Download
| Alert*
oval:org.secpod.oval:def:700828
aptdaemon: transaction based package management service An attacker could trick Aptdaemon into installing altered packages. oval:org.secpod.oval:def:700677 t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:701057 exim4: Exim is a mail transport agent Exim could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:700874 nut: Network UPS tools Nut could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700741 evince: Document viewer Evince could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700859 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700731 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700732 t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700951 icedtea-web: A web browser plugin to execute Java applets The IcedTea-Web Java web browser plugin could be made to crash or possibly run programs as your login if it opened a specially crafted applet. oval:org.secpod.oval:def:701004 isc-dhcp: DHCP server and client - dhcp3: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700948 isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700904 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700784 python-httplib2: comprehensive HTTP client library written for Python httplib2 could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700771 update-manager: GNOME application that manages apt updates Details: USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Origi ... oval:org.secpod.oval:def:700893 apparmor: Linux security system This update provides updates for the AppArmor profile abstractions. oval:org.secpod.oval:def:700898 apt: Advanced front-end for dpkg APT now more thoroughly verifies imported keyrings. oval:org.secpod.oval:def:700767 php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get function. We apologize for the inconven ... oval:org.secpod.oval:def:700996 firefox: Mozilla Open Source web browser Details: USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory USN-1548-1 introduced a regression in Firefox. oval:org.secpod.oval:def:700981 icedtea-web: A web browser plugin to execute Java applets Details: USN-1505-1 fixed vulnerabilities in OpenJDK 6. As part of the update, IcedTea-Web packages were upgraded to a new version. That upgrade introduced a regression which prevented the IcedTea-Web plugin from working with the Chromium web ... oval:org.secpod.oval:def:700745 openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Details: USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm introduced a regression that caused TLS/SSL connections to ... oval:org.secpod.oval:def:701026 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1551-1 fixed vulnerabilities in Thunderbird. The new package caused a regression in the message editor and certain performance regressions as well. This update fixes the problems. Original advisory USN-1551-1 introduced regressi ... oval:org.secpod.oval:def:700840 mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:700953 nvidia-graphics-drivers: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver NVIDIA graphics drivers could be made to run programs as an admini ... oval:org.secpod.oval:def:700823 ca-certificates-java: Common CA certificates Details: USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. Original advisory A certificate ... oval:org.secpod.oval:def:700908 firefox: Mozilla Open Source web browser Details: USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory USN-1463-1 introduced regressions i ... oval:org.secpod.oval:def:700900 unity-2d: Unity interface for non-accelerated graphics cards Popup menus were not working in Firefox under Unity 2D. oval:org.secpod.oval:def:700541 firefox: Safe and easy web browser from Mozilla Details: USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This updat ... oval:org.secpod.oval:def:700525 thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. Or ... oval:org.secpod.oval:def:700523 Ubuntu 11.04 is installed oval:org.secpod.oval:def:700839 gsettings-desktop-schemas: GSettings desktop-wide schemas Details: USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was ... oval:org.secpod.oval:def:700590 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Details: USN-1197-1 partially addressed an issue with Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update actively distrusts the DigiNotar root certificate as well as seve ... oval:org.secpod.oval:def:700595 ca-certificates: Common CA certificates Details: USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. Original advisory A certificate auth ... oval:org.secpod.oval:def:700596 nss: Network Security Service libraries Details: USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries ... oval:org.secpod.oval:def:700597 quassel: KDE/Qt-based IRC client A remote attacker could send crafted input to Quassel and cause it to crash. oval:org.secpod.oval:def:700911 unity-2d: Unity interface for non-accelerated graphics cards Details: USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obta ... oval:org.secpod.oval:def:700583 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as tr ... oval:org.secpod.oval:def:700582 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment A certificate authority issued fraudulent certificates. oval:org.secpod.oval:def:701023 software-properties: manage the repositories that you install software from Software Properties could be tricked into installing arbitrary PPA GPG keys. oval:org.secpod.oval:def:700864 backuppc: high-performance, enterprise-grade system for backing up PCs BackupPC could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700947 mono: Mono is a platform for running and developing applications Mono could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700971 clamav: Anti-virus utility for Unix Details: USN-1482-1 fixed vulnerabilities in ClamAV. The updated package could fail to properly scan files in some situations. