Download
| Alert*
|
oval:org.secpod.oval:def:500453
The pam_krb5 module allows Pluggable Authentication Modules aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in pam_krb5. In some non-default configurations , the text of the password prompt varied based on whether or not th ... oval:org.secpod.oval:def:500056 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP serve ... oval:org.secpod.oval:def:500579 The GNOME Display Manager is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm packag ... oval:org.secpod.oval:def:500532 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of ... oval:org.secpod.oval:def:500724 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise ... oval:org.secpod.oval:def:500302 PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart ... oval:org.secpod.oval:def:21825 The host is installed with Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted block size. Successful exploitation allows remote attackers to caus ... oval:org.secpod.oval:def:500075 The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ... oval:org.secpod.oval:def:500552 Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces. A heap-based buffer overflow flaw was found in the way n ... oval:org.secpod.oval:def:500510 Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read ... oval:org.secpod.oval:def:500516 cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. All users of cscope ... oval:org.secpod.oval:def:500174 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500186 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arb ... oval:org.secpod.oval:def:500694 GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license. Multiple heap buffer overflows and an array indexing error were found in th ... oval:org.secpod.oval:def:500607 The International Components for Unicode library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid, encoded data. If an application used ICU to decode malformed, multibyte, character data, it may have been possible to bypass certain conte ... oval:org.secpod.oval:def:500238 Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval function. An attacker could possibly use this ... oval:org.secpod.oval:def:500143 Bash is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrar ... oval:org.secpod.oval:def:500243 Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An ... oval:org.secpod.oval:def:501169 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:10399 Users should be allowed or not allowed to set environment options for SSH as appropriate. oval:org.secpod.oval:def:500032 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ... oval:org.secpod.oval:def:500003 Red Hat Enterprise Linux 5 is installed oval:org.secpod.oval:def:500961 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:gov.nist.usgcb.rhel:def:201035 Check output of /usr/sbin/sestatus or check if /selinux exists. oval:org.secpod.oval:def:10491 The microcode_ctl service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10492 Avahi publishing of domain name should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10493 File permissions for /etc/pki/tls/CA/cacert.pem should be set correctly. oval:org.secpod.oval:def:10494 File permissions for /etc/pki/tls/ldap should be set correctly. oval:org.secpod.oval:def:10495 The haldaemon service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10496 The network service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10497 The Dovecot option to drop privileges to user before executing mail process should be enabled or not as appropriate oval:org.secpod.oval:def:10498 Squid should be configured to allow http-mgmt traffic or not as appropriate oval:org.secpod.oval:def:10490 The Squid max request HTTP header length should be set to an appropriate value. oval:org.secpod.oval:def:10488 Write access to NFS shares should be enabled or disabled as appropriate oval:org.secpod.oval:def:10489 Avahi publishing of local information by user applications should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10499 File permissions for /etc/pki/tls/ldap/serverkey.pem should be set correctly. oval:org.secpod.oval:def:10430 NIS domain should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10431 File permissions for /usr/sbin/userhelper should be set correctly. oval:org.secpod.oval:def:10432 The /var/named/chroot/etc/named.conf file should be owned by the appropriate group. oval:org.secpod.oval:def:500152 Mozilla Thunderbird is a standalone mail and newsgroup client. This erratum blacklists a small number of HTTPS certificates. This update also fixes the following bug: * The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression, preventing some Java content and plug-ins written in Java f ... oval:org.secpod.oval:def:10422 CUPS service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10423 The apache2 server's ServerSignature value should be set appropriately. oval:org.secpod.oval:def:10424 Logins through the specified virtual console interface should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10425 The messagebus service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10426 The mdmonitor service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10427 Console device ownership should be restricted to root-only as appropriate. oval:org.secpod.oval:def:10428 Dovecot should be configured to support the pop3s protocol or not as necessary oval:org.secpod.oval:def:10429 The default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately. oval:org.secpod.oval:def:10440 The pcscd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10441 The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate user. oval:org.secpod.oval:def:10442 Logins through the primary console device should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10443 The irqbalance service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:500167 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:500168 Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before ... oval:org.secpod.oval:def:10433 The USB device support module should be installed or not as appropriate. oval:org.secpod.oval:def:10434 The statd service should be configured to use an outgoing static port or an outgoing dynamic portmapper port as appropriate oval:org.secpod.oval:def:10435 File permissions for /usr/sbin/httpd should be set correctly. oval:org.secpod.oval:def:10436 OpenNTPD should be installed or uninstalled as appropriate. oval:org.secpod.oval:def:10437 Sudo privileges should granted or rejected to the wheel group as appropriate. oval:org.secpod.oval:def:10438 The cpuspeed service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10439 The default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. oval:org.secpod.oval:def:10410 The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate. oval:org.secpod.oval:def:500172 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The ... oval:org.secpod.oval:def:10408 The rquotad service should be configured to use a static port or a dynamic portmapper port as appropriate. oval:org.secpod.oval:def:10409 The /etc/httpd/conf/* files should be owned by the appropriate group. oval:org.secpod.oval:def:10400 Bluetooth kernel modules should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10401 Syslogd should accept remote messages or not as appropriate. oval:org.secpod.oval:def:10402 The firstboot service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10403 The smartd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10405 The ntp daemon synchronization server should be set appropriately. oval:org.secpod.oval:def:10406 The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate user. oval:org.secpod.oval:def:10407 Automatic loading of the IPv6 kernel module should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10420 dhcpd logging should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10421 CUPS service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10419 Domain name server information should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10411 Squid should be configured to allow wais traffic or not as appropriate oval:org.secpod.oval:def:10412 The statd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:10413 The syslog service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10414 Console device ownership should be restricted to root-only as appropriate. oval:org.secpod.oval:def:10415 The idle time-out value for the default /bin/tcsh shell should meet the minimum requirements. oval:org.secpod.oval:def:10416 The Squid EUID should be set to an appropriate user oval:org.secpod.oval:def:10417 The idle time-out value for the default /bin/bash shell should meet the minimum requirements. oval:org.secpod.oval:def:10418 The /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate group. oval:org.secpod.oval:def:10470 File permissions for /etc/pki/tls/ldap/servercert.pem should be set correctly. oval:org.secpod.oval:def:10471 Command access to the root account should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10472 The default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10473 The apmd service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10474 The default setting for accepting IPv6 router advertisements should be enabled or disabled for network interfaces as appropriate. oval:org.secpod.oval:def:10475 The listening sendmail daemon should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10476 Inbound connections to the ssh port should be allowed or denied as appropriate. oval:org.secpod.oval:def:10466 Squid should be configured to allow ftp traffic or not as appropriate. oval:org.secpod.oval:def:10467 The dynamic DNS feature of the DHCP server should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10468 The /var/named/chroot/etc/named.conf file should be owned by the appropriate user. oval:org.secpod.oval:def:10469 Syslog logs should be sent to a remote loghost or not as appropriate. oval:org.secpod.oval:def:10480 NTP servers should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10481 The /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate group. oval:org.secpod.oval:def:10482 The logwatch service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10483 The /etc/pki/tls/ldap file should be owned by the appropriate group. oval:org.secpod.oval:def:10484 Avahi publishing of IP addresses should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10485 The Squid option to allow underscores in hostnames should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10486 BOOTP queries should be accepted or denied by the DHCP server as appropriate. oval:org.secpod.oval:def:10487 The apache 2 server software should be installed or removed as appropriate oval:org.secpod.oval:def:10477 The acpid service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10478 The lockd service should be configured to use a static port or a dynamic portmapper port for UDP as appropriate. oval:org.secpod.oval:def:10479 Time offset should be sent or not sent by the DHCP server as appropriate.. oval:org.secpod.oval:def:10450 The setroubleshoot package should be installed or uninstalled as appropriate. oval:org.secpod.oval:def:10451 The default number of IPv6 router solicitations for network interfaces to send should be set appropriately. oval:org.secpod.oval:def:10452 NIS servers should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10453 Device drivers for wireless devices should be included or excluded from the kernel as appropriate. oval:org.secpod.oval:def:10454 USB kernel support should be enabled or disabled as appropriate. oval:org.secpod.oval:def:500134 Mozilla Thunderbird is a standalone mail and newsgroup client. The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that exception, rendering every HTTPS certificate sign ... oval:org.secpod.oval:def:10444 Squid should be configured to allow gopher traffic or not as appropriate oval:org.secpod.oval:def:10445 The default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. oval:org.secpod.oval:def:10446 The restorecond service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10447 Network access to ntpd should be allowed or denied as appropriate. oval:org.secpod.oval:def:10448 The Avahi daemon should be configured to serve via Ipv6 or not as appropriate. oval:org.secpod.oval:def:10449 The default number of global unicast IPv6 addresses allowed per network interface should be set appropriately. oval:org.secpod.oval:def:10460 The default setting for accepting redirects from IPv6 routers should be enabled or disabled for network interfaces as appropriate. oval:org.secpod.oval:def:10461 The kudzu service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10462 The default setting for accepting router preference via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate. oval:org.secpod.oval:def:10463 The gpm service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10464 Default routers should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10465 The setroubleshoot service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:500140 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. This erratum blacklists a small number of HTTPS certificates. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, ... oval:org.secpod.oval:def:10455 The Squid option to show proxy client IP addresses in HTTP headers should be enabled or disabled as appropriate oval:org.secpod.oval:def:10456 The /usr/sbin/userhelper file should be owned by the appropriate group. oval:org.secpod.oval:def:10457 The USB device support module should be loaded or not as appropriate. oval:org.secpod.oval:def:10458 The dhcp client service should be enabled or disabled as appropriate for each interface. oval:org.secpod.oval:def:10459 Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriate. oval:org.secpod.oval:def:10507 The Avahi daemon should be configured to serve via Ipv4 or not as appropriate. oval:org.secpod.oval:def:10508 The Dovecot option to spawn a new login process per connection should be enabled or not as appropriate oval:org.secpod.oval:def:10509 Squid proxy access to localhost should be allowed or denied as appropriate oval:org.secpod.oval:def:10500 Dovecot should be configured to support the imaps protocol or not as necessary oval:org.secpod.oval:def:10501 File permissions for /etc/httpd/conf/* should be set correctly. oval:org.secpod.oval:def:10502 Domain name should be sent or not sent by the DHCP server as appropriate. oval:org.secpod.oval:def:10503 DHCPDECLINE messages should be accepted or denied by the DHCP server as appropriate oval:org.secpod.oval:def:10504 The net-smtp package should be installed or uninstalled as appropriate oval:org.secpod.oval:def:10505 The anacron service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10506 CUPS should be allowed or denied the ability to listen for Incoming printer information as appropriate oval:org.secpod.oval:def:10520 The xfs service should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10518 Local user login to the vsftpd service should be enabled or disabled as appropriate oval:org.secpod.oval:def:10519 Avahi publishing of local information should be enabled or disabled as appropriate oval:org.secpod.oval:def:10510 The Squid max reply HTTP header length should be set to an appropriate value oval:org.secpod.oval:def:10511 Remote print browsing should be enabled or disabled as appropriate oval:org.secpod.oval:def:10512 The ntp daemon should be enabled or disabled as appropriate oval:org.secpod.oval:def:10513 Avahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate oval:org.secpod.oval:def:10514 The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate group. oval:org.secpod.oval:def:10515 The anacron package should be installed or uninstalled as appropriate. oval:org.secpod.oval:def:10516 Avahi publishing of hardware information should be enabled or disabled as appropriate oval:org.secpod.oval:def:10517 The mountd service should be configured to use a static port or a dynamic portmapper port as appropriate oval:org.secpod.oval:def:10550 The Squid option to log HTTP MIME headers should be enabled or disabled as appropriate. oval:org.secpod.oval:def:10551 Squid should be configured to allow http traffic or not as appropriate oval:org.secpod.oval:def:10543 Root squashing should be enabled or disabled as appropriate for all NFS shares. oval:org.secpod.oval:def:10544 Dovecot should be configured to support the imap protocol or not as necessary oval:org.secpod.oval:def:10545 Logging of vsftpd transactions should be enabled or disabled as appropriate oval:org.secpod.oval:def:10546 Dovecot plaintext authentication of clients should be enabled or disabled as necessary oval:org.secpod.oval:def:10547 A warning banner for all FTP users should be enabled or disabled as appropriate oval:org.secpod.oval:def:10548 The lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriate oval:org.secpod.oval:def:10549 File permissions for /var/log/httpd should be set correctly. oval:org.secpod.oval:def:10530 The Squid GUID should be set to an appropriate group oval:org.secpod.oval:def:10531 The /var/lib/ldap/* files should be owned by the appropriate group. oval:org.secpod.oval:def:10529 The apache2 server's ServerTokens value should be set appropriately oval:org.secpod.oval:def:10521 The /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate user. oval:org.secpod.oval:def:10522 Avahi publishing of workstation name should be enabled or disabled as appropriate oval:org.secpod.oval:def:10523 The Squid option to force FTP passive connections should be enabled or not as appropriate oval:org.secpod.oval:def:10524 The Squid option to perform FTP sanity checks should be enabled or not as appropriate oval:org.secpod.oval:def:10525 File uploads via vsftpd should be enabled or disabled as appropriate oval:org.secpod.oval:def:10526 X Windows should be enabled or disabled at system boot as appropriate oval:org.secpod.oval:def:10527 Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate oval:org.secpod.oval:def:10528 Squid should be configured to allow multiling http traffic or not as appropriate oval:org.secpod.oval:def:10540 The noexec option should be enabled or disabled for all NFS mounts as appropriate oval:org.secpod.oval:def:10541 Squid should be configured to allow https traffic or not as appropriate oval:org.secpod.oval:def:10542 Dovecot should be configured to support the pop3 protocol or not as necessary oval:org.secpod.oval:def:10532 File permissions for /var/named/chroot/etc/named.conf should be set correctly. oval:org.secpod.oval:def:10533 The /etc/pki/tls/ldap file should be owned by the appropriate user. oval:org.secpod.oval:def:10534 The Squid option to suppress the httpd version string should be enabled or disabled as appropriate oval:org.secpod.oval:def:10535 The /var/lib/ldap/* files should be owned by the appropriate user. oval:org.secpod.oval:def:10536 The Squid option to check for RFC compliant hostnames should be enabled or not as appropriate oval:org.secpod.oval:def:10537 File permissions for /etc/httpd/conf should be set correctly. oval:org.secpod.oval:def:10538 Squid should be configured to allow gss-http traffic or not as appropriate oval:org.secpod.oval:def:10539 Squid should be configured to allow filemaker traffic or not as appropriate oval:org.secpod.oval:def:500234 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a certain Certificate Authority as untrusted, but made an exception for a select few. This update removes that e ... oval:org.secpod.oval:def:500359 The nss_db packages provide a set of C library extensions which allow Berkeley Database databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. These databases are used instead of or in addition to the flat files ... oval:org.secpod.oval:def:500461 NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a C ... oval:org.secpod.oval:def:500040 Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim"s ses ... oval:org.secpod.oval:def:500588 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciph ... oval:org.secpod.oval:def:500612 The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyt ... oval:org.secpod.oval:def:500357 The K Desktop Environment is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager . A local user with console access could trigger a race condition, possibly resulting in the ... oval:org.secpod.oval:def:500379 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specia ... oval:org.secpod.oval:def:500580 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion when parsing binary ... oval:org.secpod.oval:def:500589 acpid is a daemon that dispatches ACPI events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon"s error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU ... oval:org.secpod.oval:def:500541 GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins. Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-i ... oval:org.secpod.oval:def:500591 The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could ca ... oval:org.secpod.oval:def:500592 Little Color Management System is a small-footprint, speed-optimized open source color management engine. Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using Litt ... oval:org.secpod.oval:def:500121 OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP wou ... oval:org.secpod.oval:def:500621 Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled . If the configured tftp-root is sufficiently long, and a remote user sends a request that sends a long file name, dnsm ... oval:org.secpod.oval:def:500638 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use th ... oval:org.secpod.oval:def:501462 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:500228 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ... oval:org.secpod.oval:def:500712 The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privile ... oval:org.secpod.oval:def:500303 The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an ... oval:org.secpod.oval:def:500031 rdesktop is a client for the Remote Desktop Server in Microsoft Windows. It uses the Remote Desktop Protocol to remotely present a user"s desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdeskt ... oval:org.secpod.oval:def:500345 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the ... oval:org.secpod.oval:def:20970 The host is installed with libxslt before 1.1.28 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an empty match attribute in a XSL key to the xsltAddKey function in keys.c or uninitialized variable to the xsltDocumentFunction function in ... oval:org.secpod.oval:def:500647 libwmf is a library for reading and converting Windows Metafile Format vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially-crafted WMF file that woul ... oval:org.secpod.oval:def:500563 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS ... oval:org.secpod.oval:def:500627 Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a l ... oval:org.secpod.oval:def:505605 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-11, listed in the References section. Specially-crafted SW ... oval:org.secpod.oval:def:500593 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to ch ... oval:org.secpod.oval:def:500708 The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker abl ... oval:org.secpod.oval:def:500301 Poppler is a Portable Document Format rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler to crash or, potentially, execute ar ... oval:org.secpod.oval:def:500307 The sudo utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly lev ... oval:org.secpod.oval:def:500351 LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp ... oval:org.secpod.oval:def:500438 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Ke ... oval:org.secpod.oval:def:500406 The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentia ... oval:org.secpod.oval:def:500470 The sudo utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. ... oval:org.secpod.oval:def:500091 system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privi ... oval:org.secpod.oval:def:500107 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX extension. A malicious, authorized client could use these flaws t ... oval:org.secpod.oval:def:25181 The host is installed with xz on Red Hat Enterprise Linux 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process filenames containing a semicolon. Successful exploitation could allow attackers to execute arbitrary co ... oval:org.secpod.oval:def:500237 Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child proces ... oval:org.secpod.oval:def:500248 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were ... oval:org.secpod.oval:def:500726 The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this ... oval:org.secpod.oval:def:500371 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the ... oval:org.secpod.oval:def:500388 dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the "ac ... oval:org.secpod.oval:def:500441 brltty is a background process which provides access to the Linux console for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. It was discovered that a brltty library had an insecure relative RPATH set in the EL ... oval:org.secpod.oval:def:500464 Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network . It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Re ... oval:org.secpod.oval:def:500405 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privi ... oval:org.secpod.oval:def:500069 The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to cr ... oval:org.secpod.oval:def:21526 The host is installed with System Security Services Daemon (SSSD) 1.11.6 and is prone to Security bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow attackers to bypass access restrictions. oval:org.secpod.oval:def:500521 Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access ... oval:org.secpod.oval:def:500170 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:501052 The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server"s X.509 certificate when m ... oval:org.secpod.oval:def:500671 The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing re ... oval:org.secpod.oval:def:500648 The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a ... oval:org.secpod.oval:def:500654 acpid is a daemon that dispatches ACPI events to user-space programs. It was discovered that acpid could create its log file with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid ... oval:org.secpod.oval:def:500369 The GNU tar program saves many files together in one archive and can restore individual files from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to ... oval:org.secpod.oval:def:500382 GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges ... oval:org.secpod.oval:def:500549 GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted ... oval:org.secpod.oval:def:500750 The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main I ... oval:org.secpod.oval:def:500677 NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager"s D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connec ... oval:org.secpod.oval:def:500680 OpenSSH is OpenBSD"s SSH protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 loosened certain ownership requirements for directories used as ... oval:org.secpod.oval:def:500220 rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the "filter", "exclude", and "exclude from" options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this ... oval:org.secpod.oval:def:500430 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when add ... oval:org.secpod.oval:def:500547 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the & ... oval:org.secpod.oval:def:500083 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sa ... oval:org.secpod.oval:def:500084 The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were n ... oval:org.secpod.oval:def:500090 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certa ... oval:org.secpod.oval:def:500730 Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to ... oval:org.secpod.oval:def:500747 The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel"s kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel"s kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism ... oval:org.secpod.oval:def:500183 The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite are included in these packages. It was discovered that libuser did not set the password entry co ... oval:org.secpod.oval:def:25180 The host is installed with rhn-client-tools on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle crafted hostnames. Successful exploitation could allow attackers to prevent registration fr ... oval:org.secpod.oval:def:500323 The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug- ... oval:org.secpod.oval:def:500337 Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the ... oval:org.secpod.oval:def:500423 The Simple Protocol for Independent Computing Environments is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The qspice-client package provides the ... oval:org.secpod.oval:def:500286 Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe modul ... oval:gov.nist.usgcb.rhel:def:203401 The samba package should be uninstalled. oval:org.secpod.oval:def:10404 Logins through the specified virtual console device should be enabled or disabled as appropriate. oval:org.secpod.oval:def:500426 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500484 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:500399 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. HTML containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: ... oval:org.secpod.oval:def:500449 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ... oval:org.secpod.oval:def:500314 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model element properties. Malicious HTML content could cause an application linked against XULRunner to crash or, potentially, ... oval:org.secpod.oval:def:500341 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:500433 Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the ... oval:org.secpod.oval:def:500402 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the w ... oval:org.secpod.oval:def:500292 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ... oval:org.secpod.oval:def:500584 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were foun ... oval:org.secpod.oval:def:500397 The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool"s libltdl library. A flaw was found in the way GNU Libtool"s libltdl library looked for libraries to load. It was possible for libltdl to load a malici ... oval:org.secpod.oval:def:500002 The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries. The libgcj package provides fastjar, an archive tool for Java Archive files. Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a loc ... oval:org.secpod.oval:def:500546 GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool"s libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbi ... oval:org.secpod.oval:def:500555 Virtual Network Computing is a remote display system which allows you to view a computer"s "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. An insufficient input validation flaw was disco ... oval:gov.nist.usgcb.rhel:def:202052 The atd service should be disabled. oval:gov.nist.usgcb.rhel:def:182444 The irda service should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:181560 The rawdevices service should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:201685 Audit rules about the Information on Kernel Module Loading and Unloading. oval:gov.nist.usgcb.rhel:def:99900 User accounts may or may not be inactivated a specified number of days after account expiration. oval:gov.nist.usgcb.rhel:def:201115 Check for device ���le that is not labeled. oval:gov.nist.usgcb.rhel:def:36491 Firewall access to printing service should be enabled or disabled as appropriate oval:gov.nist.usgcb.rhel:def:201575 Audit rules about time are enabled oval:gov.nist.usgcb.rhel:def:2034011 Require packet signing of clients who mount Samba shares using the mount.cifs program (e.g., those who specify shares in /etc/fstab). To do so, ensure that signing options (either sec=krb5i or sec=ntlmv2i) are used. oval:gov.nist.usgcb.rhel:def:2034010 Require samba clients running smbclient to use packet signing. A Samba client should only communicate with servers who can support SMB packet signing. oval:gov.nist.usgcb.rhel:def:201825 The tftp service should be disabled. oval:gov.nist.usgcb.rhel:def:203175 The vsftpd service should be uninstalled. oval:gov.nist.usgcb.rhel:def:201480 The rsyslog package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:201479 Support for TIPC should be disabled. oval:gov.nist.usgcb.rhel:def:201478 Support for RDS should be disabled. oval:gov.nist.usgcb.rhel:def:201474 Change the default policy to DROP (from ACCEPT) for the INPUT built-in chain. oval:gov.nist.usgcb.rhel:def:201477 Support for SCTP should be disabled. oval:gov.nist.usgcb.rhel:def:201476 Support for DCCP should be disabled. oval:gov.nist.usgcb.rhel:def:201006 Idle activation of the screen lock should be enabled. oval:gov.nist.usgcb.rhel:def:201005 Idle activation of the screen saver should be enabled. oval:gov.nist.usgcb.rhel:def:201007 The screen saver should be blank. oval:gov.nist.usgcb.rhel:def:201745 The telnet service should be disabled. oval:gov.nist.usgcb.rhel:def:141130 The password dcredit should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:180372 The firewall should allow or reject access to the avahi service. oval:gov.nist.usgcb.rhel:def:573897 The talk package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573896 The talk-server package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573895 The pam_ccreds package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573894 The ipsec-tools package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573893 The isdn4k-utils package should installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573892 The sendmail package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573891 The postfix package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:573898 The irda-utils package should be installed or uninstalled as appropriate. oval:gov.nist.usgcb.rhel:def:40725 The autofs service should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:201776 The rlogin service should be disabled. oval:gov.nist.usgcb.rhel:def:201775 The rsh service should be disabled. oval:gov.nist.usgcb.rhel:def:201774 The rcp service should be disabled. oval:org.secpod.oval:def:21811 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/Mosaic temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21812 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a /tmp/tramp temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21810 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on a temporary file under /tmp/esrc/. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21809 The host is installed with Emacs 24.3 and earlier and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the /tmp/gnus.face.ppm temporary file. Successful exploitation allows local users to overwrite arbitrary files. oval:org.secpod.oval:def:21831 The host is installed with sendmail before 8.14.9 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle a custom mail-delivery program. Successful exploitation allows local users to access unintended high-numbered file descriptors. oval:org.secpod.oval:def:21802 The host is installed with Exim before 4.83 and is prone to an elevation vulnerability. A flaw is present in the application, which expands mathematical comparisons twice. Successful exploitation allows local users to gain privileges and execute arbitrary commands. oval:org.secpod.oval:def:21822 The host is installed with Linux-PAM (aka pam) 1.1.8 and is prone to multiple directory traversal vulnerabilities. The flaws are present in the application, which fails to properly handle a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty functi ... oval:org.secpod.oval:def:500431 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered wr ... oval:org.secpod.oval:def:24759 The host is installed with wireshark in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle a crafted packet-trace file. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24734 The host is installed with sox in RHEL 5, 6 or 7 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly process NIST Sphere and WAV audio files. Successful exploitation could allow attackers to execute arbitrary code with the privileg ... oval:org.secpod.oval:def:21801 The host is installed with libgcrypt before 1.5.4 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly perform ciphertext normalization and ciphertext randomizations. Successful exploitation makes it easier for physically proximate attackers to ... oval:org.secpod.oval:def:24744 The host is installed with libgcrypt in RHEL 5,6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to gain sensitive information. oval:org.secpod.oval:def:24738 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted Ad hoc On-Demand Distance Vector (AODV) packet. Successful exploitation could allow attackers to obtain sensiti ... oval:org.secpod.oval:def:24735 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted PPP packet. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24739 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle a crafted length value in a Geonet frame. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24740 The host is installed with tcpdump in RHEL 5, 6 or 7 and is prone to an integer underflow vulnerability. A flaw is present in the application, which fails to properly handle a crafted length value in an OLSR frame. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20971 The host is installed with curl or libcurl 7.1 before 7.36 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle a crafted certificate issued by a legitimate Certification Authority. Successful exploitation could allow attackers to spoo ... oval:org.secpod.oval:def:24041 The host is installed with QT through 3.3.6-26 on Red Hat Enterprise Linux 5, through 4.6.2-28 on Red Hat Enterprise Linux 6, and 4.8.5-8 on Red Hat Enterprise Linux 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly calculate the masks ... oval:gov.nist.usgcb.rhel:def:20008 The yum-updatesd service should be disabled oval:gov.nist.usgcb.rhel:def:20006 If user home directories will be stored locally, create a separate partition for /home. If /home will be mounted from another system such as an NFS server, then creating a separate partition is not necessary at this time, and the mountpoi ... oval:gov.nist.usgcb.rhel:def:20007 The rhnsd service should be disabled. oval:gov.nist.usgcb.rhel:def:20004 System logs are stored in the /var/log directory. Ensure that it has its own partition or logical volume. oval:gov.nist.usgcb.rhel:def:20005 Audit logs are stored in the /var/log/audit directory. Ensure that it has its own partition or logical volume. Make absolutely certain that it is large enough to store all audit logs that will be created by the auditing ... oval:gov.nist.usgcb.rhel:def:20002 The /var directory is used by daemons and other system services to store frequently-changing data. It is not uncommon for the /var directory to contain world-writable directories, installed by other software packages. ... oval:gov.nist.usgcb.rhel:def:20000 The /tmp directory is a world-writable directory used for temporary ���le storage. Verify that it has its own partition or logical volume. oval:gov.nist.usgcb.rhel:def:20028 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20029 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20027 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20019 The nosuid option should be enabled for all removable media. oval:gov.nist.usgcb.rhel:def:20017 The nodev option should be enabled for all removable media. oval:gov.nist.usgcb.rhel:def:20018 The noexec option should be enabled for all removable media. oval:gov.nist.usgcb.rhel:def:20016 The nodev option should be enabled for all non-root partitions. oval:gov.nist.usgcb.rhel:def:20014 The AIDE package should be installed oval:gov.nist.usgcb.rhel:def:20011 To ensure that signature checking is not disabled for any repos, ensure that the following line DOES NOT appear in any repo con���guration ���les in /etc/yum.repos.d or elsewhere oval:gov.nist.usgcb.rhel:def:20010 The gpgcheck option should be used to ensure that checking of an RPM package���s signature always occurs prior to its installation./ oval:gov.nist.usgcb.rhel:def:144120 Add nodev Option to /tmp Partition oval:gov.nist.usgcb.rhel:def:20048 The sgid bit should be set only for specified files. oval:gov.nist.usgcb.rhel:def:20049 The suid bit should be set only for specified files. oval:gov.nist.usgcb.rhel:def:20046 The sticky bit should be set for all world-writable directories. oval:gov.nist.usgcb.rhel:def:20047 The world-write permission should be disabled for all files. oval:gov.nist.usgcb.rhel:def:20044 File permissions for /etc/gshadow should be set correctly. oval:gov.nist.usgcb.rhel:def:20045 File permissions for /etc/passwd should be set correctly. oval:gov.nist.usgcb.rhel:def:20042 File permissions for /etc/shadow should be set correctly. oval:gov.nist.usgcb.rhel:def:20043 File permissions for /etc/group should be set correctly. oval:gov.nist.usgcb.rhel:def:20040 The /etc/passwd file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20041 The /etc/passwd file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20039 The /etc/gshadow file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20037 The /etc/group file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20038 The /etc/gshadow file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20035 The /etc/shadow file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20036 The /etc/group file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20033 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20034 The /etc/shadow file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20031 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20032 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:20030 prevents usage of this uncommon ���lesystems. oval:gov.nist.usgcb.rhel:def:500116 Add noexec Option to /tmp Partition oval:gov.nist.usgcb.rhel:def:500115 Add noexec Option to /dev/shm Partition oval:gov.nist.usgcb.rhel:def:500114 Add nosuid Option to /dev/shm Partition oval:gov.nist.usgcb.rhel:def:500113 Add nodev Option to /dev/shm Partition oval:gov.nist.usgcb.rhel:def:500119 Postfix network listening should be disabled oval:gov.nist.usgcb.rhel:def:500118 Disable the network sniffer oval:gov.nist.usgcb.rhel:def:500117 Bind mount the /var/tmp directory to /var oval:gov.nist.usgcb.rhel:def:500112 Add nosuid Option to /tmp Partition oval:gov.nist.usgcb.rhel:def:200785 The password ocredit should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:200786 The password lcredit should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:200787 The password difok should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:200781 The password retry should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:200784 The password ucredit should meet minimum requirements using pam_cracklib oval:gov.nist.usgcb.rhel:def:20107 The SELinux policy should be set appropriately. oval:gov.nist.usgcb.rhel:def:20106 The SELinux state should be set appropriately. oval:gov.nist.usgcb.rhel:def:20103 The direct gnome login warning banner should be set correctly. oval:gov.nist.usgcb.rhel:def:20104 SELinux should be enabled oval:gov.nist.usgcb.rhel:def:20101 The vlock package should be installed oval:gov.nist.usgcb.rhel:def:20102 The system login banner text should be set correctly. oval:gov.nist.usgcb.rhel:def:20100 The allowed period of inactivity gnome desktop lockout should be configured correctly. oval:gov.nist.usgcb.rhel:def:20128 All wireless interfaces should be disabled. oval:gov.nist.usgcb.rhel:def:20125 Performing source validation by reverse path should be enabled or disabled for all interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20126 The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20123 Ignoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:20124 Sending TCP syncookies should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:20121 The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20122 Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:20120 The default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:43680 CCE-4368-7:Mount Remote Filesystems with nodev oval:gov.nist.usgcb.rhel:def:20118 Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20119 The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20116 Accepting ICMP redirects should be enabled or disabled for all interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20117 Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20114 IP forwarding should be disabled. oval:gov.nist.usgcb.rhel:def:20115 Accepting source routed packets should be enabled or disabled for all interfaces as appropriate. oval:gov.nist.usgcb.rhel:def:20112 The default setting for sending ICMP redirects should be disabled for network interfaces. oval:gov.nist.usgcb.rhel:def:20113 Sending ICMP redirects should be disabled for all interfaces. oval:gov.nist.usgcb.rhel:def:20110 The mcstrans service should be disabled. oval:gov.nist.usgcb.rhel:def:20149 All rsyslog log files should be owned by root user. oval:gov.nist.usgcb.rhel:def:20147 The iptables service should be enabled. oval:gov.nist.usgcb.rhel:def:20148 The syslog service should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:20146 The ip6tables service should be enabled. oval:gov.nist.usgcb.rhel:def:20136 Accepting redirects from IPv6 routers should be disabled as appropriate for all network interfaces. (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20135 The default setting for accepting IPv6 router advertisements should be disabled for network interfaces. (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20132 Global IPv6 initialization should be disabled. oval:gov.nist.usgcb.rhel:def:20133 IPv6 configuration should be disabled for all interfaces. oval:gov.nist.usgcb.rhel:def:20130 Automatic IPv6 address assignment should be disabled. oval:gov.nist.usgcb.rhel:def:20131 The default setting for IPv6 configuration should be disabled for network interfaces. oval:gov.nist.usgcb.rhel:def:20169 Force a reboot to change audit rules is enabled oval:gov.nist.usgcb.rhel:def:20167 Audit rules about the Files Deletion Events by User (successful and unsuccessful) are enabled oval:gov.nist.usgcb.rhel:def:20168 Audit rules about the System Administrator Actions are enabled oval:gov.nist.usgcb.rhel:def:20165 Audit rules about the Information on the Use of Privileged Commands are enabled oval:gov.nist.usgcb.rhel:def:20166 Audit rules about the Information on Exporting to Media (successful) are enabled oval:gov.nist.usgcb.rhel:def:20163 Audit rules about the Discretionary Access Control Permission Modi���cation Events are enabled oval:gov.nist.usgcb.rhel:def:20164 Audit rules about the Unauthorized Access Attempts to Files (unsuccessful) are enabled oval:gov.nist.usgcb.rhel:def:20161 Audit rules about the Logon and Logout Events are enabled oval:gov.nist.usgcb.rhel:def:20162 Audit rules about the Process and Session Initiation Information are enabled oval:gov.nist.usgcb.rhel:def:20160 Audit rules about the System���s Mandatory Access Controls are enabled oval:gov.nist.usgcb.rhel:def:20158 Audit rules about User/Group Information are enabled oval:gov.nist.usgcb.rhel:def:20159 Audit rules about the System���s Network Environment are enabled oval:gov.nist.usgcb.rhel:def:20156 The auditd service should be enabled. oval:gov.nist.usgcb.rhel:def:20157 Look for argument audit=1 in the kernel line in /boot/grub/grub.conf oval:gov.nist.usgcb.rhel:def:20154 The logrotate (syslog rotater) service should be enabled. oval:gov.nist.usgcb.rhel:def:20152 Syslog logs should be sent to a remote loghost oval:gov.nist.usgcb.rhel:def:20153 RSyslogd should reject remote messages oval:gov.nist.usgcb.rhel:def:20150 All syslog log files should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20151 File permissions for all syslog log files should be set correctly. oval:gov.nist.usgcb.rhel:def:20068 Login access to non-root system accounts should be disabled oval:gov.nist.usgcb.rhel:def:20069 Login access to accounts without passwords should be disabled oval:gov.nist.usgcb.rhel:def:20066 Command access to the root account should be restricted to the wheel group. oval:gov.nist.usgcb.rhel:def:20064 Login prompts on serial ports should be disabled. oval:gov.nist.usgcb.rhel:def:20065 The wheel group should exist oval:gov.nist.usgcb.rhel:def:20063 Logins through the primary console device should be disabled oval:gov.nist.usgcb.rhel:def:20059 Kernel support for the XD/NX processor feature should be enabled oval:gov.nist.usgcb.rhel:def:20057 ExecShield should be enabled oval:gov.nist.usgcb.rhel:def:20058 ExecShield randomized placement of virtual memory regions should be enabled oval:gov.nist.usgcb.rhel:def:20055 Core dumps for all users should be disabled oval:gov.nist.usgcb.rhel:def:20056 Core dumps for setuid programs should be disabled oval:gov.nist.usgcb.rhel:def:20053 The daemon umask should be set as appropriate oval:gov.nist.usgcb.rhel:def:20051 All files should be owned by a group oval:gov.nist.usgcb.rhel:def:20052 All world writable directories should be owned by a system user oval:gov.nist.usgcb.rhel:def:20050 All files should be owned by a user oval:gov.nist.usgcb.rhel:def:20088 The default umask for all users should be set correctly for the csh shell oval:gov.nist.usgcb.rhel:def:20089 The default umask for all users should be set correctly oval:gov.nist.usgcb.rhel:def:20086 File permissions should be set correctly for the home directories for all user accounts. oval:gov.nist.usgcb.rhel:def:20087 The default umask for all users should be set correctly for the bash shell oval:gov.nist.usgcb.rhel:def:20084 The passwords to remember should be set correctly. oval:gov.nist.usgcb.rhel:def:20085 The PATH variable should be set correctly for user root oval:gov.nist.usgcb.rhel:def:20083 The password hashing algorithm should be set correctly. oval:gov.nist.usgcb.rhel:def:20077 NIS file inclusions should be set appropriately in the /etc/passwd file oval:gov.nist.usgcb.rhel:def:20075 NIS file inclusions should be set appropriately in the /etc/shadow file oval:gov.nist.usgcb.rhel:def:20076 NIS file inclusions should be set appropriately in the /etc/group file oval:gov.nist.usgcb.rhel:def:20073 The "maximum password age" policy should meet minimum requirements. oval:gov.nist.usgcb.rhel:def:20074 The password warn age should be set appropriately oval:gov.nist.usgcb.rhel:def:20071 The password minimum length should be set appropriately oval:gov.nist.usgcb.rhel:def:20072 The "minimum password age" policy should meet minimum requirements. oval:gov.nist.usgcb.rhel:def:20070 Anonymous root logins are disabled oval:gov.nist.usgcb.rhel:def:20097 The ability for users to perform interactive startups should be disabled. oval:gov.nist.usgcb.rhel:def:20095 The grub boot loader should have password protection enabled oval:gov.nist.usgcb.rhel:def:20096 The requirement for a password to boot into single-user mode should be configured correctly. oval:gov.nist.usgcb.rhel:def:20093 The /boot/grub/grub.conf file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20094 File permissions for /boot/grub/grub.conf should be set correctly. oval:gov.nist.usgcb.rhel:def:202456 Use only approved ciphers oval:gov.nist.usgcb.rhel:def:20092 The /boot/grub/grub.conf file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:202455 PermitUserEnvironment should be disabled oval:gov.nist.usgcb.rhel:def:20090 The default umask for all users should be set correctly oval:gov.nist.usgcb.rhel:def:202885 Clients require LDAP servers to provide valid certificates for SSL communications. oval:gov.nist.usgcb.rhel:def:200695 Check that passwords are shadowed oval:gov.nist.usgcb.rhel:def:20208 The /etc/crontab file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20209 The /etc/crontab file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20205 The crond service should be enabled. oval:gov.nist.usgcb.rhel:def:20200 The bluetooth service should be disabled. oval:gov.nist.usgcb.rhel:def:20201 The hidd service should be disabled. oval:gov.nist.usgcb.rhel:def:20228 File permissions for /etc/cron.d should be set correctly. oval:gov.nist.usgcb.rhel:def:20226 File permissions for /etc/cron.weekly should be set correctly. oval:gov.nist.usgcb.rhel:def:20227 File permissions for /etc/cron.monthly should be set correctly. oval:gov.nist.usgcb.rhel:def:20224 File permissions for /etc/cron.hourly should be set correctly. oval:gov.nist.usgcb.rhel:def:20225 File permissions for /etc/cron.daily should be set correctly. oval:gov.nist.usgcb.rhel:def:20222 The /etc/cron.monthly file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20223 The /etc/cron.d file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20220 The /etc/cron.daily file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20221 The /etc/cron.weekly file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20219 The /etc/cron.hourly file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20217 The /etc/cron.monthly file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20218 The /etc/cron.d file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20215 The /etc/cron.daily file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20216 The /etc/cron.weekly file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20213 File permissions for /etc/anacrontab should be set correctly. oval:gov.nist.usgcb.rhel:def:20214 The /etc/cron.hourly file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20211 The /etc/anacrontab file should be owned by the appropriate group. oval:gov.nist.usgcb.rhel:def:20212 The /etc/anacrontab file should be owned by the appropriate user. oval:gov.nist.usgcb.rhel:def:20210 File permissions for /etc/crontab should be set correctly. oval:gov.nist.usgcb.rhel:def:20248 Disable the ability to provide remote graphical display oval:gov.nist.usgcb.rhel:def:20249 Enable warning banner for GUI login oval:gov.nist.usgcb.rhel:def:20244 Remote connections from accounts with empty passwords should be disabled (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20245 SSH warning banner should be enabled (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20242 SSH host-based authentication should be disabled (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20243 Root login via SSH should be disabled (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20240 The SSH ClientAliveCountMax should be set to an appropriate value (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20241 Emulation of the rsh command through the ssh server should be disabled (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20239 The SSH idle timout interval should be set to an appropriate value (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20238 SSH version 1 protocol support should be disabled. (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20235 SSH should be uninstalled oval:gov.nist.usgcb.rhel:def:20234 The sshd service should be disabled. oval:gov.nist.usgcb.rhel:def:20268 The dhcpd service should be enabled or disabled as appropriate. oval:gov.nist.usgcb.rhel:def:20269 The dhcp package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20266 The hplip service should be disabled. oval:gov.nist.usgcb.rhel:def:20250 The avahi-daemon service should be disabled. oval:gov.nist.usgcb.rhel:def:20289 The ldap service should be disabled. oval:gov.nist.usgcb.rhel:def:20287 The sendmail service should be disabled. oval:gov.nist.usgcb.rhel:def:20283 A remote NTP Server for time synchronization should be specified (and dependencies are met) oval:gov.nist.usgcb.rhel:def:20281 The ntpd service should be enabled. oval:gov.nist.usgcb.rhel:def:20187 The kdump service should be disabled. oval:gov.nist.usgcb.rhel:def:20186 The isdn service should be disabled. oval:gov.nist.usgcb.rhel:def:20181 The ypbind service should be disabled. oval:gov.nist.usgcb.rhel:def:20182 The tftp-server package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20180 The ypserv package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20177 The rsh-server package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20174 The telnet-server package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20172 The inetd package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20173 The xinetd package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20170 The inetd service should be disabled. oval:gov.nist.usgcb.rhel:def:20171 The xinetd service should be disabled. oval:gov.nist.usgcb.rhel:def:178160 The libuser library imports login_defs from a file as appropriate. oval:gov.nist.usgcb.rhel:def:20196 The readahead_early service should be disabled. oval:gov.nist.usgcb.rhel:def:20197 The readahead_later service should be disabled. oval:gov.nist.usgcb.rhel:def:20193 Disable Zeroconf automatic route assignment in the 169.245.0.0 subnet. oval:gov.nist.usgcb.rhel:def:200155 >Verify the integrity of installed packages by comparing the installed ���les with information about the ���les taken from the package metadata stored in the RPM database. oval:gov.nist.usgcb.rhel:def:20305 The nodev option should be enabled for all NFS mounts oval:gov.nist.usgcb.rhel:def:20306 The nosuid option should be enabled for all NFS mounts oval:gov.nist.usgcb.rhel:def:20303 The nfs service should be disabled oval:gov.nist.usgcb.rhel:def:20304 The rpcsvcgssd service should be disabled oval:gov.nist.usgcb.rhel:def:20323 The httpd package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20322 The httpd service should be disabled. oval:gov.nist.usgcb.rhel:def:20317 The vsftpd service should be disabled. oval:gov.nist.usgcb.rhel:def:20312 The bind package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20311 The named service should be disabled. oval:gov.nist.usgcb.rhel:def:200855 Check each directory in root's path and make use it does not grant write permission to group and other oval:gov.nist.usgcb.rhel:def:20341 The squid service should be disabled. oval:gov.nist.usgcb.rhel:def:20342 The squid package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20340 The smb service should be disabled. oval:gov.nist.usgcb.rhel:def:20332 The dovecot package should be uninstalled. oval:gov.nist.usgcb.rhel:def:20331 The dovecot service should be disabled. oval:gov.nist.usgcb.rhel:def:20365 The snmpd service should be disabled. oval:gov.nist.usgcb.rhel:def:20366 The net-snmp package should be uninstalled. oval:gov.nist.usgcb.rhel:def:200801 The "account deny" policy should meet minimum requirements. oval:gov.nist.usgcb.rhel:def:20295 The netfs service should be disabled. oval:gov.nist.usgcb.rhel:def:20296 The portmap service should be disabled. oval:gov.nist.usgcb.rhel:def:20293 The rpcgssd service should be disabled. oval:gov.nist.usgcb.rhel:def:20294 The rpcidmapd service should be disabled. oval:gov.nist.usgcb.rhel:def:20292 The nfslock service should be disabled. oval:gov.nist.usgcb.rhel:def:200065 The GPG key should be