Download
| Alert*
oval:org.secpod.oval:def:500056
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP serve ... oval:org.secpod.oval:def:500128 NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was found that NetworkManager did not properly enforce PolicyKit settings controlling the permissions to configure wireless network sharing. A local, unprivileged user could ... oval:org.secpod.oval:def:21825 The host is installed with Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted block size. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:500174 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500186 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arb ... oval:org.secpod.oval:def:25174 The host is installed with byzanz on Red Hat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle specially-crafted Byzanz debug data recording file. Successful exploitation could allow attackers to execut ... oval:org.secpod.oval:def:500227 The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A ... oval:org.secpod.oval:def:500282 The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ... oval:org.secpod.oval:def:505572 Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deplo ... oval:org.secpod.oval:def:500088 The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users" dmrc and face icon files. A local attacker could use this flaw to trick GDM ... oval:org.secpod.oval:def:500097 Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An in ... oval:org.secpod.oval:def:505577 After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the exis ... oval:org.secpod.oval:def:501166 This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure . It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update ... oval:org.secpod.oval:def:20429 The PATH variable should be set correctly for user root oval:org.secpod.oval:def:20410 The RPM package ntp should be installed. oval:org.secpod.oval:def:20419 Check output of /usr/sbin/sestatus or check if /selinux exists. oval:org.secpod.oval:def:20404 The RPM package hal should be removed. oval:org.secpod.oval:def:20407 The nodev option should be enabled for all NFS mounts in /etc/fstab. oval:org.secpod.oval:def:20469 The noexec mount option prevents the direct execution of binaries on the mounted filesystem. Users should not be allowed to execute binaries that exist on partitions mounted from removable media (such as a USB key). The noexec option prevents code from being executed directly from the media itself, ... oval:org.secpod.oval:def:20465 File permissions for all syslog log files should be set correctly. oval:org.secpod.oval:def:20466 The RPM package mdadm should be removed. oval:org.secpod.oval:def:20471 The RPM package xorg-x11-server-common should be removed. oval:org.secpod.oval:def:20463 The RPM package vsftpd should be installed. oval:org.secpod.oval:def:20499 The RPM package ntpdate should be removed. oval:org.secpod.oval:def:20495 The RPM package libcgroup should be removed. oval:org.secpod.oval:def:20492 The RPM package at should be removed. oval:org.secpod.oval:def:20491 The RPM package abrt should be removed. oval:org.secpod.oval:def:20513 The RPM package cyrus-sasl should be removed. oval:org.secpod.oval:def:20514 The RPM package sysstat should be removed. oval:org.secpod.oval:def:20511 The RPM package subscription-manager should be removed. oval:org.secpod.oval:def:502176 Red Hat Enterprise Linux 6 is installed oval:org.secpod.oval:def:20504 The RPM package psacct should be installed. oval:org.secpod.oval:def:20503 The RPM package portreserve should be removed. oval:org.secpod.oval:def:20501 The RPM package oddjob should be removed. oval:org.secpod.oval:def:20508 The RPM package iputils should be removed. oval:org.secpod.oval:def:20507 The RPM package quota should be removed. oval:org.secpod.oval:def:20542 File permissions for /bin, /usr/bin, /usr/local/bin, /sbin, /usr/sbin and /usr/local/sbin should be set correctly. oval:org.secpod.oval:def:20538 Ctrl-Alt-Del Reboot Activation should be set as appropriate. oval:org.secpod.oval:def:20532 In the event temporary or emergency accounts are required, configure the system to terminate them after a documented time period. oval:org.secpod.oval:def:20190 System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume. oval:org.secpod.oval:def:20198 The RPM package openssh-server should be removed. oval:org.secpod.oval:def:20195 Generic test for x86 architecture to be used by other tests oval:org.secpod.oval:def:20193 Generic test for x86_64 architecture to be used by other tests oval:org.secpod.oval:def:500001 Red Hat Enterprise Linux 6 is installed oval:org.secpod.oval:def:505798 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Oracle Java SE 6 will not receive updates after February 28, 2013. The Oracle Java SE 6 packages on the Red Hat Enterprise Linux 5 and 6 Supplementary media and in Red Hat Network cha ... oval:org.secpod.oval:def:20293 All files should be owned by a group oval:org.secpod.oval:def:20236 Ensuring that /var is mounted on its own partition enables the setting of more restrictive mount options, which is used as temporary storage by many program, particularly system services such as daemons. It is not uncommon for the /var directory to contain world-writable directories, installed by ot ... oval:org.secpod.oval:def:20226 The /var/tmp directory should be bind mounted to /tmp in order to consolidate temporary storage into one location protected by the same techniques as /tmp. oval:org.secpod.oval:def:20224 If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoint can instead be configured later. oval:org.secpod.oval:def:20233 It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /dev/shm. The noexec mount option prevents binaries from being executed out of /dev/shm. oval:org.secpod.oval:def:20218 All password hashes should be shadowed. oval:org.secpod.oval:def:20219 The nosuid mount option should be set for temporary storage partitions such as /dev/shm. The suid/sgid permissions should not be required in these world-writable directories. oval:org.secpod.oval:def:20214 Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing daemon. oval:org.secpod.oval:def:20220 Legitimate character and block devices should not exist within temporary directories like /tmp. The nodev mount option should be specified for /tmp. oval:org.secpod.oval:def:20204 The RPM package samba-common should be removed. oval:org.secpod.oval:def:20201 The RPM package postfix should be installed. oval:org.secpod.oval:def:20278 The RPM package kexec-tools should be removed. oval:org.secpod.oval:def:20279 The RPM package smartmontools should be removed. oval:org.secpod.oval:def:505807 The RHN service for Satellite 5.7, 5.6, and earlier versions of Satellite 5 will exit the existing Limited Maintenance Release phase and be permanently shut down on January 31, 2019. After this date, for the affected Satellite 5 versions: * No content will be available from RHN. Both system level up ... oval:org.secpod.oval:def:20285 The nodev mount option prevents files from being interpreted as character or block devices. Legitimate character and block devices should exist in the /dev directory on the root partition or within chroot jails built for system services. All other locations should not allow character and block devic ... oval:org.secpod.oval:def:20286 The RPM package nfs-utils should be removed. oval:org.secpod.oval:def:20269 The environment variable PATH should be set correctly for the root user. oval:org.secpod.oval:def:20267 All syslog log files should be owned by the appropriate group. oval:org.secpod.oval:def:505813 Adobe Reader allows users to view and print documents in Portable Document Format . Adobe Reader 9 reached the end of its support cycle on June 26, 2013, and will not receive any more security updates. Future versions of Adobe Acrobat Reader will not be available with Red Hat Enterprise Linux. The A ... oval:org.secpod.oval:def:20276 The RPM package rhnsd should be removed. oval:org.secpod.oval:def:20258 Legitimate character and block devices should not exist within temporary directories like /dev/shm. The nodev mount option should be specified for /dev/shm. oval:org.secpod.oval:def:20256 The nosuid mount option should be set for temporary storage partitions such as /tmp. The suid/sgid permissions should not be required in these world-writable directories. oval:org.secpod.oval:def:20261 Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used. oval:org.secpod.oval:def:20260 Look for argument audit=1 in the kernel line in /etc/grub.conf. oval:org.secpod.oval:def:20249 The RPM package pam_ldap should be removed. oval:org.secpod.oval:def:20248 Check for pam_ldap.so presence. oval:org.secpod.oval:def:20254 It can be dangerous to allow the execution of binaries from world-writable temporary storage directories such as /tmp. The noexec mount option prevents binaries from being executed out of /tmp. oval:org.secpod.oval:def:20313 Configure the system boot firmware (historically called BIOS on PC systems) to disallow booting from USB drives oval:org.secpod.oval:def:20314 The RPM package qpid-cpp-server should be removed. oval:org.secpod.oval:def:20321 File permissions for '/boot/grub/grub.conf' should be set appropriate. oval:org.secpod.oval:def:20307 The RPM package dbus should be removed. oval:org.secpod.oval:def:20305 The grub boot loader should have password protection enabled. oval:org.secpod.oval:def:20302 The RPM package cups should be removed. oval:org.secpod.oval:def:20300 The RPM package ypbind should be removed. oval:org.secpod.oval:def:505426 After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the exis ... oval:org.secpod.oval:def:20357 Look for argument "nousb" in the kernel line in /etc/grub.conf oval:org.secpod.oval:def:20364 The RPM package iptables should be installed. oval:org.secpod.oval:def:20365 DHCP configuration should be static for all interfaces. oval:org.secpod.oval:def:20348 The 'grub.conf' file should be owned by appropriate user. By default, this file is located at /boot/grub/grub.conf or, for EFI systems, at /etc/grub.conf. oval:org.secpod.oval:def:20344 The RPM package policycoreutils should be installed. oval:org.secpod.oval:def:500283 This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure . It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update removes that CA"s root certificate from the ca-certificates package, re ... oval:org.secpod.oval:def:20354 The RPM package iptables-ipv6 should be installed. oval:org.secpod.oval:def:20342 The RPM package irqbalance should be installed. oval:org.secpod.oval:def:20329 Only the root account should be assigned a user id of 0. oval:org.secpod.oval:def:20325 The SELinux in /etc/grub.conf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20331 The RPM package cpuspeed should be removed. oval:org.secpod.oval:def:20330 The nosuid option should be enabled for all NFS mounts in /etc/fstab. oval:org.secpod.oval:def:20388 The RPM package audit should be installed. oval:org.secpod.oval:def:20398 The RPM package dhcp should be removed. oval:org.secpod.oval:def:20394 The RPM package cronie should be installed. oval:org.secpod.oval:def:20386 All wireless interfaces should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20385 The nosuid mount option prevents set-user-identifier (suid) and set-group-identifier (sgid) permissions from taking effect. These permissions allow users to execute binaries with the same permissions as the owner and group of the file respectively. Users should not be allowed to introduce suid and g ... oval:org.secpod.oval:def:20366 Verify which group owns the grub.conf file. oval:org.secpod.oval:def:20371 All files should be owned by a user oval:org.secpod.oval:def:501169 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:500032 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ... oval:org.secpod.oval:def:500152 Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java f ... oval:org.secpod.oval:def:500167 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:500168 Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ... oval:org.secpod.oval:def:500172 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ... oval:org.secpod.oval:def:500134 Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ... oval:org.secpod.oval:def:500140 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ... oval:org.secpod.oval:def:500234 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ... oval:org.secpod.oval:def:505101 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:500312 The mod_auth_mysql package includes an extension module for the Apache HTTP Server, which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multiby ... oval:org.secpod.oval:def:500119 libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were access ... oval:org.secpod.oval:def:505015 Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Security Fix: * rubygem-sprockets: Pat ... oval:org.secpod.oval:def:500033 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A use-after-free flaw was found in the Linux kernel"s RPC server sockets implementation. A remote attacker could use this flaw to trigger a denial of service by sen ... oval:org.secpod.oval:def:500223 OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP wou ... oval:org.secpod.oval:def:24736 The host is installed with libevent in RHEL 6 or 7 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an excessively long input. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:500819 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:500959 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:org.secpod.oval:def:501462 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:500228 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ... oval:org.secpod.oval:def:500031 rdesktop is a client for the Remote Desktop Server in Microsoft Windows. It uses the Remote Desktop Protocol to remotely present a user"s desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdeskt ... oval:org.secpod.oval:def:20970 The host is installed with libxslt before 1.1.28 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an empty match attribute in a XSL key to the xsltAddKey function in keys.c or uninitialized variable to the xsltDocumentFunction function in ... oval:org.secpod.oval:def:500059 The librsvg2 packages provide an SVG library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 to crash or, potentially, execute arbitrary code. Red Ha ... oval:org.secpod.oval:def:500014 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found i ... oval:org.secpod.oval:def:500111 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squ ... oval:org.secpod.oval:def:73721 Red Hat offers support and services for each major release of Red Hat Enterprise Linux throughout four phases - Full Support, Maintenance 1 and 2, and the Extended Life Phase. For Red Hat Enterprise Linux 6, the Full/Maintenance Phases span 10 years, followed by an Extended Life Phase. Together, the ... oval:org.secpod.oval:def:500354 Git is a fast, scalable, distributed revision control system. A cross-site scripting flaw was found in gitweb, a simple web interface for Git repositories. A remote attacker could perform an XSS attack against victims by tricking them into visiting a specially-crafted gitweb URL. All gitweb users ... oval:org.secpod.oval:def:505002 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:24757 The host is installed with ntp on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly validate vallen in extension fields. Successful exploitation could allow attackers to disclose sensitive information or overflow the st ... oval:org.secpod.oval:def:505373 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes two security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-30, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or ... oval:org.secpod.oval:def:505544 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-14, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505605 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-11, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505335 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-05, listed in the References section. A flaw was found in the way f ... oval:org.secpod.oval:def:505795 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-28, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:505794 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-13, listed in the References section. All users of Adobe Flash Player sh ... oval:org.secpod.oval:def:505314 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-16, listed in the References section. Specially-crafted SWF content c ... oval:org.secpod.oval:def:505804 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-21, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:505808 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-05, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505810 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-12, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:505814 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-18, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505812 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to cra ... oval:org.secpod.oval:def:505893 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-26, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:500365 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A NULL pointer dereferenc ... oval:org.secpod.oval:def:20973 The host is installed with qt 4.6.3 or earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malformed request. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:500411 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS request messages. A ... oval:org.secpod.oval:def:500427 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler to crash or, potentially, execute ... oval:org.secpod.oval:def:500043 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was ... oval:org.secpod.oval:def:500093 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were ... oval:org.secpod.oval:def:500107 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws t ... oval:org.secpod.oval:def:500169 Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw t ... oval:org.secpod.oval:def:500122 Evince is a document viewer. An array index error was found in the DeVice Independent renderer"s PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user ru ... oval:org.secpod.oval:def:500144 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . An invalid free flaw was found in the password-changing capability of the MIT Kerberos administration daemon, ... oval:org.secpod.oval:def:25181 The host is installed with xz on Red Hat Enterprise Linux 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process filenames containing a semicolon. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:500199 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . The Public Key Cryptography for Initial Authentication in Kerberos capability provides support for using pub ... oval:org.secpod.oval:def:505041 The qs module for Node.js is a querystring parser that supports nesting and arrays with a depth limit. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-qs . Security Fix: * It was found that ljharb"s qs module for Node.js did not properly parse query strings. ... oval:org.secpod.oval:def:505074 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: * A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted ... oval:org.secpod.oval:def:500278 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A flaw was found in the w ... oval:org.secpod.oval:def:500237 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ... oval:org.secpod.oval:def:501618 The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the repo ... oval:org.secpod.oval:def:21526 The host is installed with System Security Services Daemon (SSSD) 1.11.6 and is prone to Security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to bypass access restrictions. oval:org.secpod.oval:def:500089 The nfs-utils packages provide a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported ... oval:org.secpod.oval:def:500092 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it ... oval:org.secpod.oval:def:500166 virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM , or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a pa ... oval:org.secpod.oval:def:500170 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:501052 The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when m ... oval:org.secpod.oval:def:500203 Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded va ... oval:org.secpod.oval:def:500246 The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot ... oval:org.secpod.oval:def:500007 libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup"s SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible ... oval:org.secpod.oval:def:500229 Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linke ... oval:org.secpod.oval:def:502213 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in th ... oval:org.secpod.oval:def:502216 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:502218 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:502220 The microcode_ctl packages provide microcode updates for Intel and AMD processors. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 CPU branch injection vulnerability mitigation. Further testing has uncovered problems with the microcode provided along with the Spectre mi ... oval:org.secpod.oval:def:502248 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution branch target injection * hw: cpu: speculative execution bounds-check bypass * hw: cpu: speculative execution permission faults handling For more details about t ... oval:org.secpod.oval:def:502209 The microcode_ctl packages provide microcode updates for Intel and AMD processors. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions . There are three primary variants of the issue which differ in the ... oval:org.secpod.oval:def:500338 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when add ... oval:org.secpod.oval:def:500083 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sa ... oval:org.secpod.oval:def:500084 The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were n ... oval:org.secpod.oval:def:500090 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certa ... oval:org.secpod.oval:def:500006 Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server"s SSH host key not to be checked. This could make it easier for a man-in-the-middle atta ... oval:org.secpod.oval:def:500183 The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. It was discovered that libuser did not set the password entry co ... oval:org.secpod.oval:def:500130 Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to ... oval:org.secpod.oval:def:25180 The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration fr ... oval:org.secpod.oval:def:500109 PolicyKit is a toolkit for defining and handling authorizations. A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those command ... oval:org.secpod.oval:def:24039 The host is installed with gnutls before 3.1.0 and is prone to a security bypass vulnerability. A flaw is present in the application, which does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate. Successful exploitation could allow remote attacker ... oval:org.secpod.oval:def:25167 The host is installed with gnutls on Red Hat Enterprise Linux 6 or 7 and is prone to a cross-signature attack vulnerability. A flaw is present in the application, which fails to properly validate whether the two signature algorithms match on certificate import. Successful exploitation could allow at ... oval:org.secpod.oval:def:500030 NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* ... oval:org.secpod.oval:def:500410 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ... oval:org.secpod.oval:def:500449 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ... oval:org.secpod.oval:def:500444 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:500421 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:505342 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use th ... oval:org.secpod.oval:def:505060 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing informa ... oval:org.secpod.oval:def:505420 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes multiple security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-15, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to ... oval:org.secpod.oval:def:505518 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF c ... oval:org.secpod.oval:def:505079 The GNU Compiler Collection is a portable compiler suite with support for various programming languages, including C, C++, and Fortran. The devtoolset-8-gcc packages provide the Red Hat Developer Toolset version of GCC, as well as related libraries. Security Fix: * gcc: POWER9 DARN RNG intrinsic pr ... oval:org.secpod.oval:def:503641 The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. Security Fix: * ipmitool: Buffer overflow in read_fru_area_se ... oval:org.secpod.oval:def:505614 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-09, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505304 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB13-01, listed in the References section. Specially-crafted SWF content c ... oval:org.secpod.oval:def:24758 The host is installed with ntp on RHEL 6 or 7 and is prone to an IP ACLs bypass vulnerability. A flaw is present in the application, which fails to properly handle spoofed packets with ::1 source address. Successful exploitation could allow attackers to bypass source IP ACLs on some OSes. oval:org.secpod.oval:def:500101 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementa ... oval:org.secpod.oval:def:505809 The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505811 The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:505317 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes four vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-21, listed in the References section. Specially-crafted SWF co ... oval:org.secpod.oval:def:503564 The Python Imaging Library adds image processing capabilities to your Python interpreter. This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. Security Fix: * python-pillow: improperly restricted operations on memory ... oval:org.secpod.oval:def:505395 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. A cross-site scripting flaw was found in the way the Red Hat Satellite web interface performed ... oval:org.secpod.oval:def:505430 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. A ... oval:org.secpod.oval:def:505394 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505460 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505514 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. This updat ... oval:org.secpod.oval:def:505582 Chromium is an open-source web browser, powered by WebKit . Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium user ... oval:org.secpod.oval:def:505336 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505385 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505478 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505488 Chromium is an open-source web browser, powered by WebKit . Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to bypass cross origin restrictions, and access or modify data from an unrelated web site. All Chromium users sho ... oval:org.secpod.oval:def:505510 Chromium is an open-source web browser, powered by WebKit . Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium user ... oval:org.secpod.oval:def:505604 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 52.0.2743.82. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505634 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 49.0.2623.108. Security Fix: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or dis ... oval:org.secpod.oval:def:505297 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505260 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 51.0.2704.79. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505483 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505497 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 51.0.2704.103. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505598 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 54.0.2840.100. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505274 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 56.0.2924.76. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505450 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 53.0.2785.143. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505457 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 54.0.2840.90. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose s ... oval:org.secpod.oval:def:505464 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 55.0.2883.75. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505493 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 54.0.2840.59. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505550 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 58.0.3029.96. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose s ... oval:org.secpod.oval:def:505256 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 57.0.2987.98. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505351 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 58.0.3029.81. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505355 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 59.0.3071.86. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505386 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 57.0.2987.133. