[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:106181
The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer and Transport Layer Security protocols using the Network Security Services security library.

oval:org.secpod.oval:def:500856
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ...

oval:org.secpod.oval:def:500141
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large res ...

oval:org.secpod.oval:def:500794
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ...

oval:org.secpod.oval:def:501084
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ...

oval:org.secpod.oval:def:501170
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Linux kernel"s device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data ...

oval:org.secpod.oval:def:500720
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged use ...

oval:gov.nist.usgcb.rhel:def:20008
The yum-updatesd service should be disabled

oval:gov.nist.usgcb.rhel:def:20006
If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoi ...

oval:gov.nist.usgcb.rhel:def:20007
The rhnsd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20004
System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume.

oval:gov.nist.usgcb.rhel:def:20005
Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing ...

oval:gov.nist.usgcb.rhel:def:20002
The /var directory is used by daemons and other system services to store frequently-changing data. It is not uncommon for the /var directory to contain world-writable directories, installed by other software packages. ...

oval:gov.nist.usgcb.rhel:def:20000
The /tmp directory is a world-writable directory used for temporary ���le storage. Verify that it has its own partition or logical volume.

oval:gov.nist.usgcb.rhel:def:20028
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20029
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20027
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:202052
The atd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20019
The nosuid option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20017
The nodev option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20018
The noexec option should be enabled for all removable media.

oval:gov.nist.usgcb.rhel:def:20016
The nodev option should be enabled for all non-root partitions.

oval:gov.nist.usgcb.rhel:def:20014
The AIDE package should be installed

oval:gov.nist.usgcb.rhel:def:20011
To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo con���guration ���les in /etc/yum.repos.d or elsewhere

oval:gov.nist.usgcb.rhel:def:20010
The gpgcheck option should be used to ensure that checking of an RPM package���s signature always occurs prior to its installation./

oval:gov.nist.usgcb.rhel:def:144120
Add nodev Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:20048
The sgid bit should be set only for specified files.

oval:gov.nist.usgcb.rhel:def:20049
The suid bit should be set only for specified files.

oval:gov.nist.usgcb.rhel:def:20046
The sticky bit should be set for all world-writable directories.

oval:gov.nist.usgcb.rhel:def:20047
The world-write permission should be disabled for all files.

oval:gov.nist.usgcb.rhel:def:20044
File permissions for /etc/gshadow should be set correctly.

oval:gov.nist.usgcb.rhel:def:20045
File permissions for /etc/passwd should be set correctly.

oval:gov.nist.usgcb.rhel:def:20042
File permissions for /etc/shadow should be set correctly.

oval:gov.nist.usgcb.rhel:def:20043
File permissions for /etc/group should be set correctly.

oval:gov.nist.usgcb.rhel:def:20040
The /etc/passwd file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20041
The /etc/passwd file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20039
The /etc/gshadow file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20037
The /etc/group file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20038
The /etc/gshadow file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20035
The /etc/shadow file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20036
The /etc/group file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20033
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20034
The /etc/shadow file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20031
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20032
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:20030
prevents usage of this uncommon ���lesystems.

oval:gov.nist.usgcb.rhel:def:500116
Add noexec Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:500115
Add noexec Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:500114
Add nosuid Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:500113
Add nodev Option to /dev/shm Partition

oval:gov.nist.usgcb.rhel:def:500119
Postfix network listening should be disabled

oval:gov.nist.usgcb.rhel:def:500118
Disable the network sniffer

oval:gov.nist.usgcb.rhel:def:500117
Bind mount the /var/tmp directory to /var

oval:gov.nist.usgcb.rhel:def:182444
The irda service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:181560
The rawdevices service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:500112
Add nosuid Option to /tmp Partition

oval:gov.nist.usgcb.rhel:def:201685
Audit rules about the Information on Kernel Module Loading and Unloading.

oval:org.secpod.oval:def:501269
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of ...

oval:gov.nist.usgcb.rhel:def:203401
The samba package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:200785
The password ocredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200786
The password lcredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200787
The password difok should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200781
The password retry should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:200784
The password ucredit should meet minimum requirements using pam_cracklib

oval:gov.nist.usgcb.rhel:def:99900
User accounts may or may not be inactivated a specified number of days after account expiration.

oval:org.secpod.oval:def:500375
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in ot ...

oval:org.secpod.oval:def:21811
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21812
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21810
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files.

oval:gov.nist.usgcb.rhel:def:20107
The SELinux policy should be set appropriately.

oval:gov.nist.usgcb.rhel:def:20106
The SELinux state should be set appropriately.

oval:gov.nist.usgcb.rhel:def:20103
The direct gnome login warning banner should be set correctly.

oval:gov.nist.usgcb.rhel:def:20104
SELinux should be enabled

oval:gov.nist.usgcb.rhel:def:20101
The vlock package should be installed

oval:gov.nist.usgcb.rhel:def:20102
The system login banner text should be set correctly.

oval:gov.nist.usgcb.rhel:def:20100
The allowed period of inactivity gnome desktop lockout should be configured correctly.

oval:org.secpod.oval:def:500844
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * The fix for CVE-2011-1083 introduced a flaw in the way the Linux kernel"s Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use ...

oval:gov.nist.usgcb.rhel:def:20128
All wireless interfaces should be disabled.

oval:gov.nist.usgcb.rhel:def:20125
Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20126
The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20123
Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20124
Sending TCP syncookies should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20121
The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20122
Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20120
The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20118
Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20119
The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20116
Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20117
Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20114
IP forwarding should be disabled.

oval:gov.nist.usgcb.rhel:def:20115
Accepting source routed packets should be enabled or disabled for all interfaces as appropriate.

oval:gov.nist.usgcb.rhel:def:20112
The default setting for sending ICMP redirects should be disabled for network interfaces.

oval:gov.nist.usgcb.rhel:def:20113
Sending ICMP redirects should be disabled for all interfaces.

oval:gov.nist.usgcb.rhel:def:20110
The mcstrans service should be disabled.

oval:gov.nist.usgcb.rhel:def:20149
All rsyslog log files should be owned by root user.

oval:gov.nist.usgcb.rhel:def:20147
The iptables service should be enabled.

oval:gov.nist.usgcb.rhel:def:20148
The syslog service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:21809
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:gov.nist.usgcb.rhel:def:20146
The ip6tables service should be enabled.

oval:gov.nist.usgcb.rhel:def:20136
Accepting redirects from IPv6 routers should be disabled as appropriate for all network interfaces. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20135
The default setting for accepting IPv6 router advertisements should be disabled for network interfaces. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20132
Global IPv6 initialization should be disabled.

oval:gov.nist.usgcb.rhel:def:20133
IPv6 configuration should be disabled for all interfaces.

oval:gov.nist.usgcb.rhel:def:20130
Automatic IPv6 address assignment should be disabled.

oval:gov.nist.usgcb.rhel:def:20131
The default setting for IPv6 configuration should be disabled for network interfaces.

oval:org.secpod.oval:def:500802
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the data_len parameter of the sock_alloc_send_pskb function in the Linux kernel"s networking implementation was not validated before use. A local ...

oval:gov.nist.usgcb.rhel:def:20169
Force a reboot to change audit rules is enabled

oval:gov.nist.usgcb.rhel:def:20167
Audit rules about the Files Deletion Events by User (successful and unsuccessful) are enabled

oval:gov.nist.usgcb.rhel:def:20168
Audit rules about the System Administrator Actions are enabled

oval:gov.nist.usgcb.rhel:def:20165
Audit rules about the Information on the Use of Privileged Commands are enabled

oval:gov.nist.usgcb.rhel:def:20166
Audit rules about the Information on Exporting to Media (successful) are enabled

oval:gov.nist.usgcb.rhel:def:20163
Audit rules about the Discretionary Access Control Permission Modi���cation Events are enabled

oval:gov.nist.usgcb.rhel:def:20164
Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled

oval:gov.nist.usgcb.rhel:def:20161
Audit rules about the Logon and Logout Events are enabled

oval:gov.nist.usgcb.rhel:def:20162
Audit rules about the Process and Session Initiation Information are enabled

oval:gov.nist.usgcb.rhel:def:20160
Audit rules about the System���s Mandatory Access Controls are enabled

oval:org.secpod.oval:def:500814
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ...

oval:gov.nist.usgcb.rhel:def:20158
Audit rules about User/Group Information are enabled

oval:gov.nist.usgcb.rhel:def:20159
Audit rules about the System���s Network Environment are enabled

oval:gov.nist.usgcb.rhel:def:20156
The auditd service should be enabled.

oval:gov.nist.usgcb.rhel:def:20157
Look for argument audit=1 in the kernel line in /boot/grub/grub.conf

oval:gov.nist.usgcb.rhel:def:20154
The logrotate (syslog rotater) service should be enabled.

oval:gov.nist.usgcb.rhel:def:20152
Syslog logs should be sent to a remote loghost

oval:gov.nist.usgcb.rhel:def:20153
RSyslogd should reject remote messages

oval:gov.nist.usgcb.rhel:def:20150
All syslog log files should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20151
File permissions for all syslog log files should be set correctly.

oval:org.secpod.oval:def:10399
Users should be allowed or not allowed to set environment options for SSH as appropriate.

oval:gov.nist.usgcb.rhel:def:20068
Login access to non-root system accounts should be disabled

oval:gov.nist.usgcb.rhel:def:20069
Login access to accounts without passwords should be disabled

oval:gov.nist.usgcb.rhel:def:20066
Command access to the root account should be restricted to the wheel group.

oval:gov.nist.usgcb.rhel:def:20064
Login prompts on serial ports should be disabled.

oval:gov.nist.usgcb.rhel:def:20065
The wheel group should exist

oval:gov.nist.usgcb.rhel:def:20059
Kernel support for the XD/NX processor feature should be enabled

oval:gov.nist.usgcb.rhel:def:20057
ExecShield should be enabled

oval:gov.nist.usgcb.rhel:def:20058
ExecShield randomized placement of virtual memory regions should be enabled

oval:gov.nist.usgcb.rhel:def:20055
Core dumps for all users should be disabled

oval:gov.nist.usgcb.rhel:def:20056
Core dumps for setuid programs should be disabled

oval:gov.nist.usgcb.rhel:def:20053
The daemon umask should be set as appropriate

oval:gov.nist.usgcb.rhel:def:20051
All files should be owned by a group

oval:gov.nist.usgcb.rhel:def:20052
All world writable directories should be owned by a system user

oval:gov.nist.usgcb.rhel:def:20050
All files should be owned by a user

oval:gov.nist.usgcb.rhel:def:20088
The default umask for all users should be set correctly for the csh shell

oval:gov.nist.usgcb.rhel:def:20089
The default umask for all users should be set correctly

oval:gov.nist.usgcb.rhel:def:20086
File permissions should be set correctly for the home directories for all user accounts.

oval:gov.nist.usgcb.rhel:def:20087
The default umask for all users should be set correctly for the bash shell

oval:gov.nist.usgcb.rhel:def:20084
The passwords to remember should be set correctly.

oval:gov.nist.usgcb.rhel:def:20085
The PATH variable should be set correctly for user root

oval:gov.nist.usgcb.rhel:def:20083
The password hashing algorithm should be set correctly.

oval:gov.nist.usgcb.rhel:def:20077
NIS file inclusions should be set appropriately in the /etc/passwd file

oval:gov.nist.usgcb.rhel:def:20075
NIS file inclusions should be set appropriately in the /etc/shadow file

oval:gov.nist.usgcb.rhel:def:20076
NIS file inclusions should be set appropriately in the /etc/group file

oval:gov.nist.usgcb.rhel:def:20073
The "maximum password age" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:20074
The password warn age should be set appropriately

oval:gov.nist.usgcb.rhel:def:20071
The password minimum length should be set appropriately

oval:gov.nist.usgcb.rhel:def:20072
The "minimum password age" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:20070
Anonymous root logins are disabled

oval:gov.nist.usgcb.rhel:def:201115
Check for device ���le that is not labeled.

oval:org.secpod.oval:def:500870
The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP"s Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to ...

oval:gov.nist.usgcb.rhel:def:20097
The ability for users to perform interactive startups should be disabled.

oval:gov.nist.usgcb.rhel:def:20095
The grub boot loader should have password protection enabled

oval:gov.nist.usgcb.rhel:def:20096
The requirement for a password to boot into single-user mode should be configured correctly.

oval:gov.nist.usgcb.rhel:def:20093
The /boot/grub/grub.conf file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20094
File permissions for /boot/grub/grub.conf should be set correctly.

oval:gov.nist.usgcb.rhel:def:202456
Use only approved ciphers

oval:gov.nist.usgcb.rhel:def:20092
The /boot/grub/grub.conf file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:202455
PermitUserEnvironment should be disabled

oval:gov.nist.usgcb.rhel:def:20090
The default umask for all users should be set correctly

oval:gov.nist.usgcb.rhel:def:36491
Firewall access to printing service should be enabled or disabled as appropriate

oval:org.secpod.oval:def:500037
Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the curr ...

