Download
| Alert*
oval:org.secpod.oval:def:34299
Apple Mac OS X Server 10.10 (Yosemite) is installed oval:org.secpod.oval:def:34298 Apple Mac OS X Server 10.11 (el capitan) is installed oval:org.secpod.oval:def:1503517 Updated cyrus-imapd packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503409 Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1503330 Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1503359 An updated spice-xpi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503285 Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1503503 Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:1503551 Updated gdm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1503404 An updated foomatic package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1504568 [1.7.17-17] - Remove dependency on gfs2-utils. resolves: rhbz#695138 [1.7.17-16] - Canonicalize /dev/vd* paths in virt-inspector code. resolves: rhbz#691724 [1.7.17-15] - Fix trace segfault for non-daemon functions. resolves: rhbz#676788 [1.7.17-14] - Add explicit BuildRequires for latest augeas. [ ... oval:org.secpod.oval:def:1503268 An updated mod_auth_mysql package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503383 Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503569 Updated openldap packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1501848 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502156 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503616 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503680 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503912 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503329 Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the cro ... oval:org.secpod.oval:def:1503304 An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. ... oval:org.secpod.oval:def:1503387 Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime ... oval:org.secpod.oval:def:1503205 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. It was foun ... oval:org.secpod.oval:def:34297 Apple Mac OS X 10.11 (el capitan) is installed oval:org.secpod.oval:def:1503245 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the development ... oval:org.secpod.oval:def:1503561 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-20 ... oval:org.secpod.oval:def:1503583 An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Description This package contains the set of CA certificates chosen by the Mozilla Foundatio ... oval:org.secpod.oval:def:1503435 Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime ... oval:org.secpod.oval:def:1503423 Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime ... oval:org.secpod.oval:def:1503179 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the development ... oval:org.secpod.oval:def:1503888 Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Description Network Security Services is a ... oval:org.secpod.oval:def:1503516 An updated rdesktop package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503214 Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503210 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503229 Updated git packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1503333 Updated evince packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1503335 Updated krb5 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503390 Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1503260 Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503266 Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503564 An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503587 Updated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503512 Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503595 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503447 Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503474 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1502088 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503437 Updated cyrus-imapd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503523 Updated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503168 Updated qt packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ... oval:org.secpod.oval:def:1502200 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502195 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502197 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502109 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502106 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502116 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503311 Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1503584 Updated dhcp packages that fix two security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1503524 Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503189 An updated xorg-x11-server-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severit ... oval:org.secpod.oval:def:1503545 Updated libuser packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503455 Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503451 Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1503212 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503590 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503429 Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1501106 Important: Oracle Linux 6 lxc security update. oval:org.secpod.oval:def:1501190 lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. oval:org.secpod.oval:def:1501474 It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container. oval:org.secpod.oval:def:36268 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36265 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to cause a sys ... oval:org.secpod.oval:def:36264 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to discl ... oval:org.secpod.oval:def:1500215 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500216 An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500218 Updated 389-ds-base packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ra ... oval:org.secpod.oval:def:53787 Audit rules about the Information on the Use of Privileged Commands are enabled oval:org.secpod.oval:def:1500288 Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500297 Updated augeas packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:53729 The direct gnome login warning banner should be set correctly. oval:org.secpod.oval:def:53730 The restorecond service should be enabled if possible. oval:org.secpod.oval:def:53739 The haldaemon service should be disabled if possible. oval:org.secpod.oval:def:1500242 An updated rtkit package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500248 Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1500255 Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500268 An updated rubygems package that fixes three security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500559 Updated curl packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500598 An updated mod_wsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500117 Updated 389-ds-base packages that fix one security issue and multiple bugsare now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rat ... oval:org.secpod.oval:def:53892 IP forwarding should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53893 The system's default desktop environment, GNOME, will mount devices and removable media (such as DVDs, CDs and USB flash drives) whenever they are inserted into the system. Disable automount and autorun within GNOME. oval:org.secpod.oval:def:1500557 Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500163 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:53860 Idle activation of the screen lock should be enabled. oval:org.secpod.oval:def:53852 Enable the GUI warning banner. oval:org.secpod.oval:def:1500185 Updated libtirpc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500125 Updated pidgin packages that fix three security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500129 Updated sssd packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500128 Updated krb5 packages that fix two security issues are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each ... oval:org.secpod.oval:def:1500130 Updated qt packages that fix one security issue are now available forRed Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:53804 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/ip6tables). oval:org.secpod.oval:def:1500142 An updated stunnel package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500149 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500148 Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ratin ... oval:org.secpod.oval:def:1500150 Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:53825 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain (/etc/sysconfig/iptables). oval:org.secpod.oval:def:26785 The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format fonts. A malicious, local user could use this flaw to crash the X ... oval:org.secpod.oval:def:1500604 Updated python-jinja2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500606 Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500609 Updated lzo packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500411 Updated net-snmp packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500896 Updated libyaml packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500062 Updated 389-ds-base packages that fix one security issue, numerous bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which giv ... oval:org.secpod.oval:def:1500064 Updated bind packages that fix one security issue and add one enhancementare now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rati ... oval:org.secpod.oval:def:1500063 Updated pki-core packages that fix multiple security issues, two bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which give ... oval:org.secpod.oval:def:1500072 An updated vino package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1500078 Updated openchange packages that fix one security issue, several bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which give ... oval:org.secpod.oval:def:1500001 Oracle Linux 6 is installed oval:org.secpod.oval:def:1500004 Updated util-linux-ng packages that fix one security issue, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a ... oval:org.secpod.oval:def:1500012 Updated samba4 packages that fix one security issue, multiple bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a ... oval:org.secpod.oval:def:53927 Enable warning banner for GUI login oval:org.secpod.oval:def:1500018 Updated openssh packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives ... oval:org.secpod.oval:def:53930 Checks /etc/inittab to ensure that default runlevel is set to 3. oval:org.secpod.oval:def:53933 The nfslock service should be disabled if possible. oval:org.secpod.oval:def:53932 The allowed period of inactivity before the screensaver is activated. oval:org.secpod.oval:def:1500024 Updated dhcp packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500039 Updated dovecot packages that fix three security issues and one bug are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500038 Updated nss, nss-util, and nspr packages that fix one security issue,various bugs, and add enhancements are now available for Red HatEnterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Network Security Services is a set of libraries design ... oval:org.secpod.oval:def:1500910 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1500086 Updated mysql packages that fix several security issues are now availablefor Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500090 Updated ipa packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives ... oval:org.secpod.oval:def:1500098 Updated git packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:1500964 PostgreSQL is an advanced object-relational database management system . An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by ... oval:org.secpod.oval:def:1500978 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 ... oval:org.secpod.oval:def:1500982 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client co ... oval:org.secpod.oval:def:1500927 named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor manage ... oval:org.secpod.oval:def:1500946 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. oval:org.secpod.oval:def:1500343 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services is a set of libraries designed to support the cross-platform development of ... oval:org.secpod.oval:def:1500347 Updated openjpeg packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500349 An updated ca-certificates package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. This package contains the set of CA certificates chosen by the Mozilla Foundation for use wit ... oval:org.secpod.oval:def:1500302 Updated busybox packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1500789 An updated wget package that fixes one security issue is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500304 Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which g ... oval:org.secpod.oval:def:1500308 Updated xorg-x11-server packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1500310 Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500313 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500315 Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which ... oval:org.secpod.oval:def:1500799 An updated mod_auth_mellon package that fixes two security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500360 Updated augeas packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1500363 Updated libvirt packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500367 Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500373 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500377 An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500382 Updated librsvg2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500396 An updated mutt package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500840 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500803 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:1500818 Oracle Linux has issued an update for docker. This fixes two security issues, which can be exploited by malicious people to manipulat certain data and bypass certain security restrictions. oval:org.secpod.oval:def:1503276 Updated wireshark packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1503277 Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:34301 The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow at ... oval:org.secpod.oval:def:1503171 Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1504536 [2.17.2-12.4] - fix CVE-2011-1675 - mount fails to anticipate RLIMIT_FSIZE - fix CVE-2011-1677 - umount may fail to remove /etc/mtab~ lock file [2.17.2-12.3] - fix fatal typos in patch for #723546 [2.17.2-12.2] - rename /etc/hushlogin to /etc/hushlogins [2.17.2-12.1] - fix #723546 - Defects reveale ... oval:org.secpod.oval:def:1500565 Updated qemu-kvm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500011 Updated kdelibs packages that fix two security issues are now available forRed Hat Enterprise Linux 6 FasTrack.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1501061 Updated abrt and libreport packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500301 Updated evolution packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives ... oval:org.secpod.oval:def:1500837 Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for eac ... oval:org.secpod.oval:def:1500829 Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for eac ... oval:org.secpod.oval:def:1501188 During Docker pulls validation and extraction of the manifest object from its JSON representation are done in separate steps. The digest that represents the manifest corresponds to a hash of the payload portion of the JSON blob returned by the remote registry. Even though the validity of the payload ... oval:org.secpod.oval:def:1501812 curl : treat Negotiate authentication as connection-oriented oval:org.secpod.oval:def:1500992 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc ... oval:org.secpod.oval:def:26786 Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. oval:org.secpod.oval:def:1500921 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500686 Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500805 An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could u ... oval:org.secpod.oval:def:1500681 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500766 Updated cups packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500400 Updated udisks packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500399 Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500344 Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500323 Updated coreutils packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1500262 An updated libtar package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500214 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500243 Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500249 Updated libvirt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500178 Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500189 Updated qemu-kvm packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500099 Updated abrt and libreport packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, are ava ... oval:org.secpod.oval:def:1500066 Updated evolution packages that fix one security issue and three bugs arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500015 Updated core client packages for the X Window System that fix one securityissue, several bugs, and add various enhancements are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System ba ... oval:org.secpod.oval:def:1500035 Updated nss-pam-ldapd packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500061 Updated gdb packages that fix one security issue and three bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500017 Updated dnsmasq packages that fix one security issue, one bug, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a deta ... oval:org.secpod.oval:def:1500028 Updated libvirt packages that fix one security issue, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives ... oval:org.secpod.oval:def:1500081 Updated libvirt packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500055 Updated squid packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1500082 Updated RDMA packages that fix multiple security issues, various bugs, andadd an enhancement are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed se ... oval:org.secpod.oval:def:1500307 Updated rdma, libibverbs, libmlx4, librdmacm, qperf, perftest, openmpi, compat-openmpi, infinipath-psm, mpitests, and rds-tools packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has r ... oval:org.secpod.oval:def:1500305 Updated dracut packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1503376 Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503575 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503328 Updated kdelibs packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severi ... oval:org.secpod.oval:def:1503302 Updated kdelibs packages for Red Hat Enterprise Linux 4 and 5 and updated kdelibs3 packages for Red Hat Enterprise Linux 6 that fix one security issue are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System ... oval:org.secpod.oval:def:1503184 An updated vsftpd package that fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503449 Updated fuse packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503320 Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503232 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503417 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503295 Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503243 Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503351 An updated rsync package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503537 An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503436 Updated libvirt packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1503601 Updated policycoreutils packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:1503566 An updated logwatch package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503608 An updated mailman package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ava ... oval:org.secpod.oval:def:1503433 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503521 Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ... oval:org.secpod.oval:def:1503288 Updated pango packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1503559 Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed ... oval:org.secpod.oval:def:1500036 Updated pcsc-lite packages that fix one security issue and three bugs arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, ... oval:org.secpod.oval:def:1504521 eclipse: [1:3.6.1-6.13] - Drop patch to remove ant-trax . [1:3.6.1-6.12] - Add two upstream patches to allow for running SDK JUnit tests. [1:3.6.1-6.11] - Bring in line with Fedora. - Remove some stuff that is now done in eclipse-build. - Fix sources URL. - Add PDE dependency on zip for pdebuild scr ... oval:org.secpod.oval:def:1503547 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503438 Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503319 Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1503272 An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1503557 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:1506460 [1:1.8.0.10-12.0.1] - Fix possible remote code execution vulnerability [CVE-2022-41853][Orabug: 34820687] oval:org.secpod.oval:def:1504523 [2.7.9-3.el6] - Add patch for RH bug #684685 . [2.7.9-2.el6] - Add patch for CVE-2011-1091 . [2.7.9-1.el6] - Update to 2.7.9 . - Remove patches now included upstream: pidgin-2.6.6-clientLogin-proxy-fix.patch pidgin-2.6.6-clientLogin-use-https.patch pidgin-2.6.6-CVE-2010-1624.patch pidgin-2.6.6-CVE-2 ... oval:org.secpod.oval:def:34300 The host is installed with Adobe Flash Player before 18.0.0.352 or 19.x through 21.x before 21.0.0.242 or Adobe AIR before 21.0.0.215 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation could allow atta ... oval:org.secpod.oval:def:1503504 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:53734 The RPM package dhcpd should be removed. oval:org.secpod.oval:def:53754 Specify Additional Remote NTP Servers (/etc/ntp.conf) should be configured appropriately. oval:org.secpod.oval:def:53918 The RPM package rsh-server should be removed. oval:org.secpod.oval:def:53904 The default umask for all users should be set correctly oval:org.secpod.oval:def:53851 The audit rules should be configured to log information about kernel module loading and unloading. oval:org.secpod.oval:def:53726 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53802 Audit actions taken by system administrators on the system. oval:org.secpod.oval:def:53934 The RPC IPv6 Support should be configured appropriately based rpc services. oval:org.secpod.oval:def:53806 Disable CGI Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53864 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53761 The passwords to remember should be set correctly. oval:org.secpod.oval:def:53789 The telnet service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53763 The sshd service should be disabled if possible. oval:org.secpod.oval:def:53832 The named service should be disabled if possible. oval:org.secpod.oval:def:53845 Syslog logs should be sent to a remote loghost oval:org.secpod.oval:def:53921 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53844 The kernel runtime parameter "net.ipv4.icmp_ignore_bogus_error_responses" should be set to "1". oval:org.secpod.oval:def:53812 The rexec service should be disabled if possible. oval:org.secpod.oval:def:53835 admin_space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:53738 action_mail_acct setting in /etc/audit/auditd.conf is set to a certain account oval:org.secpod.oval:def:53884 Enable privacy extensions for IPv6 oval:org.secpod.oval:def:53885 Audit rules should capture information about session initiation. oval:org.secpod.oval:def:53896 The xinetd service should be disabled if possible. oval:org.secpod.oval:def:53788 SSL capabilities should be enabled for the mail server. oval:org.secpod.oval:def:53837 Only SSH protocol version 2 connections should be permitted. oval:org.secpod.oval:def:53872 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53847 The RPM package squid should be removed. oval:org.secpod.oval:def:53890 Preventing direct root login to serial port interfaces helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:53770 mod_ssl package installation should be configured appropriately. oval:org.secpod.oval:def:53935 Disable MIME Magic (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53833 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:org.secpod.oval:def:53708 The RPM package xinetd should be removed. oval:org.secpod.oval:def:53868 The snmpd service should be disabled if possible. oval:org.secpod.oval:def:53839 The kernel runtime parameter "net.ipv6.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:53718 The password hashing algorithm should be set correctly in /etc/login.defs. oval:org.secpod.oval:def:53746 Test if HostLimit line in logwatch.conf is set appropriately. On a central logserver, you want Logwatch to summarize all syslog entries, including those which did not originate on the logserver itself. The HostLimit setting tells Logwatch to report on all hosts, not just the one on which it is runni ... oval:org.secpod.oval:def:53829 The password minimum length should be set appropriately. oval:org.secpod.oval:def:53792 File permissions for '/etc/group' should be set correctly. oval:org.secpod.oval:def:53945 The ypbind service should be disabled if possible. oval:org.secpod.oval:def:53849 The irqbalance service should be enabled if possible. oval:org.secpod.oval:def:53772 rsyslogd should reject remote messages oval:org.secpod.oval:def:53821 The kdump service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53803 The system login banner text should be set correctly. oval:org.secpod.oval:def:53750 The rpcidmapd service should be disabled if possible. oval:org.secpod.oval:def:53915 The saslauthd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53819 The /etc/gshadow file should be owned by the appropriate group. oval:org.secpod.oval:def:53773 The password lcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53866 The password dcredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53814 The RPM package httpd should be removed. oval:org.secpod.oval:def:53929 The RPM package net-snmp should be removed. oval:org.secpod.oval:def:53911 The gpgcheck option should be used to ensure that checking of an RPM package's signature always occurs prior to its installation. oval:org.secpod.oval:def:53901 The kernel runtime parameter "kernel.randomize_va_space" should be set to "2". oval:org.secpod.oval:def:53805 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:org.secpod.oval:def:53888 This test makes sure that '/etc/gshadow' is setted appropriate permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:53783 The RPM package aide should be installed. oval:org.secpod.oval:def:53878 System Audit Logs Must Have Mode 0640 or Less Permissive (/var/log/audit/*) should be configured appropriately. oval:org.secpod.oval:def:53891 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53758 The ip6tables service should be enabled if possible. oval:org.secpod.oval:def:53887 By default, locally configured printers will not be shared over the network, but if this functionality has somehow been enabled, these recommendations will disable it again. Be sure to disable outgoing printer list broadcasts, or remote users will still be able to see the locally configured printers ... oval:org.secpod.oval:def:53848 The password difok should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53782 The /etc/httpd/conf/* files should have the appropriate permissions. oval:org.secpod.oval:def:53836 The kernel module freevxfs should be disabled. oval:org.secpod.oval:def:53840 SSH warning banner should be enabled (and dependencies are met). oval:org.secpod.oval:def:53910 Protect against unnecessary release of information. oval:org.secpod.oval:def:53722 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53707 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53733 The kernel runtime parameter "fs.suid_dumpable" should be set to "0". oval:org.secpod.oval:def:53809 Logins through the Direct root Logins Not Allowed should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53760 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53743 Disable Avahi Publishing (/etc/avahi/avahi-daemon.conf) should be configured appropriately. oval:org.secpod.oval:def:53790 The mdmonitor service should be disabled if possible. oval:org.secpod.oval:def:53843 The SELinux state should be enforcing the local policy. oval:org.secpod.oval:def:53811 The kernel runtime parameter "net.ipv4.conf.all.log_martians" should be set to "1". oval:org.secpod.oval:def:53826 The RPM package telnet-server should be removed. oval:org.secpod.oval:def:53907 The quota_nld service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53748 The password ucredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53850 Disable Prelinking (/etc/sysconfig/prelink) should be configured appropriately. oval:org.secpod.oval:def:53757 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53831 Record attempts to alter time through adjtimex. oval:org.secpod.oval:def:53703 The rsyslog service should be enabled if possible. oval:org.secpod.oval:def:53815 The messagebus service should be disabled if possible. oval:org.secpod.oval:def:53875 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate. oval:org.secpod.oval:def:53940 The kernel module sctp should be disabled. oval:org.secpod.oval:def:53755 The tftp service should be disabled if possible. oval:org.secpod.oval:def:53886 The ntpdate service should be disabled if possible. oval:org.secpod.oval:def:53942 The squid service should be disabled if possible. oval:org.secpod.oval:def:53808 The netconsole service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53756 The bluetooth service should be disabled if possible. oval:org.secpod.oval:def:53714 The kernel module hfsplus should be disabled. oval:org.secpod.oval:def:53810 The abrtd service should be disabled if possible. oval:org.secpod.oval:def:53898 PermitUserEnvironment should be disabled oval:org.secpod.oval:def:53710 The /etc/passwd file should be owned by the appropriate group. oval:org.secpod.oval:def:53721 The kernel runtime parameter "net.ipv4.ip_forward" should be set to "0". oval:org.secpod.oval:def:53846 The kernel runtime parameter "net.ipv4.conf.default.rp_filter" should be set to "1". oval:org.secpod.oval:def:53816 The SELinux policy should be set appropriately. oval:org.secpod.oval:def:53774 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:53744 The CUPS print service can be configured to broadcast a list of available printers to the network. Other machines on the network, also running the CUPS print service, can be configured to listen to these broadcasts and add and configure these printers for immediate use. By disabling this browsing ca ... oval:org.secpod.oval:def:53916 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53941 Configure statd to use static port (/etc/sysconfig/nfs) should be configured appropriately. oval:org.secpod.oval:def:53771 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:53752 Record attempts to alter time through clock_settime. oval:org.secpod.oval:def:53881 space_left_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:53828 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:org.secpod.oval:def:53747 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53858 Disable URL Correction on Misspelled Entries (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53882 The yum-updatesd service should be disabled oval:org.secpod.oval:def:53793 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:53869 The vsftpd service should be disabled if possible. oval:org.secpod.oval:def:53938 The kernel runtime parameter "net.ipv4.conf.all.secure_redirects" should be set to "0". oval:org.secpod.oval:def:53784 Record Events that Modify the System's Discretionary Access Controls - chmod. The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53842 Root login via SSH should be disabled (and dependencies are met) oval:org.secpod.oval:def:53874 The squashfs Kernel Module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53876 The RPM package openldap-servers should be removed. oval:org.secpod.oval:def:53731 This test makes sure that '/etc/shadow' file permission is setted as appropriate. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:53903 Disable LDAP Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53711 Audit rules that detect the mounting of filesystems should be enabled. oval:org.secpod.oval:def:53801 Configure SNMP Service to Use Only SNMPv3 or Newer (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53701 The atd service should be disabled if possible. oval:org.secpod.oval:def:53799 Set Password to Maximum of Three Consecutive Repeating Characters should be configured appropriately. oval:org.secpod.oval:def:53902 The RPM package vsftpd should be removed. oval:org.secpod.oval:def:53704 The password retry should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53925 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:53879 The RPM package dovecot should be removed. oval:org.secpod.oval:def:53713 The postfix service should be enabled if possible. oval:org.secpod.oval:def:53785 Audit rules that detect changes to the system's mandatory access controls (SELinux) are enabled. oval:org.secpod.oval:def:53867 max_log_file_action setting in /etc/audit/auditd.conf is set to a certain action oval:org.secpod.oval:def:53702 The ability for users to perform interactive startups should be disabled. oval:org.secpod.oval:def:53709 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53778 The kernel runtime parameter "net.ipv4.conf.default.secure_redirects" should be set to "0". oval:org.secpod.oval:def:53883 The /etc/passwd file should be owned by the appropriate user. oval:org.secpod.oval:def:53899 The ntpd service should be enable or disable as appropriate. oval:org.secpod.oval:def:53877 The rdisc service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53769 Manually configure addresses for IPv6 oval:org.secpod.oval:def:53736 The RPM package bind should be removed. oval:org.secpod.oval:def:53715 The kernel module usb-storage should be disabled. oval:org.secpod.oval:def:53737 Record attempts to alter time through settimeofday. oval:org.secpod.oval:def:53725 The RPM package tftp-server should be removed. oval:org.secpod.oval:def:53917 Configure the system to notify users of last logon/access using pam_lastlog. oval:org.secpod.oval:def:53889 Require samba clients which use smb.conf, such as smbclient, to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:org.secpod.oval:def:53794 The rpcsvcgssd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53817 Core dumps for all users should be disabled oval:org.secpod.oval:def:53765 Limit the ciphers to those which are FIPS-approved and only use ciphers in counter (CTR) mode. oval:org.secpod.oval:def:53742 System Audit Logs Must Be Owned By Root (/var/log/*) should be configured appropriately. oval:org.secpod.oval:def:53781 The RPM package ypserv should be removed. oval:org.secpod.oval:def:53764 Directory permissions for /etc/httpd/conf/ should be set as appropriate. oval:org.secpod.oval:def:53705 The requirement for a password to boot into single-user mode should be configured correctly. oval:org.secpod.oval:def:53751 The acpid service should be disabled if possible. oval:org.secpod.oval:def:53834 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:53719 The Apache qpidd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53943 The /etc/shadow file should be owned by the appropriate user. oval:org.secpod.oval:def:53759 The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53779 Disable Server Activity Status (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53861 The httpd service should be disabled if possible. oval:org.secpod.oval:def:53922 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53853 The kernel runtime parameter "net.ipv4.tcp_syncookies" should be set to "1". oval:org.secpod.oval:def:53777 The kernel module hfs should be disabled. oval:org.secpod.oval:def:53919 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate. oval:org.secpod.oval:def:53716 Record attempts to alter time through stime, note that this is only relevant on 32bit architecture. oval:org.secpod.oval:def:53712 Restrict Access to Anonymous Users should be configured appropriately. oval:org.secpod.oval:def:53908 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:53717 The password hashing algorithm should be set correctly in /etc/pam.d/system-auth. oval:org.secpod.oval:def:53762 Disable Logwatch on Clients if a Logserver Exists (/etc/cron.daily/0logwatch) should be configured appropriately. oval:org.secpod.oval:def:53894 The portreserve service should be disabled if possible. oval:org.secpod.oval:def:53923 The file /etc/pam.d/system-auth should not contain the nullok option oval:org.secpod.oval:def:53745 The RPM package rsyslog should be installed. oval:org.secpod.oval:def:53862 The kernel runtime parameter "net.ipv4.conf.all.accept_redirects" should be set to "0". oval:org.secpod.oval:def:53937 The rlogin service should be disabled if possible. oval:org.secpod.oval:def:53723 The '/etc/shadow' file should be owned by the appropriate group. oval:org.secpod.oval:def:53727 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:53905 Ensure all yum repositories utilize signature checking. oval:org.secpod.oval:def:53936 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:53818 Disable Zeroconf automatic route assignment in the 169.254.0.0 subnet. oval:org.secpod.oval:def:53931 The kernel module dccp should be disabled. oval:org.secpod.oval:def:53912 Require the use of TLS for ldap clients. oval:org.secpod.oval:def:53795 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:53700 The nfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53798 Disable WebDAV (Distributed Authoring and Versioning) (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53767 The kernel runtime parameter "net.ipv6.conf.default.accept_ra" should be set to "0". oval:org.secpod.oval:def:53920 SSH's cryptographic host-based authentication is more secure than .rhosts authentication. However, it is not recommended that hosts unilaterally trust one another, even within an organization. oval:org.secpod.oval:def:53796 The SELinux state should be set appropriately. oval:org.secpod.oval:def:53873 Directory permissions for /var/log/httpd should be set appropriately. oval:org.secpod.oval:def:53939 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:53854 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53706 The password hashing algorithm should be set correctly in /etc/libuser.conf. oval:org.secpod.oval:def:53913 