[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:501309
Red Hat Enterprise Linux 7 is installed

oval:org.secpod.oval:def:501548
PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ...

oval:org.secpod.oval:def:21811
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21812
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21810
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:21809
The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files.

oval:org.secpod.oval:def:25167
The host is installed with gnutls on Red Hat Enterprise Linux 6 or 7 and is prone to a cross-signature attack vulnerability. A flaw is present in the application, which fails to properly validate whether the two signature algorithms match on certificate import. Successful exploitation could allow at ...

oval:org.secpod.oval:def:501474
The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-cha ...

oval:org.secpod.oval:def:21819
The host is installed with Linux kernel before 3.16.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle deletion of IPC$ share during resolution of DFS referrals. Successful exploitation allows remote CIFS servers to cause a denia ...

oval:org.secpod.oval:def:501449
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and ...

oval:org.secpod.oval:def:21808
The host is installed with PPP package before 2.4.7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a long word in an options file. Successful exploitation allows attackers to "access privileged options".

oval:org.secpod.oval:def:21834
The host is installed with gpgme before 1.5.1 and is prone to multiple heap-based buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to "different line lengths in a specific order". Successful exploitation allow remote attackers ...

oval:org.secpod.oval:def:501937
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:24735
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PPP packet. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501942
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ...

oval:org.secpod.oval:def:501943
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501944
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ...

oval:org.secpod.oval:def:501946
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501949
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501463
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24755
The host is installed with kernel on RHEL 6 or 7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle race condition which leaves the extended attribute(xattr) empty for a short time window. Successful exploitation could allow attacker ...

oval:org.secpod.oval:def:501471
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ...

oval:org.secpod.oval:def:24748
The host is installed with kernel on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle certain segment registers and thread-local storage (TLS) during a context switch. Successful exploitation could allow unprivi ...

oval:org.secpod.oval:def:501314
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session I ...

oval:org.secpod.oval:def:501353
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detec ...

oval:org.secpod.oval:def:21831
The host is installed with sendmail before 8.14.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a custom mail-delivery program. Successful exploitation allows local users to access unintended high-numbered file descriptors.

oval:org.secpod.oval:def:501971
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:21525
The host is installed with LibreOffice 4.2.4 and is prone to a unspecified vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to execute arbitrary code

oval:org.secpod.oval:def:501972
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:24750
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24751
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to multiple out-of-bounds read vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24753
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a divide by zero vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501692
The autofs utility controls the operation of the automount daemon. The daemon automatically mounts file systems when in use and unmounts them when they are not busy. It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to ...

oval:org.secpod.oval:def:501532
GNOME Shell and the packages it depends upon provide the core user interface of the Red Hat Enterprise Linux desktop, including functions such as navigating between windows and launching applications. It was found that the GNOME shell did not disable the Print Screen key when the screen was locked. ...

oval:org.secpod.oval:def:21003
The host is installed with Common Unix Printing System (CUPS) before 1.7.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL patch. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:21830
The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ...

oval:org.secpod.oval:def:24745
The host is installed with docker in RHEL 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle symbolic and hardlink issues. Successful exploitation could allow attackers to write to arbitrary files and execute arbitrary co ...

oval:org.secpod.oval:def:501327
Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Doveco ...

oval:org.secpod.oval:def:501695
The netcf packages contain a library for modifying the network configuration of a system. Network configuration is expressed in a platform-independent XML format, which netcf translates into changes to the system"s "native" network configuration files. A denial of service flaw was found in ...

oval:org.secpod.oval:def:501527
The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable ...

oval:org.secpod.oval:def:501513
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog t ...

oval:org.secpod.oval:def:501361
The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default co ...

oval:org.secpod.oval:def:21813
The host is installed with D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20 or 1.8.x before 1.8.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which sends an accessdenied error to the service instead of a client when the client is prohibited from accessing t ...

oval:org.secpod.oval:def:501721
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:501511
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way g ...

oval:org.secpod.oval:def:501369
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ...

oval:org.secpod.oval:def:501313
The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ...

oval:org.secpod.oval:def:21826
The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allo ...

oval:org.secpod.oval:def:501388
HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. All h ...

oval:org.secpod.oval:def:501399
Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent , which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a rac ...

oval:org.secpod.oval:def:24756
The host is installed with qemu-kvm on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed Physical Region Descriptor Table (PRDT) data sent to the host's IDE and/or AHCI controller emulation. Successful exploitatio ...

oval:org.secpod.oval:def:501315
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s IDE device driver handled the execution of SMART EXECUTE OFFLINE com ...

oval:org.secpod.oval:def:24744
The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information.

oval:org.secpod.oval:def:501415
The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ...

oval:org.secpod.oval:def:501440
The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data function of cups-browsed handled certain browse packets. A remote atta ...

oval:org.secpod.oval:def:501370
The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applicat ...

oval:org.secpod.oval:def:21520
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENARC. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:501702
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:21800
The host is installed with net-snmp 5.7.0 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted SNMP trap message. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:24736
The host is installed with libevent in RHEL 6 or 7 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle an excessively long input. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501705
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources. This update als ...

oval:org.secpod.oval:def:501345
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ...

oval:org.secpod.oval:def:501366
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain ...

oval:org.secpod.oval:def:501330
LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an applic ...

oval:org.secpod.oval:def:501414
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:501431
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ...

oval:org.secpod.oval:def:501310
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel"s N_TTY line discipline implementation handled concurrent processing of echo output and TTY write operations o ...

oval:org.secpod.oval:def:501387
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ...

oval:org.secpod.oval:def:501515
The powerpc-utils packages provide various utilities for the PowerPC platform. A flaw was found in the way the snap utility of powerpc-utils generated an archive containing a configuration snapshot of a service. A local attacker could obtain sensitive information from the generated archive such as p ...

oval:org.secpod.oval:def:501525
The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the repo ...

oval:org.secpod.oval:def:21825
The host is installed with Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted block size. Successful exploitation allows remote attackers to caus ...

oval:org.secpod.oval:def:501482
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver ...

oval:org.secpod.oval:def:501398
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt"s qemuDomainGetBlockIoTune ...

oval:org.secpod.oval:def:501347
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML document ...

oval:org.secpod.oval:def:25180
The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration fr ...

oval:org.secpod.oval:def:501465
The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, descripti ...

oval:org.secpod.oval:def:501420
The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ...

oval:org.secpod.oval:def:25173
The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL c ...

oval:org.secpod.oval:def:501333
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ...

oval:org.secpod.oval:def:501698
The xfsprogs packages contain a set of commands to use the XFS file system, including the mkfs.xfs command to construct an XFS system. It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user wit ...

oval:org.secpod.oval:def:501374
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. Red Hat would ...

oval:org.secpod.oval:def:501472
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ...

oval:org.secpod.oval:def:501454
The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exp ...

oval:org.secpod.oval:def:501550
The flac packages contain a decoder and an encoder for the FLAC audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbit ...

oval:org.secpod.oval:def:501426
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501316
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501375
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501348
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24757
The host is installed with ntp on RHEL 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly validate vallen in extension fields. Successful exploitation could allow attackers to disclose sensitive information or overflow the st ...