installed. oval:org.secpod.oval:def:500306 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, ... oval:org.secpod.oval:def:500536 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running ... oval:org.secpod.oval:def:500672 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the us ... oval:org.secpod.oval:def:500260 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could ... oval:org.secpod.oval:def:24746 The host is installed with busybox in RHEL 5 or 6 and is prone to an unprivileged arbitrary module load vulnerability. A flaw is present in the application, which fails to handle basename abuse. Successful exploitation could allow attackers to load arbitrary module. oval:org.secpod.oval:def:500178 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker co ... oval:org.secpod.oval:def:500947 FreeRADIUS is an open-source Remote Authentication Dial-In User Service server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" mod ... oval:org.secpod.oval:def:505492 The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.626. Security Fix: * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bu ... oval:org.secpod.oval:def:500738 The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab fi ... oval:org.secpod.oval:def:21830 The host is installed with qt, qt3 or qt4 before 5.3 and is prone to a denial of service vulnerability. A flaw is present in the applications, which fail to properly handle invalid width and height values in a GIF image. Successful exploitation allows remote attackers to cause a denial of service (N ... oval:org.secpod.oval:def:500095 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could send a specially-craf ... oval:org.secpod.oval:def:500866 The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package"s post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack ... oval:org.secpod.oval:def:500785 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw in the xfrm6_tunnel_rcv function in the Linux kernel"s IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv. A remote attack ... oval:org.secpod.oval:def:500343 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an ... oval:org.secpod.oval:def:500106 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode and xc_try_lzma_decode decode routines did not correctly check for a possible buffer size overflow in the de ... oval:org.secpod.oval:def:500193 The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment . An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to ... oval:org.secpod.oval:def:500066 vsftpd is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted ... oval:org.secpod.oval:def:500022 SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivil ... oval:org.secpod.oval:def:500201 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500230 The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory moun ... oval:org.secpod.oval:def:500242 Logwatch is a customizable log analysis system. Logwatch parses through your system"s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create ... oval:org.secpod.oval:def:500125 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. A flaw was found in the Hot ... oval:org.secpod.oval:def:500142 Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they ... oval:org.secpod.oval:def:500045 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain ... oval:org.secpod.oval:def:500386 Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition table from a font"s character map and the Unicode property database. If ... oval:org.secpod.oval:def:500187 Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an applicatio ... oval:org.secpod.oval:def:500252 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The javaws command can be used to launch Java Web Start applications. A public static field declaration allowed untrusted JNLP applications to read privileged data. A remote attacker could dire ... oval:org.secpod.oval:def:500052 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user perfo ... oval:org.secpod.oval:def:500373 Exim is a mail transport agent developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim"s internal string_vformat function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exi ... oval:org.secpod.oval:def:500216 Exim is a mail transport agent developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as ... oval:org.secpod.oval:def:500475 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for R ... oval:org.secpod.oval:def:500751 The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the ... oval:org.secpod.oval:def:500350 SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately san ... oval:org.secpod.oval:def:500329 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user run ... oval:org.secpod.oval:def:500392 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Progr ... oval:org.secpod.oval:def:500681 Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango"s pango_glyph_string_set_size function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the p ... oval:org.secpod.oval:def:500507 udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-spa ... oval:org.secpod.oval:def:500513 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500691 The International Components for Unicode library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possib ... oval:org.secpod.oval:def:500663 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual M ... oval:org.secpod.oval:def:500553 Little Color Management System is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these fl ... oval:org.secpod.oval:def:500543 Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check th ... oval:org.secpod.oval:def:500656 GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker ... oval:org.secpod.oval:def:500525 libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libs ... oval:org.secpod.oval:def:500689 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500665 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execut ... oval:org.secpod.oval:def:500494 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Sever ... oval:org.secpod.oval:def:500188 The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. ... oval:org.secpod.oval:def:500501 The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib d ... oval:org.secpod.oval:def:500305 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:500407 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricte ... oval:org.secpod.oval:def:500026 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgi ... oval:org.secpod.oval:def:500049 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:500600 Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, such as SLIP and PPP connections. It was discovered that fetchmail is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.50 ... oval:org.secpod.oval:def:500709 Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execu ... oval:org.secpod.oval:def:500774 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS re ... oval:org.secpod.oval:def:500782 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font , Glyph Bitmap Distribution Format , Windows .fnt and .fon, and PostScript ... oval:org.secpod.oval:def:500873 teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two hea ... oval:org.secpod.oval:def:500855 Perl DBI is a database access Application Programming Interface for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an ap ... oval:org.secpod.oval:def:501167 Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially craft ... oval:org.secpod.oval:def:501186 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing ... oval:org.secpod.oval:def:500039 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center . A buffer overflow flaw was found in the MIT krb5 telnet daemon . A remote attacker who can access the telnet ... oval:org.secpod.oval:def:501024 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending ... oval:org.secpod.oval:def:500211 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messa ... oval:org.secpod.oval:def:20998 The host is installed with libX11 before 1.5.99.902 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unbounded recursion. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20995 The host is installed with libXi before 1.7.2 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20996 The host is installed with libX11 before 1.5.99.902 and is prone to multiple array index vulnerabilities. The flaws are present in the application, which fails to properly handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the serv ... oval:org.secpod.oval:def:20994 The host is installed with libXi before 1.7.2 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to an unexpected sign extension in the XListInputDevices function. Successful exploitation could allow attack ... oval:org.secpod.oval:def:20988 The host is installed with libXrandr before 1.4.1 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XRRQueryOutputProperty and (2) XRRQueryProviderProperty functions. Successful exploitation ... oval:org.secpod.oval:def:20987 The host is installed with libXt before 1.1.4 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle unchecked function pointers. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20985 The host is installed with libXt before 1.1.4 and is prone to an array index error vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the _XtResourceConfigurationEH function. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:20983 The host is installed with libXxf86vm before 1.1.3 and is prone to a multiple array index vulnerability. A flaw is present in the application, which fails to handle crafted length or index values to the XF86VidModeGetGammaRamp function. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:20992 The host is installed with libXi before 1.7.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XGetDeviceControl, (2) XGetFeedbackControl, (3) XGetDeviceDontPropagateList, (4) XGetDeviceMoti ... oval:org.secpod.oval:def:20990 The host is installed with libXtst 1.2.1 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors related to the XRecordGetContext function. Successful exploitation could allow attackers to trigger allocation of insuff ... oval:org.secpod.oval:def:20978 The host is installed with libXcursor 1.1.13 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the _XcursorFileHeaderCreate function. Successful exploitation could allow attackers to trigger allocation of insuffi ... oval:org.secpod.oval:def:20975 The host is installed with libXv before 1.0.8 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted length or index values. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:20976 The host is installed with libXinerama before 1.1.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle crafted vectors related to the XineramaQueryScreens function. Successful exploitation could allow attackers to trigger allocation of insu ... oval:org.secpod.oval:def:20974 The host is installed with libXv before 1.0.8 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted vectors related to the (1) XvQueryPortAttributes, (2) XvListImageFormats, and (3) XvCreateImage function. Successful exploi ... oval:org.secpod.oval:def:20966 The host is installed with libXfixes 5.0 or earlier and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted vectors related to the XFixesGetCursorImage function. Successful exploitation could allow attackers to lead to a heap-ba ... oval:org.secpod.oval:def:20968 The host is installed with libXext before 1.3.2 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) ... oval:org.secpod.oval:def:21004 The host is installed with libX11 before 1.5.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle vectors related to the (1) XQueryFont, (2) _XF86BigfontQueryFont, (3) XListFontsWithInfo, (4) XGetMotionEvents, (5) ... oval:org.secpod.oval:def:21003 The host is installed with Common Unix Printing System (CUPS) before 1.7.2 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted URL patch. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:500542 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module att ... oval:org.secpod.oval:def:500162 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could u ... oval:org.secpod.oval:def:500551 Python is an interpreted, interactive, object-oriented programming language. When the assert system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory ... oval:org.secpod.oval:def:500744 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel"s XFS file system implementation handled links with overly long path names. A local, unprivileged user ... oval:org.secpod.oval:def:500086 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged ... oval:org.secpod.oval:def:500151 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. * IPv6 fragment identification value generation could allow a remote at ... oval:org.secpod.oval:def:500120 eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file sys ... oval:org.secpod.oval:def:500764 SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemT ... oval:org.secpod.oval:def:500466 SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules . It was discovered that staprun did not properly ... oval:org.secpod.oval:def:500060 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A missing boundary check was found in the dvb_ca_ioctl function in the Linux kernel"s av7110 module. On systems that use old DVB cards that require the av7110 modu ... oval:org.secpod.oval:def:500153 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in ... oval:org.secpod.oval:def:500136 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq could allow a local, unprivileged user to cause a denial of service or escalate their privileges. * A race condition ... oval:org.secpod.oval:def:500224 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Ente ... oval:org.secpod.oval:def:500885 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path ... oval:org.secpod.oval:def:500434 Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh messages. A configured BGP peer could send a specially-crafted BGP message ... oval:org.secpod.oval:def:500077 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ... oval:org.secpod.oval:def:500758 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays in Ruby. An attacker able to supply a large number of inputs to a Ruby app ... oval:org.secpod.oval:def:500256 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the sctp_icmp_proto_unreachable function in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could use ... oval:org.secpod.oval:def:500416 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not han ... oval:org.secpod.oval:def:500100 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if th ... oval:org.secpod.oval:def:500105 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. Users of ... oval:org.secpod.oval:def:500465 PostgreSQL is an advanced object-relational database management system . PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will ... oval:org.secpod.oval:def:500348 Pluggable Authentication Modules provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inhe ... oval:org.secpod.oval:def:500735 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ... oval:org.secpod.oval:def:500098 The GIMP is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP"s Microsoft Windows Bitmap and Personal Computer eXchange image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, wh ... oval:org.secpod.oval:def:500150 Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can pr ... oval:org.secpod.oval:def:500457 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input co ... oval:org.secpod.oval:def:500294 MikMod is a MOD music file player for Linux, UNIX, and similar operating systems. It supports various file formats including MOD, STM, S3M, MTM, XM, ULT, and IT. Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially-crafted music files in various format ... oval:org.secpod.oval:def:500321 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox"s plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execut ... oval:org.secpod.oval:def:500317 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to cre ... oval:org.secpod.oval:def:500467 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not per ... oval:org.secpod.oval:def:500814 Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays in Python. An attacker able to supply a large number of inputs to a Python application that are used as keys when inserting data into an array ... oval:org.secpod.oval:def:500383 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ... oval:org.secpod.oval:def:500158 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:500222 Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" valu ... oval:org.secpod.oval:def:500254 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:500370 Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the pr ... oval:org.secpod.oval:def:500693 Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authe ... oval:org.secpod.oval:def:500376 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the P ... oval:org.secpod.oval:def:500409 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org pa ... oval:org.secpod.oval:def:500429 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially-crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated repl ... oval:org.secpod.oval:def:500291 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, ... oval:org.secpod.oval:def:500515 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published "null prefix attack&qu ... oval:org.secpod.oval:def:500606 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library does not always reliably terminate output from the sasl_encode64 function used by programs using this library. The Cyrus IMAP server relied on thi ... oval:org.secpod.oval:def:500686 cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different t ... oval:org.secpod.oval:def:500582 The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be ... oval:org.secpod.oval:def:500637 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Cer ... oval:org.secpod.oval:def:500545 SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail "map_yp_alias" function. If SquirrelMail was configured to retrieve a user"s IMAP server address from a Network Information Service server via the "map_yp ... oval:org.secpod.oval:def:500548 SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. The Red Hat Squir ... oval:org.secpod.oval:def:500624 SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic dis ... oval:org.secpod.oval:def:500660 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin O ... oval:org.secpod.oval:def:500495 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ... oval:org.secpod.oval:def:500567 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with ... oval:org.secpod.oval:def:500651 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found ... oval:org.secpod.oval:def:500537 The Cluster Manager utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities with the output of th ... oval:org.secpod.oval:def:500605 The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim r ... oval:org.secpod.oval:def:500611 Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ... oval:org.secpod.oval:def:500635 OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ... oval:org.secpod.oval:def:500104 Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing u ... oval:org.secpod.oval:def:500138 Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, ... oval:org.secpod.oval:def:500753 BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncomp ... oval:org.secpod.oval:def:500070 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the u ... oval:org.secpod.oval:def:500731 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicio ... oval:org.secpod.oval:def:500727 