Configure Periodic Execution of AIDE (/etc/crontab) should be configured appropriately. oval:org.secpod.oval:def:53749 Disable Cache Support (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53753 The netfs service should be disabled if possible. oval:org.secpod.oval:def:53863 The '.rhosts' or 'hosts.equiv' files should exists or doesn't exists on the system. oval:org.secpod.oval:def:53822 Limit Users SSH Access should be configured appropriately. oval:org.secpod.oval:def:53740 The kernel module udf should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53895 The Samba (SMB) service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53728 The network environment should not be modified by anything other than administrator action. Any change to network parameters should be audited. oval:org.secpod.oval:def:53775 The crond service should be enabled if possible. oval:org.secpod.oval:def:53880 The dovecot service should be disabled if possible. oval:org.secpod.oval:def:53732 The kernel runtime parameter "net.ipv4.conf.default.send_redirects" should be set to "0". oval:org.secpod.oval:def:53906 The kernel runtime parameter "net.ipv4.icmp_echo_ignore_broadcasts" should be set to "1". oval:org.secpod.oval:def:53914 The kernel module jffs2 should be disabled. oval:org.secpod.oval:def:53855 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53820 Disable Server Side Includes (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53797 Check if SplitHosts line in logwatch.conf is set appropriately. oval:org.secpod.oval:def:53830 The /etc/gshadow file should be owned by the appropriate user. oval:org.secpod.oval:def:53791 The disable option will allow the IPv6 module to be inserted, but prevent address assignment and activation of the network stack. oval:org.secpod.oval:def:53776 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:org.secpod.oval:def:53807 The cpuspeed service should be disabled if possible. oval:org.secpod.oval:def:53800 The auditd service should be enabled if possible. oval:org.secpod.oval:def:53857 The sysstat service should be disabled if possible. oval:org.secpod.oval:def:53865 Ensure Default Password Is Not Used (/etc/snmp/snmpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53720 The daemon umask should be set as appropriate oval:org.secpod.oval:def:53824 Ensure Insecure File Locking is Not Allowed (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:53944 The kernel module cramfs should be disabled. oval:org.secpod.oval:def:53841 Specify UID and GID for Anonymous NFS Connections (/etc/exports) should be configured appropriately. oval:org.secpod.oval:def:53870 The kernel runtime parameter "net.ipv4.conf.all.rp_filter" should be set to "1". oval:org.secpod.oval:def:53897 The TFTP daemon should use secure mode. oval:org.secpod.oval:def:53856 The kernel runtime parameter "net.ipv4.conf.default.accept_redirects" should be set to "0". oval:org.secpod.oval:def:53900 Record attempts to alter time through /etc/localtime oval:org.secpod.oval:def:53735 The /etc/group file should be owned by the appropriate user. oval:org.secpod.oval:def:53766 Audit files deletion events. oval:org.secpod.oval:def:53838 The dhcpd service should be disabled if possible. oval:org.secpod.oval:def:53724 The certmonger service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53928 Global IPv6 initialization should be disabled. oval:org.secpod.oval:def:53786 This test makes sure that '/etc/passwd' has proper permission. If the target file or directory has an extended ACL then it will fail the mode check. oval:org.secpod.oval:def:53768 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:53827 The default umask for users of the bash shell oval:org.secpod.oval:def:53813 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:53924 The /etc/group file should be owned by the appropriate group. oval:org.secpod.oval:def:53871 The avahi-daemon service should be disabled if possible. oval:org.secpod.oval:def:53823 The SSH idle timeout interval should be set to an appropriate value. oval:org.secpod.oval:def:53780 The minimum password age policy should be set appropriately. oval:org.secpod.oval:def:53926 Preventing direct root login to virtual console devices helps ensure accountability for actions taken on the system using the root account. oval:org.secpod.oval:def:53680 The maximum number of concurrent login sessions per user should meet minimum requirements. oval:org.secpod.oval:def:53682 Force a reboot to change audit rules is enabled oval:org.secpod.oval:def:53681 The Kernel Parameter for Accepting Source-Routed Packets By Default should be enabled or disabled as appropriate. The kernel runtime parameter "net.ipv4.conf.default.accept_source_route" should be set to "0". oval:org.secpod.oval:def:53684 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:53683 The 'rsyslog' to Accept Messages via TCP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53675 Define default gateways for IPv6 traffic oval:org.secpod.oval:def:53674 Audit rules should detect modification to system files that hold information about users and groups. oval:org.secpod.oval:def:53677 The number of allowed failed logins should be set correctly. oval:org.secpod.oval:def:53676 The changing of file permissions and attributes should be audited. oval:org.secpod.oval:def:53679 The HTTPD Proxy Module Support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53678 The rpcgssd service should be disabled if possible. oval:org.secpod.oval:def:53691 The RPM package screen should be installed. oval:org.secpod.oval:def:53690 The logrotate (syslog rotater) service should be enabled. oval:org.secpod.oval:def:53693 The screen saver should be blank. oval:org.secpod.oval:def:53692 Systems that are using the 64-bit x86 kernel package do not need to install the kernel-PAE package because the 64-bit x86 kernel already includes this support. However, if the system is 32-bit and also supports the PAE and NX features as determined in the previous section, the kernel-PAE package sho ... oval:org.secpod.oval:def:53695 Disable Web Server Configuration Display (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53694 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:53686 The autofs service should be disabled if possible. oval:org.secpod.oval:def:53685 Configure Dovecot to Use the SSL Key file should be configured appropriately. oval:org.secpod.oval:def:53688 The kernel module tipc should be disabled. oval:org.secpod.oval:def:53687 Postfix network listening should be disabled oval:org.secpod.oval:def:53689 The root account is the only system account that should have a login shell. oval:org.secpod.oval:def:53697 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:53696 The default umask for users of the csh shell oval:org.secpod.oval:def:53699 The cgconfig service should be disabled if possible. oval:org.secpod.oval:def:53698 The oddjobd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53651 The default umask for all users specified in /etc/login.defs oval:org.secpod.oval:def:53650 The kernel module rds should be disabled. oval:org.secpod.oval:def:53644 max_log_file setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:53643 The cgred service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53646 The psacct service should be enabled if possible. oval:org.secpod.oval:def:53645 The kernel module bluetooth should be disabled. oval:org.secpod.oval:def:53648 The mod_security package installation should be configured appropriately. oval:org.secpod.oval:def:53647 If inbound SSH access is not needed, the firewall should disallow or reject access to the SSH port (22). oval:org.secpod.oval:def:53649 The RPM package sendmail should be removed. oval:org.secpod.oval:def:53660 The kernel runtime parameter "net.ipv4.conf.all.send_redirects" should be set to "0". oval:org.secpod.oval:def:53662 Audit rules should be configured to log successful and unsuccessful logon and logout events. oval:org.secpod.oval:def:53661 Remote connections (SSH) from accounts with empty passwords should be disabled (and dependencies are met). oval:org.secpod.oval:def:53653 The kernel runtime parameter "kernel.dmesg_restrict" should be set to "1". oval:org.secpod.oval:def:53652 The rsh service should be disabled if possible. oval:org.secpod.oval:def:53655 The kernel runtime parameter "net.ipv4.conf.all.accept_source_route" should be set to "0". oval:org.secpod.oval:def:53654 Disable HTTP mod_rewrite (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53657 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:53656 The password ocredit should meet minimum requirements using pam_cracklib oval:org.secpod.oval:def:53659 The iptables service should be enabled if possible. oval:org.secpod.oval:def:53658 num_logs setting in /etc/audit/auditd.conf is set to at least a certain value oval:org.secpod.oval:def:53671 The rsyslog to Accept Messages via UDP, if Acting As Log Server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53670 Plaintext authentication of mail clients should be enabled or disabled as appropriate. oval:org.secpod.oval:def:53673 Configure auditd to use audispd plugin (/etc/audisp/plugins.d/syslog.conf) should be configured appropriately. oval:org.secpod.oval:def:53672 The RPM package openswan should be installed. oval:org.secpod.oval:def:53664 The system's default desktop environment, GNOME, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. Disable the execution of these thumbnail applications within GNOME. oval:org.secpod.oval:def:53663 The .netrc files contain login information used to auto-login into FTP servers and reside in the user's home directory. Any .netrc files should be removed. oval:org.secpod.oval:def:53666 Idle activation of the screen saver should be enabled. oval:org.secpod.oval:def:53665 The cups service should be disabled if possible. oval:org.secpod.oval:def:53668 Disable HTTP Digest Authentication (/etc/httpd/conf/httpd.conf) should be configured appropriately. oval:org.secpod.oval:def:53667 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:53669 Logging (/etc/rsyslog.conf) should be configured appropriately. oval:org.secpod.oval:def:53859 The maximum password age policy should meet minimum requirements. oval:org.secpod.oval:def:53909 The password warning age should be set appropriately. oval:org.secpod.oval:def:53741 The accounts should be configured to expire automatically following inactivity. oval:org.secpod.oval:def:1503763 Updated libtasn1 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503620 Updated cvs packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503684 Updated texlive packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503920 Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1503924 An updated python-sqlalchemy package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503816 Updated t1lib packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503705 An updated cifs-utils package that fixes one security issue, multiple bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which ... oval:org.secpod.oval:def:1503716 An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503721 Updated icedtea-web packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503703 Updated gegl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503762 Updated openjpeg packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503769 Updated rsyslog packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives ... oval:org.secpod.oval:def:1503789 An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1503672 Updated abrt, libreport, btparser, and python-meh packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which g ... oval:org.secpod.oval:def:1503683 Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503649 Updated nspluginwrapper packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1503667 Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1503666 Updated 389-ds-base packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1503665 Updated libguestfs packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives ... oval:org.secpod.oval:def:1503904 Updated sblim-cim-client2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1503926 Updated php-pecl-apc packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which giv ... oval:org.secpod.oval:def:1503932 Updated qpid packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives ... oval:org.secpod.oval:def:1503836 Updated 389-ds-base packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which give ... oval:org.secpod.oval:def:1503868 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1503885 Updated openjpeg packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503896 Updated kdelibs packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503895 Updated mysql packages that fix one security issue and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rati ... oval:org.secpod.oval:def:1503395 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1503365 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503198 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503492 Updated krb5-appl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1501538 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line function. A remote attacker cou ... oval:org.secpod.oval:def:1501563 An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. oval:org.secpod.oval:def:1501502 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins ... oval:org.secpod.oval:def:1501136 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:1501151 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposit ... oval:org.secpod.oval:def:1501129 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary function of PAM"s unix_pam module could write to a blocking pipe, possibly ca ... oval:org.secpod.oval:def:1501185 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:1501192 Use-after-free vulnerability in libwmf allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. oval:org.secpod.oval:def:1501411 Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify function of f ... oval:org.secpod.oval:def:1501039 CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operation ... oval:org.secpod.oval:def:1501054 PostgreSQL is an advanced object-relational database management system . A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is tri ... oval:org.secpod.oval:def:1501392 A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. oval:org.secpod.oval:def:1501396 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501397 The SMB1 implementation in smbd in Samba allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. oval:org.secpod.oval:def:1501339 The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker c ... oval:org.secpod.oval:def:1501349 The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way th ... oval:org.secpod.oval:def:1501278 It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. oval:org.secpod.oval:def:1501288 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet. oval:org.secpod.oval:def:1501218 Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blo ... oval:org.secpod.oval:def:1501236 The remote host is missing a patch containing a security fix, which affects the following package(s): libreport oval:org.secpod.oval:def:1501104 Moderate: Oracle Linux 6 freeradius security, bug fix, and enhancement update. oval:org.secpod.oval:def:1501851 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501464 he IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a ... oval:org.secpod.oval:def:1501091 Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in ... oval:org.secpod.oval:def:1501099 The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. Two flaws were found in the way the libuser library handled the / ... oval:org.secpod.oval:def:1501079 Moderate: Oracle Linux 6 autofs security and bug fix update. oval:org.secpod.oval:def:1501081 Low: Oracle Linux 6 wpa_supplicant security and enhancement update. oval:org.secpod.oval:def:1501084 Moderate: Oracle Linux 6 pki-core security and bug fix update. oval:org.secpod.oval:def:1501085 Moderate: Oracle Linux 6 hivex security and bug fix update. oval:org.secpod.oval:def:1501083 A path traversal vulnerability was discovered in Mailman, the mailing list manager. Installations using a transport script to interface with their MTA instead of static aliases were vulnerable to a path traversal attack. To successfully exploit this, an attacker needs write access on the local file ... oval:org.secpod.oval:def:1501089 LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticate ... oval:org.secpod.oval:def:1501907 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501805 OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers , an interactive top level system, parsing tools , a replay debugger, a documentation generator, and a comprehensive library. Se ... oval:org.secpod.oval:def:1501811 Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervn ... oval:org.secpod.oval:def:1501815 The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: * An integer conversion flaw was found in the way OCaml"s String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or res ... oval:org.secpod.oval:def:1501718 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix: * Multiple flaws were discovered in GStreamer"s FLC/FLI/FLX m ... oval:org.secpod.oval:def:1502216 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502283 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501410 Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name function of the MIT Kerberos kadmind service. An authenticated attacker could r ... oval:org.secpod.oval:def:1501668 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI cou ... oval:org.secpod.oval:def:1502208 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506457 [1.10.3-65.0.1] - Fix integer overflows in PAC parsing [Orabug: 34843511] oval:org.secpod.oval:def:1503281 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503778 Updated systemtap packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500114 Updated pam packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detail ... oval:org.secpod.oval:def:1503493 Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1503183 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503443 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503456 Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ... oval:org.secpod.oval:def:1503402 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503411 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503420 Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give ... oval:org.secpod.oval:def:1503255 Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503528 Updated quagga packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503298 Updated tomcat6 packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503325 Updated libvirt packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1503495 Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rati ... oval:org.secpod.oval:def:1503309 Updated kernel packages that fix several security issues, various bugs, and add an enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give ... oval:org.secpod.oval:def:1503278 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503536 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503593 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503441 Updated postfix packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503343 Updated java-1.6.0-openjdk packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1504565 [6.0.24-33] - resolves: rhbz 695284 - multiple instances logging fiasco [6.0.24-32] - Resolves: rhbz 698624 - inet4address