oval:gov.nist.usgcb.rhel:def:202885
Clients require LDAP servers to provide valid certificates for SSL communications.

oval:org.secpod.oval:def:501376
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ...

oval:gov.nist.usgcb.rhel:def:201575
Audit rules about time are enabled

oval:org.secpod.oval:def:500002
The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries. The libgcj package provides fastjar, an archive tool for Java Archive files. Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a loc ...

oval:org.secpod.oval:def:500003
Red Hat Enterprise Linux 5 is installed

oval:org.secpod.oval:def:500487
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The rds_page_copy_user function in the Linux kernel Reliable Datagram Sockets protocol implementation was missing sanity checks. A local, unprivileged user could u ...

oval:gov.nist.usgcb.rhel:def:200695
Check that passwords are shadowed

oval:gov.nist.usgcb.rhel:def:2034011
Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used.

oval:gov.nist.usgcb.rhel:def:2034010
Require samba clients running smbclient to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing.

oval:gov.nist.usgcb.rhel:def:20208
The /etc/crontab file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20209
The /etc/crontab file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20205
The crond service should be enabled.

oval:gov.nist.usgcb.rhel:def:20200
The bluetooth service should be disabled.

oval:org.secpod.oval:def:500095
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could send a specially-craf ...

oval:gov.nist.usgcb.rhel:def:20201
The hidd service should be disabled.

oval:gov.nist.usgcb.rhel:def:201825
The tftp service should be disabled.

oval:gov.nist.usgcb.rhel:def:20228
File permissions for /etc/cron.d should be set correctly.

oval:gov.nist.usgcb.rhel:def:20226
File permissions for /etc/cron.weekly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20227
File permissions for /etc/cron.monthly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20224
File permissions for /etc/cron.hourly should be set correctly.

oval:gov.nist.usgcb.rhel:def:20225
File permissions for /etc/cron.daily should be set correctly.

oval:gov.nist.usgcb.rhel:def:20222
The /etc/cron.monthly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20223
The /etc/cron.d file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20220
The /etc/cron.daily file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20221
The /etc/cron.weekly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20219
The /etc/cron.hourly file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20217
The /etc/cron.monthly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20218
The /etc/cron.d file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20215
The /etc/cron.daily file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20216
The /etc/cron.weekly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20213
File permissions for /etc/anacrontab should be set correctly.

oval:gov.nist.usgcb.rhel:def:20214
The /etc/cron.hourly file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20211
The /etc/anacrontab file should be owned by the appropriate group.

oval:gov.nist.usgcb.rhel:def:20212
The /etc/anacrontab file should be owned by the appropriate user.

oval:gov.nist.usgcb.rhel:def:20210
File permissions for /etc/crontab should be set correctly.

oval:gov.nist.usgcb.rhel:def:20248
Disable the ability to provide remote graphical display

oval:gov.nist.usgcb.rhel:def:20249
Enable warning banner for GUI login

oval:gov.nist.usgcb.rhel:def:20244
Remote connections from accounts with empty passwords should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20245
SSH warning banner should be enabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20242
SSH host-based authentication should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20243
Root login via SSH should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20240
The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20241
Emulation of the rsh command through the ssh server should be disabled (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20239
The SSH idle timout interval should be set to an appropriate value (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20238
SSH version 1 protocol support should be disabled. (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20235
SSH should be uninstalled

oval:gov.nist.usgcb.rhel:def:20234
The sshd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20268
The dhcpd service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:20269
The dhcp package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20266
The hplip service should be disabled.

oval:gov.nist.usgcb.rhel:def:20250
The avahi-daemon service should be disabled.

oval:gov.nist.usgcb.rhel:def:20289
The ldap service should be disabled.

oval:gov.nist.usgcb.rhel:def:20287
The sendmail service should be disabled.

oval:gov.nist.usgcb.rhel:def:20283
A remote NTP Server for time synchronization should be specified (and dependencies are met)

oval:gov.nist.usgcb.rhel:def:20281
The ntpd service should be enabled.

oval:gov.nist.usgcb.rhel:def:203175
The vsftpd service should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20187
The kdump service should be disabled.

oval:gov.nist.usgcb.rhel:def:20186
The isdn service should be disabled.

oval:gov.nist.usgcb.rhel:def:201035
Check output of /usr/sbin/sestatus or check if /selinux exists.

oval:gov.nist.usgcb.rhel:def:20181
The ypbind service should be disabled.

oval:gov.nist.usgcb.rhel:def:20182
The tftp-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20180
The ypserv package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20177
The rsh-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20174
The telnet-server package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20172
The inetd package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20173
The xinetd package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20170
The inetd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20171
The xinetd service should be disabled.

oval:org.secpod.oval:def:10491
The microcode_ctl service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10492
Avahi publishing of domain name should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10493
File permissions for /etc/pki/tls/CA/cacert.pem should be set correctly.

oval:org.secpod.oval:def:10494
File permissions for /etc/pki/tls/ldap should be set correctly.

oval:org.secpod.oval:def:10495
The haldaemon service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10496
The network service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10497
The Dovecot option to drop privileges to user before executing mail process should be enabled or not as appropriate

oval:org.secpod.oval:def:10498
Squid should be configured to allow http-mgmt traffic or not as appropriate

oval:org.secpod.oval:def:10490
The Squid max request HTTP header length should be set to an appropriate value.

oval:org.secpod.oval:def:10488
Write access to NFS shares should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10489
Avahi publishing of local information by user applications should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:178160
The libuser library imports login_defs from a file as appropriate.

oval:gov.nist.usgcb.rhel:def:20196
The readahead_early service should be disabled.

oval:gov.nist.usgcb.rhel:def:20197
The readahead_later service should be disabled.

oval:gov.nist.usgcb.rhel:def:20193
Disable Zeroconf automatic route assignment in the 169.245.0.0 subnet.

oval:org.secpod.oval:def:10499
File permissions for /etc/pki/tls/ldap/serverkey.pem should be set correctly.

oval:gov.nist.usgcb.rhel:def:201480
The rsyslog package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:201479
Support for TIPC should be disabled.

oval:gov.nist.usgcb.rhel:def:201478
Support for RDS should be disabled.

oval:gov.nist.usgcb.rhel:def:201474
Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain.

oval:gov.nist.usgcb.rhel:def:201477
Support for SCTP should be disabled.

oval:gov.nist.usgcb.rhel:def:201476
Support for DCCP should be disabled.

oval:gov.nist.usgcb.rhel:def:201006
Idle activation of the screen lock should be enabled.

oval:gov.nist.usgcb.rhel:def:201005
Idle activation of the screen saver should be enabled.

oval:gov.nist.usgcb.rhel:def:201007
The screen saver should be blank.

oval:gov.nist.usgcb.rhel:def:200155
>Verify the integrity of installed packages by comparing the installed ���les with information about the ���les taken from the package metadata stored in the RPM database.

oval:org.secpod.oval:def:10430
NIS domain should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10431
File permissions for /usr/sbin/userhelper should be set correctly.

oval:org.secpod.oval:def:10432
The /var/named/chroot/etc/named.conf file should be owned by the appropriate group.

oval:org.secpod.oval:def:500152
Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java f ...

oval:org.secpod.oval:def:500156
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Linux kernel"s garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service . * A ...

oval:org.secpod.oval:def:501008
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use ...

oval:org.secpod.oval:def:10422
CUPS service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10423
The apache2 server's ServerSignature value should be set appropriately.

oval:org.secpod.oval:def:10424
Logins through the specified virtual console interface should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10425
The messagebus service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10426
The mdmonitor service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10427
Console device ownership should be restricted to root-only as appropriate.

oval:org.secpod.oval:def:10428
Dovecot should be configured to support the pop3s protocol or not as necessary

oval:org.secpod.oval:def:10429
The default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately.

oval:org.secpod.oval:def:10440
The pcscd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10441
The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate user.

oval:org.secpod.oval:def:10442
Logins through the primary console device should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10443
The irqbalance service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:500168
Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ...

oval:org.secpod.oval:def:10433
The USB device support module should be installed or not as appropriate.

oval:org.secpod.oval:def:10434
The statd service should be configured to use an outgoing static port or an outgoing dynamic portmapper port as appropriate

oval:org.secpod.oval:def:10435
File permissions for /usr/sbin/httpd should be set correctly.

oval:org.secpod.oval:def:10436
OpenNTPD should be installed or uninstalled as appropriate.

oval:org.secpod.oval:def:10437
Sudo privileges should granted or rejected to the wheel group as appropriate.

oval:org.secpod.oval:def:10438
The cpuspeed service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10439
The default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

oval:org.secpod.oval:def:10410
The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:501022
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments . A local user with th ...

oval:org.secpod.oval:def:10408
The rquotad service should be configured to use a static port or a dynamic portmapper port as appropriate.

oval:org.secpod.oval:def:10409
The /etc/httpd/conf/* files should be owned by the appropriate group.

oval:org.secpod.oval:def:10400
Bluetooth kernel modules should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10401
Syslogd should accept remote messages or not as appropriate.

oval:org.secpod.oval:def:10402
The firstboot service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10403
The smartd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10405
The ntp daemon synchronization server should be set appropriately.

oval:org.secpod.oval:def:10406
The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate user.

oval:org.secpod.oval:def:10407
Automatic loading of the IPv6 kernel module should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10420
dhcpd logging should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10421
CUPS service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10419
Domain name server information should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10411
Squid should be configured to allow wais traffic or not as appropriate

oval:org.secpod.oval:def:10412
The statd service should be configured to use a static port or a dynamic portmapper port as appropriate

oval:org.secpod.oval:def:10413
The syslog service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10414
Console device ownership should be restricted to root-only as appropriate.

oval:org.secpod.oval:def:10415
The idle time-out value for the default /bin/tcsh shell should meet the minimum requirements.

oval:org.secpod.oval:def:10416
The Squid EUID should be set to an appropriate user

oval:org.secpod.oval:def:10417
The idle time-out value for the default /bin/bash shell should meet the minimum requirements.

oval:org.secpod.oval:def:10418
The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate group.

oval:org.secpod.oval:def:10470
File permissions for /etc/pki/tls/ldap/servercert.pem should be set correctly.

oval:org.secpod.oval:def:10471
Command access to the root account should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10472
The default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10473
The apmd service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10474
The default setting for accepting IPv6 router advertisements should be enabled or disabled for network interfaces as appropriate.

oval:org.secpod.oval:def:10475
The listening sendmail daemon should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10476
Inbound connections to the ssh port should be allowed or denied as appropriate.

oval:org.secpod.oval:def:10466
Squid should be configured to allow ftp traffic or not as appropriate.

oval:org.secpod.oval:def:10467
The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10468
The /var/named/chroot/etc/named.conf file should be owned by the appropriate user.

oval:org.secpod.oval:def:10469
Syslog logs should be sent to a remote loghost or not as appropriate.

oval:org.secpod.oval:def:10480
NTP servers should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10481
The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate group.

oval:org.secpod.oval:def:10482
The logwatch service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10483
The /etc/pki/tls/ldap file should be owned by the appropriate group.

oval:org.secpod.oval:def:10484
Avahi publishing of IP addresses should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10485
The Squid option to allow underscores in hostnames should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10486
BOOTP queries should be accepted or denied by the DHCP server as appropriate.

oval:org.secpod.oval:def:10487
The apache 2 server software should be installed or removed as appropriate

oval:org.secpod.oval:def:10477
The acpid service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10478
The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate.

oval:org.secpod.oval:def:10479
Time offset should be sent or not sent by the DHCP server as appropriate..

oval:org.secpod.oval:def:10450
The setroubleshoot package should be installed or uninstalled as appropriate.

oval:org.secpod.oval:def:10451
The default number of IPv6 router solicitations for network interfaces to send should be set appropriately.

oval:org.secpod.oval:def:10452
NIS servers should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10453
Device drivers for wireless devices should be included or excluded from the kernel as appropriate.

oval:org.secpod.oval:def:10454
USB kernel support should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:500134
Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ...

oval:org.secpod.oval:def:10444
Squid should be configured to allow gopher traffic or not as appropriate

oval:org.secpod.oval:def:10445
The default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

oval:org.secpod.oval:def:10446
The restorecond service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10447
Network access to ntpd should be allowed or denied as appropriate.

oval:org.secpod.oval:def:10448
The Avahi daemon should be configured to serve via Ipv6 or not as appropriate.

oval:org.secpod.oval:def:10449
The default number of global unicast IPv6 addresses allowed per network interface should be set appropriately.