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker- ... oval:org.secpod.oval:def:500796 ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that ... oval:org.secpod.oval:def:500180 The RPM Package Manager is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package ... oval:org.secpod.oval:def:500772 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could ... oval:org.secpod.oval:def:500790 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType , used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary ... oval:org.secpod.oval:def:500788 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType , used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox ... oval:org.secpod.oval:def:36409 The host is installed with Perl on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploiation could allow attackers to access directories without permissions. oval:org.secpod.oval:def:35692 The host is installed with RHEL 5 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle invalid utf-8 encoded data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:500244 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of byt ... oval:org.secpod.oval:def:500887 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript"s International Color Consortium Format library . An att ... oval:org.secpod.oval:def:500057 SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stap ... oval:org.secpod.oval:def:500886 The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an a ... oval:org.secpod.oval:def:500777 The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, w ... oval:org.secpod.oval:def:500783 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by send ... oval:org.secpod.oval:def:500198 Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool . If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a sp ... oval:org.secpod.oval:def:500067 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:500263 The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd us ... oval:org.secpod.oval:def:500108 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw in the dccp_rcv_state_process function could allow a remote attacker to cause a denial of service, even when the socket was already closed. * Multiple buff ... oval:org.secpod.oval:def:500258 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the apr_fnmatch function when the APR_FNM_PATHNAME matching flag was u ... oval:org.secpod.oval:def:500072 Postfix is a Mail Transport Agent , supporting LDAP, SMTP AUTH , and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd ... oval:org.secpod.oval:def:500073 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the d ... oval:org.secpod.oval:def:500137 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500239 PostgreSQL is an advanced object-relational database management system . A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-cra ... oval:org.secpod.oval:def:500443 The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a ... oval:org.secpod.oval:def:500716 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions& ... oval:org.secpod.oval:def:500310 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request ... oval:org.secpod.oval:def:500603 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user run ... oval:org.secpod.oval:def:500422 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for s ... oval:org.secpod.oval:def:500640 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript"s Internation ... oval:org.secpod.oval:def:500601 The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String escape sequences. An attacker could create a malicious text file that could run arbitrary commands if read by a victim inside an xterm window. All xterm ... oval:org.secpod.oval:def:500641 eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.4. These updated ecryptfs-utils packages have been upgraded to upstream version 75, which p ... oval:org.secpod.oval:def:500622 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacke ... oval:org.secpod.oval:def:500491 LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp ... oval:org.secpod.oval:def:500897 The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ... oval:org.secpod.oval:def:500721 Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in ar ... oval:org.secpod.oval:def:500704 The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references ... oval:org.secpod.oval:def:500706 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ... oval:org.secpod.oval:def:500928 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ... oval:org.secpod.oval:def:500116 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using l ... oval:org.secpod.oval:def:500650 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially-crafted TIFF file, which once ... oval:org.secpod.oval:def:500219 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. An arbitrary me ... oval:org.secpod.oval:def:500194 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with ... oval:org.secpod.oval:def:500207 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user runnin ... oval:org.secpod.oval:def:500139 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found ... oval:org.secpod.oval:def:500200 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500055 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. ... oval:org.secpod.oval:def:500189 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500051 Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: Thi ... oval:org.secpod.oval:def:500155 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to a ... oval:org.secpod.oval:def:500042 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: JavaScript ... oval:org.secpod.oval:def:500011 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to saf ... oval:org.secpod.oval:def:500717 The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis ... oval:org.secpod.oval:def:500710 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ma ... oval:org.secpod.oval:def:500740 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious ... oval:org.secpod.oval:def:500767 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws were found in the ... oval:org.secpod.oval:def:500769 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Two flaws were found in t ... oval:org.secpod.oval:def:500805 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500806 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: CVE-2011-3101 only af ... oval:org.secpod.oval:def:500848 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:500849 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could byp ... oval:org.secpod.oval:def:500850 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A malicious web page could ... oval:org.secpod.oval:def:500877 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a ma ... oval:org.secpod.oval:def:500878 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malici ... oval:org.secpod.oval:def:500904 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500905 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Two flaws in Thunderbird co ... oval:org.secpod.oval:def:500908 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project ... oval:org.secpod.oval:def:500909 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner to execute arbitrary code with the pri ... oval:org.secpod.oval:def:500915 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or ca ... oval:org.secpod.oval:def:500916 Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. Red ... oval:org.secpod.oval:def:500926 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500927 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A buffer overflow flaw was ... oval:org.secpod.oval:def:500559 BIND is an implementation of the DNS protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing atta ... oval:org.secpod.oval:def:500809 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object d ... oval:org.secpod.oval:def:500838 libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents . An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libw ... oval:org.secpod.oval:def:500804 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an ... oval:org.secpod.oval:def:500861 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption infor ... oval:org.secpod.oval:def:500853 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sendi ... oval:org.secpod.oval:def:500912 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox ... oval:org.secpod.oval:def:501390 The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or ... oval:org.secpod.oval:def:500734 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execu ... oval:org.secpod.oval:def:500742 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:500748 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use ... oval:org.secpod.oval:def:500334 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the MySQL PolyFromWKB function did not sanity check Well-Known Binary data. A remote, authenticated attacker could use specially-crafted WKB d ... oval:org.secpod.oval:def:500752 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ... oval:org.secpod.oval:def:500755 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:500757 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, exec ... oval:org.secpod.oval:def:500766 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to ... oval:org.secpod.oval:def:500773 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ... oval:org.secpod.oval:def:500789 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ... oval:org.secpod.oval:def:500840 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:500846 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ... oval:org.secpod.oval:def:500851 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc"s formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections ... oval:org.secpod.oval:def:500852 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This co ... oval:org.secpod.oval:def:500860 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use th ... oval:org.secpod.oval:def:500803 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ... oval:org.secpod.oval:def:500811 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret ... oval:org.secpod.oval:def:500876 The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc"s functions for converting ... oval:org.secpod.oval:def:500881 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packa ... oval:org.secpod.oval:def:500883 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to wri ... oval:org.secpod.oval:def:500036 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:500050 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500482 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use th ... oval:org.secpod.oval:def:500010 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... oval:org.secpod.oval:def:500012 PostgreSQL is an advanced object-relational database management system . A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character ... oval:org.secpod.oval:def:500900 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client c ... oval:org.secpod.oval:def:500950 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This er ... oval:org.secpod.oval:def:500952 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user cou ... oval:org.secpod.oval:def:500953 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysql ... oval:org.secpod.oval:def:500954 Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there ... oval:org.secpod.oval:def:500962 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format fonts. If a user loaded a sp ... oval:org.secpod.oval:def:500964 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged ... oval:org.secpod.oval:def:500965 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Jav ... oval:org.secpod.oval:def:500967 ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw t ... oval:org.secpod.oval:def:500968 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to byp ... oval:org.secpod.oval:def:500970 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. It was discov ... oval:org.secpod.oval:def:500972 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox res ... oval:org.secpod.oval:def:500973 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that, after ca ... oval:org.secpod.oval:def:500974 The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications . The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man- ... oval:org.secpod.oval:def:500975 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500919 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel"s memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged use ... oval:org.secpod.oval:def:500934 Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals. It was found that the HP CUPS fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwritin ... oval:org.secpod.oval:def:500935 The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.den ... oval:org.secpod.oval:def:500936 Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture ... oval:org.secpod.oval:def:500938 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files wit ... oval:org.secpod.oval:def:500939 Tcl provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found ... oval:org.secpod.oval:def:500940 These packages provide various libraries and tools for the Simple Network Management Protocol . An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use t ... oval:org.secpod.oval:def:500941 GIMP Toolkit is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ , would cause th ... oval:org.secpod.oval:def:500942 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500943 SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attemptin ... oval:org.secpod.oval:def:500944 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500945 The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, p ... oval:org.secpod.oval:def:500946 The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface . System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its ... oval:org.secpod.oval:def:500948 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY dir ... oval:org.secpod.oval:def:500949 The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews ... oval:org.secpod.oval:def:500558 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted ne ... oval:org.secpod.oval:def:501002 dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib into be ... oval:org.secpod.oval:def:501004 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain uni ... oval:org.secpod.oval:def:500157 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way ... oval:org.secpod.oval:def:501005 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ... oval:org.secpod.oval:def:501009 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Buffer overflow flaws were found in the udf_load_logicalvol function in the Universal Disk Format file system implementation in the Linux kernel. An attacker with ... oval:org.secpod.oval:def:501010 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ... oval:org.secpod.oval:def:501015 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501014 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501019 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner to crash or execute arbitrary code with the ... oval:org.secpod.oval:def:501018 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby"s REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service b ... oval:org.secpod.oval:def:500171 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client" ... oval:org.secpod.oval:def:501023 Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. Red Hat would like to thank the Mozilla project f ... oval:org.secpod.oval:def:501025 Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticator#authenticate , it was possible to bypass the security constraint checks in the FORM authenticato ... oval:org.secpod.oval:def:501030 The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc routine in Boost sanitized the "next_size" and "max_size" parameters when allocating memory. If an ap ... oval:org.secpod.oval:def:501032 Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to cr ... oval:org.secpod.oval:def:501037 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501036 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:500127 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:501081 The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to cras ... oval:org.secpod.oval:def:501083 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501086 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing informat ... oval:org.secpod.oval:def:501085 The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. The sosreport utility collected the Kickstart configuration file , but did not remove the root user"s password f ... oval:org.secpod.oval:def:501088 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501089 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby"s SSL client"s hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could poten ... oval:org.secpod.oval:def:501091 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501095 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501096 The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perfo ... oval:org.secpod.oval:def:501099 The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCP ... oval:org.secpod.oval:def:500196 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java ... oval:org.secpod.oval:def:501044 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ... oval:org.secpod.oval:def:501048 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corrup ... oval:org.secpod.oval:def:501049 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending t ... oval:org.secpod.oval:def:501053 The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service fl ... oval:org.secpod.oval:def:501055 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501054 The Apache HTTP Server is a popular web server. Cross-site scripting flaws were found in the mod_proxy_balancer module"s manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary w ... oval:org.secpod.oval:def:501057 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501060 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old ... oval:org.secpod.oval:def:501062 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the owne ... oval:org.secpod.oval:def:501061 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ... oval:org.secpod.oval:def:501067 Mesa provides a 3D graphics API that is compatible with Open Graphics Library . It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to c ... oval:org.secpod.oval:def:501069 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center . It was found that kadmind"s kpasswd service did not perform any validation on incoming network packets, causi ... oval:org.secpod.oval:def:501071 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501075 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that Thunderbi ... oval:org.secpod.oval:def:501076 cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when proce ... oval:org.secpod.oval:def:500209 Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tool ... oval:org.secpod.oval:def:500226 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:500633 ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker ... oval:org.secpod.oval:def:500655 SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user"s authentication, i ... oval:org.secpod.oval:def:500664 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker cou ... oval:org.secpod.oval:def:500666 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted ne ... oval:org.secpod.oval:def:501147 Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, exe ... oval:org.secpod.oval:def:500251 Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that web applications could modify the location of the Tomcat host"s work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web applica ... oval:org.secpod.oval:def:501100 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501103 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501102 Chip/Smart Card Interface Devices is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID d ... oval:org.secpod.oval:def:505583 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501164 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ... oval:org.secpod.oval:def:501168 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A maliciou ... oval:org.secpod.oval:def:501172 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target syste ... oval:org.secpod.oval:def:501174 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untru ... oval:org.secpod.oval:def:501173 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format fonts. A malicious, local user could exploit this iss ... oval:org.secpod.oval:def:501181 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Xen hypervisor did not always lock "page_alloc_lock" and "grant_table.lock" in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw ... oval:org.secpod.oval:def:501180 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. A ... oval:org.secpod.oval:def:501189 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discove ... oval:org.secpod.oval:def:501190 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:501192 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash o ... oval:org.secpod.oval:def:501191 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:501193 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:501198 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:505551 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:501199 PostgreSQL is an advanced object-relational database management system . Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL ... oval:org.secpod.oval:def:505556 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime E ... oval:org.secpod.oval:def:500713 The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 re ... oval:org.secpod.oval:def:500715 XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG images. A web page containing a malicious PNG image could cause an application linked against XULRunner to crash or, potential ... oval:org.secpod.oval:def:500732 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this f ... oval:org.secpod.oval:def:500733 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, ex ... oval:org.secpod.oval:def:500791 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause ... oval:org.secpod.oval:def:500793 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls . An a ... oval:org.secpod.oval:def:500346 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker coul ... oval:org.secpod.oval:def:500776 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network i ... oval:org.secpod.oval:def:500779 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:500780 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite"s Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, ... oval:org.secpod.oval:def:500781 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to cr ... oval:org.secpod.oval:def:500394 bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing ma ... oval:org.secpod.oval:def:21799 The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ... oval:org.secpod.oval:def:505617 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security ale ... oval:org.secpod.oval:def:505619 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:34615 The host is installed with Squid and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the applications, which fails to handle crafted UDP SNMP request. Successful exploitation allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. oval:org.secpod.oval:def:501268 Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was ... oval:org.secpod.oval:def:501270 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501203 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:501211 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501210 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. S ... oval:org.secpod.oval:def:501214 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote a ... oval:org.secpod.oval:def:501216 Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Styleshee ... oval:org.secpod.oval:def:501218 Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ... oval:org.secpod.oval:def:501221 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker ... oval:org.secpod.oval:def:501224 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ... oval:org.secpod.oval:def:501223 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when pro ... oval:org.secpod.oval:def:502177 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:21826 The host is installed with GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. Successful exploitation allo ... oval:org.secpod.oval:def:501295 Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the "class" parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application ... oval:org.secpod.oval:def:501296 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:505660 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Se ... oval:org.secpod.oval:def:500856 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ... oval:org.secpod.oval:def:500857 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was en ... oval:org.secpod.oval:def:500864 The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-leng ... oval:org.secpod.oval:def:505254 This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.7. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime E ... oval:org.secpod.oval:def:500807 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ... oval:org.secpod.oval:def:500808 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious ... oval:org.secpod.oval:def:500446 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this is ... oval:org.secpod.oval:def:501316 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501319 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:500870 The GIMP is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP"s Adobe Photoshop image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to ... oval:org.secpod.oval:def:500889 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ... oval:org.secpod.oval:def:500890 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A ma ... oval:org.secpod.oval:def:501365 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ... oval:org.secpod.oval:def:501367 New mysql55-mysql packages are now available for Red Hat Enterprise Linux 5. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. The mysql55-mysql package, provided as a Software Collection, contains MySQL version ... oval:org.secpod.oval:def:501369 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc"s ... oval:org.secpod.oval:def:501368 Updated mysql packages that fix several bugs are now available for Red Hat Enterprise Linux 6. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the ... oval:org.secpod.oval:def:501372 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501371 Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overf ... oval:org.secpod.oval:def:501375 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501379 Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server usin ... oval:org.secpod.oval:def:501380 Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject"s Common Name field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.50 ... oval:org.secpod.oval:def:501383 Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center . A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC databas ... oval:org.secpod.oval:def:501385 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. It contains a DNS server , a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain vers ... oval:org.secpod.oval:def:501384 Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they ... oval:org.secpod.oval:def:501386 Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center . It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm function to derefer ... oval:org.secpod.oval:def:500061 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this fl ... oval:org.secpod.oval:def:501393 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:501321 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:500483 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:501331 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile function of nmbd, the NetBIOS message bloc ... oval:org.secpod.oval:def:501336 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501335 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:500490 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:501340 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501343 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use th ... oval:org.secpod.oval:def:501348 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501350 The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install up ... oval:org.secpod.oval:def:500021 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ... oval:org.secpod.oval:def:501357 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:500029 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to ca ... oval:org.secpod.oval:def:500906 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ... oval:org.secpod.oval:def:21521 The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SROPTZR. Successful exploitation could allow attackers to affect availability oval:org.secpod.oval:def:21522 The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRCHAR. Successful exploitation could allow attackers to affect availability oval:org.secpod.oval:def:21516 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs protocol reply. Successful exploitation could allow attackers to execute arbitrary code oval:org.secpod.oval:def:21517 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted xfs reply. Successful exploitation could allow attackers to execute arbitrary code oval:org.secpod.oval:def:21515 The host is installed with libXfont before 1.4.8 or 1.4.9x before 1.4.99.901 and is prone to multiple integer overflow vulnerabilities. The flaws are present in the application, which fails to handle vectors related to metadata. Successful exploitation could allow attackers to gain privileges by add ... oval:org.secpod.oval:def:21518 The host is installed with mysql55-mysql 5.5.35 or earlier or mariadb55-mariadb 5.5.35 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENFED. Successful exploitation could allow attackers to affect availability oval:org.secpod.oval:def:21519 The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to SRINFOSC. Successful exploitation could allow attackers to affect confidentia ... oval:org.secpod.oval:def:21520 The host is installed with mysql55-mysql 5.5.37 or earlier or mariadb55-mariadb 5.5.37 or earlier and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to ENARC. Successful exploitation could allow attackers to affect availability oval:org.secpod.oval:def:500985 The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provid ... oval:org.secpod.oval:def:500910 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A rem ... oval:org.secpod.oval:def:500929 These packages contain the Linux kernel. Security fixes: * A race condition in the way asynchronous I/O and fallocate interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. * A flaw in the way the Xen hypervisor implementation range checked gues ... oval:org.secpod.oval:def:500932 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when op ... oval:org.secpod.oval:def:501401 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ... oval:org.secpod.oval:def:501405 OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ... oval:org.secpod.oval:def:501414 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ... oval:org.secpod.oval:def:500574 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501422 The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message p ... oval:org.secpod.oval:def:501426 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501429 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:500585 The kdelibs packages provide libraries for the K Desktop Environment . A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the use ... oval:org.secpod.oval:def:501433 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java ... oval:org.secpod.oval:def:501435 Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the ... oval:org.secpod.oval:def:501438 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ... oval:org.secpod.oval:def:501484 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501485 Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. It was found ... oval:org.secpod.oval:def:501008 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use ... oval:org.secpod.oval:def:501011 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-vi ... oval:org.secpod.oval:def:501031 Apache Axis is an implementation of SOAP . It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject"s Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attac ... oval:org.secpod.oval:def:501035 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use th ... oval:org.secpod.oval:def:501039 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:500596 The kdegraphics packages contain applications for the K Desktop Environment . Scalable Vector Graphics is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element i ... oval:org.secpod.oval:def:500117 The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, ... oval:org.secpod.oval:def:501447 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ... oval:org.secpod.oval:def:501450 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:501460 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501463 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501468 The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, descripti ... oval:org.secpod.oval:def:501467 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exp ... oval:org.secpod.oval:def:501470 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requireme ... oval:org.secpod.oval:def:500141 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large res ... oval:org.secpod.oval:def:501477 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd"s crypto_recv, ctl_putdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet ... oval:org.secpod.oval:def:501090 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ... oval:org.secpod.oval:def:501092 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to sen ... oval:org.secpod.oval:def:501047 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo did not limit the a ... oval:org.secpod.oval:def:501056 Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange . IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. When using Opportunistic Encryption, Opensw ... oval:org.secpod.oval:def:501064 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cip ... oval:org.secpod.oval:def:500626 The kdelibs packages provide libraries for the K Desktop Environment . A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could ... oval:org.secpod.oval:def:505484 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Se ... oval:org.secpod.oval:def:505491 IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Detailed vulnerability descriptions are linked from the IBM Security aler ... oval:org.secpod.oval:def:500683 The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format ... oval:org.secpod.oval:def:501545 The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied ... oval:org.secpod.oval:def:501546 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr ... oval:org.secpod.oval:def:501549 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501551 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:500630 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, ca ... oval:org.secpod.oval:def:501503 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501502 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon . A malicious Samba client could send spe ... oval:org.secpod.oval:def:501507 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501506 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501121 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attac ... oval:org.secpod.oval:def:501120 Vino is a Virtual Network Computing server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw ... oval:org.secpod.oval:def:501123 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:501122 The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the ... oval:org.secpod.oval:def:501125 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. It was found that the Thund ... oval:org.secpod.oval:def:501124 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send ... oval:org.secpod.oval:def:501126 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruptio ... oval:org.secpod.oval:def:501128 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbit ... oval:org.secpod.oval:def:501132 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:500288 Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers . A malicious client could send a specially-crafted SMB request to the Sam ... oval:org.secpod.oval:def:501136 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a cli ... oval:org.secpod.oval:def:501139 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ... oval:org.secpod.oval:def:501149 The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer and Transport Layer Security protocols, using the Network Security Services security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory conte ... oval:org.secpod.oval:def:501151 The GIMP is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System image dump files. A remote attacker could provide a specially crafted XWD image file that, ... oval:org.secpod.oval:def:501154 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE- ... oval:org.secpod.oval:def:501157 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileg ... oval:org.secpod.oval:def:501101 SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS and PAM interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed ... oval:org.secpod.oval:def:500257 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:501109 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web p ... oval:org.secpod.oval:def:500264 The International Components for Unicode library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application ... oval:org.secpod.oval:def:501114 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap- ... oval:org.secpod.oval:def:501113 The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group co ... oval:org.secpod.oval:def:501115 X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use ... oval:org.secpod.oval:def:501117 These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead ... oval:org.secpod.oval:def:501119 The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtu ... oval:org.secpod.oval:def:500720 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged use ... oval:org.secpod.oval:def:501641 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:501651 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ... oval:org.secpod.oval:def:501652 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. ... oval:org.secpod.oval:def:501660 OpenLDAP is an open source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and docum ... oval:org.secpod.oval:def:501603 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ... oval:org.secpod.oval:def:501626 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer . An attac ... oval:org.secpod.oval:def:501630 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:501637 