Download
| Alert*
oval:org.secpod.oval:def:400070
The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues: CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to ... oval:org.secpod.oval:def:400075 Sun Java received several security fixes and was updated to: - Sun Java 1.6.0 to Update 11-b03 - Sun Java 1.5.0 to Update 17 - Sun Java 1.4.2 to Update 19 Numerous security issues such as privilege escalations, and sandbox breakouts were fixed. CVE-2008-5357, CVE-2008-5342, CVE-2008-2086, CVE-2008-5 ... oval:org.secpod.oval:def:400098 The Mozilla Firefox browsers and XUL engines were updated to the current stable releases fixing lots of bugs and various security issues. SUSE Linux Enterprise 10 SP2, SP3, SUSE Linux Enterprise 11 and openSUSE 11.2 were updated to Firefox 3.5.6. openSUSE 11.0 and 11.1 were updated to Firefox 3.0.16 ... oval:org.secpod.oval:def:400076 The Mozilla Firefox Browser was updated to the 3.0.8 release. It fixes two critical security issues: CVE-2009-1044: Security researcher Nils reported via TippingPoint"s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects w ... oval:org.secpod.oval:def:400090 Subversion is a revision control system, which is mainly used for code development. The ibsvn_delta library is vulnerable to integer overflows while processing svndiff streams, this leads to overflows on the heap because of insufficient memory allocation. This bug can be exploited by clients with co ... oval:org.secpod.oval:def:400001 openSUSE 11.1 is installed oval:org.secpod.oval:def:400067 Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. We cannot upgrade to newer versions due to library dependencies. We strongly encourage user ... oval:org.secpod.oval:def:400059 Note: This advisory was resent because the list of packages was wrong. The flash-player is a web-browser plugin that allows displaying animated web-content and remote access to client hardware . A specially crafted Shockwave-Flash file could cause a buffer overflow in the flash-player plugin. This ... oval:org.secpod.oval:def:400053 Specially crafted AES and RC4 packets could allow unauthenticated remote attackers to trigger an integer underflow that leads to heap memory corruption CVE-2009-4212. Remote attackers could potentially exploit that to execute arbitrary code. openSUSE 11.2 is also affected by the following problem: S ... oval:org.secpod.oval:def:400042 Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. Following security issues have been fixed: CVE-2010-0159: Mozilla develope ... oval:org.secpod.oval:def:400062 The DNS daemon bind is used to resolve and lookup addresses on the inter- net. Some month ago a vulnerability in the DNS protocol and its numbers was published that allowed easy spoofing of DNS entries. The only way to pro- tect against spoofing is to use DNSSEC. Unfortunately the bind code that ver ... oval:org.secpod.oval:def:400083 Joachim Breitner discovered that the default DBus system policy was too permissive. In fact the default policy was to allow all calls on the bus. Many services expected that the default was to deny everything and therefore only installed rules that explicitly allow certain calls with the result that ... oval:org.secpod.oval:def:400095 The Sun JDK 5 was updated to Update18 and the Sun JDK 6 was updated to Update 13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit and Java Runtime Environment 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and ... oval:org.secpod.oval:def:400092 Specially crafted zone update packets could trigger an exception in bind causing it to exit. The attack works if BIND is master for a zone even if zone updates are not configured CVE-2009-0696. oval:org.secpod.oval:def:400011 Mozilla Firefox was updated to update 3.6.13 to fix several security issues. Also Mozilla Thunderbird and Seamonkey were updated on openSUSE. Following security issues were fixed: MFSA 2010-74: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox a ... oval:org.secpod.oval:def:400036 Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once per browsing sessi ... oval:org.secpod.oval:def:400079 This update of the Adobe Acrobat Reader acroread to version 8.1.6 fixes the following vulnerabilities: - CVE-2009-1855: stack overflow that could lead to code execution - CVE-2009-1856: integer overflow with potential to lead to arbitrary code execution - CVE-2009-1857: memory corruption with potent ... oval:org.secpod.oval:def:400074 The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by untrusted applets and ... oval:org.secpod.oval:def:400065 The DHCP client could be crashed by a malicious DHCP server sending an overlong subnet field CVE-2009-0692. In theory a malicious DHCP server could exploit the flaw to execute arbitrary code as root on machines using dhclient to obtain network settings. Newer distributions do have buffer overflow ... oval:org.secpod.oval:def:400086 Adobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim"s system via specially crafted PDF files. oval:org.secpod.oval:def:400088 A security update was released for the Adobe Flash Player 10. Specially crafted Flash files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. Fixed packages for Adobe Flash Player 9 will hopefully be released in the new year. oval:org.secpod.oval:def:400091 The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values were not checked