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505432 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 64.0.3282.167. Security Fix: * chromium-browser: incorrect derived class instantiation in v8 For more details about the security issue, including the impact, a CVSS score, and other related informat ... oval:org.secpod.oval:def:505549 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 67.0.3396.62. Security Fix: * chromium-browser: Use after free in Blink * chromium-browser: Type confusion in Blink * chromium-browser: Overly permissive policy in WebUSB * chromium-browser: Heap ... oval:org.secpod.oval:def:505266 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 66.0.3359.117. Security Fix: * chromium-browser: Use after free in Disk Cache * chromium-browser: Use after free in Disk Cache * chromium-browser: Use after free in WebAssembly * chromium-browser: ... oval:org.secpod.oval:def:505279 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 67.0.3396.87. Security Fix: * chromium-browser: Out of bounds write in V8 For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the C ... oval:org.secpod.oval:def:505452 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 65.0.3325.146. Security Fix: * chromium-browser: incorrect permissions on shared memory * chromium-browser: use-after-free in blink * chromium-browser: race condition in v8 * chromium-browser: hea ... oval:org.secpod.oval:def:505438 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 67.0.3396.79. Security Fix: * chromium-browser: Incorrect handling of CSP header For more details about the security issue, including the impact, a CVSS score, and other related information, refer t ... oval:org.secpod.oval:def:505495 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 66.0.3359.170. Security Fix: * chromium-browser: Heap buffer overflow in PDFium * chromium-browser: Privilege Escalation in extensions * chromium-browser: Type confusion in V8 For more details abo ... oval:org.secpod.oval:def:505616 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 69.0.3497.100. Security Fix: * chromium-browser: Function signature mismatch in WebAssembly * chromium-browser: URL Spoofing in Omnibox For more details about the security issue, including the impa ... oval:org.secpod.oval:def:505412 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 69.0.3497.81. Security Fix: * chromium-browser: Out of bounds write in V8 * chromium-browser: Out of bounds read in Blink * chromium-browser: Out of bounds read in WebAudio * chromium-browser: Out ... oval:org.secpod.oval:def:505806 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB11-03, listed in the References section. A specially-crafted PDF file could cause Adobe Re ... oval:org.secpod.oval:def:505365 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505425 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505621 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505367 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505068 Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix: * perl: Integer overflow leading to buffer overflow in Perl_my_setenv * perl: Heap-based buffer overflow in S_handle_regex_sets * perl: Heap-based buffer overflow ... oval:org.secpod.oval:def:505049 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby . Security Fix: * rubygems: Installing a malicious gem may lea ... oval:org.secpod.oval:def:505011 The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix: * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default For more details about the security issue, including the impa ... oval:org.secpod.oval:def:505800 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes multiple vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IB ... oval:org.secpod.oval:def:505815 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505576 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 50.0.2661.75. Security Fix: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disc ... oval:org.secpod.oval:def:505381 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 50.0.2661.94. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505520 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505458 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 66.0.3359.139. Security Fix: * chromium-browser: Use after free in Media Cache For more details about the security issue, including the impact, a CVSS score, and other related information, refer to ... oval:org.secpod.oval:def:505038 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * nginx: Denial of service and memory disclosure via mp4 module For more details about the security issue, including the impact, a CVSS score, and ... oval:org.secpod.oval:def:505078 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:505331 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 61.0.3163.79. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505459 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 61.0.3163.100. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505494 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium ... oval:org.secpod.oval:def:505267 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 62.0.3202.75. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose s ... oval:org.secpod.oval:def:505490 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 62.0.3202.89. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505593 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 63.0.3239.84. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505563 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 70.0.3538.110. Security Fix: * chromium-browser: Use-after-free in GPU * chromium-browser: Out of bounds memory access in V8 For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:505063 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:21811 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21812 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21810 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21809 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21831 The host is installed with sendmail before 8.14.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a custom mail-delivery program. Successful exploitation allows local users to access unintended high-numbered file descriptors. oval:org.secpod.oval:def:21823 The host is installed with Graphviz 2.34.0 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to a "badly formed number" and a "long digit list". Successful exploitation allows remote attackers to have uns ... oval:org.secpod.oval:def:21827 The host is installed with Graphviz 2.34.0 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long line in a dot file. Successful exploitation allows remote attackers to have unspecified impact. oval:org.secpod.oval:def:21822 The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty functi ... oval:org.secpod.oval:def:501457 YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. A buffer overflow flaw was found in the way the libyaml library parsed URLs in YAML documents. An attacker able to load specially crafted YA ... oval:org.secpod.oval:def:24754 The host is installed with mpfr in RHEL 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly allocate buffer. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:505562 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:24759 The host is installed with wireshark in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted packet-trace file. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24734 The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ... oval:org.secpod.oval:def:24036 The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ... oval:org.secpod.oval:def:24037 The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ... oval:org.secpod.oval:def:21801 The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ... oval:org.secpod.oval:def:24744 The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information. oval:org.secpod.oval:def:24738 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted Ad hoc On-Demand Distance Vector (AODV) packet. Successful exploitation could allow attackers to obtain sensiti ... oval:org.secpod.oval:def:24735 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PPP packet. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24739 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted length value in a Geonet frame. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24740 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an integer underflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted length value in an OLSR frame. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24041 The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ... oval:org.secpod.oval:def:24537 The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use authenticated negotiate connections. Success ... oval:org.secpod.oval:def:24538 The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use NTLM connections. Successful exploitation co ... oval:org.secpod.oval:def:25183 The host is installed with libidn on Red Hat Enterprise Linux 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an invalid UTF-8 value. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:25186 The host is installed with hplip on Red Hat Enterprise Linux 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a key specified by the key's short ID. Successful exploitation could allow attackers to trick users to download ma ... oval:org.secpod.oval:def:25163 The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected syst ... oval:org.secpod.oval:def:505626 PostgreSQL is an advanced object-relational database management system . Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause P ... oval:org.secpod.oval:def:21833 The host is installed with perl-Data-Dumper before 2.154 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump funct ... oval:org.secpod.oval:def:505564 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 59.0.3071.104. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505612 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 63.0.3239.108. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose ... oval:org.secpod.oval:def:505272 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 60.0.3112.78. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:505330 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 79.0.3945.117. Security Fix: * chromium-browser: Use after free in audio For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information ... oval:org.secpod.oval:def:505354 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 64.0.3282.119. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505413 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 71.0.3578.80. Security Fix: * chromium-browser: Out of bounds write in V8 * chromium-browser: Use after frees in PDFium * chromium-browser: Heap buffer overflow in Skia * chromium-browser: Use aft ... oval:org.secpod.oval:def:505048 Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx . Security Fix: * A NULL pointer dereference flaw was found in the nginx code responsible for saving client req ... oval:org.secpod.oval:def:505615 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 52.0.2743.116. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505106 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: rh-postgresql94-postgresql Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A re ... oval:org.secpod.oval:def:505531 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A ... oval:org.secpod.oval:def:505115 Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A rem ... oval:org.secpod.oval:def:505059 Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could u ... oval:org.secpod.oval:def:505281 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 53.0.2785.89. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:38607 The host is installed with samba4 or samba and is prone to an unconditional privilege delegation vulnerability. A flaw is present in the application, which fails to properly handle Kerberos TGT. An attacker who successfully exploited this vulnerability could fully impersonate the authenticated user ... oval:org.secpod.oval:def:38608 The host is installed with samba4 or samba and is prone to an elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle kerberos. An attacker who successfully exploited this vulnerability could watch password changes in Samba oval:org.secpod.oval:def:31664 The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ... oval:org.secpod.oval:def:31665 The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ... oval:org.secpod.oval:def:504806 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: mod_rewrite configurations vulnerable to open redirect * httpd: mod_rewrite potential open redirect For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:504817 Sprockets is a Ruby library for compiling and serving web assets. It features declarative dependency management for JavaScript and CSS assets, as well as a powerful preprocessor pipeline that allows to write assets in languages like CoffeeScript, Sass and SCSS. Security Fix: * rubygem-sprockets: Pat ... oval:org.secpod.oval:def:504819 Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * rubygem-actionpack: render file directory traversal in Action View * rubygem-actionpack: denial of service vulnerability in Action View ... oval:org.secpod.oval:def:504822 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:504879 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing informa ... oval:org.secpod.oval:def:504877 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql . Security Fix: * mysql: sha256_password authentication DoS via long password ... oval:org.secpod.oval:def:504884 Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or ... oval:org.secpod.oval:def:504892 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * nginx: Denial of service and memory disclosure via mp4 module * nginx: Excessive memory consumption via flaw in HTTP/2 implementation For more d ... oval:org.secpod.oval:def:504898 Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A rem ... oval:org.secpod.oval:def:504832 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this ... oval:org.secpod.oval:def:504830 Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs-tough-cookie . Security Fix: * Regular expression denial of service flaws were found in Tough-Cookie. An attacker able to make an app ... oval:org.secpod.oval:def:504840 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql . Security Fix: * mysql: sha256_password authentication DoS via long password ... oval:org.secpod.oval:def:504862 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB da ... oval:org.secpod.oval:def:504915 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:504918 Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can ... oval:org.secpod.oval:def:504920 Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie . Security Fix: * A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an app ... oval:org.secpod.oval:def:504932 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: rh-postgresql95-postgresql Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A re ... oval:org.secpod.oval:def:504936 Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: * It was discovered that Lucene"s XML query parser did not properly ... oval:org.secpod.oval:def:504941 The ruby193 collection provides Ruby version 1.9.3 and Ruby on Rails version 3.2. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View c ... oval:org.secpod.oval:def:504940 Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage. Security Fix: * A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote ... oval:org.secpod.oval:def:504945 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB da ... oval:org.secpod.oval:def:504908 The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates ... oval:org.secpod.oval:def:504997 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql92-postgresql Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remot ... oval:org.secpod.oval:def:504952 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to ... oval:org.secpod.oval:def:504957 Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. Security Fix: * It was discovered that Lucene"s XML query parser did not properly ... oval:org.secpod.oval:def:504960 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The httpd24 Software Collection has been upgraded to version 2.4.25, which provides a number ... oval:org.secpod.oval:def:504979 The ror40 collection provides Ruby on Rails version 4.0. Ruby on Rails is a model-view-controller framework for web application development. The following issues were corrected in rubygem-actionpack: Multiple directory traversal flaws were found in the way the Action View component searched for tem ... oval:org.secpod.oval:def:504977 Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. Security Fix: * A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted ... oval:org.secpod.oval:def:504985 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:504984 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix: * rubygems: Installing a malicious gem may lead to arbitrary code execution For more details about the security issue, including the i ... oval:org.secpod.oval:def:506835 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: An assertion check can fail while answering queries for DNAME reco ... oval:org.secpod.oval:def:506841 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI secu ... oval:org.secpod.oval:def:506843 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: EDIPARTYNAME NULL pointer de-reference For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:504907 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Push diary crash on specifically crafted HTTP/2 header For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:505334 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.162. Security Fix: * chromium-browser: Use after free in WebAudio * chromium-browser: Use after free in WebAudio * chromium-browser: Heap buffer overflow in media For more details about ... oval:org.secpod.oval:def:505093 Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * rubygem-actionpack: render file directory traversal in Action View * rubygem-actionpack: denial of service vulnerability in Action View ... oval:org.secpod.oval:def:505527 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 83.0.4103.97. Security Fix: * chromium-browser: Use after free in reader mode * chromium-browser: Use after free in media * chromium-browser: Use after free in WebRTC * chromium-browser: Type Conf ... oval:org.secpod.oval:def:505635 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 81.0.4044.129. Security Fix: * chromium-browser: Use after free in storage * chromium-browser: Use after free in task scheduling For more details about the security issue, including the impact, a C ... oval:org.secpod.oval:def:505259 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 81.0.4044.138. Security Fix: * chromium-browser: Type Confusion in Blink * usrsctp: Buffer overflow in AUTH chunk input validation For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:505277 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 81.0.4044.113. Security Fix: * chromium-browser: Use after free in speech recognizer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:505471 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 81.0.4044.122. Security Fix: * chromium-browser: Out of bounds read and write in PDFium * chromium-browser: Use after free in payments * chromium-browser: Insufficient data validation in URL format ... oval:org.secpod.oval:def:504839 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql . Security Fix: * This update fixes several vulnerabilities in the MySQL datab ... oval:org.secpod.oval:def:504955 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql . Security Fix: * An integer overflow flaw leading to a buffer overflow was fou ... oval:org.secpod.oval:def:505108 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB databa ... oval:org.secpod.oval:def:505803 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql . Security Fix: * An integer overflow flaw leading to a buffer overflow was fou ... oval:org.secpod.oval:def:500336 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could cras ... oval:org.secpod.oval:def:500260 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could ... oval:org.secpod.oval:def:503365 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Improper handling of Kerberos proxy credentials * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn * OpenJD ... oval:org.secpod.oval:def:505633 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. Security Fix: * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn * OpenJDK: Incorrect handling of nest ... oval:org.secpod.oval:def:505294 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix: * OpenJDK: Serialization filter changes via jdk.serialFilter property modification * OpenJDK: Incorrect isBuiltinStreamH ... oval:org.secpod.oval:def:505473 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix: * OpenJDK: Serialization filter changes via jdk.serialFilter property modification * OpenJDK: Incorrect isBuiltinStreamH ... oval:org.secpod.oval:def:505470 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP60. Security Fix: * OpenJDK: Serialization filter changes via jdk.serialFilter property modification * OpenJDK: Incorrect isB ... oval:org.secpod.oval:def:503561 The International Components for Unicode library provides robust and full-featured Unicode services. Security Fix: * ICU: Integer overflow in UnicodeString::doAppend For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:505393 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.122. Security Fix: * ICU: Integer overflow in UnicodeString::doAppend * chromium-browser: Type confusion in V8 * chromium-browser: Use after free in WebAudio * chromium-browser: Use afte ... oval:org.secpod.oval:def:505475 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.132. Security Fix: * chromium-browser: Insufficient policy enforcement in media For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:505501 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 79.0.3945.130. Security Fix: * chromium-browser: use-after-free in speech recognizer * chromium-browser: use-after-free in speech recognizer * chromium-browser: extension message verification error ... oval:org.secpod.oval:def:503467 The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:503468 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix: * Mozilla: Use-after-free in worker destruction * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * Mozilla: Buffer overflow in plain text serialize ... oval:org.secpod.oval:def:503482 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sa ... oval:org.secpod.oval:def:503484 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix: * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement * Mozilla: Bypass of @namespace CSS sanitization during pasting * Mozilla: Type Confus ... oval:org.secpod.oval:def:505524 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-26, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505530 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-02, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505601 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-08, listed in the References section. A vulnerability was repor ... oval:org.secpod.oval:def:505329 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB14-07, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505384 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security bulletin APSB14-04, listed in the References section. Specially-crafted SWF content c ... oval:org.secpod.oval:def:505500 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:505356 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09, listed in the References section. Two flaws were found ... oval:org.secpod.oval:def:505507 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed in the References section. A flaw was found in the way fla ... oval:org.secpod.oval:def:505517 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505333 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505309 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-16, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505486 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505587 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-21, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505487 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-22, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505565 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed in the Adobe Security Bulletin APSB14-26, listed in the References section. A flaw was found in the way fla ... oval:org.secpod.oval:def:505270 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-01, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505479 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-27, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:505433 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multi ... oval:org.secpod.oval:def:505570 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505340 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-06 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505350 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505542 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505289 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially ... oval:org.secpod.oval:def:505358 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505620 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505467 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to ... oval:org.secpod.oval:def:505387 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-28 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:505523 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.644. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505559 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.186. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505278 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.637. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505366 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.643. Security Fix: * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin lis ... oval:org.secpod.oval:def:505623 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.148. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505579 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.151. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505431 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.126. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505368 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.187. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505434 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.130. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505603 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.161. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505537 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.154. Security Fix: * flash-plugin: Information Disclosure vulnerabilities * flash-plugin: Security Mitigation Bypass vulnerability * flash-pl ... oval:org.secpod.oval:def:505306 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505796 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.113. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability * flash-plugin: Arbitrary Code Execution vulnerability * flash-plug ... oval:org.secpod.oval:def:505448 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.134. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability * flash-plugin: Information Disclosure vulnerability For more detai ... oval:org.secpod.oval:def:505661 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.108. Security Fix: * flash-plugin: Information Disclosure vulnerability For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:505301 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.153. Security Fix: * flash-plugin: Arbitrary code execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505824 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.101. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505402 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 31.0.0.148. Security Fix: * flash-plugin: Information Disclosure vulnerability For more details about the security issue, including the impact, a CVSS ... oval:org.secpod.oval:def:505416 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.113. Security Fix: * flash-plugin: Use After Free - remote code execution vulnerability * flash-plugin: Type Confusion - remote code execution ... oval:org.secpod.oval:def:505643 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.221. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505287 The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:505791 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505790 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505389 The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from ... oval:org.secpod.oval:def:505805 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for exam ... oval:org.secpod.oval:def:505816 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505817 The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java based applications to hang, for exam ... oval:org.secpod.oval:def:505825 The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:505894 The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:42416 A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ... oval:org.secpod.oval:def:42415 A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol. oval:org.secpod.oval:def:42414 A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol. oval:org.secpod.oval:def:42420 A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ... oval:org.secpod.oval:def:24042 The host is installed with linux kernel through 2.6.32-504.12.2.el6 on Red Hat Enterprise Linux 6 and through 3.10.0-229.1.2.el7 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, where a regular user could remove xattr permissions ... oval:org.secpod.oval:def:504983 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql . Security Fix: * mysql: Server: Replication unspecified vulnerability * mys ... oval:org.secpod.oval:def:505071 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql56-mysql . Security Fix: * This update fixes several vulnerabilities in the MySQL datab ... oval:org.secpod.oval:def:505293 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section. Multiple flaws were f ... oval:org.secpod.oval:def:505622 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-23 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:505648 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-25 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:24746 The host is installed with busybox in RHEL 5 or 6 and is prone to an unprivileged arbitrary module load vulnerability. A flaw is present in the application, which fails to handle basename abuse. Successful exploitation could allow attackers to load arbitrary module. oval:org.secpod.oval:def:500145 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy im ... oval:org.secpod.oval:def:505069 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb , rh-mariadb102-galera . Security Fix: * mysql: Server: Replication unspecif ... oval:org.secpod.oval:def:504823 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: rh-mysql57-mysql . Security Fix: * mysql: Server: Replication unspecified vulnerability * mys ... oval:org.secpod.oval:def:505027 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb102-mariadb , rh-mariadb102-galera . Security Fix: * mysql: Server: Replication unspecifi ... oval:org.secpod.oval:def:505506 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.621. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505327 The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be fou ... oval:org.secpod.oval:def:505316 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:505319 The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:505508 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505346 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to cra ... oval:org.secpod.oval:def:505525 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505646 The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Further information about these flaws can be fou ... oval:org.secpod.oval:def:500178 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker co ... oval:org.secpod.oval:def:506847 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:503562 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:505343 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 83.0.4103.116. Security Fix: * chromium-browser: Use after free in extensions For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:42210 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable , the loader could allow part of that application"s dat ... oval:org.secpod.oval:def:505569 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 50.0.2661.102. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:505639 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 83.0.4103.106. Security Fix: * chromium-browser: Use after free in speech * chromium-browser: Insufficient policy enforcement in WebView * chromium-browser: Out of bounds write in V8 For more deta ... oval:org.secpod.oval:def:505522 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Security Fix: * flash-plugin: Remote Code Execution vulnerabilities * flash-plugin: Information Disclosure vulnerabilities For more deta ... oval:org.secpod.oval:def:505284 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.137. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505642 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 27.0.0.170. Security Fix: * This update fixes one vulnerability in Adobe Flash Player. This vulnerability, detailed in the Adobe Security Bulletin liste ... oval:org.secpod.oval:def:505659 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.127. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505468 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.194. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505044 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb100-mariadb . Security Fix: * A flaw was found in the way the mysqld_safe script handled ... oval:org.secpod.oval:def:505090 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a later upstream version: rh-mariadb101-mariadb . Security Fix: * mysql: insecure error log file handling in mysqld_safe * ... oval:org.secpod.oval:def:505502 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.137. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505538 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 25.0.0.171. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bull ... oval:org.secpod.oval:def:505392 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.632. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505492 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.626. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505339 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-04 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:505403 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-07, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505662 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:505566 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 79.0.3945.88. Security Fix: * chromium-browser: Use after free in media picker For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related infor ... oval:org.secpod.oval:def:505624 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.635. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:505651 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.616. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:500232 The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file s ... oval:org.secpod.oval:def:501589 ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A loca ... oval:org.secpod.oval:def:505436 Cobbler is a network install server. Cobbler supports PXE, virtualized installs, and re-installing existing Linux machines. Cobbler has a XMLRPC API for integration with other applications. Security Fix: * cobbler: CobblerXMLRPCInterface exports all its methods over XMLRPC For more details about th ... oval:org.secpod.oval:def:504791 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:504811 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:504873 PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ... oval:org.secpod.oval:def:505443 Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix: * It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization ... oval:org.secpod.oval:def:502010 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentic ... oval:org.secpod.oval:def:24535 The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ... oval:org.secpod.oval:def:505372 The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain ... oval:org.secpod.oval:def:501997 The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic to ... oval:org.secpod.oval:def:505589 Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: * A stored cross-site scripting flaw was found in the way spacewalk-java disp ... oval:org.secpod.oval:def:504834 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:504848 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:505046 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:505546 Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: * A cross-site scripting flaw was found in how XML data was handled in Red Ha ... oval:org.secpod.oval:def:24741 The host is installed with gnutls in RHEL 6 and is prone to privilege escalation vulnerabilities. The flaws are present in the application, which fails to properly perform date/time check on CA certificates. Successful exploitation could allow attackers to invoke expired certificates. oval:org.secpod.oval:def:505050 Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine with support for monitoring multiple JVM instances. Thermostat supports monitoring and gathering performance data from JVMs running on the same machine, a remote machine, or across a network. The tool c ... oval:org.secpod.oval:def:24755 The host is installed with kernel on RHEL 6 or 7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle race condition which leaves the extended attribute(xattr) empty for a short time window. Successful exploitation could allow attacker ... oval:org.secpod.oval:def:505498 Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that the RPC interface in Satellite would resolve external entities, allowing an at ... oval:org.secpod.oval:def:501508 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ... oval:org.secpod.oval:def:505826 Red Hat Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of Red Hat Network without having to provide public Internet access to their servers or othe ... oval:org.secpod.oval:def:23617 The host is installed with LibreOffice before 4.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful exploitation might allow remote attackers to embed arbitrary data into documents. oval:org.secpod.oval:def:505415 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. St ... oval:org.secpod.oval:def:21834 The host is installed with gpgme before 1.5.1 and is prone to multiple heap-based buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to "different line lengths in a specific order". Successful exploitation allow remote attackers ... oval:org.secpod.oval:def:21830 The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ... oval:org.secpod.oval:def:505481 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. The spacewalk-java packages contain the code for the Java version of the Spacewalk Web site. It ... oval:org.secpod.oval:def:502167 The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts. A denial of service flaw was found in the way Python"s SSL module implementation perf ... oval:org.secpod.oval:def:505818 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:505504 The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. An unquoted search path flaw was found in the way the QEMU Gues ... oval:org.secpod.oval:def:501145 The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dra ... oval:org.secpod.oval:def:500165 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user coul ... oval:org.secpod.oval:def:500123 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest u ... oval:org.secpod.oval:def:500190 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with th ... oval:org.secpod.oval:def:500259 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. Virtual Network Computing is a remote display system. A flaw was found in the way the VNC "password" option was handled. Clearing a ... oval:org.secpod.oval:def:500071 The kdelibs packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented ... oval:org.secpod.oval:def:500193 The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to ... oval:org.secpod.oval:def:500268 Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web b ... oval:org.secpod.oval:def:500066 vsftpd is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted ... oval:org.secpod.oval:def:500231 FUSE can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were pres ... oval:org.secpod.oval:def:500202 SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unpr ... oval:org.secpod.oval:def:500160 The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format audio files. An attacker could create a specially-crafted PAF fi ... oval:org.secpod.oval:def:500080 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500164 Virtual Network Computing is a remote display system which allows you to view a computer"s desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. It was disc ... oval:org.secpod.oval:def:500163 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create ... oval:org.secpod.oval:def:500273 The kdelibs packages provide libraries for the K Desktop Environment . A cross-site scripting flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-s ... oval:org.secpod.oval:def:500034 The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially-crafted log file could cause logrotate to ... oval:org.secpod.oval:def:500271 rsync is a program for synchronizing files over a network. A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to ... oval:org.secpod.oval:def:500217 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that several libvirt API calls did not honor the read-only permission for ... oval:org.secpod.oval:def:500230 The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory moun ... oval:org.secpod.oval:def:500242 Logwatch is a customizable log analysis system. Logwatch parses through your system"s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create ... oval:org.secpod.oval:def:500125 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. A flaw was found in the Hot ... oval:org.secpod.oval:def:500265 Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they ... oval:org.secpod.oval:def:500131 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain ... oval:org.secpod.oval:def:500187 Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an applicatio ... oval:org.secpod.oval:def:500218 Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using ... oval:org.secpod.oval:def:500118 The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into vis ... oval:org.secpod.oval:def:500281 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:500041 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript ... oval:org.secpod.oval:def:500387 Concurrent Version System is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS format. If an attacker in control of a CVS rep ... oval:org.secpod.oval:def:500403 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Two buffer overflow flaws were found in the ... oval:org.secpod.oval:def:500319 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly ac ... oval:org.secpod.oval:def:505107 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses * postgresql: Missing aut ... oval:org.secpod.oval:def:505047 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql96-postgresql . Security Fix: * postgresql: Certain host connection parameters defeat client-side security defenses * postgresql: Missing aut ... oval:org.secpod.oval:def:504827 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered ... oval:org.secpod.oval:def:504922 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered ... oval:org.secpod.oval:def:500115 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use t ... oval:org.secpod.oval:def:507416 The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database contains a JDBC driver to support a subset of ANSI-92 SQL. Security Fix: * hsqldb: Untrusted input may lead to RCE attack For more details about the security issue, inc ... oval:org.secpod.oval:def:505521 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-08 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:506845 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ... oval:org.secpod.oval:def:500225 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:505485 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB16-01 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:505515 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-18 listed in the References section. Two flaws were found in th ... oval:org.secpod.oval:def:505318 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed in the References section, could allow an attacker ... oval:org.secpod.oval:def:505100 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql95-postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite ... oval:org.secpod.oval:def:504966 PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: rh-postgresql94-postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite ... oval:org.secpod.oval:def:505081 The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component s ... oval:org.secpod.oval:def:505110 The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Security Fix: * A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the mal ... oval:org.secpod.oval:def:503642 Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Security Fix: * telnet-server: no bounds checks in nextitem function allo ... oval:org.secpod.oval:def:503647 The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and trusted third-party, the Key Distribution Center . Sec ... oval:org.secpod.oval:def:506960 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon. It supports on ... oval:org.secpod.oval:def:504886 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:20213 The /tmp directory is a world-writable directory used for temporary file storage. Verify that it has its own partition or logical volume. oval:org.secpod.oval:def:20221 The Red Hat release and auxiliary key packages are required to be installed. oval:org.secpod.oval:def:505540 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.149. Security Fix: * chromium-browser: Use after free in WebGL * chromium-browser: Use after free in media * chromium-browser: Insufficient policy enforcement in extensions * chromium-br ... oval:org.secpod.oval:def:503569 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix: * Mozilla: Use-after-free when removing data about origins * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion * Mozilla: Use-after ... oval:org.secpod.oval:def:20408 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:20199 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:20194 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:20291 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:20235 The screen saver should be blank. oval:org.secpod.oval:def:20244 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:20223 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:20222 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:20206 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:20202 The postfix service should be enabled if possible. oval:org.secpod.oval:def:20283 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:20268 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:20266 The rsyslog service should be enabled if possible. oval:org.secpod.oval:def:20252 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:20316 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:20319 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:20358 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:20351 The password minimum length should be set appropriately. oval:org.secpod.oval:def:20339 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:20334 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:20328 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:20368 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:20438 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:20439 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:20436 The squid service should be disabled if possible. oval:org.secpod.oval:def:20437 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:20434 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20435 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:20432 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:20433 The Samba (SMB) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20441 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:20442 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20440 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:20427 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20428 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:20425 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:20426 The rpcsvcgssd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20423 Checks /etc/inittab to ensure that default runlevel is set to 3. oval:org.secpod.oval:def:20424 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:20421 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:20422 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:20430 The netfs service should be disabled if possible. oval:org.secpod.oval:def:20431 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:20416 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:20417 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:20414 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:20415 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:20412 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:20413 The nfslock service should be disabled if possible. oval:org.secpod.oval:def:20411 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:20420 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:20405 The haldaemon service should be disabled if possible. oval:org.secpod.oval:def:20406 The avahi-daemon service should be disabled if possible. oval:org.secpod.oval:def:20403 The bluetooth service should be disabled if possible. oval:org.secpod.oval:def:20401 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:20402 The RPM package ypserv should be removed. oval:org.secpod.oval:def:20400 The httpd service should be disabled if possible. oval:org.secpod.oval:def:20409 The ntpd service should be enable or disable as appropriate. oval:org.secpod.oval:def:20478 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:20479 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:20476 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:20477 The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME. oval:org.secpod.oval:def:20485 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20486 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:20483 Manually configure addresses for IPv6 oval:org.secpod.oval:def:20484 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:20481 The direct gnome login warning banner should be set correctly. oval:org.secpod.oval:def:20482 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:20480 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:20467 The mdmonitor service should be disabled if possible. oval:org.secpod.oval:def:20468 Enable the GUI warning banner. oval:org.secpod.oval:def:20474 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:20475 The rexec service should be disabled if possible. oval:org.secpod.oval:def:20472 The nfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20473 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:20470 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:20458 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20459 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20456 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20457 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20454 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20455 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20464 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:20461 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20462 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20460 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20449 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:20447 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:20448 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:20445 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:20446 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:20443 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:20444 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:20452 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20453 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20450 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20451 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20498 The ntpdate service should be disabled if possible. oval:org.secpod.oval:def:20489 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:20487 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:20488 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:20496 The cgred service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20497 The netconsole service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20494 The cgconfig service should be disabled if possible. oval:org.secpod.oval:def:20493 The atd service should be disabled if possible. oval:org.secpod.oval:def:20490 The abrtd service should be disabled if possible. oval:org.secpod.oval:def:20515 The sysstat service should be disabled if possible. oval:org.secpod.oval:def:20516 The certmonger service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20512 The saslauthd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20510 The rhsmcertd service should be disabled if possible. oval:org.secpod.oval:def:20519 The accounts should be configured to expire automatically following inactivity. oval:org.secpod.oval:def:20517 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:20518 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:20505 The psacct service should be enabled if possible. oval:org.secpod.oval:def:20502 The portreserve service should be disabled if possible. oval:org.secpod.oval:def:20500 The oddjobd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20509 The rdisc service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20506 The quota_nld service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20544 The yum-updatesd service should be disabled oval:org.secpod.oval:def:20543 The RPM package openswan should be installed. oval:org.secpod.oval:def:20537 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:20535 The RPM package sendmail should be removed. oval:org.secpod.oval:def:20536 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:20533 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:20534 Protect against unnecessary release of information. oval:org.secpod.oval:def:20531 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:20539 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:20540 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:20541 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:20526 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:20527 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:20524 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:20525 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:20522 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:20523 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:20520 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:20521 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20528 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20529 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20530 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:20191 Idle activation of the screen lock should be enabled. oval:org.secpod.oval:def:20192 The kernel module rds should be disabled. oval:org.secpod.oval:def:20197 The sshd service should be disabled if possible. oval:org.secpod.oval:def:20196 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:20200 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:20289 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:20290 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:20298 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:20299 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20296 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:20297 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:20294 The RPM package bind should be removed. oval:org.secpod.oval:def:20295 The named service should be disabled if possible. oval:org.secpod.oval:def:20292 The rpcidmapd service should be disabled if possible. oval:org.secpod.oval:def:20238 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:20239 Audit files deletion events. oval:org.secpod.oval:def:20237 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:20234 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20243 The default umask for all users should be set correctly oval:org.secpod.oval:def:20241 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:20242 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:20240 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:20229 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:20227 Idle activation of the screen saver should be enabled. oval:org.secpod.oval:def:20228 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20225 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:20232 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20230 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:20231 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:20216 The kernel module dccp should be disabled. oval:org.secpod.oval:def:20217 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:20215 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:20212 The kernel module sctp should be disabled. oval:org.secpod.oval:def:20207 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:20208 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:20205 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:20203 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:20209 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20210 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20211 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:20280 The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20287 The rpcgssd service should be disabled if possible. oval:org.secpod.oval:def:20288 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:20284 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:20281 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:20282 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:20277 The kdump service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20274 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:20275 The rhnsd service should be disabled if possible. oval:org.secpod.oval:def:20272 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:20273 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20270 The allowed period of inactivity before the screensaver is activated. oval:org.secpod.oval:def:20271 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:20259 Postfix network listening should be disabled oval:org.secpod.oval:def:20257 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:20265 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:20263 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:20264 rsyslogd should reject remote messages oval:org.secpod.oval:def:20262 The kernel module hfs should be disabled. oval:org.secpod.oval:def:20247 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:20245 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20246 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:20255 The passwords to remember should be set correctly. oval:org.secpod.oval:def:20253 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:20250 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:20251 The kernel module tipc should be disabled. oval:org.secpod.oval:def:20317 The RPM package screen should be installed. oval:org.secpod.oval:def:20318 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:20315 The Apache qpidd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20311 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:20312 The RPM package dovecot should be removed. oval:org.secpod.oval:def:20320 The vsftpd service should be disabled if possible. oval:org.secpod.oval:def:20306 The messagebus service should be disabled if possible. oval:org.secpod.oval:def:20304 The snmpd service should be disabled if possible. oval:org.secpod.oval:def:20303 The cups service should be disabled if possible. oval:org.secpod.oval:def:20301 The ypbind service should be disabled if possible. oval:org.secpod.oval:def:20308 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:20309 The default umask for users of the bash shell oval:org.secpod.oval:def:20310 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:20359 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:20355 The ip6tables service should be enabled if possible. oval:org.secpod.oval:def:20356 The kernel runtime parameter "kernel.exec-shield" should be set to "1". oval:org.secpod.oval:def:20362 Enable warning banner for GUI login oval:org.secpod.oval:def:20363 The iptables service should be enabled if possible. oval:org.secpod.oval:def:20360 