oval:org.secpod.oval:def:24758
The host is installed with ntp on RHEL 6 or 7 and is prone to an IP ACLs bypass vulnerability. A flaw is present in the application, which fails to properly handle spoofed packets with ::1 source address. Successful exploitation could allow attackers to bypass source IP ACLs on some OSes.

oval:org.secpod.oval:def:501977
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled query respons ...

oval:org.secpod.oval:def:501437
The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode to write an arbitrary file to a location writable to by the user running Wget, ...

oval:org.secpod.oval:def:39116
The host installed with kernel package on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle clearing of SELinux attributes. Successful exploitation could allow attackers to empty (null) write to /proc/pid/attr file that can crash th ...

oval:org.secpod.oval:def:501985
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * It was found that IdM"s ca-del, ca-disable, and ca-enable commands did not properly check the user"s permissions ...

oval:org.secpod.oval:def:501986
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerabl ...

oval:org.secpod.oval:def:501988
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the ...

oval:org.secpod.oval:def:501990
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501991
Mozilla Firefox is an open source web browser. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Red Hat would lik ...

oval:org.secpod.oval:def:21816
The host is installed with Linux kernel before 3.16.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly implement garbage collection. Successful exploitation allows local users to cause a denial of service (NULL pointer dereference and s ...

oval:org.secpod.oval:def:21817
The host is installed with Linux kernel through 3.16.3 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted device that sends a large report. Successful exploitation allows physically proximate attackers to cause a denial of ...

oval:org.secpod.oval:def:23615
The host is installed with Linux kernel through 3.17.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly maintain the semantics of rename_lock. Successful exploitation allows local users to cause a denial of service (deadlock and system ...

oval:org.secpod.oval:def:23616
The host is installed with Linux kernel through 3.18.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not restrict the number of Rock Ridge continuation entries. Successful exploitation allows local users to cause a denial of service (infinite loo ...

oval:org.secpod.oval:def:502012
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * A race condition was found in the way su handled the management of child pr ...

oval:org.secpod.oval:def:502015
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind reques ...

oval:org.secpod.oval:def:502020
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * A heap buffer overflow flaw was found in QEMU"s Cirrus CLGD 54xx VGA emulator"s V ...

oval:org.secpod.oval:def:502021
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ...

oval:org.secpod.oval:def:24747
The host is installed with kernel on RHEL 7 and is prone to an unprivileged module load vulnerability. A flaw is present in the application, which fails to properly handle request_module() call. Successful exploitation could allow attackers to load any installed module.

oval:org.secpod.oval:def:24743
The host is installed with kernel in RHEL 7 and is prone to an unprivileged module load vulnerability. A flaw is present in the application, which fails to properly handle request_module() call. Successful exploitation could allow attackers to load any installed module.

oval:org.secpod.oval:def:502048
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502052
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501436
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ...

oval:org.secpod.oval:def:501530
PCRE is a Perl-compatible regular expression library. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application linked against PCRE to crash while parsing malicious regular expressions. This update also adds the following enhancement: * S ...

oval:org.secpod.oval:def:501684
Bundler manages an application"s dependencies through its entire life, across many machines, systematically and repeatably. Thor is a toolkit for building powerful command-line interfaces. A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to on ...

oval:org.secpod.oval:def:501500
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:21799
The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ...

oval:org.secpod.oval:def:501707
The binutils packages provide a set of binary utilities. Multiple buffer overflow flaws were found in the libbdf library used by various binutils utilities. If a user were tricked into processing a specially crafted file with an application using the libbdf library, it could cause the application to ...

oval:org.secpod.oval:def:501509
Hive files are undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. It was found that hivex attempted to read beyond its allocated buffer when reading a hive file with a very small size or with a truncated or im ...

oval:org.secpod.oval:def:501538
The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unz ...

oval:org.secpod.oval:def:501539
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled ...

oval:org.secpod.oval:def:502063
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A flaw was found in the way BIND handled TSIG authentication for dynamic ...

oval:org.secpod.oval:def:26774
The host is installed with kernel on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle many add_key system calls that refer to existing keys. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501542
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ...

oval:org.secpod.oval:def:24040
The host is installed with linux kernel before 3.19.1 and is prone to a security bypass vulnerability. A flaw is present in the application, which uses incorrect data types for the results of bitwise left-shift operations. Successful exploitation allows attackers to bypass the ASLR protection mecha ...

oval:org.secpod.oval:def:25166
The host is installed with kernel on Red Hat Enterprise Linux 7 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted microcode header. Successful exploitation could allow attackers to escalate privileges on the af ...

oval:org.secpod.oval:def:501568
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use ...

oval:org.secpod.oval:def:501634
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ...

oval:org.secpod.oval:def:26770
The host is installed with kernel on RHEL 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a special stack layout that will force the perf_callchain_user_64 function into an infinite loop. Successful exploitation could allow at ...

oval:org.secpod.oval:def:31664
The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ...

oval:org.secpod.oval:def:31665
The host is installed with ntp on Red Hat Enterprise Linux 6 or 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could allow attackers to disclose sensitive informati ...

oval:org.secpod.oval:def:35564
The host is installed with RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:37819
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:502023
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:21803
The host is installed with Linux kernel before 3.14.6 and is prone to a information disclosure vulnerability. A flaw is present in the application, which does not initialize a certain data structure. Successful exploitation allows local users to obtain sensitive information from kernel memory.

oval:org.secpod.oval:def:38253
The host is installed with Linux kernel on RHEL 7 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a race condition in packet_set_ring leads. Successful exploitation could allow attackers to elevate their privileges on the system.

oval:org.secpod.oval:def:501987
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attack ...

oval:org.secpod.oval:def:502070
Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behavior ...

oval:org.secpod.oval:def:37814
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501939
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached bin ...

oval:org.secpod.oval:def:501660
OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ...

oval:org.secpod.oval:def:502115
Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin . Security Fix: * A denial of service flaw was found in the way Pidgin"s Mxit plug-in han ...

oval:org.secpod.oval:def:502097
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * The ...

oval:org.secpod.oval:def:502113
Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority subsystem. Security Fix: * It was found that a mo ...

oval:org.secpod.oval:def:501312
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. ...

oval:org.secpod.oval:def:25187
The host is installed with kernel on Red Hat Enterprise Linux 7 and is prone to a denail of service vulnerability. A flaw is present in the application, which fails to properly handle fallocate zero range functionality when the page size is greater than the block size. Successful exploitation could ...

oval:org.secpod.oval:def:502120
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially ...

oval:org.secpod.oval:def:502045
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ...

oval:org.secpod.oval:def:501950
Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user runnin ...

oval:org.secpod.oval:def:25186
The host is installed with hplip on Red Hat Enterprise Linux 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a key specified by the key's short ID. Successful exploitation could allow attackers to trick users to download ma ...

oval:org.secpod.oval:def:501352
RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were n ...

oval:org.secpod.oval:def:501311
JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library h ...

oval:org.secpod.oval:def:501547
The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ...

oval:org.secpod.oval:def:501393
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ...