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1482-1 introduced a regression in ClamAV that co ... oval:org.secpod.oval:def:700907 clamav: Anti-virus utility for Unix Details: USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem. We apologize for the inconvenience. Original advisory ClamAV could improperly detect malware if it opened a specia ... oval:org.secpod.oval:def:700664 update-manager: GNOME application that manages apt updates - update-notifier: Daemon which notifies about package updates Update Manager could be made to overwrite files as the administrator. oval:org.secpod.oval:def:700579 foomatic-filters: OpenPrinting printer support - filters An attacker could send crafted input to Foomatic and cause it to run programs as the "lp" user. oval:org.secpod.oval:def:700554 likewise-open: Authentication services for Active Directory domains Local SQL injection vulnerability oval:org.secpod.oval:def:700877 update-manager: GNOME application that manages apt updates Details: USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Original advisory Update Manager could expose sensitive information in certain circumstanc ... oval:org.secpod.oval:def:700989 python-django: High-level Python web development framework Applications using Django could be made to crash or expose sensitive information. oval:org.secpod.oval:def:700861 update-manager: GNOME application that manages apt updates Update Manager could expose sensitive information in certain circumstances. oval:org.secpod.oval:def:700979 libgc: Boehm-Demers-Weiser garbage collecting storage allocator library Applications using libgc could be made to crash or run arbitrary programs as your login. oval:org.secpod.oval:def:700803 python-pam: A Python interface to the PAM library PyPAM could be made to crash or possibly run programs if it processed a specially crafted password. oval:org.secpod.oval:def:700587 cups: Common UNIX Printing System - server - cupsys: Common UNIX Printing System - server An attacker could send crafted print jobs to CUPS and cause it to crash or run programs. oval:org.secpod.oval:def:700807 ldm: LTSP display manager LTSP Display Manager could be made to run programs as an administrator. oval:org.secpod.oval:def:700671 kdeutils: KDE general-purpose utilities Ark could be made to remove files. oval:org.secpod.oval:def:701044 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700973 libconfig-inifiles-perl: Perl module for working with INI configuration files Config-IniFiles could be made to overwrite arbitrary files. oval:org.secpod.oval:def:700588 librsvg: Rendering library for SVG files SVG image rendering library has had flaws fixed. oval:org.secpod.oval:def:700884 ubuntu-sso-client: Ubuntu Single Sign-On client Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:700980 thunderbird: Mozilla Open Source mail and newsgroup client Multiple security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700982 firefox: Mozilla Open Source web browser Multiple security issues were fixed in Firefox. oval:org.secpod.oval:def:700779 puppet: Centralized configuration management Puppet could be made to overwrite files and run programs with administrator privileges. oval:org.secpod.oval:def:700769 devscripts: scripts to make the life of a Debian Package maintainer easier debdiff, a part of devscripts, could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700885 ubuntuone-client: Ubuntu One client Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:700883 ubuntuone-storage-protocol: Python library for Ubuntu One file storage and sharing service Details: USN-1465-1 fixed a vulnerability in the Ubuntu One Client. This update adds a required fix to the Ubuntu One storage protocol library. Original advisory Fraudulent security certificates could allow se ... oval:org.secpod.oval:def:700751 software-properties: manage the repositories that you install software from Software Properties could be tricked into installing arbitrary PPA GPG keys. oval:org.secpod.oval:def:700978 libgdata: Library to access GData services - evolution-data-server: Evolution suite data server Applications using GData services could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700950 krb5: MIT Kerberos Network Authentication Protocol Several security issues were fixed in Kerberos. oval:org.secpod.oval:def:700706 system-config-printer: Python modules for printer configuration with CUPS An attacker could trick system-config-printer into installing altered packages and repositories. oval:org.secpod.oval:def:700701 software-center: Utility for browsing, installing, and removing software An attacker could trick Software Center into installing altered packages and repositories or exposing sensitive information over the network. oval:org.secpod.oval:def:700581 ecryptfs-utils: ecryptfs cryptographic filesystem An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service. oval:org.secpod.oval:def:700694 isc-dhcp: DHCP server and client DHCP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700676 python-django: High-level Python web development framework Applications using Django could be made to crash or expose sensitive information. oval:org.secpod.oval:def:700795 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:700559 qemu-kvm: Machine emulator and virtualizer QEMU could be made to run with adminstrator group privileges under certain circumstances. oval:org.secpod.oval:def:700526 gdm: GNOME Display Manager GDM could be made to launch a browser and leak information about the system. oval:org.secpod.oval:def:700766 puppet: Centralized configuration management Puppet would allow unintended access to resources over the network. oval:org.secpod.oval:def:701047 libgssglue: header files and docs for libgssglue Privilege