oval:org.secpod.oval:def:10460
The default setting for accepting redirects from IPv6 routers should be enabled or disabled for network interfaces as appropriate.

oval:org.secpod.oval:def:10461
The kudzu service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10462
The default setting for accepting router preference via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.

oval:org.secpod.oval:def:10463
The gpm service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10464
Default routers should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10465
The setroubleshoot service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10455
The Squid option to show proxy client IP addresses in HTTP headers should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10456
The /usr/sbin/userhelper file should be owned by the appropriate group.

oval:org.secpod.oval:def:10457
The USB device support module should be loaded or not as appropriate.

oval:org.secpod.oval:def:10458
The dhcp client service should be enabled or disabled as appropriate for each interface.

oval:org.secpod.oval:def:10459
Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate.

oval:org.secpod.oval:def:501093
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:gov.nist.usgcb.rhel:def:201745
The telnet service should be disabled.

oval:gov.nist.usgcb.rhel:def:20306
The nosuid option should be enabled for all NFS mounts

oval:gov.nist.usgcb.rhel:def:20303
The nfs service should be disabled

oval:gov.nist.usgcb.rhel:def:20304
The rpcsvcgssd service should be disabled

oval:org.secpod.oval:def:10507
The Avahi daemon should be configured to serve via Ipv4 or not as appropriate.

oval:org.secpod.oval:def:10508
The Dovecot option to spawn a new login process per connection should be enabled or not as appropriate

oval:org.secpod.oval:def:10509
Squid proxy access to localhost should be allowed or denied as appropriate

oval:org.secpod.oval:def:10500
Dovecot should be configured to support the imaps protocol or not as necessary

oval:org.secpod.oval:def:10501
File permissions for /etc/httpd/conf/* should be set correctly.

oval:org.secpod.oval:def:10502
Domain name should be sent or not sent by the DHCP server as appropriate.

oval:org.secpod.oval:def:10503
DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate

oval:org.secpod.oval:def:10504
The net-smtp package should be installed or uninstalled as appropriate

oval:org.secpod.oval:def:10505
The anacron service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10506
CUPS should be allowed or denied the ability to listen for Incoming printer information as appropriate

oval:org.secpod.oval:def:10520
The xfs service should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10518
Local user login to the vsftpd service should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10519
Avahi publishing of local information should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10510
The Squid max reply HTTP header length should be set to an appropriate value

oval:org.secpod.oval:def:10511
Remote print browsing should be enabled or disabled as appropriate

oval:gov.nist.usgcb.rhel:def:141130
The password dcredit should meet minimum requirements using pam_cracklib

oval:org.secpod.oval:def:10512
The ntp daemon should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10513
Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate

oval:org.secpod.oval:def:10514
The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate group.

oval:org.secpod.oval:def:10515
The anacron package should be installed or uninstalled as appropriate.

oval:org.secpod.oval:def:10516
Avahi publishing of hardware information should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10517
The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate

oval:gov.nist.usgcb.rhel:def:20323
The httpd package should be uninstalled.

oval:org.secpod.oval:def:501064
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cip ...

oval:gov.nist.usgcb.rhel:def:20322
The httpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20317
The vsftpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20312
The bind package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20311
The named service should be disabled.

oval:gov.nist.usgcb.rhel:def:200855
Check each directory in root's path and make use it does not grant write permission to group and other

oval:gov.nist.usgcb.rhel:def:20341
The squid service should be disabled.

oval:gov.nist.usgcb.rhel:def:20342
The squid package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20340
The smb service should be disabled.

oval:gov.nist.usgcb.rhel:def:20332
The dovecot package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:20331
The dovecot service should be disabled.

oval:gov.nist.usgcb.rhel:def:20365
The snmpd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20366
The net-snmp package should be uninstalled.

oval:gov.nist.usgcb.rhel:def:200801
The "account deny" policy should meet minimum requirements.

oval:gov.nist.usgcb.rhel:def:180372
The firewall should allow or reject access to the avahi service.

oval:gov.nist.usgcb.rhel:def:20295
The netfs service should be disabled.

oval:gov.nist.usgcb.rhel:def:20296
The portmap service should be disabled.

oval:gov.nist.usgcb.rhel:def:20293
The rpcgssd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20294
The rpcidmapd service should be disabled.

oval:gov.nist.usgcb.rhel:def:20292
The nfslock service should be disabled.

oval:gov.nist.usgcb.rhel:def:573897
The talk package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573896
The talk-server package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573895
The pam_ccreds package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573894
The ipsec-tools package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573893
The isdn4k-utils package should installed or uninstalled as appropriate.

oval:org.secpod.oval:def:500224
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Ente ...

oval:gov.nist.usgcb.rhel:def:573892
The sendmail package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573891
The postfix package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:573898
The irda-utils package should be installed or uninstalled as appropriate.

oval:gov.nist.usgcb.rhel:def:40725
The autofs service should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:200065
The GPG key should be installed.

oval:org.secpod.oval:def:10550
The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate.

oval:org.secpod.oval:def:10551
Squid should be configured to allow http traffic or not as appropriate

oval:org.secpod.oval:def:10543
Root squashing should be enabled or disabled as appropriate for all NFS shares.

oval:org.secpod.oval:def:10544
Dovecot should be configured to support the imap protocol or not as necessary

oval:org.secpod.oval:def:10545
Logging of vsftpd transactions should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10546
Dovecot plaintext authentication of clients should be enabled or disabled as necessary

oval:org.secpod.oval:def:10547
A warning banner for all FTP users should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10548
The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate

oval:org.secpod.oval:def:10549
File permissions for /var/log/httpd should be set correctly.

oval:org.secpod.oval:def:10530
The Squid GUID should be set to an appropriate group

oval:org.secpod.oval:def:10531
The /var/lib/ldap/* files should be owned by the appropriate group.

oval:org.secpod.oval:def:10529
The apache2 server's ServerTokens value should be set appropriately

oval:org.secpod.oval:def:10521
The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate user.

oval:org.secpod.oval:def:10522
Avahi publishing of workstation name should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10523
The Squid option to force FTP passive connections should be enabled or not as appropriate

oval:org.secpod.oval:def:10524
The Squid option to perform FTP sanity checks should be enabled or not as appropriate

oval:org.secpod.oval:def:10525
File uploads via vsftpd should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10526
X Windows should be enabled or disabled at system boot as appropriate

oval:org.secpod.oval:def:10527
Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10528
Squid should be configured to allow multiling http traffic or not as appropriate

oval:org.secpod.oval:def:10540
The noexec option should be enabled or disabled for all NFS mounts as appropriate

oval:org.secpod.oval:def:10541
Squid should be configured to allow https traffic or not as appropriate

oval:org.secpod.oval:def:10542
Dovecot should be configured to support the pop3 protocol or not as necessary

oval:org.secpod.oval:def:10532
File permissions for /var/named/chroot/etc/named.conf should be set correctly.

oval:org.secpod.oval:def:10533
The /etc/pki/tls/ldap file should be owned by the appropriate user.

oval:org.secpod.oval:def:10534
The Squid option to suppress the httpd version string should be enabled or disabled as appropriate

oval:org.secpod.oval:def:10535
The /var/lib/ldap/* files should be owned by the appropriate user.

oval:org.secpod.oval:def:10536
The Squid option to check for RFC compliant hostnames should be enabled or not as appropriate

oval:org.secpod.oval:def:10537
File permissions for /etc/httpd/conf should be set correctly.

oval:org.secpod.oval:def:10538
Squid should be configured to allow gss-http traffic or not as appropriate

oval:org.secpod.oval:def:10539
Squid should be configured to allow filemaker traffic or not as appropriate

oval:gov.nist.usgcb.rhel:def:201776
The rlogin service should be disabled.

oval:gov.nist.usgcb.rhel:def:201775
The rsh service should be disabled.

oval:org.secpod.oval:def:501104
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the madvise system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of ...

oval:gov.nist.usgcb.rhel:def:201774
The rcp service should be disabled.

oval:org.secpod.oval:def:500716
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions& ...

oval:org.secpod.oval:def:500086
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged ...

oval:org.secpod.oval:def:500779
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ...

oval:org.secpod.oval:def:500785
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw in the xfrm6_tunnel_rcv function in the Linux kernel"s IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv. A remote attack ...

oval:org.secpod.oval:def:500076
The kernel packages contain the Linux kernel. Security fix: * A flaw in skb_gro_header_slow in the Linux kernel could lead to GRO fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. Red Hat would like to thank Brent Meshi ...

oval:org.secpod.oval:def:500871
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel"s dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could us ...

oval:org.secpod.oval:def:501937
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501458
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a n ...

oval:org.secpod.oval:def:106842
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:105903
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:106162
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:105764
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:106220
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:501197
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful ...

oval:org.secpod.oval:def:24735
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PPP packet. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501942
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:501943
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501151
The GIMP is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, ...

oval:org.secpod.oval:def:501944
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ...

oval:org.secpod.oval:def:500890
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ...

oval:org.secpod.oval:def:500799
PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ...

oval:org.secpod.oval:def:500837
PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ...

oval:org.secpod.oval:def:501161
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ...

oval:org.secpod.oval:def:501009
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Buffer overflow flaws were found in the udf_load_logicalvol function in the Universal Disk Format file system implementation in the Linux kernel. An attacker with ...

oval:org.secpod.oval:def:500893
PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ...

oval:org.secpod.oval:def:501191
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:501946
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501949
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501183
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501182
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501211
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501210
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ...

oval:org.secpod.oval:def:501429
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ...

oval:org.secpod.oval:def:501460
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500384
OpenLDAP is an open source suite of LDAP applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd d ...

oval:org.secpod.oval:def:21820
The host is installed with Linux kernel through 3.17.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle the writing of a non-canonical address to a model-specific register. Successful exploitation allows guest OS users to cause a ...

oval:org.secpod.oval:def:107853
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:501447
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ...

oval:org.secpod.oval:def:501498
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus cr ...

oval:org.secpod.oval:def:501552
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ...

oval:org.secpod.oval:def:501471
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ...

oval:org.secpod.oval:def:500121
OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP wou ...

oval:org.secpod.oval:def:501157
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileg ...

oval:org.secpod.oval:def:501181
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Xen hypervisor did not always lock "page_alloc_lock" and "grant_table.lock" in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw ...

oval:org.secpod.oval:def:501221
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ...

oval:org.secpod.oval:def:501339
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ...

oval:org.secpod.oval:def:108122
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:106977
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:107108
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:501268
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ...

oval:org.secpod.oval:def:501270
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501319
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501340
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501372
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501318
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could ...

oval:org.secpod.oval:def:501341
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check function in the Linux kernel"s implementation of Reliable Datagram Sockets . A local, unprivileged user could use this flaw to crash the system. ...

oval:org.secpod.oval:def:501299
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and ...

oval:org.secpod.oval:def:21831
The host is installed with sendmail before 8.14.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a custom mail-delivery program. Successful exploitation allows local users to access unintended high-numbered file descriptors.

oval:org.secpod.oval:def:107162
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:501971
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:500714
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript"s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF fi ...

oval:org.secpod.oval:def:501972
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:500343
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an ...

oval:org.secpod.oval:def:500842
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, ...

oval:org.secpod.oval:def:500061
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this fl ...

oval:org.secpod.oval:def:24750
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24751
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to multiple out-of-bounds read vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24753
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a divide by zero vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:500351
LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp ...

oval:org.secpod.oval:def:1600256
The tomcat5, tomcat6, and tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on tomcat5-initd.log, tomcat6-initd. ...

oval:org.secpod.oval:def:500945
The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, p ...

oval:org.secpod.oval:def:500463
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ...

oval:org.secpod.oval:def:501350
The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install up ...

oval:org.secpod.oval:def:500857
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ...

oval:org.secpod.oval:def:500889
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ...

oval:org.secpod.oval:def:501385
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. It contains a DNS server , a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain vers ...

oval:org.secpod.oval:def:501473
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ...

oval:org.secpod.oval:def:500708
The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker abl ...

oval:org.secpod.oval:def:501030
The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc routine in Boost sanitized the "next_size" and "max_size" parameters when allocating memory. If an ap ...

oval:org.secpod.oval:def:500394
bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing ma ...

oval:org.secpod.oval:def:500731
The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicio ...

oval:org.secpod.oval:def:21003
The host is installed with Common Unix Printing System (CUPS) before 1.7.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL patch. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:500886
The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an a ...

oval:org.secpod.oval:def:21830
The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ...

oval:org.secpod.oval:def:500120
eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file sys ...

oval:org.secpod.oval:def:500373
Exim is a mail transport agent developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim"s internal string_vformat function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exi ...

oval:org.secpod.oval:def:21802
The host is installed with Exim before 4.83 and is prone to an elevation vulnerability. A flaw is present in the application, which expands mathematical comparisons twice. Successful exploitation allows local users to gain privileges and execute arbitrary commands.