oval:org.secpod.oval:def:501329
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled the requeuing of certain Priority Inheritance futexes. A local, unprivileged user could use this flaw to escalate their privileges on the sy ...

oval:org.secpod.oval:def:501354
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that Linux kernel"s ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word was being set. On IBM S/390 systems, a local, unprivileged user could use t ...

oval:org.secpod.oval:def:501363
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ...

oval:org.secpod.oval:def:501356
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba"s NetBIOS message block daemon . An attacker on the ...

oval:org.secpod.oval:def:501771
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after heade ...

oval:org.secpod.oval:def:501517
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:23617
The host is installed with LibreOffice before 4.1.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle crafted OLE objects. Successful exploitation might allow remote attackers to embed arbitrary data into documents.

oval:org.secpod.oval:def:501377
The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with spe ...

oval:org.secpod.oval:def:501441
Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address t ...

oval:org.secpod.oval:def:21807
The host is installed with glibc before 2.20 and is prone to an use-after-free vulnerabilities. The flaws are present in the application, which does not copy its path argument in accordance with the POSIX specification. Successful exploitation allows context-dependent attackers to trigger use-after- ...

oval:org.secpod.oval:def:21521
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SROPTZR. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:501453
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. ...

oval:org.secpod.oval:def:501336
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:501343
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ...

oval:org.secpod.oval:def:21518
The host is installed with mysql55-mysql 5.5.35 or earlier or mariadb55-mariadb 5.5.35 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENFED. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:21522
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRCHAR. Successful exploitation could allow attackers to affect availability

oval:org.secpod.oval:def:21519
The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRINFOSC. Successful exploitation could allow attackers to affect confidentia ...

oval:org.secpod.oval:def:21833
The host is installed with perl-Data-Dumper before 2.154 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump funct ...

oval:org.secpod.oval:def:501464
* A flaw was found in the way the Linux kernel"s SCTP implementation handled malformed or duplicate Address Configuration Change Chunks . A remote attacker could use either of these flaws to crash the system. * A flaw was found in the way the Linux kernel"s SCTP implementation handled the associati ...

oval:org.secpod.oval:def:501342
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s ptrace subsystem allowed a traced process" instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user spac ...

oval:org.secpod.oval:def:21814
The host is installed Ruby 1.9.3 and earlier or 2.x through 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger a stack-based buffer overflow. Successful exploitation allows context-dependent attackers to ...

oval:org.secpod.oval:def:501469
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML d ...

oval:org.secpod.oval:def:501439
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A race condition flaw was found in the way the Linux kernel"s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. * A NULL ...

oval:org.secpod.oval:def:501528
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and c ...

oval:org.secpod.oval:def:501495
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s SCTP implementation validated INIT chunks when performing Address Configuration Change . A remote attacker could use this flaw to crash the system by sending a speci ...

oval:org.secpod.oval:def:501448
LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, ...

oval:org.secpod.oval:def:501451
The kdenetwork packages contain networking applications for the K Desktop Environment . Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in ...

oval:org.secpod.oval:def:34615
The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

oval:org.secpod.oval:def:501714
Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to ...

oval:org.secpod.oval:def:21805
The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ...

oval:org.secpod.oval:def:501481
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp function would perf ...

oval:org.secpod.oval:def:21818
The host is installed with Linux kernel through 3.17 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Successful exploitation allows local user ...

oval:org.secpod.oval:def:501512
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to ...

oval:org.secpod.oval:def:501922
The powerpc-utils-python packages provide Python-based utilities for maintaining and servicing PowerPC systems. Security Fix: * It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to ...

oval:org.secpod.oval:def:501687
Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigerv ...

oval:org.secpod.oval:def:501484
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:24738
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted Ad hoc On-Demand Distance Vector (AODV) packet. Successful exploitation could allow attackers to obtain sensiti ...

oval:org.secpod.oval:def:24739
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted length value in a Geonet frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24740
The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an integer underflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted length value in an OLSR frame. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501709
The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. A heap-based buffer overflow flaw was found in cpio"s list_file function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash c ...

oval:org.secpod.oval:def:501496
YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input ...

oval:org.secpod.oval:def:501529
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip th ...

oval:org.secpod.oval:def:501645
jakarta-taglibs-standard is the Java Standard Tag Library . This library is used in conjunction with Tomcat and Java Server Pages . It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources o ...

oval:org.secpod.oval:def:501840
The chrony suite, chronyd and chronyc, is an advanced implementation of the Network Time Protocol , specially designed to support systems with intermittent connections. It can synchronize the system clock with NTP servers, hardware reference clocks, and manual input. It can also operate as an NTPv4 ...

oval:org.secpod.oval:def:501633
Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly ca ...

oval:org.secpod.oval:def:501655
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel"s implementation of the Berkeley Packet Filter . A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly ...

oval:org.secpod.oval:def:502028
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:34940
The host is installed with RHEL 7 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501918
The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvir ...

oval:org.secpod.oval:def:501308
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:501317
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ...

oval:org.secpod.oval:def:501478
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, ex ...

oval:org.secpod.oval:def:502141
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that samba did not enforce "SMB signing" wh ...

oval:org.secpod.oval:def:502146
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ...

oval:org.secpod.oval:def:502147
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501531
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU"s qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions did not correctly perform a domain unlock on a failed ACL check. A remote at ...

oval:org.secpod.oval:def:24035
The host is installed with linux kernel before 3.18.5 and is prone to a denial of service vulnerability. A flaw is present in the application, when the guest OS lacks SYSENTER MSR initialization. Successful exploitation allows guest OS users to gain guest OS privileges or cause a denial of service ( ...

oval:org.secpod.oval:def:501501
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ...

oval:org.secpod.oval:def:501653
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ...

oval:org.secpod.oval:def:501587
Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application t ...

oval:org.secpod.oval:def:501554
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ...

oval:org.secpod.oval:def:24041
The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ...

oval:org.secpod.oval:def:501549
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501551
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501546
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ...

oval:org.secpod.oval:def:501503
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501507
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501664
libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF with embedded BMP images. By tricking a victim into opening a specially crafted W ...

oval:org.secpod.oval:def:24042
The host is installed with linux kernel through 2.6.32-504.12.2.el6 on Red Hat Enterprise Linux 6 and through 3.10.0-229.1.2.el7 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, where a regular user could remove xattr permissions ...

oval:org.secpod.oval:def:25169
The host is installed with glibc on Red Hat Enterprise Linux 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long line containing wide characters. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501700
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstanc ...

oval:org.secpod.oval:def:501712
The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting l ...

oval:org.secpod.oval:def:25177
The host is installed with qemu-kvm on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to limit resources used to process the header and payload of an incoming frame. Successful exploitation could allow attackers to cras ...

oval:org.secpod.oval:def:501670
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU"s websocket frame decoder processed incoming frames without limiting resources used to process the ...

oval:org.secpod.oval:def:501649
The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the ...

oval:org.secpod.oval:def:25183
The host is installed with libidn on Red Hat Enterprise Linux 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an invalid UTF-8 value. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:501708
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ...