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:20361 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:20349 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:20346 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:20347 The rsh service should be disabled if possible. oval:org.secpod.oval:def:20345 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:20353 The RPM package xinetd should be removed. oval:org.secpod.oval:def:20352 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:20350 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:20337 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:20338 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:20335 The autofs service should be disabled if possible. oval:org.secpod.oval:def:20336 The RPM package squid should be removed. oval:org.secpod.oval:def:20333 The system login banner text should be set correctly. oval:org.secpod.oval:def:20343 The restorecond service should be enabled if possible. oval:org.secpod.oval:def:20340 The password warning age should be set appropriately. oval:org.secpod.oval:def:20341 The irqbalance service should be enabled if possible. oval:org.secpod.oval:def:20326 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:20327 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:20324 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:20322 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:20323 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:20332 The cpuspeed service should be disabled if possible. oval:org.secpod.oval:def:20399 The RPM package httpd should be removed. oval:org.secpod.oval:def:20389 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:20390 The acpid service should be disabled if possible. oval:org.secpod.oval:def:20397 The dhcpd service should be disabled if possible. oval:org.secpod.oval:def:20395 The crond service should be enabled if possible. oval:org.secpod.oval:def:20396 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:20393 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:20391 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:20392 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:20379 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:20377 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:20378 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:20387 The auditd service should be enabled if possible. oval:org.secpod.oval:def:20384 The tftp service should be disabled if possible. oval:org.secpod.oval:def:20382 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:20383 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:20380 The xinetd service should be disabled if possible. oval:org.secpod.oval:def:20381 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:20369 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:20367 The RPM package aide should be installed. oval:org.secpod.oval:def:20375 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:20376 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:20373 The default umask for users of the csh shell oval:org.secpod.oval:def:20374 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. oval:org.secpod.oval:def:20372 Core dumps for all users should be disabled oval:org.secpod.oval:def:20370 The daemon umask should be set as appropriate oval:org.secpod.oval:def:500709 Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execu ... oval:org.secpod.oval:def:500711 TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allo ... oval:org.secpod.oval:def:500736 The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to ... oval:org.secpod.oval:def:500768 SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, an ... oval:org.secpod.oval:def:500770 libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1 , could cause the app ... oval:org.secpod.oval:def:500782 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font , Glyph Bitmap Distribution Format , Windows .fnt and .fon, and PostScript ... oval:org.secpod.oval:def:500830 ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targ ... oval:org.secpod.oval:def:500831 The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, pos ... oval:org.secpod.oval:def:500832 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon handled access control instructions using certificat ... oval:org.secpod.oval:def:500834 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide ... oval:org.secpod.oval:def:500845 OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted i ... oval:org.secpod.oval:def:500855 Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an ap ... oval:org.secpod.oval:def:500858 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication re ... oval:org.secpod.oval:def:500859 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found i ... oval:org.secpod.oval:def:500817 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the OpenSSH ... oval:org.secpod.oval:def:500820 The cifs-utils package contains tools for mounting and managing shares on Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard Linux file systems. A file existence disclosure flaw was found in mount.cifs. If the tool was installed with the setuid bit set, a local attacker could ... oval:org.secpod.oval:def:500821 The SBLIM CIM Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when pa ... oval:org.secpod.oval:def:500827 The php-pecl-apc packages contain APC , the framework for caching and optimization of intermediate PHP code. A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension docume ... oval:org.secpod.oval:def:500828 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their passw ... oval:org.secpod.oval:def:500829 libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state . If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This ... oval:org.secpod.oval:def:500875 Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. ... oval:org.secpod.oval:def:500896 OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG ... oval:org.secpod.oval:def:500898 Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol in several common programming languages. It was discovered that the Qpid daemon did not allow the number of connections from clients to be restricted. A malicious client cou ... oval:org.secpod.oval:def:500951 Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote at ... oval:org.secpod.oval:def:500960 ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targ ... oval:org.secpod.oval:def:500917 The kdelibs packages provide libraries for the K Desktop Environment . Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application us ... oval:org.secpod.oval:def:500918 The kdelibs packages provide libraries for the K Desktop Environment . Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application us ... oval:org.secpod.oval:def:500920 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedT ... oval:org.secpod.oval:def:500922 GEGL is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, pot ... oval:org.secpod.oval:def:500924 nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment . It includes the plug-in viewer and a tool for managing plug-in installations and updates. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Priv ... oval:org.secpod.oval:def:501165 OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly ... oval:org.secpod.oval:def:501167 Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially craft ... oval:org.secpod.oval:def:501175 Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building ... oval:org.secpod.oval:def:501179 The librsvg2 packages provide an SVG library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. All ... oval:org.secpod.oval:def:501186 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:501188 The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in de ... oval:org.secpod.oval:def:501200 Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary c ... oval:org.secpod.oval:def:501204 The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory ... oval:org.secpod.oval:def:501206 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanis ... oval:org.secpod.oval:def:501361 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ... oval:org.secpod.oval:def:500058 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:501327 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Doveco ... oval:org.secpod.oval:def:501330 LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an applic ... oval:org.secpod.oval:def:500079 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A ... oval:org.secpod.oval:def:501402 The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applicat ... oval:org.secpod.oval:def:500103 The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A buffer ... oval:org.secpod.oval:def:501437 The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, ... oval:org.secpod.oval:def:501020 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able ... oval:org.secpod.oval:def:501024 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:501028 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. When SSSD was configured as a Microsoft Active Directory clie ... oval:org.secpod.oval:def:501029 Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to re ... oval:org.secpod.oval:def:501038 stunnel is a socket wrapper which can provide SSL support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server. An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager authentication with the HTTP CONNECT t ... oval:org.secpod.oval:def:501080 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating se ... oval:org.secpod.oval:def:501094 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with ... oval:org.secpod.oval:def:501097 The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project , which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to inten ... oval:org.secpod.oval:def:501043 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-i ... oval:org.secpod.oval:def:501051 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pa ... oval:org.secpod.oval:def:501058 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a p ... oval:org.secpod.oval:def:501063 These packages provide a transport-independent RPC implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically alloc ... oval:org.secpod.oval:def:501077 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissi ... oval:org.secpod.oval:def:501129 gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc"s implementation of the malloc and calloc routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity check ... oval:org.secpod.oval:def:501107 The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to ... oval:org.secpod.oval:def:501108 PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit ... oval:org.secpod.oval:def:501111 RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for ... oval:org.secpod.oval:def:501116 The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding ... oval:org.secpod.oval:def:500269 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID USB smart card reader in passthrough mode ... oval:org.secpod.oval:def:501649 The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the ... oval:org.secpod.oval:def:501650 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501664 libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF with embedded BMP images. By tricking a victim into opening a specially crafted W ... oval:org.secpod.oval:def:501663 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501677 libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused ... oval:org.secpod.oval:def:501676 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:501628 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501633 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly ca ... oval:org.secpod.oval:def:501634 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:501762 The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker c ... oval:org.secpod.oval:def:501766 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the wa ... oval:org.secpod.oval:def:501776 The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ... oval:org.secpod.oval:def:501783 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:501782 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ... oval:org.secpod.oval:def:501792 Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function of f ... oval:org.secpod.oval:def:501797 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:501724 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:501738 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU"s AMD PC-Net II Ethernet Controller emulation received certa ... oval:org.secpod.oval:def:501842 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins ... oval:org.secpod.oval:def:501856 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ... oval:org.secpod.oval:def:501868 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. A ... oval:org.secpod.oval:def:501496 YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input ... oval:org.secpod.oval:def:501499 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501446 mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon"s session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user"s ... oval:org.secpod.oval:def:501474 The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-cha ... oval:org.secpod.oval:def:501539 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ... oval:org.secpod.oval:def:501579 CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operation ... oval:org.secpod.oval:def:501586 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:502056 Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ... oval:org.secpod.oval:def:502029 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled DNSSEC valida ... oval:org.secpod.oval:def:501605 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid w ... oval:org.secpod.oval:def:501609 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:501610 The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the ... oval:org.secpod.oval:def:501612 Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or ... oval:org.secpod.oval:def:501614 Mailman is a program used to help manage e-mail discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. It was found that mailman stored private email me ... oval:org.secpod.oval:def:501617 The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variabl ... oval:org.secpod.oval:def:501619 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashe ... oval:org.secpod.oval:def:501620 Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Multiple cross-site scripting flaws we ... oval:org.secpod.oval:def:20998 The host is installed with libX11 before 1.5.99.902 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unbounded recursion. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20995 The host is installed with libXi before 1.7.2 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20996 The host is installed with libX11 before 1.5.99.902 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the serv ... oval:org.secpod.oval:def:20994 The host is installed with libXi before 1.7.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unexpected sign extension in the XListInputDevices function. Successful exploitation could allow attack ... oval:org.secpod.oval:def:20988 The host is installed with libXrandr before 1.4.1 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Successful exploitation ... oval:org.secpod.oval:def:20987 The host is installed with libXt before 1.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unchecked function pointers. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20985 The host is installed with libXt before 1.1.4 and is prone to an array index error vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the _XtResourceConfigurationEH function. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:20983 The host is installed with libXxf86vm before 1.1.3 and is prone to a multiple array index vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the XF86VidModeGetGammaRamp function. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:20992 The host is installed with libXi before 1.7.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMoti ... oval:org.secpod.oval:def:20990 The host is installed with libXtst 1.2.1 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the XRecordGetContext function. Successful exploitation could allow attackers to trigger allocation of insuff ... oval:org.secpod.oval:def:20978 The host is installed with libXcursor 1.1.13 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the _XcursorFileHeaderCreate function. Successful exploitation could allow attackers to trigger allocation of insuffi ... oval:org.secpod.oval:def:20975 The host is installed with libXv before 1.0.8 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20976 The host is installed with libXinerama before 1.1.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the XineramaQueryScreens function. Successful exploitation could allow attackers to trigger allocation of insu ... oval:org.secpod.oval:def:20974 The host is installed with libXv before 1.0.8 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Successful exploi ... oval:org.secpod.oval:def:20980 The host is installed with libxcb before 1.9.1 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle vectors related to the read_packet function. Successful exploitation could allow attackers to trigger allocation of insufficient memory and a ... oval:org.secpod.oval:def:20966 The host is installed with libXfixes 5.0 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors related to the XFixesGetCursorImage function. Successful exploitation could allow attackers to lead to a heap-ba ... oval:org.secpod.oval:def:20968 The host is installed with libXext before 1.3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) ... oval:org.secpod.oval:def:21004 The host is installed with libX11 before 1.5.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) ... oval:org.secpod.oval:def:21003 The host is installed with Common Unix Printing System (CUPS) before 1.7.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL patch. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:501817 The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - ... oval:org.secpod.oval:def:501406 The X11 libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to a ... oval:org.secpod.oval:def:501421 CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. It was discovered that CUPS all ... oval:org.secpod.oval:def:501952 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ... oval:org.secpod.oval:def:501994 Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigerv ... oval:org.secpod.oval:def:501137 Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being e ... oval:org.secpod.oval:def:502003 The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: * An integer conversion flaw was found in the way OCaml"s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or re ... oval:org.secpod.oval:def:501597 The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. An ... oval:org.secpod.oval:def:502290 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ... oval:org.secpod.oval:def:500980 The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performin ... oval:org.secpod.oval:def:500981 Evolution is the GNOME mailer, calendar, contact manager and communication tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. The way Evolution handled mailto URLs allowed any file to be attached to the new ... oval:org.secpod.oval:def:500976 The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System. It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-control ... oval:org.secpod.oval:def:500984 PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset messages. A local attacker could use this ... oval:org.secpod.oval:def:500986 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc"s error function was called rather than the intended erro ... oval:org.secpod.oval:def:500988 The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of file ... oval:org.secpod.oval:def:500990 The GNU Debugger allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files from the current working directory when debugging programs. This could result in the execution ... oval:org.secpod.oval:def:500995 Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Note: The Certificate Authority compon ... oval:org.secpod.oval:def:500998 Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An a ... oval:org.secpod.oval:def:501000 Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in th ... oval:org.secpod.oval:def:501006 The nss-pam-ldapd packages provide the nss-pam-ldapd daemon , which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descrip ... oval:org.secpod.oval:def:501007 Git is a fast, scalable, distributed revision control system. It was discovered that Git"s git-imap-send command, a tool to send a collection of patches from standard input to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server"s certificate, as it did no ... oval:org.secpod.oval:def:501133 The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca function. An attacker could use this flaw to crash those ut ... oval:org.secpod.oval:def:501135 KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found ... oval:org.secpod.oval:def:501141 Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building ... oval:org.secpod.oval:def:501142 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queri ... oval:org.secpod.oval:def:501144 Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local a ... oval:org.secpod.oval:def:501146 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. It was found that the mdev BusyBox utility could create ... oval:org.secpod.oval:def:501148 Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause a ... oval:org.secpod.oval:def:61189 A microarchitectural timing flaw was found on some Intel processors. In a corner case where data in-flight during the eviction process can end up in the fill buffers and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS ... oval:org.secpod.oval:def:57647 PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL ... oval:org.secpod.oval:def:504925 The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component prov ... oval:org.secpod.oval:def:501790 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name function of the MIT Kerberos kadmind service. An authenticated attacker could r ... oval:org.secpod.oval:def:86310 Netlogon RPC Elevation of Privilege Vulnerability. oval:org.secpod.oval:def:501935 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ... oval:org.secpod.oval:def:502288 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: ns-slapd crash via large filter value in ldapsearch For more details about the ... oval:org.secpod.oval:def:507423 Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ... oval:org.secpod.oval:def:85678 A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to c ... oval:org.secpod.oval:def:504998 Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Security Fix: * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess For more details about the security issue, incl ... oval:org.secpod.oval:def:500151 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. * IPv6 fragment identification value generation could allow a remote at ... oval:org.secpod.oval:def:500120 eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file sys ... oval:org.secpod.oval:def:500764 SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemT ... oval:org.secpod.oval:def:500466 SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules . It was discovered that staprun did not properly ... oval:org.secpod.oval:def:500046 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the receive hook in the ipip_init function in the ipip module, and in the ipgre_init function in the ip_gre module, could be called before networ ... oval:org.secpod.oval:def:500063 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. * Non-member VLAN packet handling ... oval:org.secpod.oval:def:500096 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single parti ... oval:org.secpod.oval:def:500184 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. ... oval:org.secpod.oval:def:500136 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * A race condition ... oval:org.secpod.oval:def:500884 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:500094 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the ... oval:org.secpod.oval:def:500298 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:500262 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which ... oval:org.secpod.oval:def:500126 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. A flaw was found in the way libvirtd handled error reporting for concurrent connection ... oval:org.secpod.oval:def:500274 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. An integer overflow flaw was found in libvirtd"s RPC call handling. An attacker able t ... oval:org.secpod.oval:def:500161 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twic ... oval:org.secpod.oval:def:500000 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * An integer signedness flaw in drm_modeset_ctl cou ... oval:org.secpod.oval:def:500195 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Multiple buffer overflow flaws were found in the Linux kernel"s Management Module Support for Message Passing Technology based controllers. A local, unprivileged ... oval:org.secpod.oval:def:500275 Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim"s ses ... oval:org.secpod.oval:def:500100 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if th ... oval:org.secpod.oval:def:500221 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ... oval:org.secpod.oval:def:500460 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:500311 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inhe ... oval:org.secpod.oval:def:500135 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ... oval:org.secpod.oval:def:500150 Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can pr ... oval:org.secpod.oval:def:500457 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input co ... oval:org.secpod.oval:def:500442 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:500308 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:500175 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS ... oval:org.secpod.oval:def:500114 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:500222 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:500296 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenS ... oval:org.secpod.oval:def:500835 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ... oval:org.secpod.oval:def:501322 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virti ... oval:org.secpod.oval:def:47771 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. oval:org.secpod.oval:def:35563 The host is installed with RHEL 6 or 7 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly sanitize certain input before passing it to the gnuplot delegate functionality. Successful exploitation could allow attackers to execute arbitrary c ... oval:org.secpod.oval:def:501837 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ... oval:org.secpod.oval:def:502002 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:501562 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:501178 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domai ... oval:org.secpod.oval:def:501456 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ... oval:org.secpod.oval:def:501999 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ... oval:org.secpod.oval:def:501105 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condi ... oval:org.secpod.oval:def:501607 The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large l ... oval:org.secpod.oval:def:500070 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ... oval:org.secpod.oval:def:500247 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file th ... oval:org.secpod.oval:def:500795 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that ... oval:org.secpod.oval:def:500180 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package ... oval:org.secpod.oval:def:500833 Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linke ... oval:org.secpod.oval:def:500772 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could ... oval:org.secpod.oval:def:500790 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ... oval:org.secpod.oval:def:500788 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ... oval:org.secpod.oval:def:501951 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ... oval:org.secpod.oval:def:36409 The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions. oval:org.secpod.oval:def:501747 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by ... oval:org.secpod.oval:def:501748 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ... oval:org.secpod.oval:def:501740 The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processe ... oval:org.secpod.oval:def:501742 The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote ... oval:org.secpod.oval:def:502001 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix: * Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a ... oval:org.secpod.oval:def:501602 Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or op ... oval:org.secpod.oval:def:501550 The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbit ... oval:org.secpod.oval:def:21808 The host is installed with PPP package before 2.4.7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long word in an options file. Successful exploitation allows attackers to "access privileged options". oval:org.secpod.oval:def:501297 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:501347 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ... oval:org.secpod.oval:def:501271 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encodin ... oval:org.secpod.oval:def:500957 The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in th ... oval:org.secpod.oval:def:501403 TrouSerS is an implementation of the Trusted Computing Group"s Software Stack specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely , verify a platform"s software state using cryptographic hashes and mo ... oval:org.secpod.oval:def:500923 libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an applicatio ... oval:org.secpod.oval:def:500887 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript"s International Color Consortium Format library . An att ... oval:org.secpod.oval:def:500895 The spice-gtk packages provide a GIMP Toolkit widget for SPICE clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl ... oval:org.secpod.oval:def:500892 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could ... oval:org.secpod.oval:def:500991 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users" "~/.pam_environment" files. I ... oval:org.secpod.oval:def:500159 SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. It was found that SystemTap did not perform proper module path sanity checking if a user specified a custom path to the uprobes m ... oval:org.secpod.oval:def:500886 The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an a ... oval:org.secpod.oval:def:500777 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ... oval:org.secpod.oval:def:500775 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote ... oval:org.secpod.oval:def:500778 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by send ... oval:org.secpod.oval:def:500008 Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attac ... oval:org.secpod.oval:def:500215 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon"s parseLegacySyslogMsg func ... oval:org.secpod.oval:def:500067 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:500147 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using l ... oval:org.secpod.oval:def:500258 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch function when the APR_FNM_PATHNAME matching flag was u ... oval:org.secpod.oval:def:500072 Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd ... oval:org.secpod.oval:def:500236 The kdenetwork packages contain networking applications for the K Desktop Environment . A directory traversal flaw was found in the way KGet, a download manager, handled the file element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, ... oval:org.secpod.oval:def:500132 The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils" tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network tra ... oval:org.secpod.oval:def:500213 The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the way libcgroup converted a list of user-provided controllers for a particular task into an array of strings. A local attacker could use this flaw to escalate th ... oval:org.secpod.oval:def:500009 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. A flaw wa ... oval:org.secpod.oval:def:500239 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500177 The GIMP is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP"s Paint Shop Pro image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:500362 The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially-crafted video ... oval:org.secpod.oval:def:500897 The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ... oval:org.secpod.oval:def:505658 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. Several in ... oval:org.secpod.oval:def:505655 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. A flaw was ... oval:org.secpod.oval:def:505405 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-24, listed in the References section. Multiple flaws were ... oval:org.secpod.oval:def:500706 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ... oval:org.secpod.oval:def:500707 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an applicati ... oval:org.secpod.oval:def:500761 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby app ... oval:org.secpod.oval:def:500025 The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. It can also read ISO 9660 CD-ROM images. Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9 ... oval:org.secpod.oval:def:500082 The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml ... oval:org.secpod.oval:def:500928 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ... oval:org.secpod.oval:def:505627 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505637 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:505558 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:500124 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:500194 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ... oval:org.secpod.oval:def:500261 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:500200 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500235 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A dangling pointe ... oval:org.secpod.oval:def:500011 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ... oval:org.secpod.oval:def:500133 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:502205 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ... oval:org.secpod.oval:def:500717 The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis ... oval:org.secpod.oval:def:500740 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ... oval:org.secpod.oval:def:500756 Mozilla Thunderbird is a standalone mail and newsgroup client. A use-after-free flaw was found in the way Thunderbird removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Thu ... oval:org.secpod.oval:def:502357 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 * Mozilla: Use-after-free in driver timers * Mozi ... oval:org.secpod.oval:def:500767 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ... oval:org.secpod.oval:def:500769 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ... oval:org.secpod.oval:def:500805 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500806 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ... oval:org.secpod.oval:def:500847 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:500849 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ... oval:org.secpod.oval:def:500850 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ... oval:org.secpod.oval:def:500877 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ... oval:org.secpod.oval:def:500878 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ... oval:org.secpod.oval:def:500904 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500905 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ... oval:org.secpod.oval:def:500908 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ... oval:org.secpod.oval:def:500909 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the pri ... oval:org.secpod.oval:def:500915 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ... oval:org.secpod.oval:def:500916 Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ... oval:org.secpod.oval:def:500926 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500927 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ... oval:org.secpod.oval:def:505607 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-09, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505283 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-14, listed in the References section. Several security flaws we ... oval:org.secpod.oval:def:505307 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.330. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505428 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.387. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505345 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.445. Security Fix: * flash-plugin: Arbitrary Code Execution vulnerability For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:505449 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505596 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-24, listed in the References section. Specially-crafted SWF ... oval:org.secpod.oval:def:505379 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-22, listed in the References section. Specially-crafted SWF con ... oval:org.secpod.oval:def:505895 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB11-02, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:505512 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes several security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-02, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to ... oval:org.secpod.oval:def:505606 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB12-27, listed in the References section. Specially-crafted SWF c ... oval:org.secpod.oval:def:505325 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-04, listed in the References section. Specially-crafted SWF con ... oval:org.secpod.oval:def:505292 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-05, listed in the References section. Specially-crafted SWF ... oval:org.secpod.oval:def:505511 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes two security flaws in Adobe Reader. These flaws are detailed in the Adobe Security bulletin APSB13-07, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to cras ... oval:org.secpod.oval:def:505516 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-08, listed in the References section. Specially-crafted SWF con ... oval:org.secpod.oval:def:505571 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 80.0.3987.87. Security Fix: * chromium-browser: Integer overflow in JavaScript * chromium-browser: Type Confusion in JavaScript * chromium-browser: Insufficient policy enforcement in storage * chr ... oval:org.secpod.oval:def:505597 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix: * OpenJDK: LDAPCertStore insecure handling of LDAP referrals * OpenJDK: use of global credentials for HTTP/ ... oval:org.secpod.oval:def:505554 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP20. Security Fix: * OpenJDK: insufficient validation of the invokeinterface instruction * OpenJDK: LDAPCertStore insecure han ... oval:org.secpod.oval:def:505364 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Ki ... oval:org.secpod.oval:def:505503 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP10. Security Fix: * IBM JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges * Oracle JDK: unspeci ... oval:org.secpod.oval:def:501606 Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. Note: The IdM version provided by this update no longer uses jQuery. Bug fixes: ... oval:org.secpod.oval:def:506842 Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fix: * aide: heap-based buffer overflow on outputs larger than B64_BUF For more details about the securi ... oval:org.secpod.oval:def:505592 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Security Fix: * OpenJDK: unrestricted deserialization of data from JCEKS key stores * Oracle JDK: unspecified vulnerability fixed in ... oval:org.secpod.oval:def:505295 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Security Fix: * OpenJDK: unrestricted deserialization of data from JCEKS key stores * Oracle JDK: unspecified vulnerabili ... oval:org.secpod.oval:def:505305 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP25. Security Fix: * OpenJDK: unrestricted deserialization of data from JCEKS key stores * Oracle JDK: unspecified vulnerabili ... oval:org.secpod.oval:def:505418 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP15. Security Fix: * OpenJDK: unrestricted deserialization of data from JCEKS key stores * Oracle JDK: unspecified vulnerability fixed in ... oval:org.secpod.oval:def:500812 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ... oval:org.secpod.oval:def:500825 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ... oval:org.secpod.oval:def:500804 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an ... oval:org.secpod.oval:def:500862 LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way Libr ... oval:org.secpod.oval:def:500853 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:500913 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass J ... oval:org.secpod.oval:def:500914 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox ... oval:org.secpod.oval:def:506942 The zlib packages provide a general-purpose lossless data compression library that is used by many different programs. Security Fix: * zlib: A flaw found in zlib when compressing certain inputs For more details about the security issue, including the impact, a CVSS score, acknowledgments, and othe ... oval:org.secpod.oval:def:506836 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:501390 The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or ... oval:org.secpod.oval:def:505581 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:505590 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505594 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505528 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505539 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500734 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ... oval:org.secpod.oval:def:500741 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:500743 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use ... oval:org.secpod.oval:def:500754 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:500755 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:500763 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:500773 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ... oval:org.secpod.oval:def:500784 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Numerous reference count leaks were found in the Linux kernel"s block layer I/O context handling implementation. This could allow a local, unprivileged user to cau ... oval:org.secpod.oval:def:500789 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ... oval:org.secpod.oval:def:505611 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505625 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505636 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501686 PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. All PostgreSQL users are advised to ... oval:org.secpod.oval:def:501220 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or D ... oval:org.secpod.oval:def:505640 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Ora ... oval:org.secpod.oval:def:505644 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:501298 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, w ... oval:org.secpod.oval:def:500846 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ... oval:org.secpod.oval:def:500851 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ... oval:org.secpod.oval:def:500852 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ... oval:org.secpod.oval:def:500803 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ... oval:org.secpod.oval:def:500816 The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file , but did not remove the root user"s password f ... oval:org.secpod.oval:def:500818 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with ... oval:org.secpod.oval:def:500824 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:501775 PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ... oval:org.secpod.oval:def:500872 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:500874 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:500879 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packa ... oval:org.secpod.oval:def:500880 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A ... oval:org.secpod.oval:def:500882 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges ... oval:org.secpod.oval:def:500035 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could u ... oval:org.secpod.oval:def:500036 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:500050 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500010 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... oval:org.secpod.oval:def:505349 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:500901 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ... oval:org.secpod.oval:def:500903 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd"s RPC call handling. An attacker able to establish a r ... oval:org.secpod.oval:def:500950 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This er ... oval:org.secpod.oval:def:500952 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user cou ... oval:org.secpod.oval:def:500955 Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there ... oval:org.secpod.oval:def:500956 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup under certain erro ... oval:org.secpod.oval:def:500958 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:500962 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format fonts. If a user loaded a sp ... oval:org.secpod.oval:def:500966 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Jav ... oval:org.secpod.oval:def:500967 ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw t ... oval:org.secpod.oval:def:500968 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to byp ... oval:org.secpod.oval:def:500969 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discov ... oval:org.secpod.oval:def:500972 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox res ... oval:org.secpod.oval:def:500973 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ... oval:org.secpod.oval:def:500974 The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ... oval:org.secpod.oval:def:500975 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500977 The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCP ... oval:org.secpod.oval:def:500979 The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project , which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, ... oval:org.secpod.oval:def:500919 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged use ... oval:org.secpod.oval:def:505375 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500925 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:500931 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysql ... oval:org.secpod.oval:def:505399 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500942 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500944 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500992 The httpd packages contain the Apache HTTP Server , which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has th ... oval:org.secpod.oval:def:500993 Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID d ... oval:org.secpod.oval:def:500996 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthe ... oval:org.secpod.oval:def:500997 Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web ... oval:org.secpod.oval:def:500999 The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was discovered that libvirt made certain invalid assumptions about dnsmasq"s com ... oval:org.secpod.oval:def:501002 dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into be ... oval:org.secpod.oval:def:501004 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain uni ... oval:org.secpod.oval:def:500157 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way ... oval:org.secpod.oval:def:501005 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ... oval:org.secpod.oval:def:501010 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ... oval:org.secpod.oval:def:501013 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501012 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501017 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby"s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service b ... oval:org.secpod.oval:def:501019 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner to crash or execute arbitrary code with the ... oval:org.secpod.oval:def:500171 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client" ... oval:org.secpod.oval:def:501021 Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticator#authenticate , it was possible to bypass the security constraint checks in the FORM authenticato ... oval:org.secpod.oval:def:500176 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revoca ... oval:org.secpod.oval:def:501023 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ... oval:org.secpod.oval:def:501030 The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc routine in Boost sanitized the "next_size" and "max_size" parameters when allocating memory. If an ap ... oval:org.secpod.oval:def:501032 Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to cr ... oval:org.secpod.oval:def:501037 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501036 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500127 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:500129 The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon created its pro ... oval:org.secpod.oval:def:500146 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The MySQL PolyFromWKB function did not sanity check Well-Known Binary data, which could allow a remote, authenticated attacker to crash mysqld. A flaw in the w ... oval:org.secpod.oval:def:501081 The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ... oval:org.secpod.oval:def:501083 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501088 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501089 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby"s SSL client"s hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could poten ... oval:org.secpod.oval:def:501091 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501095 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:505454 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Ora ... oval:org.secpod.oval:def:505455 Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:505474 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:501040 The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allo ... oval:org.secpod.oval:def:501045 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ... oval:org.secpod.oval:def:501048 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ... oval:org.secpod.oval:def:501049 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:501055 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501054 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:501057 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:505417 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Ora ... oval:org.secpod.oval:def:501062 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ... oval:org.secpod.oval:def:501061 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ... oval:org.secpod.oval:def:501066 Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs , an attacker could cau ... oval:org.secpod.oval:def:501068 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way KVM initialized a guest"s registered pv_eoi indication flag when entering the guest. An unprivileged guest user could potentially use ... oval:org.secpod.oval:def:501069 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that kadmind"s kpasswd service did not perform any validation on incoming network packets, causi ... oval:org.secpod.oval:def:501070 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501072 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the atta ... oval:org.secpod.oval:def:501075 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ... oval:org.secpod.oval:def:501074 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ... oval:org.secpod.oval:def:501076 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ... oval:org.secpod.oval:def:505435 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500208 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:500209 Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tool ... oval:org.secpod.oval:def:501553 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ... oval:org.secpod.oval:def:500226 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501147 Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, exe ... oval:org.secpod.oval:def:505509 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501150 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted ... oval:org.secpod.oval:def:500250 Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause ... oval:org.secpod.oval:def:501100 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501103 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:505583 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505591 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:501164 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ... oval:org.secpod.oval:def:501168 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A maliciou ... oval:org.secpod.oval:def:505526 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501173 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this iss ... oval:org.secpod.oval:def:501176 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untru ... oval:org.secpod.oval:def:501177 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zone ... oval:org.secpod.oval:def:501180 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. A ... oval:org.secpod.oval:def:501185 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:501184 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:501189 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discove ... oval:org.secpod.oval:def:501194 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash o ... oval:org.secpod.oval:def:501193 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:501198 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:505551 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505552 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505557 Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. Apache Struts is a framework for building web applications with Java. It was found that the Str ... oval:org.secpod.oval:def:505556 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime E ... oval:org.secpod.oval:def:500715 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potential ... oval:org.secpod.oval:def:500733 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, ex ... oval:org.secpod.oval:def:500745 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:500749 Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code ... oval:org.secpod.oval:def:500703 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whos ... oval:org.secpod.oval:def:500791 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause ... oval:org.secpod.oval:def:500793 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ... oval:org.secpod.oval:def:500779 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:500781 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to cr ... oval:org.secpod.oval:def:21799 The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ... oval:org.secpod.oval:def:505610 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:505617 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505619 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:34615 The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. oval:org.secpod.oval:def:501268 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ... oval:org.secpod.oval:def:501270 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501211 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500364 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker coul ... oval:org.secpod.oval:def:501210 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ... oval:org.secpod.oval:def:501213 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:501214 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:501217 Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user ... oval:org.secpod.oval:def:501216 Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Styleshee ... oval:org.secpod.oval:def:501219 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:501222 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:501224 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ... oval:org.secpod.oval:def:501225 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ... oval:org.secpod.oval:def:502177 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:21826 The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allo ... oval:org.secpod.oval:def:505660 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Se ... oval:org.secpod.oval:def:505663 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505282 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:505296 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500856 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ... oval:org.secpod.oval:def:500863 The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS reque ... oval:org.secpod.oval:def:500865 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-leng ... oval:org.secpod.oval:def:500867 OpenLDAP is an open source suite of LDAP applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport ... oval:org.secpod.oval:def:500869 The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP"s GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentia ... oval:org.secpod.oval:def:21807 The host is installed with glibc before 2.20 and is prone to an use-after-free vulnerabilities. The flaws are present in the application, which does not copy its path argument in accordance with the POSIX specification. Successful exploitation allows context-dependent attackers to trigger use-after- ... oval:org.secpod.oval:def:505254 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime E ... oval:org.secpod.oval:def:500801 The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacke ... oval:org.secpod.oval:def:500807 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ... oval:org.secpod.oval:def:505261 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:500823 OpenLDAP is an open source suite of LDAP applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-craf ... oval:org.secpod.oval:def:500826 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this f ... oval:org.secpod.oval:def:500437 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:500451 bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing ma ... oval:org.secpod.oval:def:501301 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that co ... oval:org.secpod.oval:def:501316 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501319 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:500888 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ... oval:org.secpod.oval:def:501363 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ... oval:org.secpod.oval:def:501365 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ... oval:org.secpod.oval:def:501369 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:501368 Updated mysql packages that fix several bugs are now available for Red Hat Enterprise Linux 6. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the ... oval:org.secpod.oval:def:501372 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501371 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ... oval:org.secpod.oval:def:501375 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500048 The php-pear package contains the PHP Extension and Application Repository , a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this fla ... oval:org.secpod.oval:def:501379 Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server usin ... oval:org.secpod.oval:def:501380 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ... oval:org.secpod.oval:def:500061 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this fl ... oval:org.secpod.oval:def:501393 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:501331 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501336 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501335 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:500490 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:501340 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501343 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:500013 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled DHCP requ ... oval:org.secpod.oval:def:501348 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500021 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ... oval:org.secpod.oval:def:500023 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:501356 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:501355 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ... oval:org.secpod.oval:def:501357 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:500906 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ... oval:org.secpod.oval:def:21516 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs protocol reply. Successful exploitation could allow attackers to execute arbitrary code oval:org.secpod.oval:def:21517 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs reply. Successful exploitation could allow attackers to execute arbitrary code oval:org.secpod.oval:def:21515 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to metadata. Successful exploitation could allow attackers to gain privileges by add ... oval:org.secpod.oval:def:505315 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5 and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed ... oval:org.secpod.oval:def:500971 Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attac ... oval:org.secpod.oval:def:500978 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker co ... oval:org.secpod.oval:def:500982 Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they ... oval:org.secpod.oval:def:500983 Squid is a high-performance proxy caching server for web clients that supports FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way the Squid Cache Manager processed certain requests. A remote attacker who is able to access the Cache Manager CGI could use this flaw to ca ... oval:org.secpod.oval:def:500985 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500987 The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite"s Perl-based DCE/RPC IDL compiler. As OpenChange ... oval:org.secpod.oval:def:500989 The dhcp packages provide the Dynamic Host Configuration Protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration ... oval:org.secpod.oval:def:505377 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505376 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:500930 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv ... oval:org.secpod.oval:def:500932 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when op ... oval:org.secpod.oval:def:501400 Apache Xerces for Java is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specia ... oval:org.secpod.oval:def:501401 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ... oval:org.secpod.oval:def:501414 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ... oval:org.secpod.oval:def:501417 The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message ... oval:org.secpod.oval:def:501416 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm function to dereference a NULL ... oval:org.secpod.oval:def:501422 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:501426 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501425 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted J ... oval:org.secpod.oval:def:501428 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way ... oval:org.secpod.oval:def:501427 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:501429 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:501431 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ... oval:org.secpod.oval:def:501430 The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in ... oval:org.secpod.oval:def:501434 Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ... oval:org.secpod.oval:def:501436 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ... oval:org.secpod.oval:def:500994 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle R ... oval:org.secpod.oval:def:501480 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:501484 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500154 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this fla ... oval:org.secpod.oval:def:501485 Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ... oval:org.secpod.oval:def:501008 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use ... oval:org.secpod.oval:def:501016 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and ... oval:org.secpod.oval:def:501026 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the xen_iret function in the Linux kernel used the DS register. A local, unprivileged user in a 32-bit, para-virtualized Xen hyperviso ... oval:org.secpod.oval:def:501027 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an iss ... oval:org.secpod.oval:def:501034 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use th ... oval:org.secpod.oval:def:501039 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501454 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exp ... oval:org.secpod.oval:def:501460 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501463 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501468 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, descripti ... oval:org.secpod.oval:def:500141 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large res ... oval:org.secpod.oval:def:501472 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ... oval:org.secpod.oval:def:501090 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ... oval:org.secpod.oval:def:501092 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ... oval:org.secpod.oval:def:501042 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A ... oval:org.secpod.oval:def:501056 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Opensw ... oval:org.secpod.oval:def:501064 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cip ... oval:org.secpod.oval:def:501065 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent created certain files with world-writable permissions when run in daemon mode . An unprivileged guest user ... oval:org.secpod.oval:def:505437 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505484 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Se ... oval:org.secpod.oval:def:505491 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:501545 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ... oval:org.secpod.oval:def:501546 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ... oval:org.secpod.oval:def:501549 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501551 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501554 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:501503 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501505 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501504 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501507 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501506 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501120 Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw ... oval:org.secpod.oval:def:501123 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501122 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ... oval:org.secpod.oval:def:501125 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ... oval:org.secpod.oval:def:501124 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send ... oval:org.secpod.oval:def:501127 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501126 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501128 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ... oval:org.secpod.oval:def:501132 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:501136 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a cli ... oval:org.secpod.oval:def:501138 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different ses ... oval:org.secpod.oval:def:501139 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ... oval:org.secpod.oval:def:501149 The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ... oval:org.secpod.oval:def:505505 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501152 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:501151 The GIMP is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, ... oval:org.secpod.oval:def:501154 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:500241 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to ... oval:org.secpod.oval:def:501101 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed ... oval:org.secpod.oval:def:501106 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:500264 The International Components for Unicode library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application ... oval:org.secpod.oval:def:501113 The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ... oval:org.secpod.oval:def:501115 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use ... oval:org.secpod.oval:def:501119 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:502050 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump ov ... oval:org.secpod.oval:def:505568 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Securi ... oval:org.secpod.oval:def:502017 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the ... oval:org.secpod.oval:def:501171 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This coul ... oval:org.secpod.oval:def:501641 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:501644 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ... oval:org.secpod.oval:def:501648 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ... oval:org.secpod.oval:def:501657 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:501660 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:501667 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ... oval:org.secpod.oval:def:501600 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make B ... oval:org.secpod.oval:def:501608 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ... oval:org.secpod.oval:def:500762 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user coul ... oval:org.secpod.oval:def:501626 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ... oval:org.secpod.oval:def:505608 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5. In a typical operating environment, these are of low security r ... oval:org.secpod.oval:def:501267 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block dri ... oval:org.secpod.oval:def:21824 The host is installed with qemu-kvm before 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which triggers access of an uninitialized socket. Successful exploitation allows local users to cause a denial of service (NULL pointer dereference) by sending a ... oval:org.secpod.oval:def:502145 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable , the loader could allow part of that application"s dat ... oval:org.secpod.oval:def:500843 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm function in the Linux kernel"s netfilter IPv6 connection tracking implementation. A remote attac ... oval:org.secpod.oval:def:500868 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_execbuffer2 function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this fla ... oval:org.secpod.oval:def:505276 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:501761 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU"s Firmware Configuration device emulation processed certain f ... oval:org.secpod.oval:def:24536 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24539 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24540 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24541 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24542 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24543 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501786 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ... oval:org.secpod.oval:def:24544 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501789 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:24545 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501794 The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit , OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or apple ... oval:org.secpod.oval:def:501793 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet cou ... oval:org.secpod.oval:def:26769 The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries l ... oval:org.secpod.oval:def:501735 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ... oval:org.secpod.oval:def:500899 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_do_execbuffer function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this f ... oval:org.secpod.oval:def:501756 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ... oval:org.secpod.oval:def:501364 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ... oval:org.secpod.oval:def:504888 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb . Security Fix: * It was discovered that the MariaDB logging functionality allowe ... oval:org.secpod.oval:def:500065 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local ... oval:org.secpod.oval:def:505341 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM ... oval:org.secpod.oval:def:500911 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, ... oval:org.secpod.oval:def:505380 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:501885 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ... oval:org.secpod.oval:def:504929 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql . Security Fix: * It was discovered that the MySQL logging functionality allowe ... oval:org.secpod.oval:def:504996 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb . Security Fix: * It was discovered that the MariaDB logging functionality al ... oval:org.secpod.oval:def:501001 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv ... oval:org.secpod.oval:def:501471 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ... oval:org.secpod.oval:def:25185 The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle fork(2) and close(2) system calls with an 'int80' entry. Successful exploitation could allow attackers to es ... oval:org.secpod.oval:def:505409 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Fu ... oval:org.secpod.oval:def:505424 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Ki ... oval:org.secpod.oval:def:505040 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql . Security Fix: * It was discovered that the MySQL logging functionality allowed w ... oval:org.secpod.oval:def:505070 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb . Security Fix: * It was discovered that the MariaDB logging functionality al ... oval:org.secpod.oval:def:505010 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ... oval:org.secpod.oval:def:500206 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system"s networking, preventing legitimate users from accessing its ... oval:org.secpod.oval:def:501537 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker coul ... oval:org.secpod.oval:def:501556 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:501557 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:501559 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:501995 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:501131 OpenSSH is OpenBSD"s Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log i ... oval:org.secpod.oval:def:501560 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ... oval:org.secpod.oval:def:501565 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501567 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:501571 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501574 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A p ... oval:org.secpod.oval:def:501577 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:501588 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:24742 The host is installed with kernel in RHEL 6 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly decode encrypted filenames. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:501591 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:500794 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:501084 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:502190 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ... oval:org.secpod.oval:def:501791 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. This updat ... oval:org.secpod.oval:def:501360 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity attacks. An attacker able to de ... oval:org.secpod.oval:def:501332 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat ... oval:org.secpod.oval:def:501570 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ... oval:org.secpod.oval:def:500891 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ... oval:org.secpod.oval:def:501613 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ... oval:org.secpod.oval:def:501616 The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ... oval:org.secpod.oval:def:501621 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ ... oval:org.secpod.oval:def:501293 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:502161 Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment tools, and support services. The mod_proxy_fcgi package provides a proxy module for the Apache 2.2 HTTP s ... oval:org.secpod.oval:def:21806 The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certai ... oval:org.secpod.oval:def:21804 The host is installed with curl 7.17.1 through 7.38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read. Successful exploitation allows remote web servers ... oval:org.secpod.oval:def:501415 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:501548 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:501143 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ... oval:org.secpod.oval:def:501112 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. ... oval:org.secpod.oval:def:502249 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in col ... oval:org.secpod.oval:def:502016 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind reques ... oval:org.secpod.oval:def:37411 The host is installed with policycoreutils on RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle characters pushed into the terminal's input buffer. Successful exploitation could allow an attacker to escape the sandbox. oval:org.secpod.oval:def:501934 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:501992 OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ... oval:org.secpod.oval:def:502281 Librelp is an easy-to-use library for the Reliable Event Logging Protocol protocol. RELP is a general-purpose, extensible logging protocol. Security Fix: * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c For more details about the security issue, including the impa ... oval:org.secpod.oval:def:501968 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Security Fix: * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a databa ... oval:org.secpod.oval:def:502369 GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The glust ... oval:org.secpod.oval:def:501863 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:501962 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ... oval:org.secpod.oval:def:501969 The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached re ... oval:org.secpod.oval:def:38098 The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dra ... oval:org.secpod.oval:def:502054 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:502640 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * openssh: User enumeration via malformed packets in authentication requests For more details abo ... oval:org.secpod.oval:def:501803 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:501805 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementati ... oval:org.secpod.oval:def:501821 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ... oval:org.secpod.oval:def:502358 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:502360 Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Security Fix: * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess For more details about the security issue, incl ... oval:org.secpod.oval:def:501945 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:501983 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ... oval:org.secpod.oval:def:502000 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEM ... oval:org.secpod.oval:def:502019 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:502033 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that ghostscript did not properly validate the parameters passed to the .rsd ... oval:org.secpod.oval:def:35564 The host is installed with RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:36404 The host installed with kernel package on RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a networking challenge ack. Successful exploitation could allow attackers to determine the shared counter. oval:org.secpod.oval:def:502132 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent ... oval:org.secpod.oval:def:35691 The host is installed with RHEL 6 or 7 and is prone to a memory allocation vulnerability. A flaw is present in the application, which fails to properly handle crafted symbolic links. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:37410 The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted SGI file. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:37409 The host is installed with RHEL 6 or 7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted image. Successful exploitation could allow attackers to lead to a heap-based buffer overflow. oval:org.secpod.oval:def:37803 The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:37092 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, mariadb 5.5.50 and earlier on Red Hat Enterprise Linux 7 or mysql55-mysql 5.5.40-2.el5 and earlier and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly ha ... oval:org.secpod.oval:def:501819 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a s ... oval:org.secpod.oval:def:501830 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:501832 The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from squid34, this version of Red Hat Enterprise Linux also includes the squid packages which provide Squid version 3.1. Security ... oval:org.secpod.oval:def:501835 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501881 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicio ... oval:org.secpod.oval:def:501887 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ... oval:org.secpod.oval:def:501847 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way certain interfaces of the Linux kernel"s Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when ... oval:org.secpod.oval:def:501849 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectl ... oval:org.secpod.oval:def:501851 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:501850 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:501853 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-midd ... oval:org.secpod.oval:def:501859 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick emulator built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was ... oval:org.secpod.oval:def:501866 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel"s networking subsystem allowed an off-path attacker to leak certain information about a given connection b ... oval:org.secpod.oval:def:501867 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ... oval:org.secpod.oval:def:501871 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:501873 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501874 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ... oval:org.secpod.oval:def:501877 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501878 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the Linux kernel"s keyring handling code, where in key_reject_and_link an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use ... oval:org.secpod.oval:def:501925 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ... oval:org.secpod.oval:def:501931 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ... oval:org.secpod.oval:def:501937 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501940 memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached bin ... oval:org.secpod.oval:def:501943 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:501942 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:501944 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:501946 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501949 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501955 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ... oval:org.secpod.oval:def:501967 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ... oval:org.secpod.oval:def:501972 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501971 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501974 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501976 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ... oval:org.secpod.oval:def:501981 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepr ... oval:org.secpod.oval:def:501984 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA Emulator support is vulnerabl ... oval:org.secpod.oval:def:501989 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501990 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501996 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ... oval:org.secpod.oval:def:502005 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authenti ... oval:org.secpod.oval:def:502052 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502065 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ... oval:org.secpod.oval:def:502067 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly c ... oval:org.secpod.oval:def:502066 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If ... oval:org.secpod.oval:def:502068 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ... oval:org.secpod.oval:def:502022 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:502025 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:502028 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502041 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ... oval:org.secpod.oval:def:502040 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authenticated samba client, ... oval:org.secpod.oval:def:502043 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ... oval:org.secpod.oval:def:502045 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:502046 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the Linux kernel"s handling of packets with the URG flag. Applications using the splice and tcp_splice_read functionality can allow a remote attacker to force the kernel to enter ... oval:org.secpod.oval:def:502049 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ... oval:org.secpod.oval:def:502048 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:502122 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:502535 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:502175 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:502182 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502181 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502195 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:502134 The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts , and pcmcia configuration files. Security Fix: * An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery ... oval:org.secpod.oval:def:502139 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A race condition was found in samba server. A malicious samba clie ... oval:org.secpod.oval:def:502140 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that samba did not enforce "SMB signing" when certain configuratio ... oval:org.secpod.oval:def:502144 The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ... oval:org.secpod.oval:def:502146 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ... oval:org.secpod.oval:def:502147 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:502149 PostgreSQL is an advanced object-relational database management system . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal to send an empty password. A remote attacker could potentially use this flaw to gain ... oval:org.secpod.oval:def:502152 The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ... oval:org.secpod.oval:def:502219 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502223 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A use-after-free flaw leading to denial of service was found in the way ... oval:org.secpod.oval:def:502233 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:502200 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. A ... oval:org.secpod.oval:def:502203 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:21524 The host is installed with FreeRDP through 1.0.2 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a large ScopeCount value in a Scope List. Successful exploitation could allow attackers to a denial of service (application crash) or possib ... oval:org.secpod.oval:def:502321 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: Buffer overflow in glob wit ... oval:org.secpod.oval:def:502007 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:502006 The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ... oval:org.secpod.oval:def:502131 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to ... oval:org.secpod.oval:def:502222 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ... oval:org.secpod.oval:def:502235 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. ... oval:org.secpod.oval:def:502242 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ... oval:org.secpod.oval:def:502245 LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ... oval:org.secpod.oval:def:502244 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability in web UI For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References secti ... oval:org.secpod.oval:def:502250 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Buffer overflow manipulating SVG animatedPathSegList * Mozilla: Out-of-bounds write with malformed IP ... oval:org.secpod.oval:def:502252 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix: * Mozilla: Vorbis audio processing out of bounds write For more details about the security issue, including the impact, ... oval:org.secpod.oval:def:502258 The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix: * Mozilla: Vorbis audio processing out of bounds ... oval:org.secpod.oval:def:502259 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 * Mozilla: Vorbis audio processing out o ... oval:org.secpod.oval:def:502261 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix: * firefox: Use-after-free in compositor potentially allows code execution For more details about the security issue, incl ... oval:org.secpod.oval:def:502276 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ... oval:org.secpod.oval:def:502275 The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the abili ... oval:org.secpod.oval:def:502279 The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file . Patch should ... oval:org.secpod.oval:def:502284 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass * OpenJDK: unrestricted deserialization of data from JCEKS key stores * OpenJ ... oval:org.secpod.oval:def:501876 Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: * It was discovered that python-twisted-web used the value of the Proxy header from ... oval:org.secpod.oval:def:502331 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow usin ... oval:org.secpod.oval:def:502334 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix: * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification For more details abou ... oval:org.secpod.oval:def:502339 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 * Mozilla: Buffer overflow using computed size of canvas element * Mozilla: Use ... oval:org.secpod.oval:def:502346 OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networ ... oval:org.secpod.oval:def:502314 The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ... oval:org.secpod.oval:def:502318 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * samba: Null pointer indirection in printer server process For mor ... oval:org.secpod.oval:def:502320 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * samba: Null pointer indirection in printer server process For more details about the sec ... oval:org.secpod.oval:def:502352 Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix: * mutt: Remote code injection vulnerability to an IMAP mailbox * mutt: Remote Code Execu ... oval:org.secpod.oval:def:502355 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: processing of certain records when "deny-answer-aliases" ... oval:org.secpod.oval:def:502367 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix: * Mozilla: Crash in TransportSecurityInfo due to cached data * Mozilla: Setting a master password post-Firefox 58 does no ... oval:org.secpod.oval:def:502316 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:502370 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello For more details about the security issue, including ... oval:org.secpod.oval:def:502585 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * Mozilla: Memory corruption in Angle * Mozilla: ... oval:org.secpod.oval:def:502595 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 * chromium-browser, firefox: Memory corruption in Angle * Mozilla: Use-after-free with select elem ... oval:org.secpod.oval:def:502599 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * ... oval:org.secpod.oval:def:502537 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozilla: Integer overflow during Unicode conversion whi ... oval:org.secpod.oval:def:502612 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix: * chromium-browser, mozilla: Use after free in Skia * mozilla: Integer overflow in Skia For more details about the secur ... oval:org.secpod.oval:def:502628 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM ... oval:org.secpod.oval:def:502633 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix: * Mozilla: IonMonkey MArraySlice has incorrect alias information * Mozilla: Ionmonkey type confusion with __proto__ mutat ... oval:org.secpod.oval:def:502636 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 * Mozilla: Use-after-free when removing in-use DOM elements * Mozilla: Type inference is incorrect ... oval:org.secpod.oval:def:502606 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:502608 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix: * Mozilla: Use-after-free parsing HTML5 stream * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 * Mozilla: Privilege escalation through IPC channel ... oval:org.secpod.oval:def:502377 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 * Mozilla: Crash with nested event loops * Mozill ... oval:org.secpod.oval:def:503314 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: 0-byte record padding oracle For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:503172 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix: * Mozilla: Type confusion in Array.pop * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c * Mozilla: Sandbox escape using Prompt:Open * thu ... oval:org.secpod.oval:def:503139 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * bind: Limiting simultaneous TCP clients is ineffective For more details ... oval:org.secpod.oval:def:59044 A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction. oval:org.secpod.oval:def:502024 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ... oval:org.secpod.oval:def:504291 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 * Mozilla: XSS when pasting attacker-controlled da ... oval:org.secpod.oval:def:501448 LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, ... oval:org.secpod.oval:def:501993 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid character ... oval:org.secpod.oval:def:501638 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:504787 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:507002 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * log4j: deserialization of untrusted data in SocketServer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:505072 Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specia ... oval:org.secpod.oval:def:502069 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ... oval:org.secpod.oval:def:505580 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP50. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development K ... oval:org.secpod.oval:def:502027 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ... oval:org.secpod.oval:def:502030 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ... oval:org.secpod.oval:def:505602 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP20. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Ki ... oval:org.secpod.oval:def:502117 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ... oval:org.secpod.oval:def:502185 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely byp ... oval:org.secpod.oval:def:505285 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP10. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Ki ... oval:org.secpod.oval:def:502207 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely byp ... oval:org.secpod.oval:def:505352 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP10. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:505472 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP60. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:505439 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP35. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development K ... oval:org.secpod.oval:def:501961 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:504923 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb55-mariadb . Security Fix: * It was found that the MariaDB client library did not properly c ... oval:org.secpod.oval:def:504965 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql . Security Fix: * This update fixes several vulnerabilities in the MySQL databa ... oval:org.secpod.oval:def:504971 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: mysql55-mysql . Security Fix: * This update fixes several vulnerabilities in the MySQL database ... oval:org.secpod.oval:def:504982 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a newer upstream version: rh-mysql56-mysql . Security Fix: * This update fixes several vulnerabilities in the MySQL databa ... oval:org.secpod.oval:def:504986 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:505097 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:24760 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted BMP image. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24752 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:505541 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:505652 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505656 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4, 5.5, and 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixe ... oval:org.secpod.oval:def:505264 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505463 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:501153 The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan JPEG markers or Define ... oval:org.secpod.oval:def:502031 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ... oval:org.secpod.oval:def:500714 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript"s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF fi ... oval:org.secpod.oval:def:500786 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wiresh ... oval:org.secpod.oval:def:500081 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applicati ... oval:org.secpod.oval:def:500148 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute ... oval:org.secpod.oval:def:501478 JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, ex ... oval:org.secpod.oval:def:500028 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ... oval:org.secpod.oval:def:502148 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL ... oval:org.secpod.oval:def:21813 The host is installed with D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20 or 1.8.x before 1.8.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which sends an accessdenied error to the service instead of a client when the client is prohibited from accessing t ... oval:org.secpod.oval:def:500204 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user coul ... oval:org.secpod.oval:def:500214 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with ... oval:org.secpod.oval:def:500395 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. * compat_alloc_user_space ... oval:org.secpod.oval:def:500044 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer underflow flaw, leading to a buffer overflow, was found in the Linux kernel"s Datagram Congestion Control Protocol implementation. This could allow a r ... oval:org.secpod.oval:def:500085 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A divide-by-zero flaw was found in the tcp_select_initial_window function in the Linux kernel"s TCP/IP protocol suite implementation. A local, unprivileged user co ... oval:org.secpod.oval:def:500112 * Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable permissions , a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. * Integer overflow in the RDS protocol implementation could allow a local, unprivileged user to cause ... oval:org.secpod.oval:def:500212 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the sctp_icmp_proto_unreachable function in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could us ... oval:org.secpod.oval:def:505311 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:505310 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP15. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:501884 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:501932 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:506850 Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawN ... oval:org.secpod.oval:def:500197 system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-fi ... oval:org.secpod.oval:def:505102 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby , rh-ruby23-rubygems , rh-ruby23-rubygem-json , rh-ruby23-rubyg ... oval:org.secpod.oval:def:505105 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby . Security Fix: * ruby: Command injection vulnerability in Net ... oval:org.secpod.oval:def:81884 A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the c_rehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically e ... oval:org.secpod.oval:def:502199 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: * An out-of-bounds array dereference was found in apr_time_exp_get. An attacker could abuse an unvalidated usage of thi ... oval:org.secpod.oval:def:504875 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: * An out-of-bounds array dereference was found in apr_time_exp_get. An attacker could abuse an unvalidated usage of thi ... oval:org.secpod.oval:def:504878 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: mod_session_cookie does not respect expiry time * httpd: mod_auth_di ... oval:org.secpod.oval:def:504880 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby , rh-ruby24-rubygems , rh-ruby24-rubygem-bigdecimal , rh-ruby24 ... oval:org.secpod.oval:def:504842 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby22-ruby , rh-ruby22-rubygems , rh-ruby22-rubygem-psych , rh-ruby22-ruby ... oval:org.secpod.oval:def:504912 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby23-ruby , rh-ruby23-rubygems . Security Fix: * ruby: OpenSSL::X509::Na ... oval:org.secpod.oval:def:505017 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:505030 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: rh-ruby24-ruby . Security Fix: * A buffer underflow was found in ruby"s sprin ... oval:org.secpod.oval:def:505031 Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix: * perl: heap write overflow in regcomp.c * perl: heap read overflow in regexec.c For more details about the security issue, including the impact, a CVSS score, and ... oval:org.secpod.oval:def:505035 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Security Fix: * httpd: privilege escalation from modules scripts * mod_auth_mellon: authent ... oval:org.secpod.oval:def:506837 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:505586 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM ... oval:org.secpod.oval:def:505595 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:501642 gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bit ... oval:org.secpod.oval:def:501659 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501658 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501661 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:501666 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:501668 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:501669 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:501671 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:501673 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501615 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, co ... oval:org.secpod.oval:def:501629 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501635 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:505631 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM ... oval:org.secpod.oval:def:501680 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:31663 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory oval:org.secpod.oval:def:31660 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ... oval:org.secpod.oval:def:31661 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ... oval:org.secpod.oval:def:31662 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ... oval:org.secpod.oval:def:31656 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:31657 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31658 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31659 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:505291 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP25. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development K ... oval:org.secpod.oval:def:501715 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:35693 The host is installed with RHEL 6 or 7 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted xml file. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:501765 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:501770 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501777 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed ... oval:org.secpod.oval:def:501785 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:501725 The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ... oval:org.secpod.oval:def:501732 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501739 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501743 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ... oval:org.secpod.oval:def:501744 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:501746 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:501750 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501752 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501755 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501758 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ... oval:org.secpod.oval:def:501759 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:505324 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Fu ... oval:org.secpod.oval:def:501801 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:501808 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:501809 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:501812 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501823 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:501827 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:501833 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ... oval:org.secpod.oval:def:501836 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501839 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501838 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ... oval:org.secpod.oval:def:505374 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP40. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software De ... oval:org.secpod.oval:def:501846 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501855 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501869 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:505447 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:505456 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Softw ... oval:org.secpod.oval:def:505469 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Securi ... oval:org.secpod.oval:def:34933 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:501936 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:501975 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ... oval:org.secpod.oval:def:505536 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 62.0.3202.62. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:502186 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * Two vulnerabilities were discovered in t ... oval:org.secpod.oval:def:505657 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Dev ... oval:org.secpod.oval:def:505362 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP45. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development K ... oval:org.secpod.oval:def:505408 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:505419 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP5. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit ... oval:org.secpod.oval:def:505588 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Security Fix: * IBM JDK: privilege escalation via insufficiently restricted access to Attach API * IBM JDK: DoS in the jav ... oval:org.secpod.oval:def:504266 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Incomplete enforcement of the trustURLCodebase restricti ... oval:org.secpod.oval:def:506851 The microcode_ctl packages provide microcode updates for Intel. Security Fix: * hw: vt-d related privilege escalation * hw: improper isolation of shared resources in some Intel Processors * hw: observable timing discrepancy in some Intel Processors * hw: information disclosure on some Intel Atom ... oval:org.secpod.oval:def:502032 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ... oval:org.secpod.oval:def:502588 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * ntp: Stack-based buffer overflow in ntpq ... oval:org.secpod.oval:def:505641 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Incomplete enforcement of the trustURLCodebase restricti ... oval:org.secpod.oval:def:502616 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, and other related information ... oval:org.secpod.oval:def:502615 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Temporary auth hijacking via PID reuse and non-atomic fork For more details a ... oval:org.secpod.oval:def:502620 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: memory disclosure in FileChannelImpl For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other re ... oval:org.secpod.oval:def:502644 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Font layout engine out of bounds access setCurrGlyphID * OpenJDK: Slow conversion of BigDecimal to long * OpenJDK: Incorrect skeleton selection ... oval:org.secpod.oval:def:502646 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: Font layout engine out of bounds access setCurrGlyphID * OpenJDK: Slow conversion of BigDecimal to long * OpenJDK: Incorrect skeleton selection ... oval:org.secpod.oval:def:26768 The host is installed with kernel on RHEL 5, 6, or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle kernel's virtio-net handled fragmented packets. Successful exploitation could allow attackers to send crafted packets to a target ... oval:org.secpod.oval:def:502230 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow vulnerability in ip6_find_1stfragopt function was found. A local attacker that has privileges to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt functi ... oval:org.secpod.oval:def:502247 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Qemu: cirrus: OOB access issue in mode4and5 write functions For more details abo ... oval:org.secpod.oval:def:505320 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP30. Security Fix: * IBM JDK: privilege escalation via insufficiently restricted access to Attach API * IBM JDK: DoS in the jav ... oval:org.secpod.oval:def:505326 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Incomplete enforcement of the trustURLCodebase restricti ... oval:org.secpod.oval:def:505370 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 70.0.3538.67. Security Fix: * chromium-browser: Sandbox escape in AppCache * chromium-browser: Remote code execution in V8 * chromium-browser: URL spoof in Omnibox * chromium-browser: Use after fr ... oval:org.secpod.oval:def:505382 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Unrestricted access to scripting engine * OpenJDK: Incomplete enfo ... oval:org.secpod.oval:def:46444 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:502338 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: insufficient index validation in PatternSyntaxException getMessage For more details about the security issue, including the impact, a CVSS score, ... oval:org.secpod.oval:def:502319 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: Resource exhaustion via qemuMonitorIORead method * ... oval:org.secpod.oval:def:505400 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Unrestricted access to scripting engine * OpenJDK: Incomplete enfo ... oval:org.secpod.oval:def:502376 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Unrestricted access to scripting engine * OpenJDK: Incomplete enforcement of the trustURLCodebase restr ... oval:org.secpod.oval:def:504166 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP35. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Incomplete enforcement of the trustURLCodebase restricti ... oval:org.secpod.oval:def:504183 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Unrestricted access to scripting engine * OpenJDK: Incomplete enfo ... oval:org.secpod.oval:def:504189 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP25. Security Fix: * OpenJDK: Improper field access checks * OpenJDK: Unrestricted access to scripting engine * OpenJDK: Incomplete enfo ... oval:org.secpod.oval:def:505099 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd , httpd ... oval:org.secpod.oval:def:505095 Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix: * xmlrpc: Deserialization of server-side exception from faultCause in XMLRPC error response For more details about the security issue, including the impa ... oval:org.secpod.oval:def:504837 Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix: * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:501978 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ... oval:org.secpod.oval:def:502004 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A denial of service flaw was found in the way th ... oval:org.secpod.oval:def:505391 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromiu ... oval:org.secpod.oval:def:500445 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.secpod.oval:def:507500 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:87850 A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects d ... oval:org.secpod.oval:def:87851 A vulnerability was found in Git. This security issue occurs when feeding a crafted input to "git apply." A path outside the working tree can be overwritten by the user running "git apply." oval:org.secpod.oval:def:506844 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Heap buffer overflow in argument parsing ... oval:org.secpod.oval:def:503643 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix: * Mozilla: Use-after-free while running the nsDocShell destructor * Mozilla: Use-after-free when handling a ReadableStrea ... oval:org.secpod.oval:def:500053 WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running t ... oval:org.secpod.oval:def:505792 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB11-07, listed in the References section. Specially-crafted SWF content could ... oval:org.secpod.oval:def:505561 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM ... oval:org.secpod.oval:def:501624 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:505600 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:505353 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Securi ... oval:org.secpod.oval:def:505363 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:501573 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:501584 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:501592 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:501594 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:501950 Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ... oval:org.secpod.oval:def:505441 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP70. Security Fix: * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS * OpenJDK: Bypass of boundary checks in nio.Buffe ... oval:org.secpod.oval:def:505300 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 81.0.4044.92. Security Fix: * chromium-browser: Use after free in audio * chromium-browser: Use after free in extensions * chromium-browser: Out of bounds read in WebSQL * chromium-browser: Type C ... oval:org.secpod.oval:def:505585 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 86.0.4240.183. Security Fix: * chromium-browser: Use after free in user interface * chromium-browser: Insufficient policy enforcement in ANGLE * chromium-browser: Inappropriate implementation in V8 ... oval:org.secpod.oval:def:505543 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 85.0.4183.102. Security Fix: * chromium-browser: Use after free in video * chromium-browser: Insufficient policy enforcement in installer * chromium-browser: Race in Mojo * chromium-browser: Use a ... oval:org.secpod.oval:def:505548 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 85.0.4183.83. Security Fix: * chromium-browser: Use after free in presentation API * chromium-browser: Incorrect security UI in Omnibox * chromium-browser: Insufficient policy enforcement in autofi ... oval:org.secpod.oval:def:503843 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Inappropriate implementation in WebRTC * Mozilla: Potential leak of redirect targets when loading script ... oval:org.secpod.oval:def:505618 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 86.0.4240.75. Security Fix: * chromium-browser: Use after free in payments * chromium-browser: Use after free in Blink * chromium-browser: Use after free in WebRTC * chromium-browser: Use after fr ... oval:org.secpod.oval:def:505344 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 85.0.4183.121. Security Fix: * chromium-browser: Out of bounds read in storage * chromium-browser: Insufficient policy enforcement in extensions * chromium-browser: Insufficient policy enforcement ... oval:org.secpod.oval:def:505308 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 86.0.4240.111. Security Fix: * chromium-browser: Inappropriate implementation in Blink * chromium-browser: Use after free in media * chromium-browser: Use after free in PDFium * freetype: Heap-bas ... oval:org.secpod.oval:def:505398 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 84.0.4147.105. Security Fix: * chromium-browser: Heap buffer overflow in background fetch * chromium-browser: Side-channel information leakage in content security policy * chromium-browser: Type Co ... oval:org.secpod.oval:def:505480 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 86.0.4240.198. Security Fix: * chromium-browser: Inappropriate implementation in V8 * chromium-browser: Inappropriate implementation in base * chromium-browser: Use after free in site isolation Fo ... oval:org.secpod.oval:def:505496 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 84.0.4147.135. Security Fix: * chromium-browser: Use after free in ANGLE * chromium-browser: Use after free in task scheduling * chromium-browser: Use after free in media * chromium-browser: Use a ... oval:org.secpod.oval:def:503570 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, re ... oval:org.secpod.oval:def:61640 The host is installed with Apache Tomcat 9.x before 9.0.31, 7.x before 7.0.100 or 8.5.x before 8.5.51 and is prone to an AJP request injection vulnerability. A flaw is present in application, which fails to properly handle a regression introduced due to refactoring. Successful exploitation allows re ... oval:org.secpod.oval:def:503507 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:504950 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:505009 Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ... oval:org.secpod.oval:def:501716 The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially construc ... oval:org.secpod.oval:def:504975 The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chai ... oval:org.secpod.oval:def:35562 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer underreads vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:34288 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:34289 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:505630 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 51.0.2704.63. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or d ... oval:org.secpod.oval:def:34291 The host is installed with Apple iTunes before 12.4.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted XML document. Successful exploitation allows attackers to disclose user information. oval:org.secpod.oval:def:34290 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:501773 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:501720 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:501822 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:501625 The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel"s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in th ... oval:org.secpod.oval:def:501728 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a conta ... oval:org.secpod.oval:def:501536 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ... oval:org.secpod.oval:def:501160 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:501163 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:501623 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:21800 The host is installed with net-snmp 5.7.0 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted SNMP trap message. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:501779 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:501377 The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with spe ... oval:org.secpod.oval:def:501394 The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environme ... oval:org.secpod.oval:def:501816 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:501820 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: * Multiple flaws we ... oval:org.secpod.oval:def:504917 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:501419 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ... oval:org.secpod.oval:def:504934 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:504933 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstrea ... oval:org.secpod.oval:def:501841 The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. It was found that because NTP"s access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing : ... oval:org.secpod.oval:def:501483 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ... oval:org.secpod.oval:def:504991 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle att ... oval:org.secpod.oval:def:501493 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ... oval:org.secpod.oval:def:501466 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ... oval:org.secpod.oval:def:25173 The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL c ... oval:org.secpod.oval:def:505020 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An integer overflow flaw leading to a heap-based buffer over ... oval:org.secpod.oval:def:501538 The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unz ... oval:org.secpod.oval:def:501540 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ... oval:org.secpod.oval:def:505098 MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the --ssl option. A man-in-the-middle att ... oval:org.secpod.oval:def:501134 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:24749 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted tiff image. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24750 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24753 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a divide by zero vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:501581 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:501590 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:501196 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful ... oval:org.secpod.oval:def:21815 The host is installed with Linux kernel through 3.17.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which miscalculates the number of pages during the handling of a mapping failure. Successful exploitation allows guest OS users to cause a denial of service ... oval:org.secpod.oval:def:24035 The host is installed with linux kernel before 3.18.5 and is prone to a denial of service vulnerability. A flaw is present in the application, when the guest OS lacks SYSENTER MSR initialization. Successful exploitation allows guest OS users to gain guest OS privileges or cause a denial of service ( ... oval:org.secpod.oval:def:501300 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session I ... oval:org.secpod.oval:def:501302 The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ... oval:org.secpod.oval:def:501313 The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ... oval:org.secpod.oval:def:23616 The host is installed with Linux kernel through 3.18.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not restrict the number of Rock Ridge continuation entries. Successful exploitation allows local users to cause a denial of service (infinite loo ... oval:org.secpod.oval:def:25176 The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle set file permissions in certain conditions. Successful exploitation could allow attackers to execute crafted file ... oval:org.secpod.oval:def:25172 The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected system. oval:org.secpod.oval:def:25164 The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle Router advertisements. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:501542 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ... oval:org.secpod.oval:def:501552 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ... oval:org.secpod.oval:def:24748 The host is installed with kernel on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain segment registers and thread-local storage (TLS) during a context switch. Successful exploitation could allow unprivi ... oval:org.secpod.oval:def:501576 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ... oval:org.secpod.oval:def:501183 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501182 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501346 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:501159 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500798 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s journal_unmap_buffer function handled buffer head states. On systems that have an ext4 file system with a journal mo ... oval:org.secpod.oval:def:500760 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel"s XFS file system implementation handled links with overly long path names. A local, unprivileged user ... oval:org.secpod.oval:def:500815 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl to cause a denial of service or escalate their privileges. * A buffer over ... oval:org.secpod.oval:def:500822 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to caus ... oval:org.secpod.oval:def:500963 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that a deadlock could occur in the Out of Memory killer. A process could trigger this deadlock by consuming a large amount of memory, and then causin ... oval:org.secpod.oval:def:500933 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 server could return a crafted ... oval:org.secpod.oval:def:501003 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel"s ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal i ... oval:org.secpod.oval:def:501033 Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman"s manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, ... oval:org.secpod.oval:def:501082 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ... oval:org.secpod.oval:def:501041 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use t ... oval:org.secpod.oval:def:501046 Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate ... oval:org.secpod.oval:def:501079 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the tcp_read_sock function in the Linux kernel"s IPv4 TCP/IP protocol suite implementation in the way socket buffers were handled. A local, un ... oval:org.secpod.oval:def:500842 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, ... oval:org.secpod.oval:def:500800 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:500765 Raptor provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of a ... oval:org.secpod.oval:def:500391 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS se ... oval:org.secpod.oval:def:505797 Adobe Reader allows users to view and print documents in Portable Document Format . This update fixes two vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-28, listed in the References section. A specially-crafted PDF file could cause Adobe Reader ... oval:org.secpod.oval:def:505801 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB10-26, listed in the References section. Multiple security flaws ... oval:org.secpod.oval:def:500289 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. It was found that the FreeType font rendering engine improperly validated certain position v ... oval:org.secpod.oval:def:502126 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:502156 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ... oval:org.secpod.oval:def:501339 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:504850 The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. The following packages have been upgraded to a later upstream version: httpd24-httpd . Secu ... oval:org.secpod.oval:def:504972 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ... oval:org.secpod.oval:def:501632 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:500810 Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ... oval:org.secpod.oval:def:500417 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sendin ... oval:org.secpod.oval:def:500062 The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A rem ... oval:org.secpod.oval:def:505453 Chromium is an open-source web browser, powered by WebKit . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromi ... oval:org.secpod.oval:def:34942 The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:501941 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:500489 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the ... oval:org.secpod.oval:def:505799 The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment. Detailed vulnerability descriptions are linked from the IBM Security alerts page, listed in the Refer ... oval:org.secpod.oval:def:501059 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the Red Hat Enterprise Linux 6.1 kernel update introduced an integer conversion issue in the Linux kernel"s Performance Events implementation. Th ... oval:org.secpod.oval:def:507585 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: X.400 address type confusion in X.509 GeneralName For more details about the security issue, including th ... oval:org.secpod.oval:def:501627 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially craft ... oval:org.secpod.oval:def:26773 The host is installed with kernel on RHEL 6, or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle IRET faults in processing NMIs that occurred during userspace execution. Successful exploitation could allow attackers to gain ... oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500839 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:505609 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP10. Security Fix: * OpenJDK: Improper handling of Kerberos proxy credentials * OpenJDK: Incorrect bounds checks in NIO Buffers * OpenJD ... oval:org.secpod.oval:def:505489 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP65. Security Fix: * OpenJDK: Incorrect bounds checks in NIO Buffers * OpenJDK: Incorrect type checks in MethodType.readObject ... oval:org.secpod.oval:def:507584 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:505650 Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the ... oval:org.secpod.oval:def:500004 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the "*" wildcard. An at ... oval:org.secpod.oval:def:505482 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501979 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option ... oval:org.secpod.oval:def:506846 The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix: * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vec ... oval:org.secpod.oval:def:507614 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: stack overflow in do_proc_dointvec and proc_skip_spaces For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:507786 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:503840 PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix: * postgresql-jdbc: XML external entity vulnerability in PgSQLXML This update introduces a backwards in ... oval:org.secpod.oval:def:506838 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use after free in eventpoll.c may lead to escalation of privilege * kernel: Use After Free in unix_gc which could result in a local privilege escalation * kernel: xfs: raw block device dat ... oval:org.secpod.oval:def:501494 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s SCTP implementation validated INIT chunks when performing Address Configuration Change . A remote attacker could use this flaw to crash the system by sending a speci ... oval:org.secpod.oval:def:506833 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: size_t-to-int conversion vulnerability in the filesystem layer * kernel: Integer overflow in Intel Graphics Drivers * kernel: Use after free via PI futex state For more details about the ... oval:org.secpod.oval:def:506839 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free * kernel: out-of-bounds read in libiscsi module * kernel: heap buffer overflow in the iSCSI subsystem * kernel: in ... oval:org.secpod.oval:def:506849 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: x86_32: BUG in syscall auditing For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed i ... oval:org.secpod.oval:def:506848 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free * kernel: race condition for removal of the HCI controller For more details about the security issue, including the impa ... oval:org.secpod.oval:def:506840 GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix: * glib: integer overflow in g_byt ... oval:org.secpod.oval:def:503138 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An integer overflow flaw was found in the way the Linux kernel"s networking subsystem processed TCP Selective Acknowledgment segments. While processing SACK segments, the Linux kernel"s socket buff ... oval:org.secpod.oval:def:24040 The host is installed with linux kernel before 3.19.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which uses incorrect data types for the results of bitwise left-shift operations. Successful exploitation allows attackers to bypass the ASLR protection mecha ... oval:org.secpod.oval:def:502711 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the implementation of the quot;fill bufferquot;, a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that woul ... oval:org.secpod.oval:def:502713 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * A flaw was found in the implementation of the "fill buffer", a mechanis ... oval:org.secpod.oval:def:502725 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * A flaw was found in the implementation of the "fill buff ... oval:org.secpod.oval:def:503313 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Kernel: page cache side channel attacks * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service * kernel: Unprivileg ... oval:org.secpod.oval:def:501595 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:504866 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:504906 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php . Security Fix: * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * php: Use after free in wddx_dese ... oval:org.secpod.oval:def:24751 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to multiple out-of-bounds read vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:505112 The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: Sandbox escape due to information disclosure via str ... oval:org.secpod.oval:def:504856 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:505018 The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix: * python-jinja2: str.format_map allows sandbox escape For more details about the ... oval:org.secpod.oval:def:503131 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with createImageBitmap * Mozilla: Stealing of cross-domain ... oval:org.secpod.oval:def:503186 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * OpenJDK: Side-channel attack risks in Elliptic Curve cryptography * OpenJDK: Insufficient checks of suppressed exceptions in deserialization * OpenJDK: ... oval:org.secpod.oval:def:503192 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * OpenJDK: Side-channel attack risks in Elliptic Curve cryptography * OpenJDK: Insufficient checks of suppressed exceptions in deserialization * OpenJDK: ... oval:org.secpod.oval:def:502733 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 * Mozilla: Cross-origin theft of images with creat ... oval:org.secpod.oval:def:49255 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was discovered that the ghostscript /invalidaccess checks fail under certain condition ... oval:org.secpod.oval:def:507466 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:502639 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: Missing check in fs/inode.c:inode_init_owner does not clear SGID bit on non-directories for non-members For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:502296 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:502297 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It ... oval:org.secpod.oval:def:502299 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * An industry-wide issue was found in the way many modern micro ... oval:org.secpod.oval:def:502333 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs ha ... oval:org.secpod.oval:def:502332 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined in ... oval:org.secpod.oval:def:502348 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF ... oval:org.secpod.oval:def:502300 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It ... oval:org.secpod.oval:def:502303 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions . It relies on the presence of a precisely-defi ... oval:org.secpod.oval:def:502317 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load Store instructions . It relies on the presence of a precisely-defined i ... oval:org.secpod.oval:def:502293 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Ski ... oval:org.secpod.oval:def:502307 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 * Mozilla: Backport critical security fixes in Skia * Mozilla: Use-after-free with SVG animations ... oval:org.secpod.oval:def:502286 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: speculative execution permission faults handling * Kernel: error in exception handling leads to DoS * kernel: nfsd: Incorrect handling of long RPC replies * kernel: Use-after-free vulner ... oval:org.secpod.oval:def:502194 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user ab ... oval:org.secpod.oval:def:502137 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ... oval:org.secpod.oval:def:502617 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: MIDI driver race condition leads to a double-free For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:502371 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensi ... oval:org.secpod.oval:def:505578 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix: * IBM JDK: privilege escalation via insufficiently restricted access to Attach API * openssl: BN_mod_exp may produce inc ... oval:org.secpod.oval:def:505584 The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Detailed vulnerability descriptions are linked from the IBM ... oval:org.secpod.oval:def:505114 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * HTTP/2: large amount of data requests leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption * HTTP/2: request for large respon ... oval:org.secpod.oval:def:505545 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 6 to version 6 SR16-FP41. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development K ... oval:org.secpod.oval:def:505553 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 53.0.2785.113. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or ... oval:org.secpod.oval:def:501611 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ... oval:org.secpod.oval:def:505628 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Dev ... oval:org.secpod.oval:def:36844 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. oval:org.secpod.oval:def:20982 The host is installed with Python 2.5 before 2.7.7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted string. Successful exploitation could allow attackers to execute arbitrary code via a crafted string. oval:org.secpod.oval:def:504797 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:505649 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR4-FP1. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Dev ... oval:org.secpod.oval:def:505664 Chromium is an open-source web browser, powered by WebKit . This update upgrades Chromium to version 68.0.3440.75. Security Fix: * chromium-browser: Stack buffer overflow in Skia * chromium-browser: Heap buffer overflow in WebGL * chromium-browser: Use after free in WebRTC * chromium-browser: Hea ... oval:org.secpod.oval:def:21805 The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ... oval:org.secpod.oval:def:500813 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:501303 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:504813 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The ... oval:org.secpod.oval:def:501304 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:504825 Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The ... oval:org.secpod.oval:def:501726 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:504895 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:504896 nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix: * HTTP/2: large amount of data request leads to denial of service * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption ... oval:org.secpod.oval:def:501321 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:501320 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:500074 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:505303 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR4-FP1. Security Fix: * This update fixes a vulnerability in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further ... oval:org.secpod.oval:def:505793 The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the O ... oval:org.secpod.oval:def:503136 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:505383 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP20. Security Fix: * IBM JDK: privilege escalation via insufficiently restricted access to Attach API * openssl: BN_mod_exp may produce inc ... oval:org.secpod.oval:def:504911 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:504928 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:504938 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Out of bounds write via UCS-2 encoding For more details about the security issue, including the impact, a CVSS score, and other related inf ... oval:org.secpod.oval:def:501864 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:501879 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ... oval:org.secpod.oval:def:504961 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:504970 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs . Security Fix: * It was found that Node.js was using a non-randomized seed ... oval:org.secpod.oval:def:504974 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:500196 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java ... oval:org.secpod.oval:def:505404 The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. Detailed vulnerability descriptions are linked from ... oval:org.secpod.oval:def:505062 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:505076 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:505007 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:505086 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors for ... oval:org.secpod.oval:def:505089 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:501140 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note th ... oval:org.secpod.oval:def:501858 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ... oval:org.secpod.oval:def:501973 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ... oval:org.secpod.oval:def:502038 The libtirpc packages contain SunLib"s implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur w ... oval:org.secpod.oval:def:502039 The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur whe ... oval:org.secpod.oval:def:34287 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:504808 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream ... oval:org.secpod.oval:def:501788 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user co ... oval:org.secpod.oval:def:504897 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary c ... oval:org.secpod.oval:def:501813 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially , escalate their p ... oval:org.secpod.oval:def:501824 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that reporting emulation failures to user space could lead to either a local or a L2-L1 denial of service. In the case of a local denial of service, an attacker must have access to th ... oval:org.secpod.oval:def:501893 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:34941 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34936 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34937 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34934 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34935 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34932 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34938 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34939 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:501933 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a re ... oval:org.secpod.oval:def:505085 MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaDB uses PCRE, a Perl-compatible regular expression library, to implement regular expression support in SQL queries. Security Fix: * It was found that the MariaDB cli ... oval:org.secpod.oval:def:501960 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:501998 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type ... oval:org.secpod.oval:def:501162 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload feature wa ... oval:org.secpod.oval:def:501187 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command function in the Linux kernel"s QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unpriv ... oval:org.secpod.oval:def:501622 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel"s Transparent Huge Pages implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugep ... oval:org.secpod.oval:def:501212 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the get_rx_bufs function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc function. A privileged guest user could use this ... oval:org.secpod.oval:def:21821 The host is installed with Linux kernel through 3.13.6 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to obtain sensitive information from kernel memory. oval:org.secpod.oval:def:501294 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s netfilter connection tracking implementation for Datagram Congestion Control Protocol packets used the skb_header_pointer function. A remote attacker could use this ... oval:org.secpod.oval:def:501376 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ... oval:org.secpod.oval:def:501381 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled reference counting when requeuing futexes during futex_wait. A local, unprivileged user could use this flaw to zero out the reference counter ... oval:org.secpod.oval:def:501387 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ... oval:org.secpod.oval:def:501328 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the sy ... oval:org.secpod.oval:def:501344 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s ptrace subsystem allowed a traced process" instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user spac ... oval:org.secpod.oval:def:501349 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentia ... oval:org.secpod.oval:def:501432 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled simultaneous connections between the same hosts. A remote attacker could use th ... oval:org.secpod.oval:def:501452 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel"s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. * A memory corruption f ... oval:org.secpod.oval:def:501455 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote at ... oval:org.secpod.oval:def:501475 * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. * A flaw was found in the way the Linux kernel ... oval:org.secpod.oval:def:501093 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ... oval:org.secpod.oval:def:501073 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ... oval:org.secpod.oval:def:501512 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to ... oval:org.secpod.oval:def:501130 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled , an attacker on the local network could disable IPv6 temporary address gen ... oval:org.secpod.oval:def:501561 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ... oval:org.secpod.oval:def:500737 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... oval:org.secpod.oval:def:500078 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically ... oval:org.secpod.oval:def:500155 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ... oval:org.secpod.oval:def:500179 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:500189 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500113 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thun ... oval:org.secpod.oval:def:500266 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. ... |