oval:org.secpod.oval:def:500216
Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ...

oval:org.secpod.oval:def:501186
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ...

oval:org.secpod.oval:def:21813
The host is installed with D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20 or 1.8.x before 1.8.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which sends an accessdenied error to the service instead of a client when the client is prohibited from accessing t ...

oval:org.secpod.oval:def:500214
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with ...

oval:org.secpod.oval:def:500301
Poppler is a Portable Document Format rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:500947
FreeRADIUS is an open-source Remote Authentication Dial-In User Service server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" mod ...

oval:org.secpod.oval:def:500347
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500424
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500490
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500962
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format fonts. If a user loaded a sp ...

oval:org.secpod.oval:def:500174
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500838
libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents . An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libw ...

oval:org.secpod.oval:def:501096
The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perfo ...

oval:org.secpod.oval:def:500766
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ...

oval:org.secpod.oval:def:501631
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc"s getaddr ...

oval:org.secpod.oval:def:500467
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not per ...

oval:org.secpod.oval:def:500416
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ...

oval:org.secpod.oval:def:501369
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ...

oval:org.secpod.oval:def:501067
Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to c ...

oval:org.secpod.oval:def:501384
Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they ...

oval:org.secpod.oval:def:501313
The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ...

oval:org.secpod.oval:def:21826
The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allo ...

oval:org.secpod.oval:def:500455
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax encryption and signing tool, handled X.509 certificat ...

oval:org.secpod.oval:def:20971
The host is installed with curl or libcurl 7.1 before 7.36 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate issued by a legitimate Certification Authority. Successful exploitation could allow attackers to spoo ...

oval:org.secpod.oval:def:500171
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client" ...

oval:org.secpod.oval:def:501049
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ...

oval:org.secpod.oval:def:501076
cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ...

oval:org.secpod.oval:def:500934
Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals. It was found that the HP CUPS fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwritin ...

oval:org.secpod.oval:def:500727
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker- ...

oval:org.secpod.oval:def:500379
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specia ...

oval:org.secpod.oval:def:500864
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-leng ...

oval:org.secpod.oval:def:500406
The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentia ...

oval:org.secpod.oval:def:500193
The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to ...

oval:org.secpod.oval:def:501122
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ...

oval:org.secpod.oval:def:24744
The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information.

oval:org.secpod.oval:def:500501
The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib d ...

oval:org.secpod.oval:def:500706
The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ...

oval:org.secpod.oval:def:501005
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ...

oval:org.secpod.oval:def:501459
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ...

oval:org.secpod.oval:def:500242
Logwatch is a customizable log analysis system. Logwatch parses through your system"s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create ...

oval:org.secpod.oval:def:500143
Bash is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrar ...

oval:org.secpod.oval:def:500294
MikMod is a MOD music file player for Linux, UNIX, and similar operating systems. It supports various file formats including MOD, STM, S3M, MTM, XM, ULT, and IT. Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially-crafted music files in various format ...

oval:org.secpod.oval:def:501069
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that kadmind"s kpasswd service did not perform any validation on incoming network packets, causi ...

oval:org.secpod.oval:def:202976
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:202979
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:106158
The mod_nss module provides strong cryptography for the Apache Web server via the Secure Sockets Layer and Transport Layer Security protocols using the Network Security Services security library.

oval:org.secpod.oval:def:501149
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ...

oval:org.secpod.oval:def:500302
PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart ...

oval:org.secpod.oval:def:21520
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENARC. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:21800
The host is installed with net-snmp 5.7.0 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted SNMP trap message. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:500726
The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this ...

oval:org.secpod.oval:def:501169
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ...

oval:org.secpod.oval:def:500032
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ...

oval:org.secpod.oval:def:501345
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ...

oval:org.secpod.oval:def:500961
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ...

oval:org.secpod.oval:def:500167
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ...

oval:org.secpod.oval:def:500228
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ...

oval:org.secpod.oval:def:500712
The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privile ...

oval:org.secpod.oval:def:500789
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ...

oval:org.secpod.oval:def:500157
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way ...

oval:org.secpod.oval:def:501056
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Opensw ...

oval:org.secpod.oval:def:500950
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This er ...

oval:org.secpod.oval:def:501414
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:501433
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:500954
Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there ...

oval:org.secpod.oval:def:21822
The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty functi ...

oval:org.secpod.oval:def:500751
The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the ...

oval:org.secpod.oval:def:501381
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled reference counting when requeuing futexes during futex_wait. A local, unprivileged user could use this flaw to zero out the reference counter ...

oval:org.secpod.oval:def:501387
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ...

oval:org.secpod.oval:def:501073
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:org.secpod.oval:def:501163
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ...

oval:org.secpod.oval:def:500797
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ...

oval:org.secpod.oval:def:501078
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ...

oval:org.secpod.oval:def:501167
Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially craft ...

oval:org.secpod.oval:def:500836
PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ...

oval:org.secpod.oval:def:500800
PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ...

oval:org.secpod.oval:def:500894
PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ...

oval:org.secpod.oval:def:1500220
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ...

oval:org.secpod.oval:def:202925
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ...

oval:org.secpod.oval:def:21825
The host is installed with Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted block size. Successful exploitation allows remote attackers to caus ...

oval:org.secpod.oval:def:501119
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:500423
The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The qspice-client package provides the ...

oval:org.secpod.oval:def:500935
The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.den ...

oval:org.secpod.oval:def:500031
rdesktop is a client for the Remote Desktop Server in Microsoft Windows. It uses the Remote Desktop Protocol to remotely present a user"s desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdeskt ...

oval:org.secpod.oval:def:500747
The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel"s kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel"s kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism ...

oval:org.secpod.oval:def:25180
The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration fr ...

oval:org.secpod.oval:def:500323
The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ...

oval:org.secpod.oval:def:500091
system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privi ...

oval:org.secpod.oval:def:500317
The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to cre ...

oval:org.secpod.oval:def:500180
The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package ...

oval:org.secpod.oval:def:501468
The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, descripti ...

oval:org.secpod.oval:def:501422
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ...

oval:org.secpod.oval:def:500938
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files wit ...

oval:org.secpod.oval:def:500162
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could u ...

oval:org.secpod.oval:def:501018
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby"s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service b ...

oval:org.secpod.oval:def:501089
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby"s SSL client"s hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could poten ...

oval:org.secpod.oval:def:25173
The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL c ...

oval:org.secpod.oval:def:500220
rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this ...

oval:org.secpod.oval:def:500793
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ...

oval:org.secpod.oval:def:500780
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ...

oval:org.secpod.oval:def:501214
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ...

oval:org.secpod.oval:def:501331
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ...

oval:org.secpod.oval:def:501154
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ...

oval:org.secpod.oval:def:500730
Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to ...

oval:org.secpod.oval:def:500985
The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ...

oval:org.secpod.oval:def:21526
The host is installed with System Security Services Daemon (SSSD) 1.11.6 and is prone to Security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to bypass access restrictions.

oval:org.secpod.oval:def:501101
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed ...

oval:org.secpod.oval:def:500861
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption infor ...

oval:org.secpod.oval:def:500764
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemT ...

oval:org.secpod.oval:def:500057
SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stap ...

oval:org.secpod.oval:def:500022
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivil ...

oval:org.secpod.oval:def:501195
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use t ...

oval:org.secpod.oval:def:500345
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the ...

oval:org.secpod.oval:def:500846
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ...

oval:org.secpod.oval:def:500866
The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package"s post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack ...

oval:org.secpod.oval:def:501062
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ...

oval:org.secpod.oval:def:202888
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ...

oval:org.secpod.oval:def:501120
Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw ...

oval:org.secpod.oval:def:500413
The w3m program is a pager that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted ce ...

oval:org.secpod.oval:def:500732
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this f ...

oval:org.secpod.oval:def:500107
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws t ...

oval:org.secpod.oval:def:501470
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:501115
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use ...

oval:org.secpod.oval:def:20968
The host is installed with libXext before 1.3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) ...

oval:org.secpod.oval:def:20966
The host is installed with libXfixes 5.0 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors related to the XFixesGetCursorImage function. Successful exploitation could allow attackers to lead to a heap-ba ...

oval:org.secpod.oval:def:21516
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs protocol reply. Successful exploitation could allow attackers to execute arbitrary code

oval:org.secpod.oval:def:21517
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs reply. Successful exploitation could allow attackers to execute arbitrary code

oval:org.secpod.oval:def:21515
The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to metadata. Successful exploitation could allow attackers to gain privileges by add ...

oval:org.secpod.oval:def:501467
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exp ...

oval:org.secpod.oval:def:20992
The host is installed with libXi before 1.7.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMoti ...

oval:org.secpod.oval:def:20976
The host is installed with libXinerama before 1.1.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the XineramaQueryScreens function. Successful exploitation could allow attackers to trigger allocation of insu ...

oval:org.secpod.oval:def:20988
The host is installed with libXrandr before 1.4.1 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Successful exploitation ...

oval:org.secpod.oval:def:20990
The host is installed with libXtst 1.2.1 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the XRecordGetContext function. Successful exploitation could allow attackers to trigger allocation of insuff ...

oval:org.secpod.oval:def:20975
The host is installed with libXv before 1.0.8 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:20974
The host is installed with libXv before 1.0.8 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Successful exploi ...

oval:org.secpod.oval:def:501011
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-vi ...

oval:org.secpod.oval:def:500244
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of byt ...

oval:org.secpod.oval:def:20970
The host is installed with libxslt before 1.1.28 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an empty match attribute in a XSL key to the xsltAddKey function in keys.c or uninitialized variable to the xsltDocumentFunction function in ...

oval:org.secpod.oval:def:501316
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501375
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501348
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500172
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ...

oval:org.secpod.oval:def:500140
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ...

oval:org.secpod.oval:def:500234
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ...

oval:org.secpod.oval:def:1600225
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ...

oval:org.secpod.oval:def:1600208
A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to acces ...

oval:org.secpod.oval:def:1500202
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500182
Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:1500319
An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ...

oval:org.secpod.oval:def:501123
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501989
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501990
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501155
The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan JPEG markers. A remote attacker co ...

oval:org.secpod.oval:def:20994
The host is installed with libXi before 1.7.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unexpected sign extension in the XListInputDevices function. Successful exploitation could allow attack ...

oval:org.secpod.oval:def:20995
The host is installed with libXi before 1.7.2 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:20985
The host is installed with libXt before 1.1.4 and is prone to an array index error vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the _XtResourceConfigurationEH function. Successful exploitation could allow attackers to execute arbitrary ...

oval:org.secpod.oval:def:20978
The host is installed with libXcursor 1.1.13 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the _XcursorFileHeaderCreate function. Successful exploitation could allow attackers to trigger allocation of insuffi ...

oval:org.secpod.oval:def:20987
The host is installed with libXt before 1.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unchecked function pointers. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:500876
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ...

oval:org.secpod.oval:def:501438
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ...

oval:org.secpod.oval:def:24746
The host is installed with busybox in RHEL 5 or 6 and is prone to an unprivileged arbitrary module load vulnerability. A flaw is present in the application, which fails to handle basename abuse. Successful exploitation could allow attackers to load arbitrary module.

oval:org.secpod.oval:def:500851
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ...

oval:org.secpod.oval:def:500852
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ...

oval:org.secpod.oval:def:500883
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to wri ...

oval:org.secpod.oval:def:501192
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash o ...

oval:org.secpod.oval:def:1500265
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ...

oval:org.secpod.oval:def:1300240
Updated xinetd package fixes security vulnerability: It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attack ...

oval:org.secpod.oval:def:1300246
Multiple vulnerabilities was found and corrected in glibc: Integer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow ...

oval:org.secpod.oval:def:202954
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ...

oval:org.secpod.oval:def:105906
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:106013
Xinetd is a secure replacement for inetd, the Internet services daemon. Xinetd provides access control for all services based on the address of the remote host and/or on time of access and can prevent denial-of-access attacks. Xinetd provides extensive logging, has no limit on the number of server a ...

oval:org.secpod.oval:def:107827
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets ...

oval:org.secpod.oval:def:1600279
It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501114
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ...

oval:org.secpod.oval:def:501113
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ...

oval:org.secpod.oval:def:501357
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ...

oval:org.secpod.oval:def:106517
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:21799
The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ...

oval:gov.nist.usgcb.rhel:def:20063
Logins through the primary console device should be disabled

oval:org.secpod.oval:def:10404
Logins through the specified virtual console device should be enabled or disabled as appropriate.

oval:gov.nist.usgcb.rhel:def:43680
CCE-4368-7:Mount Remote Filesystems with nodev

oval:gov.nist.usgcb.rhel:def:20305
The nodev option should be enabled for all NFS mounts

oval:org.secpod.oval:def:500188
The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. ...

