Download
| Alert*
|
oval:org.secpod.oval:def:400615
SUSE Linux Enterprise Server 12 SP1 is installed oval:org.secpod.oval:def:400634 yast2-users was updated to fix one security issue. This security issue was fixed: - CVE-2016-1601: Empty passwords fields in /etc/shadow after SLES 12 SP1 autoyast installation . This update includes a script that fixes installations that we"re affected by this problem. It is run automatically upon ... oval:org.secpod.oval:def:400810 ImageMagick was updated to fix 66 security issues. These security issues were fixed: - CVE-2014-9810: SEGV in dpx file handler. - CVE-2014-9811: Crash in xwd file handler . - CVE-2014-9812: NULL pointer dereference in ps file handling . - CVE-2014-9813: Crash on corrupted viff file . - CVE-2014-9814 ... oval:org.secpod.oval:def:400746 The OpenJDK Java java-1_7_0-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 * Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency * Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remote conn ... oval:org.secpod.oval:def:400774 This update for java-1_8_0-openjdk to version jdk8u77-b03 fixes the following security issue: * CVE-2016-0636: Improve MethodHandle consistency, which had allowed attackers to execute code oval:org.secpod.oval:def:400790 This update for the samba server fixes the following issues: Security issue fixed: - CVE-2015-7560: Getting and setting Windows ACLs on symlinks can change permissions on link target; ; . Other bugs fixed: - Enable clustering support; . - s3: smbd: Fix timestamp rounding inside SMB2 create; ; . - v ... oval:org.secpod.oval:def:400789 libimobiledevice, usbmuxd were updated to fix one security issue. This security issue was fixed: - CVE-2016-5104: Sockets listening on INADDR_ANY instead of only locally . oval:org.secpod.oval:def:400690 This update for ImageMagick fixes the following issues: Security issues fixed: - Several coders were vulnerable to remote code execution attacks, these coders have now been disabled by default but can be re-enabled by editing "/etc/ImageMagick-*/policy.xml" - CVE-2016-3714: Insufficient s ... oval:org.secpod.oval:def:400783 This update for glibc fixes the following security issues: - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment var ... oval:org.secpod.oval:def:400801 This update fixes the following security issues: - Enforce receive packet size, thus eliminating buffer overflow and potential security issue. - Infinite loop in processing command block list. CVE-2015-8345 : This update also fixes a non-security bug: - Due to space restrictions in limited bios dat ... oval:org.secpod.oval:def:400719 This update for git fixes a buffer overflow issue that had the potential to be abused for remote execution of arbitrary code . oval:org.secpod.oval:def:400720 This update for ImageMagick fixes the following issues: This security issue was fixed: - CVE-2016-5118: Prevent code execution via popen This non-security issue was fixed: - Fix encoding of /Title in generated PDFs oval:org.secpod.oval:def:400781 libarchive was updated to fix 20 security issues. These security issues were fixed: - CVE-2015-8918: Overlapping memcpy in CAB parser . - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser . - CVE-2015-8920: Stack out of bounds read in ar parser . - CVE-2015-8921: Global out of bounds read in ... oval:org.secpod.oval:def:400706 This update for postgresql94 fixes the following issues: - Security and bugfix release 9.4.6: * *** IMPORTANT *** Users of version 9.4 will need to reindex any jsonb_path_ops indexes they have created, in order to fix a persistent issue with missing index entries. * Fix infinite loops and buffer-ove ... oval:org.secpod.oval:def:400675 - Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option "tls_versions" to ... oval:org.secpod.oval:def:400743 This update for java-1_8_0-openjdk fixes the following issues: - Upgrade to version jdk8u101 - New in release 3.1.0 : * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement - S8146514: Enforce GCM limits - S8147771: Construction of ... oval:org.secpod.oval:def:400637 qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation - CVE-2016-4441: Avoid OOB access in 53C9X emulation - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation - CVE-2015-8817: Avoid OOB access in PCI dma I/O - ... oval:org.secpod.oval:def:400679 This update for bind fixes the following issues: - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations oval:org.secpod.oval:def:400716 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.59 to receive various security and bugfixes. Main feature additions: - Improved support for Clustered File System . - Addition of kGraft patches now produces logging messages to simplify auditing . The following security bugs were fixed: - ... oval:org.secpod.oval:def:400674 The SUSE Linux Enterprise 12 kernel was updated to receive critical security and bugfixes. Security issue fixed: - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. The following non-security bugs were fixed: - KVM: x86: expose ... oval:org.secpod.oval:def:400618 This update for xen to version 4.5.3 fixes the several issues. These security issues were fixed: - CVE-2016-6258: Potential privilege escalation in PV guests . - CVE-2016-6259: Missing SMAP whitelisting in 32-bit exception / event delivery . - CVE-2016-5337: The megasas_ctrl_get_info function allo ... oval:org.secpod.oval:def:400651 This update for bind fixes the following issues: Fix two assertion failures that can lead to a remote denial of service attack: * CVE-2016-1285: An error when parsing signature records for DNAME can lead to named exiting due to an assertion failure. * CVE-2016-1286: An error when parsing signature ... oval:org.secpod.oval:def:400699 samba was updated to fix seven security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks . - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication . - CVE-2016-2111: Domain controller netlogon member ... oval:org.secpod.oval:def:400698 IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. - Add hwkeytool binary for zSeries. oval:org.secpod.oval:def:400653 This update for java-1_7_0-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 * Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking - S8145446, CVE-2016-3485: Perfect pipe placement - S8147771: Construction of static protection domains under Javax custom policy ... oval:org.secpod.oval:def:400782 This update for tomcat fixes the following issues: Tomcat 8 was updated from 8.0.23 to 8.0.32, to fix bugs and security issues. Fixed security issues: * CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java in Apache Tomcat allowed remote authenticated users to bypass intended Securit ... oval:org.secpod.oval:def:400733 mariadb was updated to version 10.0.25 to fix 25 security issues. These security issues were fixed: - CVE-2016-0505: Unspecified vulnerability allowed remote authenticated users to affect availability via unknown vectors related to Options . - CVE-2016-0546: Unspecified vulnerability allowed local u ... oval:org.secpod.oval:def:400819 This update for MozillaFirefox fixes the following issues: - update to Firefox 38.6.1 ESR * MFSA 2016-14/CVE-2016-1523 Vulnerabilities in Graphite 2 oval:org.secpod.oval:def:400824 This update to MozillaFirefox 38.8.0 ESR fixes the following issues : - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 - CVE-2 ... oval:org.secpod.oval:def:400624 java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT compon ... oval:org.secpod.oval:def:400821 This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR , fixing following security issues: * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 Local file overwriting and ... oval:org.secpod.oval:def:400663 This update for java-1_7_0-openjdk to version 2.6.6 fixes five security issues. These security issues were fixed: - CVE-2016-0686: Ensure thread consistency . - CVE-2016-0687: Better byte behavior . - CVE-2016-0695: Make DSA more fair . - CVE-2016-3425: Better buffering of XML strings . - CVE-2016-3 ... oval:org.secpod.oval:def:400712 ntp was updated to version 4.2.8p8 to fix five security issues. These security issues were fixed: - CVE-2016-4953: Bad authentication demobilizes ephemeral associations . - CVE-2016-4954: Processing spoofed server packets . - CVE-2016-4955: Autokey association reset . - CVE-2016-4956: Broadcast inte ... oval:org.secpod.oval:def:400791 This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack whe ... oval:org.secpod.oval:def:400633 This update for openssh fixes the following issues: - CVE-2016-0777: A malicious or compromised server could cause the OpenSSH client to expose part or all of the client"s private key through the roaming feature - CVE-2016-0778: A malicious or compromised server could could trigger a buffer overflo ... oval:org.secpod.oval:def:400710 This update for ntp to 4.2.8p7 fixes the following issues: * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP se ... oval:org.secpod.oval:def:400752 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using t ... oval:org.secpod.oval:def:400688 This update for java-1_8_0-openjdk fixes the following security issues - April 2016 Oracle CPU : - CVE-2016-0686: Unspecified vulnerability allowed remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. - CVE-2016-0687: Unspecified vulnerability ... oval:org.secpod.oval:def:400764 This update for graphite2 fixes the following issues: - CVE-2016-1521: The directrun function in directmachine.cpp in Libgraphite did not validate a certain skip operation, which allowed remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via a cra ... oval:org.secpod.oval:def:400763 This IBM Java 1.7.1 SR3 FP40 release fixes the following issues: Security issues fixed: - CVE-2016-0264: buffer overflow vulnerability in the IBM JVM - CVE-2016-0363: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix - CVE-2016-0376: insecure deserialization in CORBA, i ... oval:org.secpod.oval:def:400762 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashs ... oval:org.secpod.oval:def:400659 This update for java-1_8_0-ibm fixes the following issues: - IBM Java 80-3.0 released: CVE-2016-0376 CVE-2016-0264 CVE-2016-0363 CVE-2016-3443 CVE-2016-0687 CVE-2016-0686 CVE-2016-3427 CVE-2016-3449 CVE-2016-3422 CVE-2016-3426 - There is no HtmlConverter and apt provided by jdk8 bsc#965665 oval:org.secpod.oval:def:400813 MozillaFirefox was updated to 45.3.0 ESR to fix the following issues : * MFSA 2016-62/CVE-2016-2835/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 Buffer overflow rendering SVG wi ... oval:org.secpod.oval:def:400815 MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues. MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS . - CVE-2016- ... oval:org.secpod.oval:def:400814 This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2. The following vulnerabilities were fixed: - CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 - CVE-2016-1935 ... oval:org.secpod.oval:def:400775 ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq . - CVE-2015-8138: Zero Origin Timestamp Bypass . - CVE-2015-7979: Off-path Den ... oval:org.secpod.oval:def:400696 This update fixes the following security issues: - CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service via crafted BER data, as demonstrated by an attack against slapd. - CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. It also fixes the follow ... oval:org.secpod.oval:def:400661 This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ... oval:org.secpod.oval:def:400786 This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ... oval:org.secpod.oval:def:400755 This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. - CVE-2015-1283: Fix multiple integer overflows oval:org.secpod.oval:def:400704 The SUSE Linux Enterprise 12 SP1 kernel was updated to receive a security fix. Following security bug was fixed: - A reference leak in keyring handling with join_session_keyring could lead to local attackers gain root privileges. . oval:org.secpod.oval:def:400709 xen was updated to fix 44 security issues. These security issues were fixed: - CVE-2013-4533: Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c allowed remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm ima ... oval:org.secpod.oval:def:400753 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions o ... oval:org.secpod.oval:def:400765 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.57 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8812: A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the conge ... oval:org.secpod.oval:def:400734 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ... oval:org.secpod.oval:def:400694 The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check fo ... |