oval:org.secpod.oval:def:25165
The host is installed with krb5 package on Red Hat Enterprise Linux 7 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted client request. Successful exploitation could allow attackers to bypass an intended preauthentication requireme ...

oval:org.secpod.oval:def:501644
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ...

oval:org.secpod.oval:def:501588
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501591
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ...

oval:org.secpod.oval:def:501580
Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. This update also fixes the following bugs: * Previ ...

oval:org.secpod.oval:def:502112
Libtasn1 is a library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. The following packages have been upgraded to a later upstream version: libtasn1 . Security Fix: * A heap-based buffer overflow flaw ...

oval:org.secpod.oval:def:25185
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle fork(2) and close(2) system calls with an 'int80' entry. Successful exploitation could allow attackers to es ...

oval:org.secpod.oval:def:25164
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle Router advertisements. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501627
The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially craft ...

oval:org.secpod.oval:def:24537
The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use authenticated negotiate connections. Success ...

oval:org.secpod.oval:def:24538
The host is installed with curl 7.29.0 and earlier on Red Hat Enterprise Linux 7 or curl 7.19.7 and earlier on Red Hat Enterprise Linux 6 and is prone to in-correct re-use vulnerability. A flaw is present in the application, which does not properly re-use NTLM connections. Successful exploitation co ...

oval:org.secpod.oval:def:501586
PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ...

oval:org.secpod.oval:def:501639
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ...

oval:org.secpod.oval:def:25179
The host is installed with fuse on Red Hat Enterprise Linux 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly filter environment variables. Successful exploitation could allow attackers to escalate privileges.

oval:org.secpod.oval:def:501740
The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare function of libldb. A remote attacker could send a specially crafted packet that, when processe ...

oval:org.secpod.oval:def:501647
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501689
The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovere ...

oval:org.secpod.oval:def:501654
HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. An implementation error related to the memory management of request and responses was found within HAProxy"s buffer_slow_realign function. An unauthenticated remote attacker could possibly use this ...

oval:org.secpod.oval:def:25176
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a race condition vulnerability. A flaw is present in the application, which fails to properly handle set file permissions in certain conditions. Successful exploitation could allow attackers to execute crafted file ...

oval:org.secpod.oval:def:24535
The host is installed with ntp version 4.2.6 and earlier on Redhat Enterprise Linux 6 or on Redhat Enterprise Linux 7 and is prone to an endless loop vulnerability. A flaw is present in the application, which fails to handle MD5 symmetric keys on big-endian systems. Successful exploitation could all ...

oval:org.secpod.oval:def:501636
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ...

oval:org.secpod.oval:def:501566
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ...

oval:org.secpod.oval:def:25172
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected system.

oval:org.secpod.oval:def:501642
gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bit ...

oval:org.secpod.oval:def:501626
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ...

oval:org.secpod.oval:def:501629
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501635
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ...

oval:org.secpod.oval:def:501641
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ...

oval:org.secpod.oval:def:501658
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501724
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:501666
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501668
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501798
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB . Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix: * It wa ...

oval:org.secpod.oval:def:501680
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ...

oval:org.secpod.oval:def:501769
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges o ...

oval:org.secpod.oval:def:26773
The host is installed with kernel on RHEL 6, or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle IRET faults in processing NMIs that occurred during userspace execution. Successful exploitation could allow attackers to gain ...

oval:org.secpod.oval:def:501662
The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ...

oval:org.secpod.oval:def:501703
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for ...

oval:org.secpod.oval:def:501701
PostgreSQL is an advanced object-relational database management system . A memory leak error was discovered in the crypt function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. A stack overflow flaw was discovered ...

oval:org.secpod.oval:def:501745
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. ...

oval:org.secpod.oval:def:501803
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ...

oval:org.secpod.oval:def:501648
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ...

oval:org.secpod.oval:def:501659
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501661
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ...

oval:org.secpod.oval:def:501673
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501715
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501739
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:501732
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501742
The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote ...

oval:org.secpod.oval:def:501783
Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this fl ...

oval:org.secpod.oval:def:501723
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC ...

oval:org.secpod.oval:def:501719
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ...

oval:org.secpod.oval:def:501729
The grub2 packages provide version 2 of the Grand Unified Bootloader , a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. A flaw was found in the way the grub2 hand ...

oval:org.secpod.oval:def:502110
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:501897
The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs , virt-p2v . Security Fix: ...

oval:org.secpod.oval:def:501755
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:501778
Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw t ...

oval:org.secpod.oval:def:501834
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:501826
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel"s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 ce ...

oval:org.secpod.oval:def:501774
PostgreSQL is an advanced object-relational database management system . An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to cra ...

oval:org.secpod.oval:def:501741
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak port ...

oval:org.secpod.oval:def:501776
The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use signific ...

oval:org.secpod.oval:def:501910
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:501970
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ...

oval:org.secpod.oval:def:36409
The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions.

oval:org.secpod.oval:def:501800
Graphite2 is a project within SIL"s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behavior ...

oval:org.secpod.oval:def:501765
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:34933
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501770
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ...

oval:org.secpod.oval:def:501759
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501839
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501785
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ...

oval:org.secpod.oval:def:502035
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when ...

oval:org.secpod.oval:def:501852
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connect ...

oval:org.secpod.oval:def:501797
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:501827
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ...

oval:org.secpod.oval:def:501812
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501836
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501846
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501869
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501965
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP check ...

oval:org.secpod.oval:def:501814
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a sp ...

oval:org.secpod.oval:def:37817
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501828
Libndp is a library that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix: * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol messages. An at ...

oval:org.secpod.oval:def:501815
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An out-of-bounds read/write access flaw was found in the way QEMU"s VGA emulation with VESA BIOS Extensions ...

oval:org.secpod.oval:def:35693
The host is installed with RHEL 6 or 7 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted xml file. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:35568
The host is installed with RHEL 7 and is prone to an out of bounds read vulnerability. A flaw is present in the application, which incorrectly relies on write system call. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501831
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ...

oval:org.secpod.oval:def:35565
The host is installed with RHEL 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle a 8-byte padding. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:35694
The host is installed with RHEL 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:35567
The host is installed with RHEL 7 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle a crafted series of mount system calls. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:35566
The host is installed with RHEL 7 and is prone to an information leak vulnerability. A flaw is present in the application, which fails to properly handle NM (aka alternate name) entries containing \\0 characters. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:501917
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file wi ...

oval:org.secpod.oval:def:501855
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501877
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501873
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:501890
Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix: * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary f ...

oval:org.secpod.oval:def:501860
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * Quick Emulator built with the Block driver for iSCSI images support is vulnerable to a heap buffer overflow ...

oval:org.secpod.oval:def:501924
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a newer upstream version: postgresql . Security Fix: * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authentic ...

oval:org.secpod.oval:def:501913
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attac ...

oval:org.secpod.oval:def:37815
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501891
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * A v ...

oval:org.secpod.oval:def:37816
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:36404
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a networking challenge ack. Successful exploitation could allow attackers to determine the shared counter.

oval:org.secpod.oval:def:501864
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ...

oval:org.secpod.oval:def:501865
The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel"s networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating con ...