can"t be cast to String [6.0.24-31] - Resolves: rhbz 656403 - cve-2010-4172 jsp syntax error [6.0.24-30] - Resolves: rhbz#697504 initscript logging location [6.0.24-29] - Resolv ... oval:org.secpod.oval:def:1503425 Updated pam packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1503567 Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which giv ... oval:org.secpod.oval:def:1503432 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503294 Updated apr-util packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503370 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503301 Updated subversion packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1503203 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503253 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:1503741 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506012 rsyslog [5.8.10-12.0.2] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] rsyslog7 [7.4.10-7.0.1] - Back port fix for heap-based overflow in TCP syslog server - Resolves CVE-2022-24903 [Orabug: 34226447] oval:org.secpod.oval:def:1500595 Updated qemu-kvm packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1505441 [32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow [32:9.8.2-0.68.rc1.8] oval:org.secpod.oval:def:1501499 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ... oval:org.secpod.oval:def:1501498 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially cra ... oval:org.secpod.oval:def:1501806 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * A stack overflow vulnerability was ... oval:org.secpod.oval:def:1500872 Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction. oval:org.secpod.oval:def:1500965 Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. oval:org.secpod.oval:def:1500771 Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ... oval:org.secpod.oval:def:1500668 Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500553 Updated libvirt packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1500678 Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulnera ... oval:org.secpod.oval:def:1500608 Updated tomcat6 packages that fix three security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500437 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500571 Updated tomcat6 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1501569 The monlist feature in ntp_request.c in ntpd in NTP allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. oval:org.secpod.oval:def:1500355 Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500755 Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sever ... oval:org.secpod.oval:def:1501803 The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix: * A stack-based buffer ... oval:org.secpod.oval:def:1500029 An updated xorg-x11-drv-qxl package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1501078 Low: Oracle Linux 6 grep security, bug fix, and enhancement update. oval:org.secpod.oval:def:1500762 Updated trousers packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System base score, which gives a detailed ... oval:org.secpod.oval:def:1503258 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503299 Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support. The Red Hat Security Response Team has rated thi ... oval:org.secpod.oval:def:1503894 Updated ImageMagick packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1503854 Updated qt packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503919 Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1503916 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503819 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1501711 GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer"s VMware ... oval:org.secpod.oval:def:1501305 A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. oval:org.secpod.oval:def:1501302 Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. oval:org.secpod.oval:def:1501296 A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of m ... oval:org.secpod.oval:def:1501304 A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls. oval:org.secpod.oval:def:1501813 The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix: * Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a ... oval:org.secpod.oval:def:1501174 jakarta-taglibs-standard is the Java Standard Tag Library . This library is used in conjunction with Tomcat and Java Server Pages . It was found that the Java Standard Tag Library allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on ... oval:org.secpod.oval:def:1501092 Multiple vulnerabilities were discovered in the dissectors/parsers for WCP, pcapng and TNEF, which could result in denial of service. oval:org.secpod.oval:def:1503864 Updated libproxy packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503911 Updated ghostscript packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503893 Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503626 Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1503352 Updated systemtap packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503821 Updated libexif packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503676 Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Secu ... oval:org.secpod.oval:def:1503752 Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1504563 [0:6.0.24-36] - Resolves: CVE-2012-0022 regression. Changes made to patch file. oval:org.secpod.oval:def:1503358 Updated samba and cifs-utils packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:1503384 Updated rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503195 Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:1503563 Updated libpng packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1503589 Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503378 Updated postfix packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503448 Updated kdenetwork packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503327 Updated libcgroup packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503505 An updated scsi-target-utils package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:1503426 Updated tomcat6 packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1503467 Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503531 Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503371 Updated libvpx packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1503704 Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503654 Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500566 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503689 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1503908 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500076 Updated mingw32-libxml2 packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6. This advisory also containsinformation about future updates for the mingw32 packages, as well as thedeprecation of the packages with the release of Red HatEnterprise Linux 6.4.The Red H ... oval:org.secpod.oval:def:1503820 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1503446 Updated libarchive packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503532 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503188 Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:1503476 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503324 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503172 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503603 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503558 Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:1502080 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503877 Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503737 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503751 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503761 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503658 Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:1503925 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503850 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503777 Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base ... oval:org.secpod.oval:def:1503748 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503759 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503638 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503845 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503747 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1503863 Updated firefox packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503767 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503659 Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503714 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1503731 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503673 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1503696 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1501093 Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web administrative interface, and cou ... oval:org.secpod.oval:def:1503725 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503698 Updated java-1.7.0-openjdk packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed sever ... oval:org.secpod.oval:def:1503891 Updated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1503812 Updated libreoffice packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503844 Updated pidgin packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1503811 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503870 Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1505581 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fi ... oval:org.secpod.oval:def:1505828 [1.2.3-29.0.1] - Fix a bug that can crash deflate when using Z_FIXED [CVE-2018-25032][Orabug: 34161396] oval:org.secpod.oval:def:1500726 Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500730 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the Fo ... oval:org.secpod.oval:def:1500206 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503718 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503733 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503732 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500223 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500229 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503739 Updated openssl packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:1503740 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500231 Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500232 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500235 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500234 Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500237 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500238 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503349 Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500241 Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System b ... oval:org.secpod.oval:def:1503754 Updated libvirt packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503758 Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500252 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500254 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503787 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503308 Updated mysql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503394 Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503606 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503611 An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1500102 Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500110 Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:1503623 Updated glibc packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500111 Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enterprise Linux version 6.This is the fourth regular update.The Red Hat Security Response Team has rated t ... oval:org.secpod.oval:def:1500113 Updated java-1.6.0-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500116 Updated tomcat6 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500118 An updated thunderbird package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1503625 Updated freeradius packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500169 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500168 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ... oval:org.secpod.oval:def:1500172 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500173 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500175 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503692 Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500182 Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503694 Updated openssl packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500188 Updated mesa packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1503218 Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500191 Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500194 Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:1500122 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1503632 Updated openssl, openssl097a, and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a de ... oval:org.secpod.oval:def:1500124 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1500126 Updated kernel packages that fix two security issues and several bugs arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1503635 Updated libvirt packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1500131 Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1503645 Updated mysql packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1500133 Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500139 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500141 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500145 Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503653 Updated php53 and php packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ... oval:org.secpod.oval:def:1500153 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500155 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500159 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503279 Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503230 An updated ipmitool package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503241 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1503247 Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503905 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503938 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503937 Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500041 An updated elinks package that fixes one security issue is now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500044 Updated dbus-glib packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500046 Updated java-1.7.0-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity rating ... oval:org.secpod.oval:def:1500048 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1500052 Updated jakarta-commons-httpclient packages that fix one security issue arenow available for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity ... oval:org.secpod.oval:def:1500054 Updated ipa packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:1500057 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1500056 Updated java-1.7.0-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity rating ... oval:org.secpod.oval:def:1500060 An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1500065 Updated java-1.7.0-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System basescores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500068 Updated libxml2 packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500070 Updated axis packages that fix one security issue are now available for RedHat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:1500077 An updated thunderbird package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1500000 An updated ccid package that fixes one security issue and one bug are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500005 An updated xinetd package that fixes one security issue and two bugs is nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1500010 Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500013 Updated xulrunner packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500019 Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500025 Updated java-1.6.0-openjdk packages that fix several security issues arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500027 Updated cups packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1500037 Updated java-1.7.0-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1503544 Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1500084 Updated java-1.6.0-openjdk packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500083 Updated freetype packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500089 Updated ruby packages that fix two security issues are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each ... oval:org.secpod.oval:def:1500095 Updated hplip packages that fix several security issues, multiple bugs, andadd various enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give deta ... oval:org.secpod.oval:def:1503829 Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1503835 Updated net-snmp packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ra ... oval:org.secpod.oval:def:1503838 Updated libvirt packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:1503853 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1503862 Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which ... oval:org.secpod.oval:def:1503803 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503801 Updated glibc packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503807 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503804 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500311 An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detail ... oval:org.secpod.oval:def:1503878 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1501220 The remote host is missing a patch containing a security fix, which affects the following package(s): postgresql oval:org.secpod.oval:def:1503880 Updated java-1.7.