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ... oval:org.secpod.oval:def:501691 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU"s NE2000 NIC emulation implementation handled certain packets received over the network. A privi ... oval:org.secpod.oval:def:24038 The host is installed with xen through 3.0.3-142 and is prone to a denial of service vulnerability. A flaw is present in x86 emulator in xen, which does not properly ignore segment overrides for instructions with register operands. Successful exploitation allows local guest users to obtain sensitive ... oval:org.secpod.oval:def:500844 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * The fix for CVE-2011-1083 introduced a flaw in the way the Linux kernel"s Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use ... oval:org.secpod.oval:def:500802 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the data_len parameter of the sock_alloc_send_pskb function in the Linux kernel"s networking implementation was not validated before use. A local ... oval:org.secpod.oval:def:24536 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24539 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501781 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel"s Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file ... oval:org.secpod.oval:def:24540 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24541 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501784 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ... oval:org.secpod.oval:def:24542 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24543 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501786 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME re ... oval:org.secpod.oval:def:24544 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:24545 The host is installed with MySQL 5.1.73 and earlier on Red Hat Enterprise Linux 6, MySQL 5.0.95 and earlier on Red Hat Enterprise Linux 5, mariadb 5.5.41 and earlier on Red Hat Enterprise Linux 7 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handl ... oval:org.secpod.oval:def:501304 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:501306 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ... oval:org.secpod.oval:def:501796 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix: * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet cou ... oval:org.secpod.oval:def:500871 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel"s dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could us ... oval:org.secpod.oval:def:501733 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ... oval:org.secpod.oval:def:501736 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malfor ... oval:org.secpod.oval:def:501756 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ... oval:org.secpod.oval:def:501757 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address P ... oval:org.secpod.oval:def:500065 The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local ... oval:org.secpod.oval:def:501320 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ... oval:org.secpod.oval:def:501883 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ... oval:org.secpod.oval:def:501885 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled packets with ... oval:org.secpod.oval:def:501471 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ... oval:org.secpod.oval:def:501473 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote at ... oval:org.secpod.oval:def:501476 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS fault on an erroneous return to user space. A local, unprivileged user could use this flaw to es ... oval:org.secpod.oval:def:501947 Xen is a virtual machine monitor Security Fix: * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/pr ... oval:org.secpod.oval:def:501948 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes ... oval:org.secpod.oval:def:501558 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:501559 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the ... oval:org.secpod.oval:def:501563 The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FD ... oval:org.secpod.oval:def:501565 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501572 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access o ... oval:org.secpod.oval:def:501571 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501588 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501591 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. I ... oval:org.secpod.oval:def:501599 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remot ... oval:org.secpod.oval:def:500794 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:500797 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:501084 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:501078 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:500891 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ... oval:org.secpod.oval:def:501170 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Linux kernel"s device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data ... oval:org.secpod.oval:def:501195 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use t ... oval:org.secpod.oval:def:21806 The host is installed with curl before 7.38.0 and is prone to an unspecified vulnerability. A flaw is present in the application, which does not properly handle IP addresses in cookie domain names. Successful exploitation allows remote attackers to set cookies for or send arbitrary cookies to certai ... oval:org.secpod.oval:def:21805 The host is installed with python before 2.7.8 and is prone to an integer overflow vulnerability. A flaw is present in the application, which does not properly handle a large size and offset in a "buffer" function. Successful exploitation allows context-dependent attackers to obtain sensitive inform ... oval:org.secpod.oval:def:501459 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:501098 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ... oval:org.secpod.oval:def:501963 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ... oval:org.secpod.oval:def:501962 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled a query respo ... oval:org.secpod.oval:def:501802 Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix: * Multiple flaws were found in Samba"s DCE/RPC protocol implementation. A remote, authentic ... oval:org.secpod.oval:def:501804 Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix: * A protocol flaw, publicly referred to as Badlock, was found in the ... oval:org.secpod.oval:def:36404 The host installed with kernel package on RHEL 5, 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a networking challenge ack. Successful exploitation could allow attackers to determine the shared counter. oval:org.secpod.oval:def:36844 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. oval:org.secpod.oval:def:37803 The host installed with kernel package on RHEL 5, 6 or 7 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the copy-on-write (COW) breakage of private read-only memory mappings. Successful exploitation could allow attackers to ... oval:org.secpod.oval:def:501888 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A race condition was found in the way the Linux kernel"s memory subsystem handled the copy-on-write breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to ... oval:org.secpod.oval:def:501849 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectl ... oval:org.secpod.oval:def:501851 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to complete ... oval:org.secpod.oval:def:501867 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw t ... oval:org.secpod.oval:def:501873 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501875 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ... oval:org.secpod.oval:def:501874 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND constructed a respons ... oval:org.secpod.oval:def:501877 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501925 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ... oval:org.secpod.oval:def:501937 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501943 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privil ... oval:org.secpod.oval:def:501942 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute ar ... oval:org.secpod.oval:def:501944 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix: * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary ... oval:org.secpod.oval:def:501946 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501949 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501903 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: * A denial of service flaw was found in the way BIND handled responses con ... oval:org.secpod.oval:def:501972 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501971 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501976 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ... oval:org.secpod.oval:def:501989 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501990 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501961 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:24760 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted BMP image. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:24752 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:501155 The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan JPEG markers. A remote attacker co ... oval:org.secpod.oval:def:500714 Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw was found in Ghostscript"s TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF fi ... oval:org.secpod.oval:def:500564 The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm , .pgm , .pnm , .ppm , and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image f ... oval:org.secpod.oval:def:500191 Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Sever ... oval:org.secpod.oval:def:500276 The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm , .pgm , .pnm , .ppm , and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the J ... oval:org.secpod.oval:def:500463 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ... oval:org.secpod.oval:def:500068 Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other pe ... oval:org.secpod.oval:def:500413 The w3m program is a pager that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted ce ... oval:org.secpod.oval:def:21813 The host is installed with D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20 or 1.8.x before 1.8.4 and is prone to a denial of service vulnerability. A flaw is present in the application, which sends an accessdenied error to the service instead of a client when the client is prohibited from accessing t ... oval:org.secpod.oval:def:500204 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user coul ... oval:org.secpod.oval:def:500214 D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with ... oval:org.secpod.oval:def:500330 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the io_submit_one function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use t ... oval:org.secpod.oval:def:500339 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * instances of unsafe sprintf use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could r ... oval:org.secpod.oval:def:500375 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in ot ... oval:org.secpod.oval:def:500436 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * when an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause ... oval:org.secpod.oval:def:500456 teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScrip ... oval:org.secpod.oval:def:500487 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The rds_page_copy_user function in the Linux kernel Reliable Datagram Sockets protocol implementation was missing sanity checks. A local, unprivileged user could u ... oval:org.secpod.oval:def:500488 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The CUPS "texttops" filter converts text files to PostScript. A missing memory allocation failure check flaw, leading to a NULL pointer dereference, was found in the CUPS "texttops" fi ... oval:org.secpod.oval:def:500492 The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitra ... oval:org.secpod.oval:def:500076 The kernel packages contain the Linux kernel. Security fix: * A flaw in skb_gro_header_slow in the Linux kernel could lead to GRO fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. Red Hat would like to thank Brent Meshi ... oval:org.secpod.oval:def:500099 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the igb driver in the Linux kernel. If both the Single Root I/O Virtualization feature and promiscuous mode were enab ... oval:org.secpod.oval:def:500569 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when op ... oval:org.secpod.oval:def:500577 Poppler is a Portable Document Format rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler to crash or, potentially, execute arbitrary code when op ... oval:org.secpod.oval:def:500514 The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format files. Multiple integer overflow flaws were found in KPDF"s JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, ... oval:org.secpod.oval:def:500156 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Linux kernel"s garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service . * A ... oval:org.secpod.oval:def:500678 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The CUPS "pdftops" filter converts Portable Document Format files to PostScript. Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a malicio ... oval:org.secpod.oval:def:500284 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the ecryptfs_uid_hash function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport ... oval:org.secpod.oval:def:500255 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in sctp_packet_config in the Linux kernel"s Stream Control Transmission Protocol implementation. A remote attacker could use this flaw to cause a ... oval:org.secpod.oval:def:501932 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Jav ... oval:org.secpod.oval:def:500632 The sudo utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands ... oval:org.secpod.oval:def:500408 OpenLDAP is an open source suite of LDAP applications and development tools. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick appli ... oval:org.secpod.oval:def:500508 Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was found in Dovecot"s ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. A password disclosu ... oval:org.secpod.oval:def:500529 The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code ... oval:org.secpod.oval:def:501659 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501658 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501661 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. T ... oval:org.secpod.oval:def:501665 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:501673 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501672 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:501629 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501635 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. N ... oval:org.secpod.oval:def:501680 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to c ... oval:org.secpod.oval:def:31663 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation after several attempts could cause it to run out of memory oval:org.secpod.oval:def:31660 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to properly handle an invalid length field. Successful exploitation could could cause a buffer overflow potentially resulting in m ... oval:org.secpod.oval:def:31661 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could cause a buffer overflow potentially resulting in in null byte being w ... oval:org.secpod.oval:def:31662 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a large number of crafted requests. Successful exploitation could prevent clients from getting a usable reply f ... oval:org.secpod.oval:def:31656 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a mode 6 or mode 7 packet containing an unusually long data. Successful exploitation could allow attackers to c ... oval:org.secpod.oval:def:31657 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31658 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:31659 The host is installed with ntp on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a packet with particular autokey operations. Successful exploitation could allow attackers to crash ntpd. oval:org.secpod.oval:def:501715 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501765 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbi ... oval:org.secpod.oval:def:501770 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. R ... oval:org.secpod.oval:def:501780 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially cr ... oval:org.secpod.oval:def:501785 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. M ... oval:org.secpod.oval:def:501727 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ... oval:org.secpod.oval:def:501732 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501739 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A ... oval:org.secpod.oval:def:501753 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501755 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501759 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501806 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:501811 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a ne ... oval:org.secpod.oval:def:501812 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501823 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to comp ... oval:org.secpod.oval:def:501827 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix: * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitr ... oval:org.secpod.oval:def:501836 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501839 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501846 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501855 Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with t ... oval:org.secpod.oval:def:501869 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix: * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute a ... oval:org.secpod.oval:def:501936 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:26768 The host is installed with kernel on RHEL 5, 6, or 7 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle kernel's virtio-net handled fragmented packets. Successful exploitation could allow attackers to send crafted packets to a target ... oval:org.secpod.oval:def:46444 Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. oval:org.secpod.oval:def:501982 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A use-after-free flaw was found in the way the Linux kernel"s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option ... oval:org.secpod.oval:def:500377 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A directory traversal flaw was discovered in Pidgin"s MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that ... oval:org.secpod.oval:def:500476 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidg ... oval:org.secpod.oval:def:500480 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin"s MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE ... oval:org.secpod.oval:def:500505 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin"s MSN protocol handler. If a user received a malicious MSN message, it was possible to execute ... oval:org.secpod.oval:def:500586 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in th ... oval:org.secpod.oval:def:500610 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query is an Extensible Messaging and Presence Protocol specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP ... oval:org.secpod.oval:def:500685 Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol . If a Pidgin client initiates a f ... oval:org.secpod.oval:def:500396 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a ... oval:org.secpod.oval:def:500518 The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performin ... oval:org.secpod.oval:def:500455 The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax encryption and signing tool, handled X.509 certificat ... oval:org.secpod.oval:def:500363 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple flaws were found in the mmap and mremap implementations. A local user could use these flaws to cause a local denial of service or escalate their privilege ... oval:org.secpod.oval:def:500285 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . A use-after-free flaw was discovered in the MIT Kerberos administration daemon, kadmind. A remote, authentica ... oval:org.secpod.oval:def:500400 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote at ... oval:org.secpod.oval:def:500657 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs ... oval:org.secpod.oval:def:500575 libxml is a library for parsing and manipulating XML files. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could prov ... oval:org.secpod.oval:def:500539 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ... oval:org.secpod.oval:def:500729 SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions message that ... oval:org.secpod.oval:def:500697 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP ... oval:org.secpod.oval:def:500658 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ... oval:org.secpod.oval:def:500623 Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center . The Generic Security Service Application Program Interface definition provides security services to callers ... oval:org.secpod.oval:def:500614 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A flaw was discovered in libpng that could result in libpng trying to free random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an applicat ... oval:org.secpod.oval:def:500645 Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ... oval:org.secpod.oval:def:501624 The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java ... oval:org.secpod.oval:def:501585 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ... oval:org.secpod.oval:def:501593 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certa ... oval:org.secpod.oval:def:501730 The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially construc ... oval:org.secpod.oval:def:34289 The host is installed with Apple iTunes before 12.4.2 and is prone to a memory corruption vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation allows attackers to crash the service. oval:org.secpod.oval:def:501772 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ... oval:org.secpod.oval:def:501829 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ... oval:org.secpod.oval:def:501749 The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel"s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in ... oval:org.secpod.oval:def:501498 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s splice system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus cr ... oval:org.secpod.oval:def:501161 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:501163 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:501631 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc"s getaddr ... oval:org.secpod.oval:def:501208 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such inpu ... oval:org.secpod.oval:def:501215 The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol , including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which us ... oval:org.secpod.oval:def:21800 The host is installed with net-snmp 5.7.0 and earlier and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted SNMP trap message. Successful exploitation allows remote attackers to cause a denial of service. oval:org.secpod.oval:def:501377 The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail"s formail utility. A remote attacker could send an email with spe ... oval:org.secpod.oval:def:501394 The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell . Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environme ... oval:org.secpod.oval:def:501893 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:501492 The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc"s ... oval:org.secpod.oval:def:25173 The host is installed with ruby on Red Hat Enterprise Linux 5, 6 or 7 and is prone to a RFC 6125 violation vulnerability. A flaw is present in the application, which fails to properly verify host names against X.509 certificate names with wildcards. Successful exploitation could cause Ruby TLS/SSL c ... oval:org.secpod.oval:def:501555 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ... oval:org.secpod.oval:def:501134 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:501156 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:24749 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted tiff image. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24750 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24751 The host is installed with libtiff on RHEL 5, 6 or 7 and is prone to multiple out-of-bounds read vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24753 The host is installed with libtiff in RHEL 5, 6 or 7 and is prone to a divide by zero vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:501110 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:501197 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful ... oval:org.secpod.oval:def:501269 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of ... oval:org.secpod.oval:def:501202 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command function in the Linux kernel"s QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unpriv ... oval:org.secpod.oval:def:21820 The host is installed with Linux kernel through 3.17.2 and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle the writing of a non-canonical address to a model-specific register. Successful exploitation allows guest OS users to cause a ... oval:org.secpod.oval:def:501299 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and ... oval:org.secpod.oval:def:501313 The libtasn1 library provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions. It was discovered that the asn1_get_bit_der function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specia ... oval:org.secpod.oval:def:501376 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ... oval:org.secpod.oval:def:501381 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s futex subsystem handled reference counting when requeuing futexes during futex_wait. A local, unprivileged user could use this flaw to zero out the reference counter ... oval:org.secpod.oval:def:501387 The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel"s system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kerne ... oval:org.secpod.oval:def:501341 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check function in the Linux kernel"s implementation of Reliable Datagram Sockets . A local, unprivileged user could use this flaw to crash the system. ... oval:org.secpod.oval:def:501458 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a n ... oval:org.secpod.oval:def:501093 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ... oval:org.secpod.oval:def:501552 The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel"s Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the verbs API. A local user with access to a /dev/infiniba ... oval:org.secpod.oval:def:501130 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled , an attacker on the local network could disable IPv6 temporary address gen ... oval:org.secpod.oval:def:501183 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501182 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:501382 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information fr ... oval:org.secpod.oval:def:501345 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:501159 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way ... oval:org.secpod.oval:def:501022 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments . A local user with th ... oval:org.secpod.oval:def:501455 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload feature was enabled. A remote at ... oval:org.secpod.oval:def:501082 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. * An information leak was found in the Linux ker ... oval:org.secpod.oval:def:501041 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use t ... oval:org.secpod.oval:def:501046 Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate ... oval:org.secpod.oval:def:501073 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel"s Stream Control Transmission Protocol implementation handled duplicate cookies. If a local user queried SCTP connect ... oval:org.secpod.oval:def:501104 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the madvise system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of ... oval:org.secpod.oval:def:500799 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:500842 The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, ... oval:org.secpod.oval:def:500800 PostgreSQL is an advanced object-relational database management system . The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command mi ... oval:org.secpod.oval:def:500893 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:500894 PostgreSQL is an advanced object-relational database management system . It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations ... oval:org.secpod.oval:def:501118 PostgreSQL is an advanced object-relational database management system . An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially cra ... oval:org.secpod.oval:def:500771 OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. ... oval:org.secpod.oval:def:500739 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory p ... oval:org.secpod.oval:def:500320 The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in loa ... oval:org.secpod.oval:def:500325 The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch compression algorithm. If a victim expanded a specially-crafted archive, it could cause ... oval:org.secpod.oval:def:500326 The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS s ... oval:org.secpod.oval:def:500347 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500367 Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, e ... oval:org.secpod.oval:def:500384 OpenLDAP is an open source suite of LDAP applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd d ... oval:org.secpod.oval:def:500424 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat ... oval:org.secpod.oval:def:500425 The libpng packages contain a library of functions for creating and manipulating PNG image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted ... oval:org.secpod.oval:def:500471 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variab ... oval:org.secpod.oval:def:500500 neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SS ... oval:org.secpod.oval:def:500937 The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language parser. Visiting a malicious ... oval:org.secpod.oval:def:500687 FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the F ... oval:org.secpod.oval:def:500287 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:500299 MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command . An authenticated database user co ... oval:org.secpod.oval:def:501339 The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a thread ... oval:org.secpod.oval:def:500902 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way socket buffers requiring TSO were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue ... oval:org.secpod.oval:def:500322 The gd packages provide a graphics library used for the dynamic creation of images, such as PNG and JPEG. A missing input sanitization flaw, leading to a buffer overflow, was discovered in the gd library. A specially-crafted GD image file could cause an application using the gd library to crash or, ... oval:org.secpod.oval:def:500486 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP"s exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PH ... oval:org.secpod.oval:def:500328 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb function in the Linux kernel Stream Control Transmission Protocol implementation. A remote attacker could send a specially-crafted S ... oval:org.secpod.oval:def:500393 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * an array index error was found in the gdth driver. A local user could send a specially-crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation. * a flaw was ... oval:org.secpod.oval:def:500366 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the IPv6 Extension Header handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_h ... oval:org.secpod.oval:def:500810 Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML fil ... oval:org.secpod.oval:def:500401 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Unidirectional Lightweight Encapsulation implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream fra ... oval:org.secpod.oval:def:500417 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sendin ... oval:org.secpod.oval:def:500037 Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the curr ... oval:org.secpod.oval:def:500921 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged ... oval:org.secpod.oval:def:500534 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signatu ... oval:org.secpod.oval:def:500595 The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A rem ... oval:org.secpod.oval:def:500617 The Linux kernel These updated packages contain 730 bug fixes and enhancements for the Linux kernel. Space precludes a detailed description of each of these changes in this advisory and users are therefore directed to the release notes for Red Hat Enterprise Linux 5.3 for information on 97 of the m ... oval:org.secpod.oval:def:500644 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws ... oval:org.secpod.oval:def:500497 The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable ... oval:org.secpod.oval:def:500506 The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. ... oval:org.secpod.oval:def:500571 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * a NULL pointer dereference flaw was found in the Multiple Devices driver in the Linux kernel. If the "suspend_lo" or "suspend_hi" file on the sysfs file system is modified when ... oval:org.secpod.oval:def:500520 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in t ... oval:org.secpod.oval:def:500599 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then writ ... oval:org.secpod.oval:def:500625 PostgreSQL is an advanced object-relational database management system . It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authe ... oval:org.secpod.oval:def:500701 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the ... oval:org.secpod.oval:def:500315 Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running ... oval:org.secpod.oval:def:500435 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ... oval:org.secpod.oval:def:500454 Sendmail is a very widely used Mail Transport Agent . MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Li ... oval:org.secpod.oval:def:500472 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s sessio ... oval:org.secpod.oval:def:500496 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws ... oval:org.secpod.oval:def:500498 Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management , and shared library linking. Network Security Services i ... oval:org.secpod.oval:def:500533 The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. An insufficient input validation flaw was found in the way libvorbis processes the codec file h ... oval:org.secpod.oval:def:500684 Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash o ... oval:org.secpod.oval:def:500700 The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impactin ... oval:org.secpod.oval:def:500313 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw ... oval:org.secpod.oval:def:500316 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL protocols ... oval:org.secpod.oval:def:500332 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime provides platform independence f ... oval:org.secpod.oval:def:500412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ... oval:org.secpod.oval:def:500485 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the ... oval:org.secpod.oval:def:500493 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or ... oval:org.secpod.oval:def:500503 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a logic error was found in the do_setlk function of the Linux kernel Network File System implementation. If a signal interrupted a lock request, the local POSIX l ... oval:org.secpod.oval:def:500530 The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. * a buffer overflow in ... oval:org.secpod.oval:def:500531 The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. A denial of service flaw was found in the Apach ... oval:org.secpod.oval:def:500674 apr-util is a utility library used with the Apache Portable Runtime . It aims to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing, and more. An off-by-one overflow ... oval:org.secpod.oval:def:500675 The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client"s session . This could force the server to process an attacker"s request as if ... oval:org.secpod.oval:def:500698 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support fo ... oval:org.secpod.oval:def:500639 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * memory leaks were found on some error paths in the icmp_send function in the Linux kernel. This could, potentially, cause the network connectivity to cease. * Chris Evans reported a deficiency in ... oval:org.secpod.oval:def:500598 The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices. It was discovered that the multipathd daemon set incorrect permission ... oval:org.secpod.oval:def:500602 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP"s mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to cra ... oval:org.secpod.oval:def:500440 PyXML provides XML libraries for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces, and an interface to the Expat parser. A buffer over-read flaw was found in the way PyXML"s Expat parser handled malformed UTF-8 sequences when proc ... oval:org.secpod.oval:def:500499 Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. All expat use ... oval:org.secpod.oval:def:500277 Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow a ... oval:org.secpod.oval:def:500836 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500837 PostgreSQL is an advanced object-relational database management system . A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contai ... oval:org.secpod.oval:def:500841 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:500652 The Network Time Protocol is used to synchronize a computer"s time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated a ... oval:org.secpod.oval:def:500004 The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch function used an unconstrained recursion when processing patterns with the "*" wildcard. An at ... oval:org.secpod.oval:def:501318 The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel"s floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could ... oval:org.secpod.oval:def:500719 The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, ... |