oval:org.secpod.oval:def:501899
Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix: * Multiple flaws were found in the way nettle imple ...

oval:org.secpod.oval:def:37092
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, mariadb 5.5.50 and earlier on Red Hat Enterprise Linux 7 or mysql55-mysql 5.5.40-2.el5 and earlier and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly ha ...

oval:org.secpod.oval:def:501882
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Linux kernel built with the 802.1Q/802.1ad VLAN OR Virtual eXtensible Local Area Network with Transparent Ethernet Bridging GRO support, is vulnerable to a stack overflow issue. It could occur while ...

oval:org.secpod.oval:def:501966
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:502087
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescap ...

oval:org.secpod.oval:def:502078
The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ...

oval:org.secpod.oval:def:502116
The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded. The following packages have been upgraded to a later upstream version: gtk-vnc . Security Fix: * It was ...

oval:org.secpod.oval:def:502096
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An out-of-bounds memory access issue was found in Quick Emulator in the VNC disp ...

oval:org.secpod.oval:def:502084
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:501390
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or ...

oval:org.secpod.oval:def:501394
The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environme ...

oval:org.secpod.oval:def:502166
Docker is a service providing container management on Linux. It was found that the socket used to manage the Docker service was world readable and writable. A local user could use this flaw to escalate their privileges to root. Red Hat would like to thank Jon Stanley for reporting this issue. All u ...

oval:org.secpod.oval:def:502157
Docker is a service providing container management on Linux. It was found that a malicious container image could overwrite arbitrary portions of the host file system by including absolute symlinks, potentially leading to privilege escalation. A flaw was found in the way the Docker service unpacked ...

oval:org.secpod.oval:def:502177
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:502174
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: * A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would ...

oval:org.secpod.oval:def:502175
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502181
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502182
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:501541
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:501726
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:501320
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501321
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501713
The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws ...

oval:org.secpod.oval:def:21806
The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certai ...

oval:org.secpod.oval:def:501396
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed ...

oval:org.secpod.oval:def:501688
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker ab ...

oval:org.secpod.oval:def:21804
The host is installed with curl 7.17.1 through 7.38.0 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read. Successful exploitation allows remote web servers ...

oval:org.secpod.oval:def:501510
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP b ...

oval:org.secpod.oval:def:501565
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ...

oval:org.secpod.oval:def:501571
Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ...

oval:org.secpod.oval:def:24540
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24542
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501556
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:501557
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:501559
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ...

oval:org.secpod.oval:def:24539
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24541
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24545
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24536
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24543
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:24544
The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ...

oval:org.secpod.oval:def:501640
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the- ...

oval:org.secpod.oval:def:25163
The host is installed with kernel on Red Hat Enterprise Linux 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle rename operations. Successful exploitation could allow attackers to escalate privileges on the affected syst ...

oval:org.secpod.oval:def:25178
The host is installed with qemu-kvm on Red Hat Enterprise Linux 7 and is prone to an out-of-bounds memory access vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:501601
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s IDE subsystem handled I/O buffer access while processing certain ATAP ...

oval:org.secpod.oval:def:501581
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ...

oval:org.secpod.oval:def:501674
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the syste ...

oval:org.secpod.oval:def:26768
The host is installed with kernel on RHEL 5, 6, or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle kernel's virtio-net handled fragmented packets. Successful exploitation could allow attackers to send crafted packets to a target ...

oval:org.secpod.oval:def:501656
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ...

oval:org.secpod.oval:def:501671
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ...

oval:org.secpod.oval:def:501722
The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ...

oval:org.secpod.oval:def:501734
The libpng12 packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried t ...

oval:org.secpod.oval:def:501760
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU"s Firmware Configuration device emulation processed certain f ...

oval:org.secpod.oval:def:501777
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed ...

oval:org.secpod.oval:def:501810
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ...

oval:org.secpod.oval:def:501904
Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU"s ...

oval:org.secpod.oval:def:501936
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ...

oval:org.secpod.oval:def:35691
The host is installed with RHEL 6 or 7 and is prone to a memory allocation vulnerability. A flaw is present in the application, which fails to properly handle crafted symbolic links. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:501861
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ...

oval:org.secpod.oval:def:501954
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ...

oval:org.secpod.oval:def:502075
The evince packages provide a simple multi-page document viewer for Portable Document Format , PostScript , Encapsulated PostScript files, and, with additional back-ends, also the Device Independent File format files. Security Fix: * It was found that evince did not properly sanitize the command l ...

oval:org.secpod.oval:def:502128
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of com ...

oval:org.secpod.oval:def:502134
The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts , and pcmcia configuration files. Security Fix: * An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery ...

oval:org.secpod.oval:def:502051
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A flaw was found in the way memory ...

oval:org.secpod.oval:def:502053
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap and stack memory regions were adjacent to each other, an attacker could use this flaw to jump ov ...

oval:org.secpod.oval:def:502119
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * Quick Emulator built with the Network Block Device Server support is vulnerable ...

oval:org.secpod.oval:def:502138
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language , and the capability to read e-mail and news. Security Fix: * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tric ...

oval:org.secpod.oval:def:38966
The host is installed with mariadb and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to cause hang or frequently repeatable crash .

oval:org.secpod.oval:def:502025
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ...

oval:org.secpod.oval:def:501980
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option ...

oval:org.secpod.oval:def:502082
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * A NULL pointer dereference flaw was found in ghostscript"s mem_get_bits_rectangle functio ...

oval:org.secpod.oval:def:502111
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_sta ...

oval:org.secpod.oval:def:502044
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ...

oval:org.secpod.oval:def:502121
The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine arch ...

oval:org.secpod.oval:def:502125
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event and vfs_rename while running the rename operation agai ...

oval:org.secpod.oval:def:502136
PostgreSQL is an advanced object-relational database management system . The following packages have been upgraded to a later upstream version: postgresql . Security Fix: * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq"s refusal ...

oval:org.secpod.oval:def:502142
Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files. Security Fix: * A vulnerability was discovered in augeas affecting the ...

oval:org.secpod.oval:def:502033
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that ghostscript did not properly validate the parameters passed to the .rsd ...

oval:org.secpod.oval:def:502036
The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix: * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this f ...

oval:org.secpod.oval:def:502034
The rpcbind utility is a server that converts Remote Procedure Call program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur whe ...

oval:org.secpod.oval:def:502037
The libtirpc packages contain SunLib"s implementation of transport-independent remote procedure call documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix: * It was found that due to the way rpcbind uses libtirpc , a memory leak can occur w ...

oval:org.secpod.oval:def:502095
OpenLDAP is an open-source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and docum ...

oval:org.secpod.oval:def:502056
Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use ...

oval:org.secpod.oval:def:502064
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * Quick Emulator built with Network Block Device Server support was vulnerable to ...

oval:org.secpod.oval:def:501337
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU ...

oval:org.secpod.oval:def:501424
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s VGA emulator accessed frame buffer memory for high resolution displays. ...

oval:org.secpod.oval:def:21824
The host is installed with qemu-kvm before 2.1.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which triggers access of an uninitialized socket. Successful exploitation allows local users to cause a denial of service (NULL pointer dereference) by sending a ...