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503897 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ... oval:org.secpod.oval:def:1503415 Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rat ... oval:org.secpod.oval:def:1503481 Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503494 Updated libtiff packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severit ... oval:org.secpod.oval:def:1503496 Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500688 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503713 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500689 Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503719 Updated libtiff packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503717 An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1500695 An updated squid package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500696 An updated thunderbird package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1500698 Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503724 Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1500228 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500646 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1500651 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500650 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500666 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:1500284 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500285 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500287 An updated gnupg2 package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503798 Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503318 Updated icu packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500292 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500295 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500294 An updated libgcrypt package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1500299 Updated wireshark packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, wh ... oval:org.secpod.oval:def:1503331 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500264 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500263 Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1500265 An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503775 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500267 Updated vino packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1500271 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500270 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1503783 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availa ... oval:org.secpod.oval:def:1500275 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500279 An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:1503785 Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503382 Updated libtiff packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:1500717 Updated axis packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from t ... oval:org.secpod.oval:def:1500739 Updated xerces-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500740 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500742 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rati ... oval:org.secpod.oval:def:1500749 Updated java-1.7.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ... oval:org.secpod.oval:def:1500751 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1500754 Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500710 Updated jakarta-commons-httpclient packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity r ... oval:org.secpod.oval:def:1500573 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500575 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500580 An updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1500587 Updated java-1.6.0-openjdk packages that fix various security issues and one bug are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed ... oval:org.secpod.oval:def:1503610 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500105 An updated automake package that fixes one security issue is now availablefor Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500592 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503670 Updated qemu-kvm packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a det ... oval:org.secpod.oval:def:1503678 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1503685 Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1503690 Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severit ... oval:org.secpod.oval:def:1500186 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1503220 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1503642 An updated thunderbird package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500137 Updated bind packages that fix one security issue and one bug are nowavailable for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1503650 Updated dhcp packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available fo ... oval:org.secpod.oval:def:1503275 Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1503252 An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500603 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500607 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1500614 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500439 Updated samba4 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500879 An updated thunderbird package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1500878 Updated firefox packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1500404 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500407 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503922 Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500420 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed seve ... oval:org.secpod.oval:def:1503934 Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1500432 Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500435 Updated xalan-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500436 Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1500040 Updated sssd packages that fix two security issues, multiple bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having lowsecurity impact. Common Vulnerability Scoring System base scores,which give detailed ... oval:org.secpod.oval:def:1500067 Updated php packages that fix three security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give deta ... oval:org.secpod.oval:def:1500006 Updated gnutls packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503535 An updated squid package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503543 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500092 Updated qemu-kvm packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500957 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ... oval:org.secpod.oval:def:1500961 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ... oval:org.secpod.oval:def:1500967 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1500973 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1500914 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500916 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:1500915 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon. A malicious Samba client could send specia ... oval:org.secpod.oval:def:1500920 Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these ... oval:org.secpod.oval:def:1500317 Updated samba4 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503828 Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity rati ... oval:org.secpod.oval:def:1500319 An updated mod_nss package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is a ... oval:org.secpod.oval:def:1503837 An updated bind-dyndb-ldap package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1500332 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1503842 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500335 Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:1500338 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1500339 Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503849 Updated samba3x and samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed ... oval:org.secpod.oval:def:1500351 Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1500354 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500356 Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500758 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500760 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500767 Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are av ... oval:org.secpod.oval:def:1500774 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500778 Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500781 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500780 Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:1500784 Updated rsyslog5 and rsyslog packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1500303 Updated samba packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1500787 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1503814 Updated samba packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6; Red Hat Enterprise Linux 5.3 Long Life; and Red Hat Enterprise Linux 5.6, 6.0 and 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical securi ... oval:org.secpod.oval:def:1500306 Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which giv ... oval:org.secpod.oval:def:1500316 Updated gimp packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1503452 Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500361 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500365 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500368 Updated openldap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, ... oval:org.secpod.oval:def:1503405 Updated bzip2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available f ... oval:org.secpod.oval:def:1500381 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500387 Updated mysql packages that fix several security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500389 Updated postgresql84 and postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which gi ... oval:org.secpod.oval:def:1500392 Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500393 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500841 Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500847 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ar ... oval:org.secpod.oval:def:1500857 Updated rpm packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from th ... oval:org.secpod.oval:def:1503902 Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500801 Updated xorg-x11-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500826 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availa ... oval:org.secpod.oval:def:1500827 Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503795 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ... oval:org.secpod.oval:def:1501140 The get_bitmap_file function in drivers/md/md.c in the Linux kernel does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1501141 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501162 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:1501166 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ... oval:org.secpod.oval:def:1502019 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503756 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501594 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501595 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501598 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501170 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1502022 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501178 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU"s RTL8139 emulation implementation processed network packets under RTL8139 ... oval:org.secpod.oval:def:1501179 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:1501196 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received ... oval:org.secpod.oval:def:1501408 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access ... oval:org.secpod.oval:def:1503609 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1500999 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501011 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501015 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access wh ... oval:org.secpod.oval:def:1501019 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:1501032 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU"s AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A pr ... oval:org.secpod.oval:def:1501037 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ... oval:org.secpod.oval:def:1503663 Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rati ... oval:org.secpod.oval:def:1501001 KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outsi ... oval:org.secpod.oval:def:1503664 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501095 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIN ... oval:org.secpod.oval:def:1501058 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501067 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It ... oval:org.secpod.oval:def:1501080 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote ... oval:org.secpod.oval:def:1503923 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501399 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME reco ... oval:org.secpod.oval:def:1501331 apl_42.c in ISC BIND allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. oval:org.secpod.oval:def:1503180 Updated kernel packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rati ... oval:org.secpod.oval:def:1501810 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running t ... oval:org.secpod.oval:def:1501826 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501830 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500984 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1500986 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1501836 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500991 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:1500996 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ... oval:org.secpod.oval:def:1501675 Several vulnerabilities have been discovered in Linux Kernel oval:org.secpod.oval:def:1501678 Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules oval:org.secpod.oval:def:1501681 Several vulnerabilities have been discovered in Linux Kernel and dtrace-modules oval:org.secpod.oval:def:1503866 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1501610 A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet oval:org.secpod.oval:def:1500300 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1501257 Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. oval:org.secpod.oval:def:1501282 A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server t ... oval:org.secpod.oval:def:1503879 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503400 Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503889 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503483 Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is av ... oval:org.secpod.oval:def:1500833 Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1503791 Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1502052 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501407 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. This update ... oval:org.secpod.oval:def:1501009 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make T ... oval:org.secpod.oval:def:1501600 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:1501100 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-hos ... oval:org.secpod.oval:def:1501103 curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+passwo ... oval:org.secpod.oval:def:1501126 The get_bitmap_file function in drivers/md/md.c in the Linux kernel does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1501124 The get_bitmap_file function in drivers/md/md.c in the Linux kernel does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1504528 [2.2.15-45.0.1] - replace index.html with Oracle"s index page oracle_index.html - update vstring in specfile [2.2.15-45] - mod_proxy_balancer: add support for "drain mode" [2.2.15-44] - set SSLCipherSuite to DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES [2.2.15-43] - revert DirectoryMatch patch from ... oval:org.secpod.oval:def:1502158 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501828 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501667 The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix: * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use thi ... oval:org.secpod.oval:def:1501798 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502188 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501746 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Security Fix: * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a databa ... oval:org.secpod.oval:def:1501548 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to ... oval:org.secpod.oval:def:1501740 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501743 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501747 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a spec ... oval:org.secpod.oval:def:1502522 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502485 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501422 Kernel update : x86/iopl/64: properly context-switch IOPL on Xen PV (Andy Lutomirski) and fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list() (Mike Kravetz) oval:org.secpod.oval:def:1501430 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1501432 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba . Ref ... oval:org.secpod.oval:def:1502316 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501473 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:1501902 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501778 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potent ... oval:org.secpod.oval:def:1501807 Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix: * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU ... oval:org.secpod.oval:def:1501694 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:1501534 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501535 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501539 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501544 QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: * Full system emulation. In this mode, QEMU emulates a full system , including a processor and various peripherials. It can be used to launch differe ... oval:org.secpod.oval:def:1501542 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501557 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel"s networking subsystem allowed an off-path attacker to leak certain information about a given connection b ... oval:org.secpod.oval:def:1501561 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ... oval:org.secpod.oval:def:1501977 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501500 The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. oval:org.secpod.oval:def:1501501 The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. oval:org.secpod.oval:def:1501511 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way certain interfaces of the Linux kernel"s Infiniband subsystem used write as bi-directional ioctl replacement, which could lead to insufficient memory security checks when ... oval:org.secpod.oval:def:1501515 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly ... oval:org.secpod.oval:def:1501519 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle ... oval:org.secpod.oval:def:1501517 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:1501521 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:37213 The host is installed with MySQL 5.1.73 and earlier on OEL 6, mariadb 5.5.50 and earlier on OEL 7 or MySQL 5.0.95 and earlier on OEL 5 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle MySQL logging functions. Successful exploi ... oval:org.secpod.oval:def:1501573 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially,execute arbitrary code with the privileges of the user running Firefox oval:org.secpod.oval:def:1501571 The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. ... oval:org.secpod.oval:def:1501576 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501578 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501579 Oracle Linux : Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501588 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501585 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501586 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a response ... oval:org.secpod.oval:def:1501590 Multiple unspecified vulnerabilities in thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1501592 A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important). A heap-based