oval:org.secpod.oval:def:500434
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ...

oval:org.secpod.oval:def:501660
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:500750
The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main I ...

oval:org.secpod.oval:def:500881
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packa ...

oval:org.secpod.oval:def:106880
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:501296
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:1300280
A vulnerabilitt has been discovered and corrected in mysql: Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service and possibly execute arbitrary code via a long server version string . The updated packages have been ...

oval:org.secpod.oval:def:106934
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:16675
The host is installed with MariaDB before 5.5.35 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long server version string. Successful exploitation could allow attackers to crash the service or execute arbitrary code.

oval:org.secpod.oval:def:500719
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ...

oval:org.secpod.oval:def:500388
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the "ac ...

oval:org.secpod.oval:def:500885
Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ...

oval:org.secpod.oval:def:500475
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for R ...

oval:org.secpod.oval:def:500471
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variab ...

oval:org.secpod.oval:def:500943
SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attemptin ...

oval:org.secpod.oval:def:500326
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS s ...

oval:org.secpod.oval:def:500330
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the io_submit_one function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use t ...

oval:org.secpod.oval:def:500483
Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ...

oval:org.secpod.oval:def:500288
Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ...

oval:org.secpod.oval:def:500334
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the MySQL PolyFromWKB function did not sanity check Well-Known Binary data. A remote, authenticated attacker could use specially-crafted WKB d ...

oval:org.secpod.oval:def:500137
PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ...

oval:org.secpod.oval:def:500239
PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ...

oval:org.secpod.oval:def:500466
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules . It was discovered that staprun did not properly ...

oval:org.secpod.oval:def:500099
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the igb driver in the Linux kernel. If both the Single Root I/O Virtualization feature and promiscuous mode were enab ...

oval:org.secpod.oval:def:500255
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in sctp_packet_config in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could use this flaw to cause a ...

oval:org.secpod.oval:def:500209
Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tool ...

oval:org.secpod.oval:def:500201
The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ...

oval:org.secpod.oval:def:500252
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The javaws command can be used to launch Java Web Start applications. A public static field declaration allowed untrusted JNLP applications to read privileged data. A remote attacker could dire ...

oval:org.secpod.oval:def:500256
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the sctp_icmp_proto_unreachable function in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could use ...

oval:org.secpod.oval:def:501102
Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID d ...

oval:org.secpod.oval:def:500045
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain ...

oval:org.secpod.oval:def:500052
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user perfo ...

oval:org.secpod.oval:def:500257
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ...

oval:org.secpod.oval:def:500348
Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inhe ...

oval:org.secpod.oval:def:500183
The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. It was discovered that libuser did not set the password entry co ...

oval:org.secpod.oval:def:500735
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ...

oval:org.secpod.oval:def:500187
Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an applicatio ...

oval:org.secpod.oval:def:500248
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were ...

oval:org.secpod.oval:def:500040
Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim"s ses ...

oval:org.secpod.oval:def:500084
The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were n ...

oval:org.secpod.oval:def:500060
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A missing boundary check was found in the dvb_ca_ioctl function in the Linux kernel"s av7110 module. On systems that use old DVB cards that require the av7110 modu ...

oval:org.secpod.oval:def:500142
Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they ...

oval:org.secpod.oval:def:500158
Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ...

oval:org.secpod.oval:def:500222
Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ...

oval:org.secpod.oval:def:500873
teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two hea ...

oval:org.secpod.oval:def:500066
vsftpd is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted ...

oval:org.secpod.oval:def:500068
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ...

oval:org.secpod.oval:def:500230
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory moun ...

oval:org.secpod.oval:def:500127
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:500075
The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ...

oval:org.secpod.oval:def:500069
The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to cr ...

oval:org.secpod.oval:def:500724
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise ...

oval:org.secpod.oval:def:500108
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw in the dccp_rcv_state_process function could allow a remote attacker to cause a denial of service, even when the socket was already closed. * Multiple buff ...

oval:org.secpod.oval:def:500136
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * A race condition ...

oval:org.secpod.oval:def:500738
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab fi ...

oval:org.secpod.oval:def:500072
Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd ...

oval:org.secpod.oval:def:500170
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use th ...

oval:org.secpod.oval:def:500237
Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ...

oval:org.secpod.oval:def:500010
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ...

oval:org.secpod.oval:def:500204
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user coul ...

oval:org.secpod.oval:def:500036
PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ...

oval:org.secpod.oval:def:500012
PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ...

oval:org.secpod.oval:def:500151
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. * IPv6 fragment identification value generation could allow a remote at ...

oval:org.secpod.oval:def:500758
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby app ...

oval:org.secpod.oval:def:500077
Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ...

oval:org.secpod.oval:def:500150
Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can pr ...

oval:org.secpod.oval:def:500153
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in ...

oval:org.secpod.oval:def:500116
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using l ...

oval:org.secpod.oval:def:500198
Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ...

oval:org.secpod.oval:def:500243
Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An ...

oval:org.secpod.oval:def:500729
SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that ...

oval:org.secpod.oval:def:500090
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certa ...

oval:org.secpod.oval:def:500065
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local ...

oval:org.secpod.oval:def:500791
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause ...

oval:org.secpod.oval:def:500138
Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, ...

oval:org.secpod.oval:def:500186
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arb ...

oval:org.secpod.oval:def:500050
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ...

oval:org.secpod.oval:def:500106
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the de ...

oval:org.secpod.oval:def:500713
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ...

oval:org.secpod.oval:def:500056
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP serve ...

oval:org.secpod.oval:def:500752
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:500744
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel"s XFS file system implementation handled links with overly long path names. A local, unprivileged user ...

oval:org.secpod.oval:def:500946
The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface . System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its ...

oval:org.secpod.oval:def:500276
The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm , .pgm , .pnm , .ppm , and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the J ...

oval:org.secpod.oval:def:500742
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ...

oval:org.secpod.oval:def:500755
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ...

oval:org.secpod.oval:def:500264
The International Components for Unicode library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application ...

oval:org.secpod.oval:def:500039
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center . A buffer overflow flaw was found in the MIT krb5 telnet daemon . A remote attacker who can access the telnet ...

oval:org.secpod.oval:def:500734
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ...

oval:org.secpod.oval:def:500757
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, exec ...

oval:org.secpod.oval:def:500771
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. ...

oval:org.secpod.oval:def:500776
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network i ...

oval:org.secpod.oval:def:500777
The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ...

oval:org.secpod.oval:def:500840
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ...

oval:org.secpod.oval:def:500841
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ...

oval:org.secpod.oval:def:500796
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that ...

oval:org.secpod.oval:def:500709
Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execu ...

oval:org.secpod.oval:def:500721
Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in ar ...

oval:org.secpod.oval:def:501099
The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCP ...

oval:org.secpod.oval:def:500807
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ...

oval:org.secpod.oval:def:500808
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ...

oval:org.secpod.oval:def:500855
Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an ap ...

oval:org.secpod.oval:def:500781
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to cr ...

oval:org.secpod.oval:def:500919
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged use ...

oval:org.secpod.oval:def:500940
These packages provide various libraries and tools for the Simple Network Management Protocol . An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use t ...

oval:org.secpod.oval:def:500804
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an ...

oval:org.secpod.oval:def:500941
GIMP Toolkit is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ , would cause th ...

oval:org.secpod.oval:def:501085
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file , but did not remove the root user"s password f ...

oval:org.secpod.oval:def:500900
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ...

oval:org.secpod.oval:def:500887
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript"s International Color Consortium Format library . An att ...

oval:org.secpod.oval:def:500929
These packages contain the Linux kernel. Security fixes: * A race condition in the way asynchronous I/O and fallocate interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. * A flaw in the way the Xen hypervisor implementation range checked gues ...

oval:org.secpod.oval:def:500964
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged ...

oval:org.secpod.oval:def:500967
ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw t ...

oval:org.secpod.oval:def:500928
The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ...

oval:org.secpod.oval:def:500952
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user cou ...

oval:org.secpod.oval:def:501004
The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain uni ...

oval:org.secpod.oval:def:501053
The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service fl ...

oval:org.secpod.oval:def:501031
Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attac ...

oval:org.secpod.oval:def:501061
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ...

oval:org.secpod.oval:def:202890
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ...

oval:org.secpod.oval:def:501121
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attac ...

oval:org.secpod.oval:def:501124
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send ...

oval:org.secpod.oval:def:501052
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when m ...

oval:org.secpod.oval:def:501215
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:501060
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old ...

oval:org.secpod.oval:def:1600314
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc"s memory allocator functions . If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ...

oval:org.secpod.oval:def:501041
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use t ...

oval:org.secpod.oval:def:501047
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo did not limit the a ...

oval:org.secpod.oval:def:501139
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ...

oval:org.secpod.oval:def:501002
dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into be ...

oval:org.secpod.oval:def:501382
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information fr ...

oval:org.secpod.oval:def:501098
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ...

oval:org.secpod.oval:def:501368
Updated mysql packages that fix several bugs are now available for Red Hat Enterprise Linux 6. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the ...

oval:org.secpod.oval:def:501367
New mysql55-mysql packages are now available for Red Hat Enterprise Linux 5. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The mysql55-mysql package, provided as a Software Collection, contains MySQL version ...

oval:org.secpod.oval:def:501371
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ...

oval:org.secpod.oval:def:501203
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ...

oval:org.secpod.oval:def:501132
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ...

oval:org.secpod.oval:def:501136
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a cli ...

oval:org.secpod.oval:def:501109
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ...

oval:org.secpod.oval:def:501130
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled , an attacker on the local network could disable IPv6 temporary address gen ...

oval:org.secpod.oval:def:501172
The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target syste ...

oval:org.secpod.oval:def:501174
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untru ...

oval:org.secpod.oval:def:501180
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. A ...

oval:org.secpod.oval:def:501173
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this iss ...

oval:org.secpod.oval:def:501202
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command function in the Linux kernel"s QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unpriv ...

oval:org.secpod.oval:def:501185
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:501190
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:108038
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:203034
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:203028
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:106863
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:106909
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs an ...

oval:org.secpod.oval:def:107461
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:107444
MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and ...

oval:org.secpod.oval:def:1600190
This update fixes several vulnerabilities in the MySQL database server. A buffer overflow flaw was found in the way the MySQL command line client tool processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to ...

oval:org.secpod.oval:def:1500387
Updated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ...

oval:org.secpod.oval:def:501393
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ...

oval:org.secpod.oval:def:501379
Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server usin ...

oval:org.secpod.oval:def:501377
The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with spe ...

oval:org.secpod.oval:def:501336
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501335
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501343
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:21521
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SROPTZR. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:501450
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:21518
The host is installed with mysql55-mysql 5.5.35 or earlier or mariadb55-mariadb 5.5.35 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENFED. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:21522
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRCHAR. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:21519
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRINFOSC. Successful exploitation could allow attackers to affect confidentia ...

oval:org.secpod.oval:def:501386
Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center . It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm function to derefer ...

oval:org.secpod.oval:def:501189
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discove ...

oval:org.secpod.oval:def:34615
The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

oval:org.secpod.oval:def:21805
The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ...

oval:org.secpod.oval:def:501485
Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ...

oval:org.secpod.oval:def:501484
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24738
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted Ad hoc On-Demand Distance Vector (AODV) packet. Successful exploitation could allow attackers to obtain sensiti ...

oval:org.secpod.oval:def:24739
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted length value in a Geonet frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24740
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an integer underflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted length value in an OLSR frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:500937
The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language parser. Visiting a malicious ...

oval:org.secpod.oval:def:500680
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 loosened certain ownership requirements for directories used as ...

oval:org.secpod.oval:def:500440
PyXML provides XML libraries for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces, and an interface to the Expat parser. A buffer over-read flaw was found in the way PyXML"s Expat parser handled malformed UTF-8 sequences when proc ...

oval:org.secpod.oval:def:500499
Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. All expat use ...

oval:org.secpod.oval:def:500408
OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick appli ...

oval:org.secpod.oval:def:500902
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue ...

oval:org.secpod.oval:def:500654
acpid is a daemon that dispatches ACPI events to user-space programs. It was discovered that acpid could create its log file with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid ...

oval:org.secpod.oval:def:500461
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a C ...

oval:org.secpod.oval:def:500377
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A directory traversal flaw was discovered in Pidgin"s MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that ...

oval:org.secpod.oval:def:500386
Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition table from a font"s character map and the Unicode property database. If ...

oval:org.secpod.oval:def:500359
The nss_db packages provide a set of C library extensions which allow Berkeley Database databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. These databases are used instead of or in addition to the flat files ...

oval:org.secpod.oval:def:500446
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this is ...

oval:org.secpod.oval:def:500464
Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network . It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Re ...

oval:org.secpod.oval:def:500321
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ...

oval:org.secpod.oval:def:501749
The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel"s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in ...

oval:org.secpod.oval:def:500650
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially-crafted TIFF file, which once ...