oval:org.secpod.oval:def:21801
The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ...

oval:org.secpod.oval:def:501514
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ...

oval:org.secpod.oval:def:24749
The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted tiff image. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24760
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted BMP image. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24754
The host is installed with mpfr in RHEL 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly allocate buffer. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:24734
The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ...

oval:org.secpod.oval:def:501737
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP"s access control was based ...

oval:org.secpod.oval:def:24752
The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:24037
The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ...

oval:org.secpod.oval:def:24036
The host is installed with e2fsprogs before 1.42.9-7 on Redhat Enterprise Linux 7 and before 1.42.12-21 on Redhat Enterprise Linux 6 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which causes a crafted block group descriptor to be marked as dirty. ...

oval:org.secpod.oval:def:501564
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ...

oval:org.secpod.oval:def:501493
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ...

oval:org.secpod.oval:def:501624
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501573
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ...

oval:org.secpod.oval:def:501584
Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ...

oval:org.secpod.oval:def:501594
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501669
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ...

oval:org.secpod.oval:def:501608
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ...

oval:org.secpod.oval:def:26769
The host is installed with openssh on RHEL 6 or 7 and is prone to a brute-force vulnerability. A flaw is present in the application, which fails to check the list of keyboard-interactive authentication methods for duplicates. Successful exploitation could allow attackers to bypass the MaxAuthTries l ...

oval:org.secpod.oval:def:501743
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ...

oval:org.secpod.oval:def:501744
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ...

oval:org.secpod.oval:def:501746
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ...

oval:org.secpod.oval:def:501753
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:31657
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31658
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:501930
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that the fix for CVE-2014-9 ...

oval:org.secpod.oval:def:31663
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory

oval:org.secpod.oval:def:31662
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ...

oval:org.secpod.oval:def:31659
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd.

oval:org.secpod.oval:def:31660
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ...

oval:org.secpod.oval:def:31661
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ...

oval:org.secpod.oval:def:31656
The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ...

oval:org.secpod.oval:def:501758
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would ...

oval:org.secpod.oval:def:501796
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet cou ...

oval:org.secpod.oval:def:501795
The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit , OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or apple ...

oval:org.secpod.oval:def:501754
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the Linux kernel"s key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring function. A local, unprivileged u ...

oval:org.secpod.oval:def:501833
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configure ...

oval:org.secpod.oval:def:501806
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501807
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501823
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ...

oval:org.secpod.oval:def:501851
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ...

oval:org.secpod.oval:def:501850
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ...

oval:org.secpod.oval:def:501867
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ...

oval:org.secpod.oval:def:501886
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ...

oval:org.secpod.oval:def:37803
The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ...

oval:org.secpod.oval:def:502026
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ...

oval:org.secpod.oval:def:502030
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application u ...

oval:org.secpod.oval:def:501932
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501884
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:501961
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ...

oval:org.secpod.oval:def:502041
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A remote code execution flaw was found in Samba. A malicious authe ...

oval:org.secpod.oval:def:501427
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:501462
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:501480
The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ...

oval:org.secpod.oval:def:501479
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to es ...

oval:org.secpod.oval:def:501569
The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel"s kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel"s kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism ...

oval:org.secpod.oval:def:501497
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. ...

oval:org.secpod.oval:def:501579
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operation ...

oval:org.secpod.oval:def:501697
The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations ...

oval:org.secpod.oval:def:501854
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:25168
The host is installed with kernel on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a command to flush rules referencing chains that had already been deleted. Successful exploitation could allow attac ...

oval:org.secpod.oval:def:501583
The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ...

oval:org.secpod.oval:def:26771
The host is installed with glusterfs on RHEL 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which modifies a shell script during the installation of the glusterfs packages. Successful exploitation could allow attackers to escalate their privileges to ro ...

oval:org.secpod.oval:def:501545
The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ...

oval:org.secpod.oval:def:501543
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web ...

oval:org.secpod.oval:def:502165
Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle att ...

oval:org.secpod.oval:def:501575
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A loca ...

oval:org.secpod.oval:def:24546
The host is installed with webkitgtk3 version 2.0.4 and earlier on Redhat Enterprise Linux 7 and is prone to a TLS certificate late verification vulnerability. A flaw is present in the application, which fails to perform TLS certificate verification too late, after sending an HTTP request rather tha ...

oval:org.secpod.oval:def:501592
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ...

oval:org.secpod.oval:def:501679
The rest library was designed to make it easier to access web services that claim to be RESTful. A RESTful service should have URLs that represent remote objects, which methods can then be called on. It was found that the OAuth implementation in librest, a helper library for RESTful services, incorr ...

oval:org.secpod.oval:def:501704
The realmd DBus system service manages discovery of and enrollment in realms and domains, such as Active Directory or Identity Management . The realmd service detects available domains, automatically configures the system, and joins it as an account to a domain. A flaw was found in the way realmd pa ...

oval:org.secpod.oval:def:501681
NetworkManager is a system network service that manages network devices and connections. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs , without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of ...

oval:org.secpod.oval:def:501582
Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . A fl ...

oval:org.secpod.oval:def:25170
The host is installed with polkit on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an invalid object path when calling RegisterAuthenticationAgent. Successful exploitation could allow local attackers ...

oval:org.secpod.oval:def:501604
Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. All clutter users ...

oval:org.secpod.oval:def:501577
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:501675
Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . A fl ...

oval:org.secpod.oval:def:501598
The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the ...

oval:org.secpod.oval:def:501764
PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. All polkit ...

oval:org.secpod.oval:def:501699
OpenHPI is an open source project created with the intent of providing an implementation of the SA Forum"s Hardware Platform Interface . HPI provides an abstracted interface to managing computer hardware, typically for chassis and rack based servers. HPI includes resource modeling, access to and con ...

oval:org.secpod.oval:def:501710
OpenLDAP is an open-source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and docum ...

oval:org.secpod.oval:def:501706
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spo ...

oval:org.secpod.oval:def:25181
The host is installed with xz on Red Hat Enterprise Linux 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process filenames containing a semicolon. Successful exploitation could allow attackers to execute arbitrary co ...

oval:org.secpod.oval:def:501694
The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a conta ...

oval:org.secpod.oval:def:501902
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ...

oval:org.secpod.oval:def:501768
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way ...

oval:org.secpod.oval:def:501678
The grub2 packages provide version 2 of the Grand Unified Bootloader , a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. It was discovered that grub2 builds for EF ...

oval:org.secpod.oval:def:501696
The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms.

oval:org.secpod.oval:def:501711
ABRT is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targ ...

oval:org.secpod.oval:def:501690
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to full ...

oval:org.secpod.oval:def:502076
The GNOME Display Manager provides the graphical login screen shown shortly after boot up, log out, and when user-switching. The following packages have been upgraded to a later upstream version: gdm , gnome-session . Security Fix: * It was found that gdm could crash due to a signal handler dispat ...

oval:org.secpod.oval:def:501799
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ...

oval:org.secpod.oval:def:501857
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:501973
The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ...

oval:org.secpod.oval:def:501751
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ...