buffer overflow vulnerabili ... oval:org.secpod.oval:def:1501599 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application dep ... oval:org.secpod.oval:def:1501602 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501858 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501490 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:1501496 The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. oval:org.secpod.oval:def:1501459 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix: * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a s ... oval:org.secpod.oval:def:1501488 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:1501487 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacke ... oval:org.secpod.oval:def:1501936 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503956 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501776 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1503955 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503954 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501786 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501792 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501799 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501730 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501733 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501745 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ... oval:org.secpod.oval:def:1501751 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501754 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501760 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501761 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501767 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501802 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * It was found that Samba always requested forwardable tickets when us ... oval:org.secpod.oval:def:1501814 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * It was found that Samba always requested forwardable tickets when using Kerberos authentica ... oval:org.secpod.oval:def:1501838 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501671 Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501683 memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached bin ... oval:org.secpod.oval:def:1501686 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:1501689 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501608 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ... oval:org.secpod.oval:def:1501609 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ... oval:org.secpod.oval:def:1501614 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on th ... oval:org.secpod.oval:def:1501617 A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on t ... oval:org.secpod.oval:def:1501624 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses conta ... oval:org.secpod.oval:def:1501623 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. oval:org.secpod.oval:def:1501626 The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. oval:org.secpod.oval:def:1501644 A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. oval:org.secpod.oval:def:36263 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36262 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36261 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36260 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36269 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a cross-protocol cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attack ... oval:org.secpod.oval:def:36267 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a cross-protocol cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attack ... oval:org.secpod.oval:def:36266 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to compr ... oval:org.secpod.oval:def:36259 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle a malicious website. Successful exploitation could allow attackers to execute arb ... oval:org.secpod.oval:def:36258 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an user interface spoofing vulnerability. A flaw is present in the application, which improperly validates security origins. Successful exploitation could allow attackers to us ... oval:org.secpod.oval:def:36257 The host is installed with Apple Safari before 9.1.2 on Apple Mac OS X 10.11 or Apple Mac OS X Server 10.11 and is prone to an information disclosure vulnerability. A flaw is present in the application, which improperly processes of SVG. Successful exploitation could allow attackers to disclose imag ... oval:org.secpod.oval:def:1501692 A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501699 Linux Kernel : sctp: validate chunk len before actually using it oval:org.secpod.oval:def:36270 The host is missing a security update according to Apple advisory APPLE-SA-2016-07-18-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted website. Successful exploitation allows attackers to crash the service, disclose th ... oval:org.secpod.oval:def:36754 The host is installed with Linux kernel and is prone to a TCP session hijack vulnerability. A flaw is present in the application, which fails to handle a blind in-window attack. Successful exploitation allows man-in-the-middle attackers to hijack TCP sessions. oval:org.secpod.oval:def:1501702 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501717 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501721 The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix: * It was found that the ghostscript functions getenv, filenameforall and .libfile did not h ... oval:org.secpod.oval:def:1501968 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502012 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502016 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502015 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502062 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502070 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502074 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502023 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502021 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502031 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502035 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502038 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501896 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501897 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501850 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501862 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501873 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501872 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501884 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501885 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501886 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504598 [4.66-2] - sdpd heap fixes Resolves: #1490008 oval:org.secpod.oval:def:1501925 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501929 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501928 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501930 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501931 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501949 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501964 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501900 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501904 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501916 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502255 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501804 The bash packages provide Bash , which is the default shell for Red Hat Enterprise Linux. Security Fix: * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines ... oval:org.secpod.oval:def:1501816 The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix: * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this ... oval:org.secpod.oval:def:1501841 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501845 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502100 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502115 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502130 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501969 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501584 Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: * It was discovered that python-twisted-web used the value of the Proxy header from ... oval:org.secpod.oval:def:1502323 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502237 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502254 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502253 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502259 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502273 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502278 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502281 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502111 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502135 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502185 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502194 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:45298 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502145 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502149 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502151 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502155 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502154 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502162 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502160 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502166 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502165 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502300 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502257 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502297 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502410 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502467 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502471 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502475 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502473 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502424 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502428 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502436 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502444 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502312 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502390 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502833 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502710 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502681 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502820 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502823 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503048 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503028 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503082 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503083 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501847 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501797 CVE-2016-6816 : The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the a ... oval:org.secpod.oval:def:1504797 [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] oval:org.secpod.oval:def:1504645 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504861 [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing oval:org.secpod.oval:def:1501121 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which htt ... oval:org.secpod.oval:def:1500561 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1505418 [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] oval:org.secpod.oval:def:1505735 [0:1.2.14-6.4.2] - Fix CVE-2022-23302, CVE-2022-23305, CVE-2022-23307, CVE-2017-5645 - [Orabug: 33868008] [0:1.2.14-6.4.1] - Fix remote code execution vulnerability - Resolves: CVE-2021-4104 [Orabug: 33689748] oval:org.secpod.oval:def:1502086 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502040 Several security issues were fixed in Java. oval:org.secpod.oval:def:1501846 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501856 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501932 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501943 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501734 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine"s memory and completely bypass Java sandbox restrictions. * It was discov ... oval:org.secpod.oval:def:1501606 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:1501642 It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. It was discov ... oval:org.secpod.oval:def:1500333 Updated libjpeg-turbo packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1503764 Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1503788 Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1501853 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503568 Updated jasper packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1503465 Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500860 Updated jasper packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ... oval:org.secpod.oval:def:1501991 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501999 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502030 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502032 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503231 Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1503485 Updated dbus packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1503345 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503363 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503386 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503582 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503548 Updated kernel packages that fix three security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:1503859 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503468 Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1503054 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505680 [2.0.1-13.0.1] - Prevent integer overflow in storeRawNames [CVE-2022-25315][Orabug: 34059442] - Add missing validation of encoding [CVE-2022-25235][Orabug: 34059442] - Protect against malicious namespace declarations [CVE-2022-25236][Orabug: 34059442] oval:org.secpod.oval:def:1503291 Updated system-config-firewall packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating ... oval:org.secpod.oval:def:1502066 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501537 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. oval:org.secpod.oval:def:1501565 Multiple unspecified vulnerabilities in Mozilla thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors. oval:org.secpod.oval:def:1501513 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:1501101 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:1501125 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:1501127 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:1501177 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:1501183 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:1501194 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that ... oval:org.secpod.oval:def:1501198 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:1501199 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:1501437 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501436 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501442 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:1501404 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Mu ... oval:org.secpod.oval:def:1501491 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the p ... oval:org.secpod.oval:def:1501455 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:1501466 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:1501465 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that w ... oval:org.secpod.oval:def:1501486 he Network Time Protocol is used to synchronize a computer"s time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: * It was found that when NTP was configured ... oval:org.secpod.oval:def:26784 gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bit ... oval:org.secpod.oval:def:1501309 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501310 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501323 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:1501324 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501321 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:1501762 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501384 A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an applicatio ... oval:org.secpod.oval:def:1501389 A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an applicatio ... oval:org.secpod.oval:def:1501393 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1501330 It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to ... oval:org.secpod.oval:def:1501334 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1501347 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Re ... oval:org.secpod.oval:def:1501352 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:1501670 It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. oval:org.secpod.oval:def:1501255 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. oval:org.secpod.oval:def:1501269 The libpng packages contain a library of functions for creating and manipulating PNG image format files. It was discovered that the png_get_PLTE and png_set_PLTE functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to ... oval:org.secpod.oval:def:1501285 Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. oval:org.secpod.oval:def:1501289 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501213 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:1501216 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. oval:org.secpod.oval:def:1501229 The remote host is missing a patch containing a security fix, which affects the following package(s): java-1.6.0-openjdk oval:org.secpod.oval:def:1501292 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1502046 Several security issues were fixed in ntp. oval:org.secpod.oval:def:1502411 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502493 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502490 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502448 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502450 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502454 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501892 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501890 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501854 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501877 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501879 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501880 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501938 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502256 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502682 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502275 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:46444 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:1502280 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501205 The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. oval:org.secpod.oval:def:1502113 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501208 The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. oval:org.secpod.oval:def:1501210 