oval:org.secpod.oval:def:1300222
A vulnerability has been discovered and corrected in php: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, ...

oval:org.secpod.oval:def:500435
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ...

oval:org.secpod.oval:def:1600321
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a "\0" chara ...

oval:org.secpod.oval:def:500472
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s sessio ...

oval:org.secpod.oval:def:500498
Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management , and shared library linking. Network Security Services i ...

oval:org.secpod.oval:def:500575
libxml is a library for parsing and manipulating XML files. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could prov ...

oval:org.secpod.oval:def:500580
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion when parsing binary ...

oval:org.secpod.oval:def:500515
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published "null prefix attack&qu ...

oval:org.secpod.oval:def:500698
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support fo ...

oval:org.secpod.oval:def:500500
neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SS ...

oval:org.secpod.oval:def:500529
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code ...

oval:org.secpod.oval:def:500595
The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A rem ...

oval:org.secpod.oval:def:500684
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ...

oval:org.secpod.oval:def:500701
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:500533
The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. An insufficient input validation flaw was found in the way libvorbis processes the codec file h ...

oval:org.secpod.oval:def:500505
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin"s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute ...

oval:org.secpod.oval:def:500506
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. ...

oval:org.secpod.oval:def:500579
The GNOME Display Manager is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm packag ...

oval:org.secpod.oval:def:500520
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in t ...

oval:org.secpod.oval:def:500610
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP ...

oval:org.secpod.oval:def:500637
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Cer ...

oval:org.secpod.oval:def:500657
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs ...

oval:org.secpod.oval:def:500571
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * a NULL pointer dereference flaw was found in the Multiple Devices driver in the Linux kernel. If the "suspend_lo" or "suspend_hi" file on the sysfs file system is modified when ...

oval:org.secpod.oval:def:500552
Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces. A heap-based buffer overflow flaw was found in the way n ...

oval:org.secpod.oval:def:500409
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org pa ...

oval:org.secpod.oval:def:500621
Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled . If the configured tftp-root is sufficiently long, and a remote user sends a request that sends a long file name, dnsm ...

oval:org.secpod.oval:def:500655
SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user"s authentication, i ...

oval:org.secpod.oval:def:500683
The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format ...

oval:org.secpod.oval:def:500549
GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted ...

oval:org.secpod.oval:def:500521
Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access ...

oval:org.secpod.oval:def:500322
The gd packages provide a graphics library used for the dynamic creation of images, such as PNG and JPEG. A missing input sanitization flaw, leading to a buffer overflow, was discovered in the gd library. A specially-crafted GD image file could cause an application using the gd library to crash or, ...

oval:org.secpod.oval:def:500313
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw ...

oval:org.secpod.oval:def:500332
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime provides platform independence f ...

oval:org.secpod.oval:def:500485
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the ...

oval:org.secpod.oval:def:500675
The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ...

oval:org.secpod.oval:def:500652
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated a ...

oval:org.secpod.oval:def:500577
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when op ...

oval:org.secpod.oval:def:500586
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in th ...

oval:org.secpod.oval:def:500678
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The CUPS "pdftops" filter converts Portable Document Format files to PostScript. Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a malicio ...

oval:org.secpod.oval:def:500644
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws ...

oval:org.secpod.oval:def:500397
The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool"s libltdl library. A flaw was found in the way GNU Libtool"s libltdl library looked for libraries to load. It was possible for libltdl to load a malici ...

oval:org.secpod.oval:def:500546
GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool"s libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbi ...

oval:org.secpod.oval:def:500496
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws ...

oval:org.secpod.oval:def:500627
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a l ...

oval:org.secpod.oval:def:500574
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500337
Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the ...

oval:org.secpod.oval:def:500948
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY dir ...

oval:org.secpod.oval:def:500518
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performin ...

oval:org.secpod.oval:def:500486
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP"s exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PH ...

oval:org.secpod.oval:def:500438
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Ke ...

oval:org.secpod.oval:def:500350
SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately san ...

oval:org.secpod.oval:def:500921
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged ...

oval:org.secpod.oval:def:500325
The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch compression algorithm. If a victim expanded a specially-crafted archive, it could cause ...

oval:org.secpod.oval:def:500328
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb function in the Linux kernel Stream Control Transmission Protocol implementation. A remote attacker could send a specially-crafted S ...

oval:org.secpod.oval:def:500316
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL protocols ...

oval:org.secpod.oval:def:500396
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a ...

oval:org.secpod.oval:def:500329
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user run ...

oval:org.secpod.oval:def:500400
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote at ...

oval:org.secpod.oval:def:500480
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin"s MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE ...

oval:org.secpod.oval:def:500310
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request ...

oval:org.secpod.oval:def:500376
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the P ...

oval:org.secpod.oval:def:500307
The sudo utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly lev ...

oval:org.secpod.oval:def:500320
The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ...

oval:org.secpod.oval:def:500357
The K Desktop Environment is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager . A local user with console access could trigger a race condition, possibly resulting in the ...

oval:org.secpod.oval:def:500412
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ...

oval:org.secpod.oval:def:500285
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . A use-after-free flaw was discovered in the MIT Kerberos administration daemon, kadmind. A remote, authentica ...

oval:org.secpod.oval:def:500431
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered wr ...

oval:org.secpod.oval:def:500401
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Unidirectional Lightweight Encapsulation implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream fra ...

oval:org.secpod.oval:def:500284
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the ecryptfs_uid_hash function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport ...

oval:org.secpod.oval:def:500470
The sudo utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. ...

oval:org.secpod.oval:def:500305
PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ...

oval:org.secpod.oval:def:500363
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple flaws were found in the mmap and mremap implementations. A local user could use these flaws to cause a local denial of service or escalate their privilege ...

oval:org.secpod.oval:def:500407
PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ...

oval:org.secpod.oval:def:500417
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sendin ...

oval:org.secpod.oval:def:500367
Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, e ...

oval:org.secpod.oval:def:500425
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted ...

oval:org.secpod.oval:def:500287
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500346
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker coul ...

oval:org.secpod.oval:def:500392
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Progr ...

oval:org.secpod.oval:def:500443
The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ...

oval:org.secpod.oval:def:500457
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input co ...

oval:org.secpod.oval:def:500011
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ...

oval:org.secpod.oval:def:500371
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the ...

oval:org.secpod.oval:def:500488
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The CUPS "texttops" filter converts text files to PostScript. A missing memory allocation failure check flaw, leading to a NULL pointer dereference, was found in the CUPS "texttops" fi ...

oval:org.secpod.oval:def:500299
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command . An authenticated database user co ...

oval:org.secpod.oval:def:500739
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:500370
Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the pr ...

oval:org.secpod.oval:def:500436
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * when an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause ...

oval:org.secpod.oval:def:500426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500484
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ...

oval:org.secpod.oval:def:500292
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ...

oval:org.secpod.oval:def:500341
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ...

oval:org.secpod.oval:def:500465
PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ...

oval:org.secpod.oval:def:500277
Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ...

oval:org.secpod.oval:def:500430
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when add ...

oval:org.secpod.oval:def:500476
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ...

oval:org.secpod.oval:def:500251
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ...

oval:org.secpod.oval:def:500314
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model element properties. Malicious HTML content could cause an application linked against XULRunner to crash or, potentially, ...

oval:org.secpod.oval:def:500433
Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:500399
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. HTML containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: ...

oval:org.secpod.oval:def:500449
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:500704
The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references ...

oval:org.secpod.oval:def:500383
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:500125
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. A flaw was found in the Hot ...

oval:org.secpod.oval:def:500100
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if th ...

oval:org.secpod.oval:def:500105
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. Users of ...

oval:org.secpod.oval:def:500042
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ...

oval:org.secpod.oval:def:500070
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ...

oval:org.secpod.oval:def:500219
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ...

oval:org.secpod.oval:def:500004
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the "*" wildcard. An at ...

oval:org.secpod.oval:def:500258
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch function when the APR_FNM_PATHNAME matching flag was u ...

oval:org.secpod.oval:def:500254
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:500049
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user runnin ...

oval:org.secpod.oval:def:500073
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ...

oval:org.secpod.oval:def:500083
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sa ...

oval:org.secpod.oval:def:500226
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:500194
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ...

oval:org.secpod.oval:def:500207
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ...

oval:org.secpod.oval:def:500200
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500178
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker co ...

oval:org.secpod.oval:def:500139
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ...

oval:org.secpod.oval:def:500055
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. ...

oval:org.secpod.oval:def:500189
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500715
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potential ...

oval:org.secpod.oval:def:500733
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, ex ...

oval:org.secpod.oval:def:500772
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could ...

oval:org.secpod.oval:def:500790
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ...

oval:org.secpod.oval:def:500788
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ...

oval:org.secpod.oval:def:500067
The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ...

oval:org.secpod.oval:def:500117
The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ...

oval:org.secpod.oval:def:500263
The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ...

oval:org.secpod.oval:def:500849
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ...

oval:org.secpod.oval:def:500850
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ...

oval:org.secpod.oval:def:500196
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java ...

oval:org.secpod.oval:def:500026
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgi ...

oval:org.secpod.oval:def:500238
Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this ...

oval:org.secpod.oval:def:500051
Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: Thi ...

oval:org.secpod.oval:def:500155
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ...

oval:org.secpod.oval:def:500021
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ...

oval:org.secpod.oval:def:500029
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ...

oval:org.secpod.oval:def:500211
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ...

oval:org.secpod.oval:def:500710
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ma ...

oval:org.secpod.oval:def:500717
The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis ...

oval:org.secpod.oval:def:500740
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ...

oval:org.secpod.oval:def:500848
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ...

oval:org.secpod.oval:def:500748
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use ...

oval:org.secpod.oval:def:500809
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ...

oval:org.secpod.oval:def:500949
The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews ...

oval:org.secpod.oval:def:500891
libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:500877
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ...

oval:org.secpod.oval:def:500878
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ...

oval:org.secpod.oval:def:500904
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500905
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ...

oval:org.secpod.oval:def:500908
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ...

oval:org.secpod.oval:def:500909
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the pri ...

oval:org.secpod.oval:def:500915
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ...

oval:org.secpod.oval:def:500916
Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ...

oval:org.secpod.oval:def:500926
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500927
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ...

oval:org.secpod.oval:def:104104
Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.

oval:org.secpod.oval:def:104103
Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.

oval:org.secpod.oval:def:302948
Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division . The MongoDB dissector could go into a large loop . The XTP dissector could go into an infinite loop . The AFP dissector could go into a large loop . The RTPS2 dissector could overflo ...

oval:org.secpod.oval:def:1300113
Multiple vulnerabilities was found and corrected in Wireshark: The DCP ETSI dissector could trigger a zero division . The MongoDB dissector could go into a large loop . The XTP dissector could go into an infinite loop . The AFP dissector could go into a large loop . The RTPS2 dissector could overflo ...

oval:org.secpod.oval:def:501054
The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ...

oval:org.secpod.oval:def:500906
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ...

oval:org.secpod.oval:def:500953
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysql ...

oval:org.secpod.oval:def:500910
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ...

oval:org.secpod.oval:def:501025
Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticator#authenticate , it was possible to bypass the security constraint checks in the FORM authenticato ...

oval:org.secpod.oval:def:500970
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discov ...

oval:org.secpod.oval:def:500972
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox res ...

oval:org.secpod.oval:def:501010
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:501024
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ...

oval:org.secpod.oval:def:500942
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:500944
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501164
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:501159
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:500973
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ...

oval:org.secpod.oval:def:500975
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501019
XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner to crash or execute arbitrary code with the ...

oval:org.secpod.oval:def:501023
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ...

oval:org.secpod.oval:def:501037
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501036
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501086
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing informat ...

oval:org.secpod.oval:def:500965
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Jav ...

oval:org.secpod.oval:def:500968
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to byp ...

oval:org.secpod.oval:def:501015
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501014
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501032
Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to cr ...

oval:org.secpod.oval:def:501055
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501057
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501083
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501075
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ...

oval:org.secpod.oval:def:501088
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501091
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501100
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ...

oval:org.secpod.oval:def:501103
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501039
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501156
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ...

oval:org.secpod.oval:def:501198
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501081
The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ...

oval:org.secpod.oval:def:501035
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use th ...

oval:org.secpod.oval:def:501125
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ...

oval:org.secpod.oval:def:501128
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ...

oval:org.secpod.oval:def:501224
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:501223
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:500369
The GNU tar program saves many files together in one archive and can restore individual files from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to ...

oval:org.secpod.oval:def:500382
GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges ...

oval:org.secpod.oval:def:500366
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the IPv6 Extension Header handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_h ...

oval:org.secpod.oval:def:500600
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.50 ...

oval:org.secpod.oval:def:500303
The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an ...

oval:org.secpod.oval:def:500939
Tcl provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found ...

