Download
| Alert*
|
oval:org.secpod.oval:def:400616
SUSE Linux Enterprise Desktop 12 SP1 is installed oval:org.secpod.oval:def:400634 yast2-users was updated to fix one security issue. This security issue was fixed: - CVE-2016-1601: Empty passwords fields in /etc/shadow after SLES 12 SP1 autoyast installation . This update includes a script that fixes installations that we"re affected by this problem. It is run automatically upon ... oval:org.secpod.oval:def:400810 ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. - CVE-2014-9811: Crash in xwd file handler . - CVE-2014-9812: NULL pointer dereference in ps file handling . - CVE-2014-9813: Crash on corrupted viff file . - CVE-2014-9814 ... oval:org.secpod.oval:def:400723 This update for pidgin-otr fixes the following issues: - CVE-2015-8833: A heap based use-after-free issue was fixed in pidgin-otr that could lead to crashes or potential code execution. oval:org.secpod.oval:def:400746 The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote conn ... oval:org.secpod.oval:def:400774 This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the following security issue: * CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code oval:org.secpod.oval:def:400790 This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Other bugs fixed: - Enable clustering support; . - s3: smbd: Fix timestamp rounding inside SMB2 create; ; . - v ... oval:org.secpod.oval:def:400789 libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed: - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally . oval:org.secpod.oval:def:400729 flash-player was updated to fix one security issue. This security issue was fixed: - CVE-2016-1019: Adobe Flash Player allowed remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016 . oval:org.secpod.oval:def:400684 Adobe Flash Player was updated to 11.2.202.632 to fix many security issues tracked under the upstream advisory APSB16-25, allowing remote attackers to execute arbitrary code when delivering specially crafted Flash content. The following vulnerabilities were fixed: - CVE-2016-4172: memory corruption ... oval:org.secpod.oval:def:400792 Adobe flash-player was updated to 11.2.202.626 to fix the following security issues: Security update to 11.2.202.626 : * APSB16-18, CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE ... oval:org.secpod.oval:def:400735 This update for flash-player fixes the following issues: - Security update to 11.2.202.569 : * APSB16-04, CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, ... oval:org.secpod.oval:def:400754 This update for flash-player fixes the following security issues : - integer overflow vulnerability that could lead to code execution . - use-after-free vulnerabilities that could lead to code execution - security bypass vulnerabilities that could lead to information disclosure - memory corruption ... oval:org.secpod.oval:def:400717 This update for flash-player fixes the following issues: - Security update to 11.2.202.621 : * APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE ... oval:org.secpod.oval:def:400690 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient s ... oval:org.secpod.oval:def:400783 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:400801 This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. - Infinite loop in processing command block list. CVE-2015-8345 : This update also fixes a non-security bug: - Due to space restrictions in limited bios dat ... oval:org.secpod.oval:def:400708 Adobe flash-player was updated to 11.2.202.577 to fix the following list of security issues : These updates resolve integer overflow vulnerabilities that could lead to code execution . These updates resolve use-after-free vulnerabilities that could lead to code execution . These updates resolve a he ... oval:org.secpod.oval:def:400720 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen This non-security issue was fixed: - Fix encoding of /Title in generated PDFs oval:org.secpod.oval:def:400781 libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser . - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser . - CVE-2015-8920: Stack out of bounds read in ar parser . - CVE-2015-8921: Global out of bounds read in ... oval:org.secpod.oval:def:400706 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:400743 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 - New in release 3.1.0 : * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement - S8146514: Enforce GCM limits - S8147771: Construction of ... oval:org.secpod.oval:def:400637 qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ... oval:org.secpod.oval:def:400679 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations oval:org.secpod.oval:def:400716 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.59 to receive various security and bugfixes. Main feature additions: - Improved support for Clustered File System . - Addition of kGraft patches now produces logging messages to simplify auditing . The following security bugs were fixed: - ... oval:org.secpod.oval:def:400674 The SUSE Linux Enterprise 12 kernel was updated to receive critical security and bugfixes. Security issue fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. The following non-security bugs were fixed: - KVM: x86: expose ... oval:org.secpod.oval:def:400618 This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ... oval:org.secpod.oval:def:400651 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-1286: An error when parsing signature ... oval:org.secpod.oval:def:400699 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:400653 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement - S8147771: Construction of static protection domains under Javax custom policy ... oval:org.secpod.oval:def:400733 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ... oval:org.secpod.oval:def:400819 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR * MFSA 2016-14/CVE-2016-1523 Vulnerabilities in Graphite 2 oval:org.secpod.oval:def:400824 This update to MozillaFirefox 38.8.0 ESR fixes the following issues : - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 - CVE-2 ... oval:org.secpod.oval:def:400624 java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT compon ... oval:org.secpod.oval:def:400821 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR , fixing following security issues: * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 Local file overwriting and ... oval:org.secpod.oval:def:400663 This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency . - CVE-2016-0687: Better byte behavior . - CVE-2016-0695: Make DSA more fair . - CVE-2016-3425: Better buffering of XML strings . - CVE-2016-3 ... oval:org.secpod.oval:def:400712 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations . - CVE-2016-4954: Processing spoofed server packets . - CVE-2016-4955: Autokey association reset . - CVE-2016-4956: Broadcast inte ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:400710 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP se ... oval:org.secpod.oval:def:400688 This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU : - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability ... oval:org.secpod.oval:def:400764 This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via a cra ... oval:org.secpod.oval:def:400762 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashs ... oval:org.secpod.oval:def:400813 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues : * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG wi ... oval:org.secpod.oval:def:400815 MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS . - CVE-2016- ... oval:org.secpod.oval:def:400814 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 - CVE-2016-1935 ... oval:org.secpod.oval:def:400775 ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Den ... oval:org.secpod.oval:def:400696 This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service via crafted BER data, as demonstrated by an attack against slapd. - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. It also fixes the follow ... oval:org.secpod.oval:def:400662 This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher sui ... oval:org.secpod.oval:def:400661 This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ... oval:org.secpod.oval:def:400786 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ... oval:org.secpod.oval:def:400644 This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side channel attack ... oval:org.secpod.oval:def:400755 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:400704 The SUSE Linux Enterprise 12 SP1 kernel was updated to receive a security fix. Following security bug was fixed: - A reference leak in keyring handling with join_session_keyring could lead to local attackers gain root privileges. . oval:org.secpod.oval:def:400709 xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ... oval:org.secpod.oval:def:400753 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions o ... oval:org.secpod.oval:def:400765 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.57 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the conge ... oval:org.secpod.oval:def:400734 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ... oval:org.secpod.oval:def:400694 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check fo ... |