escalation via the GSSAPI_MECH_CONF environment variable with setuid programs. oval:org.secpod.oval:def:701038 moin: Collaborative hypertext environment Several security issues were fixed in MoinMoin. oval:org.secpod.oval:def:700740 xorg: X.Org X Window System X could be made to start by a user who lacked appropriate permissions. oval:org.secpod.oval:def:700977 imagemagick: Image manipulation programs and library ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700833 nvidia-graphics-drivers: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173: NVIDIA binary Xorg driver - nvidia-graphics-drivers-173-updates: NVIDIA binary Xorg driver - nvidia-graphics-drivers-updates: NVIDIA binary Xorg driver NVIDIA graphics drivers could be made to run programs as an admini ... oval:org.secpod.oval:def:700804 gdm-guest-session: gdm extension for guest session gdm-guest-session could be made to delete files as the administrator. oval:org.secpod.oval:def:700912 network-manager: Network connection manager NetworkManager could create insecure AdHoc wireless networks. oval:org.secpod.oval:def:700913 network-manager-applet: GNOME frontend for NetworkManager Details: USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. Original advisory network-manager-apple ... oval:org.secpod.oval:def:700905 clamav: Anti-virus utility for Unix ClamAV could improperly detect malware if it opened a specially crafted file. oval:org.secpod.oval:def:700693 acpid: Advanced Configuration and Power Interface daemon Several security issues were fixed in acpid. oval:org.secpod.oval:def:700945 libexif: library to parse EXIF files libexif could be made to crash, run programs as your login, or expose sensitive information if it opened a specially crafted file. oval:org.secpod.oval:def:700551 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:700896 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered packages. oval:org.secpod.oval:def:700565 freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700558 libsoup2.4: HTTP client/server library for GNOME An attacker could send crafted URLs to a SoupServer application and obtain unintended access to files. oval:org.secpod.oval:def:700931 qt4-x11: transitional package for Qt 4 assistant module Qt Applications could be made to crash or run programs as your login if they opened specially crafted files. oval:org.secpod.oval:def:700768 firefox: Mozilla Open Source web browser A security vulnerability has been fixed in Firefox. oval:org.secpod.oval:def:700775 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701040 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:701045 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700758 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700754 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700755 mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. oval:org.secpod.oval:def:701036 firefox: Mozilla Open Source web browser Multiple security issues were fixed in Firefox. oval:org.secpod.oval:def:700531 nagios3: A host/service/network monitoring and management system An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios. oval:org.secpod.oval:def:700680 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700545 bind9: Internet Domain Name Server An attacker could send crafted input to Bind and cause it to crash. oval:org.secpod.oval:def:700572 isc-dhcp: DHCP server and client - dhcp3: DHCP server and client An attacker could send crafted input to DHCP and cause it to crash. oval:org.secpod.oval:def:700846 jetty: Java servlet engine and webserver Jetty could be made to hang or crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700831 gnutls26: the GNU TLS library - commandline utilities - gnutls13: the GNU TLS library - commandline utilities The GnuTLS library could be made to crash under certain conditions. oval:org.secpod.oval:def:700919 python-crypto: cryptographic algorithms and protocols for Python PyCrypto improperly created ElGamal encryption keys. oval:org.secpod.oval:def:700860 sudo: Provide limited super user privileges to specific users Sudo could allow users to run arbitrary programs as the administrator. oval:org.secpod.oval:def:700930 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:700729 mozvoikko: Finnish spell-checker extension for Firefox oval:org.secpod.oval:def:700724 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700812 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701056 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700808 ubufox: Finnish spell-checker extension for Firefox Details: USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory This update provides compatible ubufox packages for the latest Firefox. oval:org.secpod.oval:def:700809 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700972 nss: Network Security Service library NSS could be made to crash if it opened a specially crafted certificate. oval:org.secpod.oval:def:700940 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700941 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-1509-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the lastest Firefox. Original advisory This update provides compatible ubufox packages for the latest Firefox. oval:org.secpod.oval:def:700939 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700553 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird. oval:org.secpod.oval:def:700585 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. oval:org.secpod.oval:def:700573 firefox: Mozilla Open Source web browser Multiple Firefox vulnerabilities have been fixed oval:org.secpod.oval:def:700574 mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Original advisory This update provides a compatible Mozvoikko for Firefox 6. oval:org.secpod.oval:def:700563 icedtea-web: An implementation of the Java Network Launching Protocol - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation An attacker could discover a user"s name or confuse a user into granting unintended access to files. oval:org.secpod.oval:def:700764 tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:700886 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700910 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701024 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:700936 puppet: Centralized configuration management Several security issues were fixed in Puppet. oval:org.secpod.oval:def:700705 bzip2: high-quality block-sorting file compressor - utilities Executables compressed by bzexe could be made to run programs as your login. oval:org.secpod.oval:def:700983 openjdk-6: Open Source Java implementation Two security issues were fixed in OpenJDK 6. oval:org.secpod.oval:def:700855 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700844 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700845 ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory This update provides compatible ubufox packages for the latest Firefox. oval:org.secpod.oval:def:700522 thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. Original advisory Thunderbird could be made to run programs as your login if it opened sp ... oval:org.secpod.oval:def:700524 firefox: Safe and easy web browser from Mozilla Multiple firefox vulnerabilities oval:org.secpod.oval:def:700866 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:701031 libxslt: XSLT processing library Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file. oval:org.secpod.oval:def:700538 mozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Or ... oval:org.secpod.oval:def:700539 firefox: Safe and easy web browser from Mozilla Multiple Firefox vulnerabilities have been fixed oval:org.secpod.oval:def:700848 libtasn1-3: Library to manage ASN.1 structures Libtasn1 could be made to crash or run programs as your login if it received specially crafted input. oval:org.secpod.oval:def:700540 curl: HTTP, HTTPS, and FTP client and client libraries Details: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client"s security credential. Wesley Miaw discovered that when zlib is enabled ... oval:org.secpod.oval:def:700567 samba: SMB/CIFS file, print, and login server for Unix An attacker could use a malicious URL to reconfigure Samba or steal information. oval:org.secpod.oval:def:700852 samba: SMB/CIFS file, print, and login server for Unix Samba could allow a user to gain administrative privileges to the Samba server. oval:org.secpod.oval:def:700674 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700533 libxml2: GNOME XML library libxml2 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700651 php5: HTML-embedded scripting language interpreter PHP could be made to crash or disclose sensitive information if it processed a specially crafted image file. oval:org.secpod.oval:def:700772 firefox: Mozilla Open Source web browser Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Original advisory Firefox could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700535 openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. oval:org.secpod.oval:def:700777 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Original advisory Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700739 curl: HTTP, HTTPS, and FTP client and client libraries curl could be tricked into injecting arbitrary data if it handled a malicious URL. oval:org.secpod.oval:def:700836 samba: SMB/CIFS file, print, and login server for Unix Samba could be made to run programs as the administrator if it received specially crafted network traffic. oval:org.secpod.oval:def:700711 libarchive: Library to read/write archive files libarchive could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700832 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700571 libxfont: X11 font rasterisation library libXfont could be made to run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:701011 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement GnuPG could be tricked into downloading a different key when downloading from a key server. oval:org.secpod.oval:def:700935 openjdk-6: Open Source Java implementation - icedtea-web: A web browser plugin to execute Java applets Several security issues were fixed in OpenJDK 6. oval:org.secpod.oval:def:700660 apt: Advanced front-end for dpkg Details: It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10 ... oval:org.secpod.oval:def:700682 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700782 libxml2: GNOME XML library libxml2 could be made to cause a denial of service by consuming excessive CPU resources. oval:org.secpod.oval:def:701021 qemu-kvm: Machine emulator and virtualizer QEMU could be made to crash or run programs. oval:org.secpod.oval:def:701020 devscripts: scripts to make the life of a Debian Package maintainer easier Several security issues were fixed in devscripts. oval:org.secpod.oval:def:700743 rsyslog: Enhanced syslogd Rsyslog could be made to crash if it processed a specially crafted log message. oval:org.secpod.oval:def:701029 dbus: simple interprocess messaging system Details: USN-1576-1 fixed vulnerabilities in DBus. The update caused a regression for certain services launched from the activation helper, and caused an unclean shutdown on upgrade. This update fixes the problem. We apologize for the inconvenience. Origina ... oval:org.secpod.oval:def:701007 dbus: simple interprocess messaging system DBus could be made to run programs as an administrator. oval:org.secpod.oval:def:700992 gimp: The GNU Image Manipulation Program GIMP could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701022 eglibc: GNU C Library - glibc: GNU C Library Multiple security issues were fixed in the GNU C Library. oval:org.secpod.oval:def:700970 libotr: Off-the-Record