The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets. oval:org.secpod.oval:def:1501698 The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function i ... oval:org.secpod.oval:def:1501696 The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. The sctp_sf_ootb function i ... oval:org.secpod.oval:def:1502549 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502150 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501771 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502236 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501809 The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A denial of service flaw was found in the way the ... oval:org.secpod.oval:def:1503196 Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avail ... oval:org.secpod.oval:def:1506464 [1.8.6p3-29.0.4.el6_10.3] - Fixed Privilege escalation CVE-2023-22809 for sudoedit [Orabug: 35037922] oval:org.secpod.oval:def:1504611 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501021 Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. oval:org.secpod.oval:def:1503342 Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1505452 [3.44.0-7.0.2] - Fix CVE-2021-43527 [Orabug: 33627334] oval:org.secpod.oval:def:1501110 Important: Oracle Linux 6 java-1.6.0-openjdk security update. oval:org.secpod.oval:def:1501022 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use thi ... oval:org.secpod.oval:def:1501047 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:1501064 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:1501074 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certa ... oval:org.secpod.oval:def:1501712 Vim is an updated and improved version of the vi editor. Security Fix: * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running ... oval:org.secpod.oval:def:1503075 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503120 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503015 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502850 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501262 It was found that the jakarta commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections libr ... oval:org.secpod.oval:def:1502063 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502102 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501463 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ... oval:org.secpod.oval:def:1501381 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ... oval:org.secpod.oval:def:1501265 libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ... oval:org.secpod.oval:def:1501132 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet. oval:org.secpod.oval:def:1501133 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet. oval:org.secpod.oval:def:1501138 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet. oval:org.secpod.oval:def:1501150 The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet. oval:org.secpod.oval:def:26787 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel"s implementation of the Berkeley Packet Filter . A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly ... oval:org.secpod.oval:def:1501937 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501301 It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. oval:org.secpod.oval:def:1501307 Race condition in the IPC object implementation in the Linux kernel allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. oval:org.secpod.oval:def:1500928 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveragin ... oval:org.secpod.oval:def:1500941 The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveragin ... oval:org.secpod.oval:def:1500940 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500943 The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets. oval:org.secpod.oval:def:1501272 The KVM subsystem in the Linux kernel allow guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. oval:org.secpod.oval:def:1501279 The flaws were found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their p ... oval:org.secpod.oval:def:1501217 The get_bitmap_file function in drivers/md/md.c in the Linux kernel does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call. oval:org.secpod.oval:def:1501293 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allows local users to cause a denial of service (OOPS) via crafted keyctl commands. oval:org.secpod.oval:def:1500743 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the Fo ... oval:org.secpod.oval:def:1500748 Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed ... oval:org.secpod.oval:def:1500712 Updated procmail packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1501042 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:1501460 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: * Multiple flaws wer ... oval:org.secpod.oval:def:1501461 OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A m ... oval:org.secpod.oval:def:1501097 SNMP is a protocol used for network management. The NET-SNMP project includes various SNMP tools: an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a ... oval:org.secpod.oval:def:1501060 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:1501086 Multiple vulnerabilities were discovered in ntp, an implementation of the Network Time Protocol: CVE-2015-1798 When configured to use a symmetric key with an NTP peer, ntpd would accept packets without MAC as if they had a valid MAC. This could allow a remote attacker to bypass the packet authentica ... oval:org.secpod.oval:def:1500894 Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from t ... oval:org.secpod.oval:def:1501390 A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ... oval:org.secpod.oval:def:1500948 unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. oval:org.secpod.oval:def:1500953 An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. oval:org.secpod.oval:def:1500320 Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detai ... oval:org.secpod.oval:def:1500327 Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed sever ... oval:org.secpod.oval:def:1500329 Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500877 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1500813 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each vulne ... oval:org.secpod.oval:def:1500832 GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and m ... oval:org.secpod.oval:def:1501111 Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update. oval:org.secpod.oval:def:1501115 Moderate: Oracle Linux 6 Unbreakable Enterprise kernel security update. oval:org.secpod.oval:def:1500562 Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availabl ... oval:org.secpod.oval:def:1500576 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1501010 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use ... oval:org.secpod.oval:def:1501017 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel"s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use ... oval:org.secpod.oval:def:1501026 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:1501029 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:1501034 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:1501031 The kernel package contains the Linux kernel , the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. oval:org.secpod.oval:def:1501096 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501065 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:1501073 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:1501072 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:1500970 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500971 Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper h ... oval:org.secpod.oval:def:1500974 The InfiniBand (IB) implementation in the Linux kernel package does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by lev ... oval:org.secpod.oval:def:1500397 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1500849 It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash t ... oval:org.secpod.oval:def:1500802 It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. oval:org.secpod.oval:def:1500821 It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash t ... oval:org.secpod.oval:def:1500654 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, ... oval:org.secpod.oval:def:1500383 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are a ... oval:org.secpod.oval:def:1500385 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity rating ... oval:org.secpod.oval:def:1503708 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500201 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ... oval:org.secpod.oval:def:1500203 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ... oval:org.secpod.oval:def:1500212 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ... oval:org.secpod.oval:def:1503726 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503793 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1500161 An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. The kernel-uek is main component of an operating system. This security update re-a ... oval:org.secpod.oval:def:1503695 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500192 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ... oval:org.secpod.oval:def:1500195 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1503641 Updated kernel packages that fix two security issues, address several hundred bugs and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the third regular update. The Red Hat Security Response Team has rated this ... oval:org.secpod.oval:def:1500135 Updated pixman packages that fix one security issue are now available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500144 An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1503662 Updated kernel packages that fix multiple security issues, numerous bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give ... oval:org.secpod.oval:def:1500158 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500157 An updated kernel-uek package that fixes one security issue and multiple bugs isnow available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1500031 Updated kernel packages that fix three security issues and several bugs arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500091 Updated kernel packages that fix one security issue are now available forRed Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500093 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score, which gives a detailed severity ... oval:org.secpod.oval:def:1503815 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503729 Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500291 Updated postgresql and postgresql84 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severit ... oval:org.secpod.oval:def:1503784 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1503883 Updated postgresql84 and postgresql packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:1503824 Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:1503323 Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, i ... oval:org.secpod.oval:def:1503197 Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:1500655 Updated httpd packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1502039 Several security issues were fixed in httpd. oval:org.secpod.oval:def:1501962 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501147 SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database w ... oval:org.secpod.oval:def:1503204 Updated xerces-j2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1503639 Updated expat packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are availab ... oval:org.secpod.oval:def:1501684 Expat is a C library for parsing XML documents. Security Fix: * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, pos ... oval:org.secpod.oval:def:1504873 [4:5.10.1-144.0.1] - Backport patch for CVE-2020-10543 [Orabug: 32855589] - Backport patch for CVE-2020-10878 [Orabug: 32855589] - Backport patch for CVE-2020-12723 [Orabug: 32855589] oval:org.secpod.oval:def:1500176 Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:1500179 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1501344 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges o ... oval:org.secpod.oval:def:1500994 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ... oval:org.secpod.oval:def:1503933 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1503882 Updated postgresql84 and postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give det ... oval:org.secpod.oval:def:1504635 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504727 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1507418 [7:3.4.14-15.0.1] - Fix stack buffer overflow when parsing Digest Authorization [CVE-2023-46847][Orabug: 36053795] oval:org.secpod.oval:def:1507423 [7:3.1.23-24.0.1] - Fix stack buffer overflow when parsing Digest Authorization [CVE-2023-46847][Orabug: 36053765] oval:org.secpod.oval:def:1503478 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506045 [4.1.12-124.67.3] - media: imon: Fix null-ptr-deref in imon_probe [Orabug: 31225377] {CVE-2017-16537} - fbcon: remove soft scrollback code [Orabug: 31914703] {CVE-2020-14390} - inet: use bigger hash table for IP ID generation [Orabug: 33778986] {CVE-2021-45486} - ipv4: speedup ip_idents_reserve ... oval:org.secpod.oval:def:1505419 [0.96-11.0.1.el6_10.1] - pkexec: local privilege escalation [Orabug: 33789506][CVE-2021-4034] oval:org.secpod.oval:def:1501775 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1501773 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501779 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1501782 The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsocko ... oval:org.secpod.oval:def:1505736 [4.1.12-124.62.3.1] - debug: Lock down kgdb [Orabug: 34152701] {CVE-2022-21499} oval:org.secpod.oval:def:1507419 [4.1.12-124.78.2] - xfrm: fix crash in XFRM_MSG_GETSA netlink handler [Orabug: 35598955] {CVE-2023-3106} - netfilter: nf_tables: validate registers coming from userspace [Orabug: 34012909] {CVE-2022-1015} [4.1.12-124.78.1] - vc_screen: move load of struct vc_data pointer in vcs_read to avoid UAF ... oval:org.secpod.oval:def:1507422 [4.1.12-124.78.4.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero [Orabug: 35741584] {CVE-2023-22024} oval:org.secpod.oval:def:1507425 [4.1.12-124.81.2] - rebuild bumping release [4.1.12-124.81.1] - netfilter: xt_sctp: validate the flag_info count [Orabug: 35923500] {CVE-2023-39193} - USB: ene_usb6250: Allocate enough memory for full object [Orabug: 35924058] {CVE-2023-45862} - netfilter: xt_u32: validate user space input [Orabu ... oval:org.secpod.oval:def:1507420 [4.1.12-124.79.2] - net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free [Orabug: 35814273] {CVE-2023-4206} - net/sched: sch_qfq: account for stab overhead in qfq_enqueue [Orabug: 35636291] {CVE-2023-3611} - rds: Fix lack of reentrancy for connection reset with dst add ... oval:org.secpod.oval:def:1507421 [4.1.12-124.80.1] - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb [Orabug: 35814478] {CVE-2023-40283} - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free [Orabug: 35814297] {CVE-2023-4208} - RDMA/core: net: fix kernel NULL error [Orabug: 35723252] oval:org.secpod.oval:def:1507426 [4.1.12-124.82.2] - Bluetooth: Reject connection with the device which has same BD_ADDR [Orabug: 35959598] {CVE-2020-26555} - sched/rt: pick_next_rt_entity: check list_entry [Orabug: 35181560] {CVE-2023-1077} - sched/debug: Fix SCHED_WARN_ON to return a value on !CONFIG_SCHED_DEBUG as well [Orabu ... oval:org.secpod.oval:def:1506714 [4.1.12-124.75.3] - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg [Orabug: 35354791] {CVE-2023-2248} [4.1.12-124.75.2] - prlimit: do_prlimit needs to have a speculation check [Orabug: 35354303] {CVE-2023-0458} - kernel/sys.c: fix potential Spectre v1 issue [Orabug: 35354303] ... oval:org.secpod.oval:def:1506458 [4.1.12-124.71.3] - USB: core: Prevent nested device-reset calls [Orabug: 34951641] {CVE-2022-4662} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896} - Bluetooth: L2CAP: Introduce proper defines for PSM ranges [Orabug: 34833 ... oval:org.secpod.oval:def:1506405 [4.1.12-124.70.2] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34882781] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34882781] {CVE-2022-4378} - netfilter: nf_conntrack_irc: Fix forged IP logic [Orabug: 34872056] {CVE-2022-2663} - ... oval:org.secpod.oval:def:1506324 [4.1.12-124.69.5.1] - proc: proc_skip_spaces shouldn"t think it is working on C strings [Orabug: 34883048] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long [Orabug: 34883048] {CVE-2022-4378} oval:org.secpod.oval:def:1505582 [4.1.12-124.61.2] - exec, elf: ignore invalid note data [Orabug: 34023956] [4.1.12-124.61.1] - drm/i915: Flush TLBs before releasing backing store [Orabug: 33835812] {CVE-2022-0330} - drm/i915: Reduce locking in execlist command submission [Orabug: 33835812] {CVE-2022-0330} - ipv4: make exception ... oval:org.secpod.oval:def:1506014 [2.6.32-754.35.1.0.6.OL6] [[:digit]o_epoll_ctl: clean the failure exits up a bit {CVE-2020-0466} [Orabug: 34086960] - epoll: Keep a reference on files added to the check list {CVE-2020-0466} [Orabug: 34086960] - fix regression in "epoll: Keep a reference on files added to the check list {CVE-2021 ... oval:org.secpod.oval:def:1505836 [4.1.12-124.64.1] - iscsi-target: Fix the issue with shutdown_session removal [Orabug: 29661566] - scsi: target: fix hang when multiple threads try to destroy the same iscsi session [Orabug: 29661566] - scsi: target: remove boilerplate code [Orabug: 29661566] - iscsi-target: remove usage of - oval:org.secpod.oval:def:1505423 [4.1.12-124.59.1.2] - fix regression in "epoll: Keep a reference on files added to the check list" [Orabug: 33679854] {CVE-2021-1048} - fget: check that the fd still exists after getting a ref to it [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many and fput_many [Orabug: 33679806] - af_unix: ... oval:org.secpod.oval:def:1503008 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1506144 [1.2.3-29.0.3] - Fix for CVE-2022-37474 [Orabug: 34759428] oval:org.secpod.oval:def:1505597 [4.1.12-124.54.6.1] - fs/namespace.c: fix mountpoint reference counter race [Orabug: 33369433] {CVE-2020-12114} {CVE-2020-12114} - btrfs: only search for left_info if there is no right_info in try_merge_free_space [Orabug: 33369414] {CVE-2019-19448} {CVE-2019-19448} - cfg80211: wext: avoid copying ... oval:org.secpod.oval:def:1505596 [4.1.12-124.54.6] - xen-netback: do not kfree_skb when irq is disabled [Orabug: 33282046] [4.1.12-124.54.5] - l2tp: fix race between l2tp_session_delete and l2tp_tunnel_closeall [Orabug: 33113975] {CVE-2020-0429} - l2tp: ensure sessions are freed after their PPPOL2TP socket [Orabug: 33113975] {CV ... oval:org.secpod.oval:def:1506010 [2.6.32-754.35.1.0.7.OL6] - bluetooth: eliminate the potential race condition when removing the HCI controller {CVE-2021-32399} [Orabug: 33763116] - RDMA/ucma: Put a lock around every call to the rdma_cm layer [Orabug: 33763116] - RDMA/cma: Add missing locking to rdma_accept [Orabug: 33763116] - ... oval:org.secpod.oval:def:1505438 [4.1.12-124.60.1] - xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate [Orabug: 33699627] [Orabug: 33762471] {CVE-2021-4155} - fix regression in "epoll: Keep a reference on files added to the check list" [Orabug: 33679854] [Orabug: 33762505] {CVE-2021-1048} {CVE-2021-1048} - B ... oval:org.secpod.oval:def:1505448 [4.1.12-124.58.2] - ovl: prevent private clone if bind mount is not allowed [Orabug: 33560431] {CVE-2021-3732} [4.1.12-124.58.1] - sunrpc: move NO_CRKEY_TIMEOUT to the auth- oval:org.secpod.oval:def:1500898 