and considered successful verification. Prior to this update it was possible to bypass the certification chain checks of openssl. This advisory is fo ... oval:org.secpod.oval:def:400028 The unprivileged user exim is running as could tell the exim daemon to read a different config file and leverage that to escalate privileges to root CVE-2010-4345. A buffer overflow in exim allowed remote attackers to execute arbitrary code CVE-2010-4344. openSUSE 11.3 is not affected by this flaw. oval:org.secpod.oval:def:400093 Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. CVE-2009-1185 Fixed packages have bee ... oval:org.secpod.oval:def:400094 The advisory was resent because the previous one contained the wrong Announcement ID. The code library glib2 provides base64 encoding and decoding functions that are vulnerable to integer overflows when processing very large strings. Processes using this library functions for processing data from th ... oval:org.secpod.oval:def:400064 Various Mozilla browser suite programs were updated to the last security release. The Mozilla Firefox 3.0.5 browser, Seamonkey 1.1.14 and xulrunner190 update were already published before Christmas, please see SUSE-SA:2008:058. Mozilla Firefox for older products was updated to 2.0.0.19 and Mozilla T ... oval:org.secpod.oval:def:400027 The Samba server was updated to fix security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chain_reply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra care that a mo ... oval:org.secpod.oval:def:400030 This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTab ... oval:org.secpod.oval:def:400063 The Mozilla Firefox browser is updated to version 3.0.6 fixing various security and stability issues. CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory ... oval:org.secpod.oval:def:400057 Specially crafted PDF documents could crash acroread or even lead to execution of arbitrary code. oval:org.secpod.oval:def:400072 The Common Unix Printing System, CUPS, is a printing server for unix-like operating systems. It allows a local user to print documents as well as remote users via port 631/tcp. There were two security vulnerabilities fixed in cups. The first one can be triggered by a specially crafted tiff file. Thi ... oval:org.secpod.oval:def:400046 The SUSE Linux Enterprise 11 GA and openSUSE 11.1 kernels were updated to fix 3 critical security issues. Following security bugs were fixed: CVE-2010-3301: Mismatch between 32bit and 64bit register usage in the system call entry paths could be used by local attackers to gain root privileges. This p ... oval:org.secpod.oval:def:400060 The bind DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already . Also this can only happen if the server is setup for DNSSEC. Due to this limitatio ... oval:org.secpod.oval:def:400033 Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Mozilla Thunderbird was updated to version 3.0.8 on openSUSE, fixing the same bugs. Mozilla Seamonkey was updated to version 2.0.8 on openSUSE, fixing the same bugs. A Firefox update for SUSE Linux Enterprise 10 ... oval:org.secpod.oval:def:400085 The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues: * CVE-2009-1833 Crashes with evidence of memory corruption * CVE-2009-1834 URL spoofing with invalid unicode characters * CVE-2009-1835 Arbitrary domain cookie access by local file: resources * CVE ... oval:org.secpod.oval:def:400089 The Kerberos implementation from MIT is vulnerable to four different security issues that range from a remote crash to to possible, but very unlikely, remote code execution. - CVE-2009-0844: The SPNEGO GSS-API implementation can read beyond the end of a buffer which leads to a crash. - CVE-2009-084 ... oval:org.secpod.oval:def:400058 The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. Updates are provided for openSUSE 11.0 and 11.1 currently, backports for other Mozilla Firefox browsers and Mozilla Suite programs will follow. CVE-2009-0773 / CVE-2009-0774: Mozilla developers iden ... oval:org.secpod.oval:def:400023 The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel were updated to 2.6.27.45 fixing various bugs and security issues. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance fu ... oval:org.secpod.oval:def:400044 The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues. Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo Ethernet frame handling could be use by link-local remote attackers to crash the machine, bypass ... oval:org.secpod.oval:def:400071 The SUSE Linux Enterprise 11 and openSUSE 11.1 Kernel was updated to 2.6.27.39 fixing various bugs and security issues. Following security issues have been fixed: CVE-2009-3547: A race condition during pipe open could be used by local attackers to cause a denial of service. CVSS v2 Base Score: 6.9 ... oval:org.secpod.oval:def:400068 The Mozilla Firefox was updated to current stable versions on all affected Linux products. openSUSE 10.3,11.0 and 11.1: Firefox was updated to the current stable branch version 3.0.14. These updates were already released on September 21st. The SUSE Linux Enterprise 11 products were upgraded to Mozil ... oval:org.secpod.oval:def:400096 The MozillaFirefox 3.0.12 release fixes various bugs and some critical security issues. CVE-2009-2464 / CVE-2009-2466: Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes sh ... oval:org.secpod.oval:def:400100 The Linux kernel was updated for SUSE Linux Enterprise 11 and openSUSE 11.1 fixing lots of bugs and some security issues. The kernel was also updated to the 2.6.27.21 stable release. CVE-2009-1072: nfsd in the Linux kernel does not drop the CAP_MKNOD capability before handling a user request in a th ... oval:org.secpod.oval:def:400066 This update fixes several security issues and lots of bugs in the openSUSE 11.1 kernel. The Linux kernel on openSUSE 11.1 was updated to the stable version 2.6.27.19 and is also now at the same kernel as we are planning to ship with SUSE Linux Enterprise 11. This update introduces kABI changes, so ... oval:org.secpod.oval:def:400077 The Apache web server was updated to fix various security issues: - the option IncludesNOEXEC could be bypassed via .htaccess - mod_proxy could run into an infinite loop when used as reverse proxy - mod_deflate continued to compress large files even after a network connection was closed, causing m ... oval:org.secpod.oval:def:400082 The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache"s mod_ssl was vulnerable to th ... oval:org.secpod.oval:def:400081 This Linux kernel update for SUSE Linux Enterprise 11 and openSUSE 11.1 fixes lots of bugs and some security issues. The kernel was also updated to the 2.6.27.23 stable release. Following security issues have been fixed: CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ... oval:org.secpod.oval:def:400080 The SUSE Linux Enterprise 11 and openSUSE 11.1 kernel was updated to fix various bugs and several security issues. It was also updated to the stable release 2.6.27.25. Following security issues were fixed: CVE-2009-1961: A local denial of service problem in the splice system call was fixed. CVE-2009 ... oval:org.secpod.oval:def:400084 The Linux kernel update fixes the following security issues: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. [SLES9, SLES10-SP2, SLE11, openSUSE] CVE-2009-1389: A crash on r8169 network cards when receiving large pac ... oval:org.secpod.oval:def:400047 The Mozilla Firefox browser was updated to version 3.5.9 fixing lots of bugs and security issues. On openSUSE 11.0 and 11.1 the browser was updated from the 3.0 branch to 3.5.9 Also the Mozilla NSS libraries were updated to version 3.12.6 to fix the CVE-2009-3555 TLS renegotiation issue. Mozilla Thu ... oval:org.secpod.oval:def:400050 The SUSE Linux Enterprise 11 GA Kernel was updated to 2.6.27.48 fixing various bugs and security issues. CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a ... oval:org.secpod.oval:def:400056 The Linux C library glibc was updated to fix critical security issues and several bugs: CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This specific issue ... oval:org.secpod.oval:def:400029 Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors Allowed attackers to cause a memory corruption or possibly even execute arbitrar ... oval:org.secpod.oval:def:400024 Various security issues have been found in the Mozilla suite, and the various browsers have been updated to fix these issues. Mozilla Firefox was brought to the 3.5.11 security release. Mozilla Firefox on openSUSE 11.3 was brought to the 3.6.8 security release. Mozilla Thunderbird was brought to the ... oval:org.secpod.oval:def:400022 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code CVE-2010-2862. This update also incorporate the Adobe Flash Player update APSB10-16 for the bundled flash player parts CVE-2010-2188, CVE-2010-2216 oval:org.secpod.oval:def:400031 Acrobat Reader was updated to version 9.3.3 to fix lots of security issues and bugs, several of whom could be used to execute code by trick the target user to open specially crafted PDFs oval:org.secpod.oval:def:400041 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4 which addresses the issues oval:org.secpod.oval:def:400040 Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.1 which addresses the issues. oval:org.secpod.oval:def:400045 Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue. There currently is no updated version available for the Flash Player version 9 on SUSE Linux Enterprise Desktop 10 Service Pack 3 so far. It will be released as soon as it is available. oval:org.secpod.oval:def:400043 Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service. The Flash Plugin was upgraded to version 10.1.53.64. The following CVE numbers have been assigned: CVE-2010-2160, CVE-2010-2164 ... oval:org.secpod.oval:def:400049 Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code CVE-2009-3953, CVE-2009-3957, CVE-2009-4324. Acrobat reader was updated to version 9.3 to fix the security issues. Note: Due to integration issues with the major version update of acr ... oval:org.secpod.oval:def:400051 Adobe Flash Player was updated to version 10.1.85.3 to fix a vulnerability that allowed remote attackers to crash the player or potentially even cause execution of arbitrary code CVE-2010-2884. oval:org.secpod.oval:def:400087 The Adobe Acrobat Reader &qt acroread &qt received fixes for two vulnerabilities in the JavaScript API that allowed attackers to execute arbitrary code with a malformed PDF file. CVE-2009-1493 oval:org.secpod.oval:def:400078 Specially crafted swf files could cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute code on the victim"s machine CVE-2009-0520, CVE-2009-0521. |