365 java-1_7_0-opendjk was updated to icedtea-2.3.3 * Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties checking in ... oval:org.secpod.oval:def:400566 Adobe Flash Player was updated to 11.2.202.327: * APSB13-26, CVE-2013-5329, CVE-2013-5330 oval:org.secpod.oval:def:400388 Java-1_7_0-openjdk was updated to fix a remote exploit . Also bugfixes were done: - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild --with zero - add hotspot 2.1 needed for zero - fix filelist on %{ix86} * Security fixes - S7162476, CVE-20 ... oval:org.secpod.oval:def:400478 - Update to libvirt 0.9.11.9 stable release - Fixes CVE-2013-0170 by including cherry picked master commit 46532e3e, bnc#800976 - Fix starting lxc VM e.g from OpenStack bnc#793900 and rh#858104 oval:org.secpod.oval:def:400402 qemu was fixed to add bounds checking for VT100 escape code parsing and cursor placement. Also qemu was updated on 12.2 and 11.4 to the latest stable release . oval:org.secpod.oval:def:400415 This update fixed CVE-2012-3524 , which can be used by local attackers to escalate privileges to root. oval:org.secpod.oval:def:400447 This update of libotr fixed multiple buffer overflows. oval:org.secpod.oval:def:400416 Fix buffer overflow in MS Word ODF filter among other non-security related bugs. Also a version update to 2.4.3 happened: * Words: - Always show vertical scroll bar to avoid race condition - Do not save with an attribue that makes LibreOffice and OpenOffice crash * Kexi: - Fixed import from csv whe ... oval:org.secpod.oval:def:400571 Update to Chromium 30.0.1599.66: - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes: + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Addr ... oval:org.secpod.oval:def:400493 Adobe Flash Player was updated to 11.2.202.238 fixing various bugs and security issues. oval:org.secpod.oval:def:400495 Flash Player was updated to 11.2.202.243 * CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CV ... oval:org.secpod.oval:def:400499 Flash Player was updated to 11.2.202.251 , fixing severe security issues: * CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280 oval:org.secpod.oval:def:400497 This version upgrade of flash-player fixed multiple unspecified code execution vulnerabiliies. oval:org.secpod.oval:def:400502 Adobe Flash Player was updated to 11.2.202.262 to fix various security issues and bugs. oval:org.secpod.oval:def:400503 oval:org.secpod.oval:def:400496 acroread was updated to 9.5.4 to fix remote code execution problems oval:org.secpod.oval:def:400501 Flash Player was updated to 11.2.202.273 to fix critical security issues: * APSB13-08, CVE-2013-0504, CVE-2013-0643, CVE-2013-0648 More information can be found on: https://www.adobe.com/support/security/bulletins/apsb13-08.h tml oval:org.secpod.oval:def:400382 This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code. oval:org.secpod.oval:def:400488 MozillaFirefox was updated to Firefox 19.0 MozillaThunderbird was updated to Thunderbird 17.0.3 seamonkey was updated to SeaMonkey 2.16 xulrunner was updated to 17.0.3esr chmsee was updated to version 2.0. Changes in MozillaFirefox 19.0: * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memor ... oval:org.secpod.oval:def:400498 java-1_7_0-openjdk was updated to icedtea-2.3.6 containing various security and bugfixes: * Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction time ... oval:org.secpod.oval:def:400462 The Mozilla January 8th 2013 security release contains updates: Mozilla Firefox was updated to version 18.0. Mozilla Seamonkey was updated to version 2.15. Mozilla Thunderbird was updated to version 17.0.2. Mozilla XULRunner was updated to version 17.0.2. * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/C ... oval:org.secpod.oval:def:400461 oval:org.secpod.oval:def:400477 java-1_7_0-openjdk was updated to icedtea-2.3.4 fixing bugs and also severe security issues: * Security fixes - S8004933, CVE-2012-3174: Improve MethodHandle interaction with libraries - S8006017, CVE-2013-0422: Improve lookup resolutions - S8006125: Update MethodHandles library interactions * Bug f ... oval:org.secpod.oval:def:400448 This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc#787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk CVE-2012-4544-xsa25.patch - bnc#779212 - CVE-2012-4411: XEN / qemu: guest adminis ... oval:org.secpod.oval:def:400459 mysql community server was updated to 5.5.28, fixing bugs and security issues oval:org.secpod.oval:def:400457 This update of XEN fixes various denial of service bugs. - bnc#789945 - CVE-2012-5510: xen: Grant table version switch list corruption vulnerability - bnc#789944 - CVE-2012-5511: xen: Several HVM operations do not validate the range of their inputs - bnc#789940 - CVE-2012-5512: xen: HVMOP_get_mem_ ... oval:org.secpod.oval:def:400526 The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla ... oval:org.secpod.oval:def:400533 Mozilla xulrunner was updated to 17.0.6esr * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 Privileged access for content level constructor * MFSA 2013-46/CVE-2013-1674 Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013- ... oval:org.secpod.oval:def:400532 MozillaThunderbird was updated to security update Thunderbird 17.0.6 : * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 Privileged access for content level constructor * MFSA 2013-46/CVE-2013-1674 Use-after-free with video and onresize eve ... oval:org.secpod.oval:def:400516 seamonkey was updated to version 2.16.1 fixing a severe security issue. * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400515 Mozilla Firefox was updated to 19.0.2 fixing: * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor could be used for code execution * blocklist updates oval:org.secpod.oval:def:400513 xulrunner was updated to 17.0.4esr to fix a important security issue: * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400518 Perl was updated to fix 3 security issues: - fix rehash denial of service [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug w ... oval:org.secpod.oval:def:400512 MozillaThunderbird was updated to 17.0.4 * MFSA 2013-29/CVE-2013-0787 Use-after-free in HTML Editor oval:org.secpod.oval:def:400373 The bind nameserver was updated to fix specially crafted DNS data can cause a lockup in named. oval:org.secpod.oval:def:400563 MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscel ... oval:org.secpod.oval:def:400423 A remote denial of service attack was fixed in the BIND DNS nameserver, which could be caused by attackers providing a specifically prepared zone file for recursive transfer oval:org.secpod.oval:def:400425 This kernel update to 3.4.11 fixes various bugs and security issues. The changes up to 3.4.11 contain both security and bugfixes and are not explicitly listed here. Following security issues were fixed: CVE-2012-3520: Force passing credentials, otherwise local services could be fooled to assume requ ... oval:org.secpod.oval:def:400567 Chromium was updated to 31.0.1650.57: Stable channel update: - Security Fixes: * CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: * CVE-2013-6621: Use after free related to speech input elements.. * CVE-2013-6622: Use after ... oval:org.secpod.oval:def:400504 The Linux kernel was updated to 3.4.33 and to fix a local root privilege escalation and various other security and non-security bugs. CVE-2013-1763: A out of bounds access in sock_diag could be used by local attackers to execute code in kernel context and so become root. CVE-2013-0160: The atime of ... oval:org.secpod.oval:def:400486 This update updates the RubyOnRails 2.3 stack to 2.3.16, also this update updates the RubyOnRails 3.2 stack to 3.2.11. Security and bugfixes were done, foremost: CVE-2013-0333: A JSON sql/code injection problem was fixed. CVE-2012-5664: A SQL Injection Vulnerability in Active Record was fixed. CVE-2 ... oval:org.secpod.oval:def:400527 postgresql was updated to version 9.1.9 : * CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server"s data directory, even if the request is event ... oval:org.secpod.oval:def:400543 The openSUSE 12.2 kernel was updated to fix security issue and other bugs. Security issues fixed: CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi targ ... |