oval:org.secpod.oval:def:500640
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript"s Internation ...

oval:org.secpod.oval:def:500607
The International Components for Unicode library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid, encoded data. If an application used ICU to decode malformed, multibyte, character data, it may have been possible to bypass certain conte ...

oval:org.secpod.oval:def:500664
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker cou ...

oval:org.secpod.oval:def:500624
SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic dis ...

oval:org.secpod.oval:def:500601
The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String escape sequences. An attacker could create a malicious text file that could run arbitrary commands if read by a victim inside an xterm window. All xterm ...

oval:org.secpod.oval:def:500612
The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyt ...

oval:org.secpod.oval:def:500441
brltty is a background process which provides access to the Linux console for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. It was discovered that a brltty library had an insecure relative RPATH set in the EL ...

oval:org.secpod.oval:def:500567
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with ...

oval:org.secpod.oval:def:500482
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use th ...

oval:org.secpod.oval:def:500666
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted ne ...

oval:org.secpod.oval:def:500671
The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing re ...

oval:org.secpod.oval:def:500555
Virtual Network Computing is a remote display system which allows you to view a computer"s "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. An insufficient input validation flaw was disco ...

oval:org.secpod.oval:def:500508
Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was found in Dovecot"s ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. A password disclosu ...

oval:org.secpod.oval:def:500648
The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a ...

oval:org.secpod.oval:def:500593
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to ch ...

oval:org.secpod.oval:def:500635
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:500588
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciph ...

oval:org.secpod.oval:def:500641
eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.4. These updated ecryptfs-utils packages have been upgraded to upstream version 75, which p ...

oval:org.secpod.oval:def:500617
The Linux kernel These updated packages contain 730 bug fixes and enhancements for the Linux kernel. Space precludes a detailed description of each of these changes in this advisory and users are therefore directed to the release notes for Red Hat Enterprise Linux 5.3 for information on 97 of the m ...

oval:org.secpod.oval:def:500592
Little Color Management System is a small-footprint, speed-optimized open source color management engine. Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using Litt ...

oval:org.secpod.oval:def:500602
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP"s mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to cra ...

oval:org.secpod.oval:def:500494
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ...

oval:org.secpod.oval:def:500622
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacke ...

oval:org.secpod.oval:def:500402
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ...

oval:org.secpod.oval:def:500537
The Cluster Manager utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities with the output of th ...

oval:org.secpod.oval:def:500605
The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim r ...

oval:org.secpod.oval:def:500559
BIND is an implementation of the DNS protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing atta ...

oval:org.secpod.oval:def:500530
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. * a buffer overflow in ...

oval:org.secpod.oval:def:500532
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of ...

oval:org.secpod.oval:def:500548
SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. The Red Hat Squir ...

oval:org.secpod.oval:def:500674
apr-util is a utility library used with the Apache Portable Runtime . It aims to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing, and more. An off-by-one overflow ...

oval:org.secpod.oval:def:500639
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * memory leaks were found on some error paths in the icmp_send function in the Linux kernel. This could, potentially, cause the network connectivity to cease. * Chris Evans reported a deficiency in ...

oval:org.secpod.oval:def:500614
The libpng packages contain a library of functions for creating and manipulating PNG image format files. A flaw was discovered in libpng that could result in libpng trying to free random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an applicat ...

oval:org.secpod.oval:def:500686
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ...

oval:org.secpod.oval:def:500632
The sudo utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands ...

oval:org.secpod.oval:def:500645
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500598
The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices. It was discovered that the multipathd daemon set incorrect permission ...

oval:org.secpod.oval:def:500691
The International Components for Unicode library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possib ...

oval:org.secpod.oval:def:500582
The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be ...

oval:org.secpod.oval:def:500584
OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were foun ...

oval:org.secpod.oval:def:500534
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signatu ...

oval:org.secpod.oval:def:500611
Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ...

oval:org.secpod.oval:def:500694
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license. Multiple heap buffer overflows and an array indexing error were found in th ...

oval:org.secpod.oval:def:500543
Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check th ...

oval:org.secpod.oval:def:500677
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager"s D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connec ...

oval:org.secpod.oval:def:500525
libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libs ...

oval:org.secpod.oval:def:500651
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found ...

oval:org.secpod.oval:def:500656
GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker ...

oval:org.secpod.oval:def:500315
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ...

oval:org.secpod.oval:def:500585
The kdelibs packages provide libraries for the K Desktop Environment . A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the use ...

oval:org.secpod.oval:def:500606
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library does not always reliably terminate output from the sasl_encode64 function used by programs using this library. The Cyrus IMAP server relied on thi ...

oval:org.secpod.oval:def:500630
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, ca ...

oval:org.secpod.oval:def:500547
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the & ...

oval:org.secpod.oval:def:500553
Little Color Management System is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these fl ...

oval:org.secpod.oval:def:500497
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable ...

oval:org.secpod.oval:def:500689
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ...

oval:org.secpod.oval:def:500429
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially-crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated repl ...

oval:org.secpod.oval:def:500456
teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScrip ...

oval:org.secpod.oval:def:500569
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when op ...

oval:org.secpod.oval:def:500589
acpid is a daemon that dispatches ACPI events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon"s error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU ...

oval:org.secpod.oval:def:500514
The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. Multiple integer overflow flaws were found in KPDF"s JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, ...

oval:org.secpod.oval:def:500503
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a logic error was found in the do_setlk function of the Linux kernel Network File System implementation. If a signal interrupted a lock request, the local POSIX l ...

oval:org.secpod.oval:def:500623
Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . The Generic Security Service Application Program Interface definition provides security services to callers ...

oval:org.secpod.oval:def:500625
PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ...

oval:org.secpod.oval:def:500687
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the F ...

oval:org.secpod.oval:def:500697
The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP ...

oval:org.secpod.oval:def:500665
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execut ...

oval:org.secpod.oval:def:500422
D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for s ...

oval:org.secpod.oval:def:500492
The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitra ...

oval:org.secpod.oval:def:500507
udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-spa ...

oval:org.secpod.oval:def:500700
The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ...

oval:org.secpod.oval:def:500599
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then writ ...

oval:org.secpod.oval:def:500681
Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango"s pango_glyph_string_set_size function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the p ...

oval:org.secpod.oval:def:500638
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use th ...

oval:org.secpod.oval:def:500513
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ...

oval:org.secpod.oval:def:500495
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:500603
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ...

oval:org.secpod.oval:def:500510
Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read ...

oval:org.secpod.oval:def:500647
libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially-crafted WMF file that woul ...

oval:org.secpod.oval:def:500453
The pam_krb5 module allows Pluggable Authentication Modules aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in pam_krb5. In some non-default configurations , the text of the password prompt varied based on whether or not th ...

oval:org.secpod.oval:def:500685
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol . If a Pidgin client initiates a f ...

oval:org.secpod.oval:def:500658
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ...

oval:org.secpod.oval:def:500405
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ...

oval:org.secpod.oval:def:500098
The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP"s Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, wh ...

oval:org.secpod.oval:def:500545
SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail "map_yp_alias" function. If SquirrelMail was configured to retrieve a user"s IMAP server address from a Network Information Service server via the "map_yp ...

oval:org.secpod.oval:def:500591
The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could ca ...

oval:org.secpod.oval:def:500596
The kdegraphics packages contain applications for the K Desktop Environment . Scalable Vector Graphics is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element i ...

oval:org.secpod.oval:def:500626
The kdelibs packages provide libraries for the K Desktop Environment . A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could ...

oval:org.secpod.oval:def:500539
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ...

oval:org.secpod.oval:def:500493
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or ...

oval:org.secpod.oval:def:500531
The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ...

oval:org.secpod.oval:def:500693
Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authe ...

oval:org.secpod.oval:def:500660
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin O ...

oval:org.secpod.oval:def:500541
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins. Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-i ...

oval:org.secpod.oval:def:500558
Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted ne ...

oval:org.secpod.oval:def:501044
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ...

oval:org.secpod.oval:def:501048
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ...

oval:org.secpod.oval:def:500563
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS ...

oval:org.secpod.oval:def:500516
cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. All users of cscope ...

oval:org.secpod.oval:def:500753
BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ...

oval:org.secpod.oval:def:500393
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * an array index error was found in the gdth driver. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. * a flaw was ...

oval:org.secpod.oval:def:500454
Sendmail is a very widely used Mail Transport Agent . MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Li ...

oval:org.secpod.oval:def:500104
Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing u ...

oval:org.secpod.oval:def:500542
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module att ...

oval:org.secpod.oval:def:500633
ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker ...

oval:org.secpod.oval:def:500491
LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp ...

oval:org.secpod.oval:def:500564
The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm , .pgm , .pnm , .ppm , and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image f ...

oval:org.secpod.oval:def:501502
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ...

oval:org.secpod.oval:def:24041
The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ...

oval:org.secpod.oval:def:23222
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:109119
The OpenJDK runtime environment.

oval:org.secpod.oval:def:108866
The OpenJDK runtime environment.

oval:org.secpod.oval:def:23221
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Hotspot. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:23226
The host is installed with Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle unknown vectors related to Swing. Successful exploitation could allow attacke ...

oval:org.secpod.oval:def:108424
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:501549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501551
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501546
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:203583
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203568
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203567
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203566
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:203565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:203569
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:23637
The host is missing a critical security update according to Mozilla advisory, MFSA-2015-16. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploitation co ...

oval:org.secpod.oval:def:23636
The host is installed with Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 and is prone to an use-after-free vulnerability. A flaw is present in the applications, which fails to properly handle crafted content during IndexedDB index creation. Successful exploit ...

oval:org.secpod.oval:def:1500916
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500917
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500920
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1500938
Multiple unspecified vulnerabilities in the browser engine in Mozilla Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

oval:org.secpod.oval:def:204216
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501507
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501506
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501572
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:24038
The host is installed with xen through 3.0.3-142 and is prone to a denial of service vulnerability. A flaw is present in x86 emulator in xen, which does not properly ignore segment overrides for instructions with register operands. Successful exploitation allows local guest users to obtain sensitive ...

oval:org.secpod.oval:def:501781
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file ...

oval:org.secpod.oval:def:501637
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ...

oval:org.secpod.oval:def:501588
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501591
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:501563
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FD ...

oval:org.secpod.oval:def:501626
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:501629
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501635
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ...

oval:org.secpod.oval:def:501641
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501658
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501665
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501680
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501802
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authentic ...

oval:org.secpod.oval:def:501651
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ...

oval:org.secpod.oval:def:501652
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ...

oval:org.secpod.oval:def:501659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501661
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ...

oval:org.secpod.oval:def:501673
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501715
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501739
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501732
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501733
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ...

oval:org.secpod.oval:def:501736
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ...

oval:org.secpod.oval:def:501755
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:501784
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ...

oval:org.secpod.oval:def:501786
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ...

oval:org.secpod.oval:def:501765
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:501770
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501785
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ...

oval:org.secpod.oval:def:501839
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501804
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ...

oval:org.secpod.oval:def:501827
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:501812
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501846
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501869
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501883
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ...

oval:org.secpod.oval:def:501885
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ...

oval:org.secpod.oval:def:35702
The host is installed with Adobe Flash Player before 11.2.202.626 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allow attackers to cause memory corruption or other unspecified impact.

oval:org.secpod.oval:def:35701
The host is installed with Adobe Flash Player before 11.2.202.626 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allow attackers to cause memory corruption or other unspecified impact.

oval:org.secpod.oval:def:35773
The host is missing a critical update according to Adobe advisory, APSB16-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:35774
The host is missing a critical update according to Adobe advisory, APSB16-18. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vectors. Successful exploitation allows remote attackers to cause code execution.

oval:org.secpod.oval:def:35692
The host is installed with RHEL 5 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle invalid utf-8 encoded data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:110622
The kernel meta package

oval:org.secpod.oval:def:110623
The kernel meta package

oval:org.secpod.oval:def:501855
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501877
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501873
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:36404
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a networking challenge ack. Successful exploitation could allow attackers to determine the shared counter.

oval:org.secpod.oval:def:501948
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ...

oval:org.secpod.oval:def:501925
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ...

oval:org.secpod.oval:def:501903
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ...

oval:org.secpod.oval:def:500286
Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe modul ...

oval:org.secpod.oval:def:500339
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * instances of unsafe sprintf use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could r ...

oval:org.secpod.oval:def:500663
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual M ...

oval:org.secpod.oval:def:501208
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such inpu ...

oval:org.secpod.oval:def:1500320
Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detai ...

oval:org.secpod.oval:def:501134
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ...

oval:org.secpod.oval:def:501110
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ...

oval:org.secpod.oval:def:500551
Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ...

oval:org.secpod.oval:def:500811
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret ...

oval:org.secpod.oval:def:501390
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or ...

oval:org.secpod.oval:def:501394
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environme ...