oval:org.secpod.oval:def:501767
The 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to cor ...

oval:org.secpod.oval:def:501923
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid . Security Fix: * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, wh ...

oval:org.secpod.oval:def:501921
The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable ...

oval:org.secpod.oval:def:501818
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501907
The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. The following packages have been upgraded to a newer upstream version: mod_nss . Security Fix: * A ...

oval:org.secpod.oval:def:501787
OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ...

oval:org.secpod.oval:def:501916
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos ...

oval:org.secpod.oval:def:501870
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A security flaw was found in the Linux kernel in the mark_source_chains function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to ...

oval:org.secpod.oval:def:34291
The host is installed with Apple iTunes before 12.4.2 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted XML document. Successful exploitation allows attackers to disclose user information.

oval:org.secpod.oval:def:35562
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer underreads vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code.

oval:org.secpod.oval:def:34288
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:34289
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:501919
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic to ...

oval:org.secpod.oval:def:34290
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:38099
The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dra ...

oval:org.secpod.oval:def:501927
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base . Security Fix: * It was ...

oval:org.secpod.oval:def:501912
Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network . Secu ...

oval:org.secpod.oval:def:501868
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. A ...

oval:org.secpod.oval:def:501892
firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. The following packages have been upgraded to a newer upstream version: firewalld . Security Fix: * A flaw was found in the way firewalld allowed certain firewall configurations to be modifie ...

oval:org.secpod.oval:def:501906
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. ...

oval:org.secpod.oval:def:37818
The host is installed with mariadb and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle multiple protocols. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501901
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that the Linux kernel"s IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a deni ...

oval:org.secpod.oval:def:36842
The host is installed with Kernel on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an ABORT_TASK command. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:37409
The host is installed with RHEL 6 or 7 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted image. Successful exploitation could allow attackers to lead to a heap-based buffer overflow.

oval:org.secpod.oval:def:501945
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ...

oval:org.secpod.oval:def:501953
Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: * It was discovered that the default IdM password policies that lock out accounts after a certain number of failed ...

oval:org.secpod.oval:def:501926
RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix: * It was discovered that under certain conditions RESTEasy could be forced to pa ...

oval:org.secpod.oval:def:501894
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the default sudo configur ...

oval:org.secpod.oval:def:37410
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle a maliciously crafted SGI file. Successful exploitation could allow attackers to disclose sensitive information.

oval:org.secpod.oval:def:501934
The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ...

oval:org.secpod.oval:def:37411
The host is installed with policycoreutils on RHEL 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle characters pushed into the terminal's input buffer. Successful exploitation could allow an attacker to escape the sandbox.

oval:org.secpod.oval:def:501914
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes usi ...

oval:org.secpod.oval:def:502042
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that the packet_set_ring function of the Linux kernel"s networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could u ...

oval:org.secpod.oval:def:501938
The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on . Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure Apache-based service providers. Security Fix: * A vulnerability was ...

oval:org.secpod.oval:def:501975
The Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when ntp is configured ...

oval:org.secpod.oval:def:501959
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ...

oval:org.secpod.oval:def:502008
OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potent ...

oval:org.secpod.oval:def:501958
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ...

oval:org.secpod.oval:def:501957
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX ...

oval:org.secpod.oval:def:502129
XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix: * It was discovered xmlsec1"s use of libxml2 inadvertently enabled external en ...

oval:org.secpod.oval:def:502054
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ...

oval:org.secpod.oval:def:502117
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ...

oval:org.secpod.oval:def:502183
The docker-distribution package provides the tool set to support the Docker Registry version 2. The following packages have been upgraded to a later upstream version: docker-distribution . Security Fix: * It was found that docker-distribution did not properly restrict memory allocation size for a r ...

oval:org.secpod.oval:def:502088
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the ...

oval:org.secpod.oval:def:502083
The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump . Security Fix: * Mu ...

oval:org.secpod.oval:def:502009
The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries. Security Fix: * Multiple vulnerabilities were found in icoutils, in the ...

oval:org.secpod.oval:def:502080
Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients which allow ...

oval:org.secpod.oval:def:502086
The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix: * A flaw was found where authconfig ...

oval:org.secpod.oval:def:502133
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * A flaw was found in the way 389-ds-base handled authentication attempts against locked accoun ...

oval:org.secpod.oval:def:502072
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502062
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list in the socket buffer. The heap overflow occurred if "MAX_SKB_FRAGS + 1" parameter ...

oval:org.secpod.oval:def:501773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501779
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:21523
The host is installed with Wireshark 1.10.x before 1.10.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted packet. Successful exploitation could allow attackers to cause a denial of service (application crash)

oval:org.secpod.oval:def:501434
Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ...

oval:org.secpod.oval:def:21796
The host is installed with Wireshark 1.10.x before 1.10.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly strip '\n' and '\r' characters. Successful exploitation could allow attackers to cause a denial of service (off-by-one buffer und ...

oval:org.secpod.oval:def:21797
The host is installed with Wireshark 1.10.x before 1.10.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not completely initialize a certain buffer. Successful exploitation could allow attackers to cause a denial of service (application crash).

oval:org.secpod.oval:def:21794
The host is installed with Wireshark 1.10.x before 1.10.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted packet. Successful exploitation could allow attackers to cause a denial of service (buffer underflow and application cras ...

oval:org.secpod.oval:def:21795
The host is installed with Wireshark 1.10.x before 1.10.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted packet. Successful exploitation could allow attackers to cause a denial of service (buffer underflow and application cras ...

oval:org.secpod.oval:def:21793
The host is installed with Wireshark 1.10.x before 1.10.9 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted packet. Successful exploitation could allow attackers to cause a denial of service (application crash)

oval:org.secpod.oval:def:24759
The host is installed with wireshark in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted packet-trace file. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501693
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump f ...

oval:org.secpod.oval:def:21832
The host is installed with open-vm-tools before 9.4.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows local users to obtain sensitive information.

oval:org.secpod.oval:def:502098
The X11 libraries provide library routines that are used within all X Window applications. The following packages have been upgraded to a later upstream version: libX11 , libXaw , libXdmcp , libXfixes , libXfont , libXi , libXpm , libXrandr , libXrender , libXt , libXtst , libXv , libXvMC , libXxf8 ...

oval:org.secpod.oval:def:502195
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ...

oval:org.secpod.oval:def:502073
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba . Se ...

oval:org.secpod.oval:def:501400
Apache Xerces for Java is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specia ...

oval:org.secpod.oval:def:502199
The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix: * An out-of-bounds array dereference was found in apr_time_exp_get. An attacker could abuse an unvalidated usage of thi ...

oval:org.secpod.oval:def:502198
The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix: * A heap-based buffer o ...

oval:org.secpod.oval:def:501717
The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chai ...

oval:org.secpod.oval:def:501763
The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attac ...

oval:org.secpod.oval:def:502155
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed mac ...

oval:org.secpod.oval:def:502202
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * Quick Emulator , compiled with the PC System Emulator with multiboot feature supp ...

oval:org.secpod.oval:def:502193
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. * An intege ...