Messaging library Applications using Off-the-Record messaging plugins could be made to crash or run programs if it received specially crafted network messages. oval:org.secpod.oval:def:700965 koffice: KDE Office Suite KOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700943 tiff: Tag Image File Format library tiff2pdf could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700966 libreoffice: Office productivity suite LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700952 qemu-kvm: Machine emulator and virtualizer QEMU could be made to overwrite files as the administrator, or expose sensitive information. oval:org.secpod.oval:def:700875 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700546 qemu-kvm: Machine emulator and virtualizer A privileged attacker within a QEMU guest could cause QEMU to crash. oval:org.secpod.oval:def:700527 qemu-kvm: Machine emulator and virtualizer A privileged attacker within a QEMU guest could cause QEMU to crash. oval:org.secpod.oval:def:700747 icu: International Components for Unicode library ICU could be made to crash or run programs as your login if it opened specially crafted data. oval:org.secpod.oval:def:700926 libreoffice: Office productivity suite - libreoffice-l10n: Office productivity suite help LibreOffice could be made to crash or potentially run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700662 libmodplug: Library for mod music based on ModPlug libmodplug could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700851 imagemagick: Image manipulation programs and library ImageMagick could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700778 cvs: Concurrent Versions System cvs could be made to crash or run programs as your login if it connected to a malicious proxy server. oval:org.secpod.oval:def:700830 tiff: Tag Image File Format library The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700687 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700719 linux-ti-omap4: Linux kernel for OMAP4 The system could be made to crash under certain conditions. oval:org.secpod.oval:def:700837 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700817 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700756 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700785 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700854 php5: HTML-embedded scripting language interpreter Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. oval:org.secpod.oval:def:700811 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700738 qemu-kvm: Machine emulator and virtualizer A remote attacker could cause QEMU to crash. oval:org.secpod.oval:def:700763 openssl: Secure Socket Layer binary and related cryptographic tools Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash. oval:org.secpod.oval:def:700748 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700717 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700699 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700650 openldap: OpenLDAP utilities An OpenLDAP server could potentially be made to crash if it received specially crafted network traffic from an authenticated user. oval:org.secpod.oval:def:700661 vsftpd: FTP server written for security Vsftpd or other applications could be made to crash if vsftpd received specially crafted network traffic. oval:org.secpod.oval:def:700566 libvirt: Libvirt virtualization toolkit An authenticated attacker could send crafted input to libvirt and cause it to crash. oval:org.secpod.oval:def:700688 commons-daemon: wrapper to launch Java applications as daemons Apache Commons Daemon would allow unintended access to files over the network. oval:org.secpod.oval:def:700560 clamav: anti-virus utility for Unix - command-line interface An attacker could send crafted input to ClamAV and cause it to crash. oval:org.secpod.oval:def:700564 libsndfile: Library for reading/writing audio files An application using libsndfile could be made to crash or possibly run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700557 logrotate: Log rotation utility An attacker could cause logrotate to run programs, stop working, or read and write arbitrary files. oval:org.secpod.oval:def:700707 pidgin: multi-protocol instant messaging client Pidgin could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700703 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700690 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700663 radvd: Router Advertisement Daemon radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. oval:org.secpod.oval:def:700570 ecryptfs-utils: ecryptfs cryptographic filesystem eCryptfs could be tricked into mounting and unmounting arbitrary locations, and possibly disclose confidential information. oval:org.secpod.oval:def:700794 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700577 linux: Linux kernel Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700528 libmodplug: Library for mod music based on ModPlug libmodplug could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700813 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700709 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:700672 apache2: Apache HTTP server - apache2-mpm-itk: multiuser MPM for Apache 2.2 Details: It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to c ... oval:org.secpod.oval:def:700683 tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:700770 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700584 apache2: Apache HTTP server A remote attacker could send crafted input to Apache and cause it to crash. oval:org.secpod.oval:def:700532 libvirt: Libvirt virtualization toolkit Libvirt could be made to crash or read arbitrary files on the host. oval:org.secpod.oval:def:700783 ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8 Several security issues were fixed in ruby1.8. oval:org.secpod.oval:def:700529 