oval:org.secpod.oval:def:502177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501555
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:501727
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ...

oval:org.secpod.oval:def:501118
PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ...

oval:org.secpod.oval:def:501193
PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ...

oval:org.secpod.oval:def:501199
PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ...

oval:org.secpod.oval:def:1600053
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:1500639
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:501216
Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Styleshee ...

oval:org.secpod.oval:def:1500560
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1500594
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions ...

oval:org.secpod.oval:def:501305
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501304
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501306
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501365
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ...

oval:org.secpod.oval:def:501320
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:19653
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h or Oracle Virtualization VirtualBox prior to 3.2.24, 4.0.x before 4.0.26, 4.1.x before 4.1.34, 4.2.x before 4.2.26 or 4.3.x before 4.3.14 and is prone to information disclosure vulnerability. A flaw is pres ...

oval:org.secpod.oval:def:203331
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203336
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203335
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:1600137
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:1500637
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:1600028
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, b ...

oval:org.secpod.oval:def:1500558
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:1300308
Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handsh ...

oval:org.secpod.oval:def:501303
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:107332
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107326
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:501321
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:107025
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107028
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203332
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:21279
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:21806
The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certai ...

oval:org.secpod.oval:def:501401
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ...

oval:org.secpod.oval:def:107442
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:501383
Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center . A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC databas ...

oval:org.secpod.oval:def:501168
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A maliciou ...

oval:org.secpod.oval:def:501565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501571
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:500810
Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ...

oval:org.secpod.oval:def:24540
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24542
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501558
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:501559
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:24539
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24541
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24545
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24536
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24543
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24544
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:26768
The host is installed with kernel on RHEL 5, 6, or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle kernel's virtio-net handled fragmented packets. Successful exploitation could allow attackers to send crafted packets to a target ...

oval:org.secpod.oval:def:501691
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received over the network. A privi ...

oval:org.secpod.oval:def:501672
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ...

oval:org.secpod.oval:def:501780
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially cr ...

oval:org.secpod.oval:def:501811
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a ne ...

oval:org.secpod.oval:def:501936
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ...

oval:org.secpod.oval:def:501963
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ...

oval:org.secpod.oval:def:501962
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ...

oval:org.secpod.oval:def:501982
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option ...

oval:org.secpod.oval:def:21801
The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ...

oval:org.secpod.oval:def:24749
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted tiff image. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24760
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted BMP image. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24734
The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ...

oval:org.secpod.oval:def:24752
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501492
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ...

oval:org.secpod.oval:def:501624
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501585
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:501593
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certa ...

oval:org.secpod.oval:def:501603
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ...

oval:org.secpod.oval:def:501599
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ...

oval:org.secpod.oval:def:501753
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:31657
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31658
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31663
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory

oval:org.secpod.oval:def:31662
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ...

oval:org.secpod.oval:def:31659
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31660
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ...

oval:org.secpod.oval:def:31661
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ...

oval:org.secpod.oval:def:31656
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:501796
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet cou ...

oval:org.secpod.oval:def:501829
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501875
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ...

oval:org.secpod.oval:def:501874
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ...

oval:org.secpod.oval:def:501806
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501823
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501851
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ...

oval:org.secpod.oval:def:501867
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ...

oval:org.secpod.oval:def:1600463
CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakageA race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherw ...

oval:org.secpod.oval:def:204031
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:204030
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:204029
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:37804
The host installed with kernel package on CentOS 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers t ...

oval:org.secpod.oval:def:37803
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:111472
The kernel meta package

oval:org.secpod.oval:def:111470
The kernel meta package

oval:org.secpod.oval:def:501886
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501888
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:501887
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:1501609
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501614
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501611
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501617
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:1501616
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ...

oval:org.secpod.oval:def:501932
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501961
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501295
Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the "class" parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application ...

oval:org.secpod.oval:def:1600038
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim applic ...

oval:org.secpod.oval:def:203465
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:203457
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:203456
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:108059
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:108052
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:108053
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:108055
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:108125
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:21398
The host is installed with OpenSSL 1.0.1 before 1.0.1j, 1.0.0 before 1.0.0o or 0.9.8 before 0.9.8zc or Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail ...

oval:org.secpod.oval:def:108520
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:108196
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:108187
Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.

oval:org.secpod.oval:def:108232
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:108269
Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility.

oval:org.secpod.oval:def:203504
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:203509
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:109595
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface.

oval:org.secpod.oval:def:203508
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:108267
The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes.

oval:org.secpod.oval:def:109589
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface.

oval:org.secpod.oval:def:108229
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:203546
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203545
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203543
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203548
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203547
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203539
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:1500883
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:1500886
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500888
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500889
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500891
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500892
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:107815
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107818
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:108280
Additional plugins for Claws Mail.

oval:org.secpod.oval:def:501405
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:501427
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:108338
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:501486
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501489
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501491
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:1200086
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:21535
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:107878
Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility.

oval:org.secpod.oval:def:107894
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ...

oval:org.secpod.oval:def:107898
A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content.

oval:org.secpod.oval:def:501462
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:107890
The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes.

oval:org.secpod.oval:def:21591
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:107888
A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content.

oval:org.secpod.oval:def:107880
Additional plugins for Claws Mail.

oval:org.secpod.oval:def:107882
The Subscription Manager package provides programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

oval:org.secpod.oval:def:1600161
Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs "locked" to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs ...

oval:org.secpod.oval:def:204279
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:107915
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ...

oval:org.secpod.oval:def:1500761
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ...

oval:org.secpod.oval:def:1500771
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ...

oval:org.secpod.oval:def:1200041
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:1500803
Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ...

oval:org.secpod.oval:def:501477
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ...

oval:org.secpod.oval:def:501476
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to es ...

oval:org.secpod.oval:def:501849
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectl ...

oval:org.secpod.oval:def:108506
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:108462
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:501630
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ...

oval:org.secpod.oval:def:23618
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:203540
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:1200135
Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permi ...

oval:org.secpod.oval:def:1500884
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:501490
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:501545
The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ...

oval:org.secpod.oval:def:1200104
Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol ...

oval:org.secpod.oval:def:203670
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:203671
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501592
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:25181
The host is installed with xz on Red Hat Enterprise Linux 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process filenames containing a semicolon. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:400675
- Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option "tls_versions" to ...

oval:org.secpod.oval:def:501756
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ...

oval:org.secpod.oval:def:501757
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ...

oval:org.secpod.oval:def:400694
The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check fo ...

oval:org.secpod.oval:def:400664
The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allow ...

oval:org.secpod.oval:def:35682
The host is missing a critical update according to Microsoft security bulletin, MS16-083. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fail to properly handle unknown vectors. Successful exploitation allows remote attackers to cause unspecif ...

oval:org.secpod.oval:def:1501504
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:1501506
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:34289
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:1600423
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permission ...

oval:org.secpod.oval:def:112278
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:112275
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ...

oval:org.secpod.oval:def:203957
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:203956
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:501844
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ...

oval:org.secpod.oval:def:36255
The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-6. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the servi ...

oval:org.secpod.oval:def:1600433
It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialised variable would eventually lead ...

oval:org.secpod.oval:def:110878
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:1600430
A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this ...

oval:org.secpod.oval:def:110832
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:110828
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:110829
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ...

oval:org.secpod.oval:def:111056
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:204128
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501893
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:1501634
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:110782
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the fo ...

oval:org.secpod.oval:def:501947
Xen is a virtual machine monitor Security Fix: * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/pr ...

oval:org.secpod.oval:def:501772
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:500860
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use th ...

oval:org.secpod.oval:def:202528
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture ...

oval:org.secpod.oval:def:500306
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, ...

oval:org.secpod.oval:def:501218
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ...

oval:org.secpod.oval:def:6768
The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector. ...

oval:org.secpod.oval:def:6774
The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the CIP dissector. Successful exploitation allows remote attackers to cause a denial of s ...

oval:org.secpod.oval:def:6773
The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle the CTDB dissector. Successful exploitation allows remote attackers to cause a denial of ...

oval:org.secpod.oval:def:6772
The host is installed with Wireshark 1.4.x before 1.4.15 or 1.6.x before 1.6.10 or 1.8.x before 1.8.2 and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a large number of ACL entries. Successful exploitation allows remote attackers to cause a ...

oval:org.secpod.oval:def:1600294
Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding ...

oval:org.secpod.oval:def:500936
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture ...

oval:org.secpod.oval:def:501435
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ...

oval:org.secpod.oval:def:1500080
Updated wireshark packages that fix several security issues, three bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give de ...

oval:org.secpod.oval:def:500536
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running ...

oval:org.secpod.oval:def:500191
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Sever ...

oval:org.secpod.oval:def:500672
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the us ...

oval:org.secpod.oval:def:500291
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, ...

oval:org.secpod.oval:def:501147
Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, exe ...

oval:org.secpod.oval:def:24759
The host is installed with wireshark in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted packet-trace file. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:500260
Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could ...

oval:org.secpod.oval:def:20983
The host is installed with libXxf86vm before 1.1.3 and is prone to a multiple array index vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the XF86VidModeGetGammaRamp function. Successful exploitation could allow attackers to execute arbitr ...

oval:org.secpod.oval:def:20998
The host is installed with libX11 before 1.5.99.902 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unbounded recursion. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:20996
The host is installed with libX11 before 1.5.99.902 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the serv ...

oval:org.secpod.oval:def:21004
The host is installed with libX11 before 1.5.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) ...

oval:org.secpod.oval:def:1500685
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ...

oval:org.secpod.oval:def:1500211
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500210
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500230
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ...

oval:org.secpod.oval:def:1500298
An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ...

oval:org.secpod.oval:def:1500244
Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give ...

oval:org.secpod.oval:def:1500274
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ...

oval:org.secpod.oval:def:1500278
Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ...

oval:org.secpod.oval:def:1500586
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1500551
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500183
Updated tomcat5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500919
Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ...

oval:org.secpod.oval:def:1501612
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501618
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1501619
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ...

oval:org.secpod.oval:def:1500775
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport ...

oval:org.secpod.oval:def:1500380
Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ...

oval:org.secpod.oval:def:1500862
Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ...

oval:org.secpod.oval:def:400734
This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ...

oval:org.secpod.oval:def:500767
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ...

oval:org.secpod.oval:def:500769
Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ...

oval:org.secpod.oval:def:501380
Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ...

oval:org.secpod.oval:def:501095
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501071
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501046
Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate ...

oval:org.secpod.oval:def:1500251
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500258
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500204
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1500219
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ...

oval:org.secpod.oval:def:1500260
Updated kernel packages that fix one security issue, several bugs, and add various enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the tenth regular update. The Red Hat Security Response Team has rated this update as having ...

oval:org.secpod.oval:def:202927
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ...

oval:org.secpod.oval:def:1600226
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Produc ...

oval:org.secpod.oval:def:501455
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote at ...

oval:org.secpod.oval:def:1500318
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:501082
The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ...

oval:org.secpod.oval:def:1500325
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500309
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500314
An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ...

oval:org.secpod.oval:def:1500222
Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:1500228
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ...

oval:org.secpod.oval:def:1300211
A vulnerability has been discovered and corrected in bind: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:1500720
Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:202923
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:202924
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:106308
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:108265
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:1600288
A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query

oval:org.secpod.oval:def:105776
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:501090
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:501092
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ...

oval:org.secpod.oval:def:1500361
Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ...

oval:org.secpod.oval:def:105370
BIND is an implementation of the DNS protocols. BIND includes a DNS server , which resolves host names to IP addresses; a resolver library ; and tools for verifying that the DNS server is operating properly.

oval:org.secpod.oval:def:501126
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ...

oval:org.secpod.oval:def:501117
These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead ...

oval:org.secpod.oval:def:501730
The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially construc ...

oval:org.secpod.oval:def:500853
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ...

oval:org.secpod.oval:def:500974
The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ...

oval:org.secpod.oval:def:500912
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox ...

oval:org.secpod.oval:def:500932
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when op ...

oval:org.secpod.oval:def:36844
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:501976
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:500805
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:500806
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ...

oval:org.secpod.oval:def:500897
The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ...

oval:org.secpod.oval:def:500783
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by send ...

oval:org.secpod.oval:def:500803
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ...

oval:org.secpod.oval:def:500782
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font , Glyph Bitmap Distribution Format , Windows .fnt and .fon, and PostScript ...

oval:org.secpod.oval:def:500773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ...

oval:org.secpod.oval:def:1500321
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rate ...

oval:org.secpod.oval:def:500774
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS re ...

CVE    77
CVE-2013-0219
CVE-2011-2482
CVE-2011-3346
CVE-2012-2124
...
CCE    431
CCE-14871-8
CCE-4544-3
CCE-14457-6
CCE-14061-6
...
*CPE
cpe:/o:redhat:enterprise_linux:5
XCCDF    1
xccdf_gov.nist_benchmark_USGCB-RHEL-5-Desktop

© 2013 SecPod Technologies