Download
| Alert*
|
oval:org.secpod.oval:def:400620
SUSE Linux Enterprise Desktop 12 is installed oval:org.secpod.oval:def:400723 This update for pidgin-otr fixes the following issues: - CVE-2015-8833: A heap based use-after-free issue was fixed in pidgin-otr that could lead to crashes or potential code execution. oval:org.secpod.oval:def:400746 The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote conn ... oval:org.secpod.oval:def:400643 This update for samba fixes the following issues: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target. Also the following bugs were fixed: - Add quotes around path of update-apparmor-samba-profile; . - Prevent access denied if the share path is " ... oval:org.secpod.oval:def:400789 libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed: - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally . oval:org.secpod.oval:def:400729 flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2016-1019: Adobe Flash Player allowed remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016 . oval:org.secpod.oval:def:400792 Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 : * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE ... oval:org.secpod.oval:def:400735 This update for flash-player fixes the following issues: - Security update to 11.2.202.569 : * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, ... oval:org.secpod.oval:def:400717 This update for flash-player fixes the following issues: - Security update to 11.2.202.621 : * APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE ... oval:org.secpod.oval:def:400690 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient s ... oval:org.secpod.oval:def:400632 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:400708 Adobe flash-player was updated to 11.2.202.577 to fix the following list of security issues : These updates resolve integer overflow vulnerabilities that could lead to code execution . These updates resolve use-after-free vulnerabilities that could lead to code execution . These updates resolve a he ... oval:org.secpod.oval:def:400720 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen This non-security issue was fixed: - Fix encoding of /Title in generated PDFs oval:org.secpod.oval:def:400706 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:400686 This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: * Fix infinite loops and buffer-overrun problems in regular expressions . * Fix regular-expression compiler to handle loops of constraint arcs . * Prevent certain PL/Java parameters from being set by non-s ... oval:org.secpod.oval:def:400673 The SUSE Linux Enterprise 12 GA kernel was updated to receive one critical security fix. Security issue fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation oval:org.secpod.oval:def:400672 qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI DMA I/O - ... oval:org.secpod.oval:def:400630 The SUSE Linux Enterprise 12 GA kernel was updated to fix one security issue. The following security bug was fixed: - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/ ... oval:org.secpod.oval:def:400680 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations oval:org.secpod.oval:def:400809 Samba was updated to the 4.2.x codestream, bringing some new features and security fixes . These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2 ... oval:org.secpod.oval:def:400619 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-1286: An error when parsing signature ... oval:org.secpod.oval:def:400641 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ... oval:org.secpod.oval:def:400819 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR * MFSA 2016-14/CVE-2016-1523 Vulnerabilities in Graphite 2 oval:org.secpod.oval:def:400824 This update to MozillaFirefox 38.8.0 ESR fixes the following issues : - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 - CVE-2 ... oval:org.secpod.oval:def:400821 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR , fixing following security issues: * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 Local file overwriting and ... oval:org.secpod.oval:def:400748 ntp was updated to version 4.2.8p8 to fix 17 security issues. These security issues were fixed: - CVE-2016-4956: Broadcast interleave . - CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC . - CVE-2016-2519: ctl_getitem return value not always checked . - CVE-2 ... oval:org.secpod.oval:def:400663 This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency . - CVE-2016-0687: Better byte behavior . - CVE-2016-0695: Make DSA more fair . - CVE-2016-3425: Better buffering of XML strings . - CVE-2016-3 ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:400676 ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes: - The "sntp" commandline tool changed its option handling in a major way, some options have been renamed or dropped. - "controlkey 1" is added during update to ntp.conf to allow sntp to work. ... oval:org.secpod.oval:def:400764 This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via a cra ... oval:org.secpod.oval:def:400762 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashs ... oval:org.secpod.oval:def:400815 MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS . - CVE-2016- ... oval:org.secpod.oval:def:400814 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 - CVE-2016-1935 ... oval:org.secpod.oval:def:400696 This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service via crafted BER data, as demonstrated by an attack against slapd. - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. It also fixes the follow ... oval:org.secpod.oval:def:400662 This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher sui ... oval:org.secpod.oval:def:400742 This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a B ... oval:org.secpod.oval:def:400727 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ... oval:org.secpod.oval:def:400644 This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side channel attack ... oval:org.secpod.oval:def:400755 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:400664 The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allow ... oval:org.secpod.oval:def:400678 The SUSE Linux Enterprise 12 kernel was updated to receive a security fix. Following security bug was fixed: - A reference leak in keyring handling with join_session_keyring could lead to local attackers gain root privileges. . oval:org.secpod.oval:def:400794 The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. Following security bugs were fixed: - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl . - CVE-2015-8539: A negatively instantiated user key could have been used by a lo ... oval:org.secpod.oval:def:400734 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ... oval:org.secpod.oval:def:400737 xen was updated to fix 46 security issues. These security issues were fixed: - CVE-2013-4527: Buffer overflow in hw/timer/hpet.c might have allowed remote attackers to execute arbitrary code via vectors related to the number of timers . - CVE-2013-4529: Buffer overflow in hw/pci/pcie_aer.c allowed r ... oval:org.secpod.oval:def:400652 The SUSE Linux Enterprise 12 kernel was updated to 3.12.55 to receive various security and bugfixes. Features added: - A improved XEN blkfront module was added, which allows more I/O bandwidth. It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode. The following security bugs were fixed ... |