oval:org.secpod.oval:def:501967
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:501976
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:501879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:36844
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:502089
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh . Security Fix: * A covert timin ...

oval:org.secpod.oval:def:501978
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:501880
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application de ...

oval:org.secpod.oval:def:502191
Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tab ...

oval:org.secpod.oval:def:502047
Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix: * An out-of-bounds r/w access issue was found in QEMU"s Cirrus CLGD 54xx VGA Emulat ...

oval:org.secpod.oval:def:502204
The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to ...

oval:org.secpod.oval:def:502203
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ...

oval:org.secpod.oval:def:502206
Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tab ...

oval:org.secpod.oval:def:502205
Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix: * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across mu ...

oval:org.secpod.oval:def:501373
HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using ...

oval:org.secpod.oval:def:501380
Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ...

oval:org.secpod.oval:def:501338
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ...

oval:org.secpod.oval:def:502124
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * A shell command injection flaw related to the handling of "svn+ssh" U ...

oval:org.secpod.oval:def:501362
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag lib ...

oval:org.secpod.oval:def:501323
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on ...

oval:org.secpod.oval:def:501325
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat ...

oval:org.secpod.oval:def:34941
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34936
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34937
The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34934
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34935
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34932
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34938
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34939
The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:34287
The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service.

oval:org.secpod.oval:def:501928
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ...

oval:org.secpod.oval:def:502173
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Security Fix: * It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to ...

oval:org.secpod.oval:def:502163
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Security Fix: * It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to ...

oval:org.secpod.oval:def:501893
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ...

oval:org.secpod.oval:def:501900
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbi ...

oval:org.secpod.oval:def:502130
Poppler is a Portable Document Format rendering library, used by applications such as Evince. Security Fix: * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler to crash, or potentially execut ...

oval:org.secpod.oval:def:502055
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS ...

oval:org.secpod.oval:def:502074
FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attribute ...

oval:org.secpod.oval:def:501895
The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream ve ...

oval:org.secpod.oval:def:502123
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work ...

oval:org.secpod.oval:def:502159
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel"s IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary ...

oval:org.secpod.oval:def:502135
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feat ...

oval:org.secpod.oval:def:502201
The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list o ...

oval:org.secpod.oval:def:502069
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use th ...

oval:org.secpod.oval:def:502207
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely byp ...

oval:org.secpod.oval:def:502185
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely byp ...

oval:org.secpod.oval:def:502114
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb . Security Fix: * It was discovered that the mysql and mysqldump tools did not correctly handle database and table names c ...

oval:org.secpod.oval:def:38967
The host is installed with mariadb and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow attackers to have unauthorized access to critical data or complete access to all M ...

oval:org.secpod.oval:def:502118
Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix: * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specia ...

oval:org.secpod.oval:def:502180
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, and self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker-latest . Security Fix: * The runc component used ...

oval:org.secpod.oval:def:502164
The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. Security Fix: * The runc component used by `docker exec` feature of docker allowed additional container processes via to be ptraced by the pid 1 of the container. This allows the ma ...

oval:org.secpod.oval:def:502196
Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A use-after-free flaw was found in the way samba servers handled c ...

oval:org.secpod.oval:def:502179
Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. The following packages have been upgraded to a newer upstream version: docker . Security Fix: * The runc component used by `docker ...

oval:org.secpod.oval:def:502079
The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A double-free flaw was found in the way GnuTLS p ...

oval:org.secpod.oval:def:501931
The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix: * A design flaw was found in the libgcrypt PRNG . An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. Red Hat would like to thank Fel ...

oval:org.secpod.oval:def:501956
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ...

oval:org.secpod.oval:def:502197
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix: * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a maliciou ...

oval:org.secpod.oval:def:501825
PCRE is a Perl-compatible regular expression library. Security Fix: * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to c ...

oval:org.secpod.oval:def:501889
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix: * It was found that util-linux"s libblkid library did not properly handle Ext ...

oval:org.secpod.oval:def:501862
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb . Security Fix: * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws c ...

oval:org.secpod.oval:def:501837
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ...

oval:org.secpod.oval:def:501819
ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a s ...

oval:org.secpod.oval:def:35563
The host is installed with RHEL 6 or 7 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to properly sanitize certain input before passing it to the gnuplot delegate functionality. Successful exploitation could allow attackers to execute arbitrary c ...

oval:org.secpod.oval:def:501929
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ...

oval:org.secpod.oval:def:501964
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND processed a response ...

oval:org.secpod.oval:def:501786
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ...

oval:org.secpod.oval:def:501874
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ...

oval:org.secpod.oval:def:501537
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker coul ...

oval:org.secpod.oval:def:501735
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ...

oval:org.secpod.oval:def:501756
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ...

oval:org.secpod.oval:def:501596
The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make B ...

oval:org.secpod.oval:def:502031
JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix: Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. Multiple flaws ...

oval:org.secpod.oval:def:501872
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ...

oval:org.secpod.oval:def:34942
The host is installed with RHEL 6 or 7 and is prone to an out-of-bounds heap read vulnerability. A flaw is present in the application, which fails to handle a malformed input document. Successful exploitation could allow attackers to execute arbitrary code or crash the service.

oval:org.secpod.oval:def:501941
Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ...

oval:org.secpod.oval:def:502013
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user"s browser. A remote attac ...

oval:org.secpod.oval:def:502150
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker ...

oval:org.secpod.oval:def:501848
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly use ...

oval:org.secpod.oval:def:502127
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: * It was discovered that the httpd"s mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote ...

oval:org.secpod.oval:def:502188
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in Tomcat"s handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to b ...

oval:org.secpod.oval:def:502071
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * A vulnerability was discovered in the error page mechanism in Tomcat"s DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the remova ...

oval:org.secpod.oval:def:502085
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a later upstream version: tomcat . Security Fix: * The Realm implementations did not process the supplied password if the supplied user name did not exist. This ...

oval:org.secpod.oval:def:502011
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid character ...

oval:org.secpod.oval:def:501905
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat . Security Fix: * A CSRF flaw was found in Tomcat"s the index pages for the Manager and Host Manager applications. These applic ...

oval:org.secpod.oval:def:501578
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:501461
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A ...

oval:org.secpod.oval:def:502208
PostgreSQL is an advanced object-relational database management system . Security Fix: * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. Note: T ...

oval:org.secpod.oval:def:502187
The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix: * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HT ...

oval:org.secpod.oval:def:502014
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extend ...

oval:org.secpod.oval:def:502143
The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, exec ...

oval:org.secpod.oval:def:502151
The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. S ...

oval:org.secpod.oval:def:42417
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42416
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group ...

oval:org.secpod.oval:def:42415
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42414
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42419
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) dur ...

oval:org.secpod.oval:def:42418
A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or inject forged Wi-Fi packets by manipulating cryptograhpic handshakes used by the WPA2 protocol.

oval:org.secpod.oval:def:42420
A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wirel ...

*CPE
cpe:/o:redhat:enterprise_linux:7
XCCDF    1
xccdf_org.secpod_benchmark_general_RHEL_7

© 2013 SecPod Technologies