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. oval:org.secpod.oval:def:1500900 Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ... oval:org.secpod.oval:def:1500905 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. oval:org.secpod.oval:def:1500904 The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. oval:org.secpod.oval:def:1505683 [4.1.12-124.62.3] - fget: check that the fd still exists after getting a ref to it [Orabug: 33679806] {CVE-2021-0920} - fs: add fget_many and fput_many [Orabug: 33679806] - af_unix: fix garbage collect vs MSG_PEEK [Orabug: 33679806] {CVE-2021-0920} - net: split out functions related to registerin ... oval:org.secpod.oval:def:1504628 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504630 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505594 [2.6.32-754.35.1.0.5.OL6] - [kernel] futex: Use pi_state_update_owner in put_pi_state [1922249] {CVE-2021-3347} [Orabug: 33150734] - [kernel] futex: Handle faults correctly for PI futexes [1922249] {CVE-2021-3347} [Orabug: 33150734] - [kernel] futex: Provide and use pi_state_update_owner [1922249 ... oval:org.secpod.oval:def:1504592 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504621 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502241 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502247 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502248 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503035 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503021 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502478 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502483 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504547 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1505455 [4.1.12-124.57.1] - target; fix print statement warning [Orabug: 33495661] - enic;: fix warning on module_param disable_vlan0, [Orabug: 33495661] - bnx2fc: correct BNX2FC_TM_TIMEOUT to be 60 sec [Orabug: 33495661] - target: Fix linux-4.1.y specific compile warning [Orabug: 33495661] - net/mlx4: ... oval:org.secpod.oval:def:1505595 [4.1.12-124.56.1] - ocfs2: subsystem.su_mutex is required while accessing the item- oval:org.secpod.oval:def:1502738 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1504551 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502677 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502683 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503051 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503060 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503025 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503081 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502532 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502544 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502543 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502095 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501044 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ... oval:org.secpod.oval:def:1501045 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ... oval:org.secpod.oval:def:1501052 arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate ... oval:org.secpod.oval:def:1501070 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel"s virtual console implementation handled reference counting when accessing pseudo-terminal device files . A local, unprivileged attacker could ... oval:org.secpod.oval:def:1502504 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502503 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502508 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502509 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502506 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502516 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502514 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502517 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502521 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502528 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502534 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502536 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502104 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502588 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502591 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503053 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502526 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502530 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502573 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502576 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502398 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502486 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502494 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502093 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502098 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502099 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502340 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502306 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502309 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502311 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502395 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502221 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502220 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502226 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502229 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502227 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502233 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502230 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502249 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502258 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502217 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502266 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502269 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502270 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502271 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502290 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502291 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502190 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502178 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502234 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502211 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502482 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502082 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502083 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502090 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502053 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502058 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502320 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501923 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501922 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501920 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502206 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501821 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502137 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502136 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502164 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502000 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502008 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502013 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502017 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502449 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502061 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502026 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502049 Several security issues were fixed in Linux Kernel. oval:org.secpod.oval:def:1502047 Several security issues were fixed in Linux Kernel. oval:org.secpod.oval:def:1502048 Several security issues were fixed in Linux Kernel and dtrace-modules. oval:org.secpod.oval:def:1502057 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502349 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502305 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501966 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502244 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502203 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502201 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502202 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502219 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502286 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502296 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501555 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * It ... oval:org.secpod.oval:def:1501583 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1501581 Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ... oval:org.secpod.oval:def:1500560 Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ... oval:org.secpod.oval:def:1500558 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ... oval:org.secpod.oval:def:1502342 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501098 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to v ... oval:org.secpod.oval:def:1502672 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503526 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity rat ... oval:org.secpod.oval:def:1500324 Updated python packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a d ... oval:org.secpod.oval:def:1502537 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501274 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ... oval:org.secpod.oval:def:1502578 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501540 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an ... oval:org.secpod.oval:def:1501753 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501870 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501871 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501558 Security vulnerabilities are present in kernel-uek and dtrace-modules oval:org.secpod.oval:def:1501562 Security vulnerabilities are present in kernel-uek and dtrace-modules oval:org.secpod.oval:def:1501504 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:1501409 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user co ... oval:org.secpod.oval:def:1501443 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially , escalate their p ... oval:org.secpod.oval:def:1501863 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501861 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501451 net/sctp/sm_sideeffect.c in the Linux kernel before does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call. oval:org.secpod.oval:def:1501469 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel"s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 ce ... oval:org.secpod.oval:def:1501470 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local sockets to allocate an unfair share of kernel memory, leading to ... oval:org.secpod.oval:def:1501472 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way the Linux kernel"s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 ce ... oval:org.secpod.oval:def:1501477 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501476 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501480 Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:1501311 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. oval:org.secpod.oval:def:1501319 The join_session_keyring function in security/keys/process_keys.c in the Linux kernel mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. oval:org.secpod.oval:def:1501726 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1501735 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501764 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501766 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501808 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow and could subsequently perform any type ... oval:org.secpod.oval:def:1501817 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501822 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501824 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501666 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a re ... oval:org.secpod.oval:def:1501707 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1501710 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1501716 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:1500682 The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. oval:org.secpod.oval:def:1500202 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link inthe References section. The kernel-uek is main comp ... oval:org.secpod.oval:def:1500210 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500220 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500636 Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:1500657 The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extensions fail to check for a minimal message length before testing the supplied offset to be within the bounds of the message. This allows the subtraction of the nla header to underflow and therefore -- as the data type is unsigned -- allowing far to ... oval:org.secpod.oval:def:1500659 The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer und ... oval:org.secpod.oval:def:1500662 Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which giv ... oval:org.secpod.oval:def:1500661 Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. oval:org.secpod.oval:def:1500672 The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. oval:org.secpod.oval:def:1500675 For a TCP-style socket, while processing the COOKIE_ECHO chunk in sctp_sf_do_5_1D_ce(), after it has passed a series of sanity check, a new association would be created in sctp_unpack_cookie(), but afterwards, some processing maybe failed, and sctp_association_free() will be called to free the previ ... oval:org.secpod.oval:def:1500674 The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. oval:org.secpod.oval:def:1500258 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500716 Linux kernel built with the system-call auditing support(CONFIG_AUDITSYSCALL) is vulnerable to a kernel crash or information disclosure flaw caused by out of bounds memory access. It could occur when system call audit rules are configured on a system. Administrative privileges are required to add su ... oval:org.secpod.oval:def:1500715 kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. oval:org.secpod.oval:def:1500753 include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface. oval:org.secpod.oval:def:1500705 Linux kernel built with the support for Stream Control Transmission Protocol is vulnerable to a NULL pointer dereference flaw. It could occur when simultaneous new connections are initiated between the same pair of hosts. A remote user/program could use this flaw to crash the system kernel resulting ... oval:org.secpod.oval:def:1500706 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500563 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500569 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500572 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500574 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500577 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500583 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500582 Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratin ... oval:org.secpod.oval:def:1500591 The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. oval:org.secpod.oval:def:1500556 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500555 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500600 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. oval:org.secpod.oval:def:1500602 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. oval:org.secpod.oval:def:1500605 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500611 The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fa ... oval:org.secpod.oval:def:1500613 The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. oval:org.secpod.oval:def:1500617 The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. oval:org.secpod.oval:def:1500409 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500412 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500416 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500421 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500995 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root bina ... oval:org.secpod.oval:def:1500950 Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. oval:org.secpod.oval:def:1500318 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500321 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rate ... oval:org.secpod.oval:def:1500331 Updated kernel packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which gi ... oval:org.secpod.oval:def:1500342 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500350 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500352 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500764 sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX acces ... oval:org.secpod.oval:def:1500773 A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. oval:org.secpod.oval:def:1500779 Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this upd ... oval:org.secpod.oval:def:1500785 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) ... oval:org.secpod.oval:def:1500788 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) ... oval:org.secpod.oval:def:1500309 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500312 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500796 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) ... oval:org.secpod.oval:def:1500370 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500372 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500371 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:1500376 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 6. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500384 An updated kernel-uek package that fixes one security issue and multiple bugs is now available for Oracle Enterprise Linux 5. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kernel-uek is main com ... oval:org.secpod.oval:def:1500834 An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. oval:org.secpod.oval:def:1500844 Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid repo ... oval:org.secpod.oval:def:1500854 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500859 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500804 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500808 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500815 A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. oval:org.secpod.oval:def:1500817 An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. oval:org.secpod.oval:def:1500822 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503374 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503697 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1503572 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1503176 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1503431 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, ... oval:org.secpod.oval:def:1503453 Updated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:1507424 [4.1.12-124.83.2] - Input: add bounds checking to input_set_capability [Orabug: 36192120] {CVE-2022-48619} - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack [Orabug: 36155598] {CVE-2023-7192} [4.1.12-124.83.1] - ext4: improve error recovery code paths in __ext4_remou ... |