gimp: The GNU Image Manipulation Program GIMP could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700562 libpng: PNG file library Libpng could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700550 linux: Linux kernel Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700537 tgt: Linux SCSI target user-space tools An attacker could send crafted input to tgt and cause it to crash or run arbitrary programs. oval:org.secpod.oval:def:700733 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:700888 mysql-5.5: MySQL database - mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:700765 php5: HTML-embedded scripting language interpreter Multiple vulnerabilities in PHP. oval:org.secpod.oval:def:700872 openssl: Secure Socket Layer cryptographic library and tools Applications using OpenSSL in certain situations could be made to crash or expose sensitive information. oval:org.secpod.oval:def:700868 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701039 ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8 Ruby could allow excessive access in untrusted programs. oval:org.secpod.oval:def:700987 linux: Linux kernel The system could be made to crash under certain conditions. oval:org.secpod.oval:def:700858 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701018 freeradius: a high-performance and highly configurable RADIUS server FreeRADIUS could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:700843 openssl: Secure Socket Layer cryptographic library and tools An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:700838 openssl: Secure Socket Layer cryptographic library and tools An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:700880 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700999 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:701035 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701000 bind9: Internet Domain Name Server Bind could be made to crash or if it received specially crafted network traffic. oval:org.secpod.oval:def:700949 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701013 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700961 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701002 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700918 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700665 jasper: Library for manipulating JPEG-2000 files JasPer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700561 dbus: simple interprocess messaging system DBus could be made to crash if it processed a specially crafted message. oval:org.secpod.oval:def:700834 puppet: Centralized configuration management Several security issues were fixed in puppet. oval:org.secpod.oval:def:700760 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700876 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700962 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700787 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:700975 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could allow unintended access to files over the network when using the XML2 extension. oval:org.secpod.oval:def:700929 tiff: Tag Image File Format library The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700903 raptor: Raptor RDF parser and serializer library Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:700805 mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:700773 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:700993 xmlrpc-c: Lightweight RPC library based on XML and HTTP Details: USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12 ... oval:org.secpod.oval:def:700959 expat: XML parsing C library - example application Expat could be made to cause a denial of service by consuming excessive CPU and memory resources. oval:org.secpod.oval:def:700881 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database PostgreSQL could be made to crash or incorrectly handle authentication. oval:org.secpod.oval:def:700906 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:700667 python3.1: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Applications using certain Python 3 modules could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:701053 python3.2: Interactive high-level object-oriented language Several security issues were fixed in Python 3.2. oval:org.secpod.oval:def:701055 python3.1: An interactive high-level object-oriented language Several security issues were fixed in Python 3.1. oval:org.secpod.oval:def:701030 python2.6: An interactive high-level object-oriented language Several security issues were fixed in Python 2.6. oval:org.secpod.oval:def:701019 python2.7: An interactive high-level object-oriented language Several security issues were fixed in Python 2.7. oval:org.secpod.oval:def:700713 icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. oval:org.secpod.oval:def:700673 firefox: Mozilla Open Source web browser Multiple vulnerabilities have been fixed in Firefox. oval:org.secpod.oval:def:700658 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. oval:org.secpod.oval:def:700802 eglibc: Embedded GNU C Library: sources - glibc: GNU C Library: Documentation Multiple vulnerabilities were discovered and fixed in the GNU C Library. oval:org.secpod.oval:def:700695 mozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Original advisory This update provi ... oval:org.secpod.oval:def:700781 openjdk-6: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. oval:org.secpod.oval:def:700788 openjdk-6b18: Open Source Java implementation Details: USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM . This provides the corresponding OpenJDK 6 update for use with the ARM architecture in Ubuntu 10.04 LTS, Ubun ... oval:org.secpod.oval:def:701058 openjdk-7: Open Source Java implementation - openjdk-6: Open Source Java implementation Several security issues were fixed in OpenJDK. |