Download
| Alert*
oval:org.secpod.oval:def:702062
openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use tls_session_secret_cb, such as wpa_supplicant. This update fixes the problem. Original advisory ... oval:org.secpod.oval:def:701495 pixman: pixel-manipulation library for X and cairo pixman could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702066 dpkg: Debian package management system A malicious source package could write files outside the unpack directory. oval:org.secpod.oval:def:701938 elfutils: collection of utilities to handle ELF objects elfutils could be made to crash or run programs if it processed a specially crafted file. oval:org.secpod.oval:def:701499 ruby1.8: Object-oriented scripting language - ruby1.9.1: Object-oriented scripting language Several security issues were fixed in Ruby. oval:org.secpod.oval:def:701538 puppet: Centralized configuration management Puppet could be made to overwrite files. oval:org.secpod.oval:def:701659 indicator-datetime: Simple clock The Date and Time Indicator would allow unintended access. oval:org.secpod.oval:def:701932 libgadu: Gadu-Gadu protocol library libgadu could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701485 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702058 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2 ... oval:org.secpod.oval:def:701640 python-django: High-level Python web development framework Several security issues were fixed in Django. oval:org.secpod.oval:def:701522 nss: Network Security Service library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:701523 curl: HTTP, HTTPS, and FTP client and client libraries Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:701524 horizon: Web interface for OpenStack cloud infrastructure Horizon could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701645 cups: Common UNIX Printing System CUPS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701471 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701595 icedtea-web: A web browser plugin to execute Java applets IcedTea Web could be made to expose or alter sensitive information. oval:org.secpod.oval:def:701596 imagemagick: Image manipulation programs and library ImageMagick could be made to crash or run programs if it opened a specially crafted image file. oval:org.secpod.oval:def:701472 lightdm: Display Manager Light Display Manager could be made to expose sensitive information locally. oval:org.secpod.oval:def:702045 mod-wsgi: Python WSGI adapter module for Apache mod_wsgi could be made to run programs as an administrator if it executes a specially crafted file. mod_wsgi could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701594 tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine Several security issues were fixed in Tomcat. oval:org.secpod.oval:def:701519 keystone: OpenStack identity service Keystone access controls could be circumvented via EC2-style tokens. oval:org.secpod.oval:def:701639 python-django: High-level Python web development framework Details: USN-2169-1 fixed vulnerabilities in Django. The upstream security patch for CVE-2014-0472 introduced a regression for certain applications. This update fixes the problem. Original advisory USN-2169-1 introduced a regression in Djang ... oval:org.secpod.oval:def:701479 openssh: secure shell client, for secure access to remote machines OpenSSH could be made to run programs if it received specially crafted network traffic from an authenticated user. oval:org.secpod.oval:def:701631 openssh: secure shell for secure access to remote machines A malicious server could bypass OpenSSH SSHFP DNS record checking. oval:org.secpod.oval:def:701636 curl: HTTP, HTTPS, and FTP client and client libraries Several security issues were fixed in curl. oval:org.secpod.oval:def:701637 python-imaging: Python Imaging Library Python Imaging Library could be made to overwrite or expose files. oval:org.secpod.oval:def:701582 firefox: Mozilla Open Source web browser Details: USN-2102-1 fixed vulnerabilities in Firefox. The update introduced a regression which could make Firefox crash under some circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2102-1 introduced a regr ... oval:org.secpod.oval:def:701629 Ubuntu 13.10 is installed oval:org.secpod.oval:def:701508 curl: HTTP, HTTPS, and FTP client and client libraries Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:701467 Ubuntu 13.10 is installed oval:org.secpod.oval:def:701500 keystone: OpenStack identity service Keystone would improperly remove roles when it was configured to use the LDAP backend. oval:org.secpod.oval:def:701622 libyaml: Fast YAML 1.1 parser and emitter library LibYAML could be made to crash or run programs if it opened a specially crafted YAML document. oval:org.secpod.oval:def:701586 freeradius: high-performance and highly configurable RADIUS server Several security issues were fixed in FreeRADIUS. oval:org.secpod.oval:def:701466 apport: automatically generate crash reports for debugging Apport could be made to expose privileged information. oval:org.secpod.oval:def:701626 clamav: Anti-virus utility for Unix ClamAV has been updated to a new version. oval:org.secpod.oval:def:701623 libyaml-libyaml-perl: Perl interface to libyaml, a YAML implementation libyaml-libyaml-perl could be made to crash or run programs if it opened a specially crafted YAML file. oval:org.secpod.oval:def:701619 ca-certificates: Common CA certificates ca-certificates was updated to the 20130906 package. oval:org.secpod.oval:def:701610 mutt: text-based mailreader supporting MIME, GPG, PGP and threading The mutt mail client could be made to crash or run programs as your login if it opened a specially crafted email. oval:org.secpod.oval:def:701612 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:701613 librsvg: renderer library for SVG files Librsvg could be made to expose sensitive information. oval:org.secpod.oval:def:702095 gnupg: GNU privacy guard - a free PGP replacement - gnupg2: GNU privacy guard - a free PGP replacement GnuPG could be made to hang if it processed a specially crafted message. oval:org.secpod.oval:def:701562 pidgin: graphical multi-protocol instant messaging client for X Several security issues were fixed in Pidgin. oval:org.secpod.oval:def:701563 libgadu: Gadu-Gadu protocol library libgadu could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701560 libyaml: Fast YAML 1.1 parser and emitter library LibYAML could be made to crash or run programs if it opened specially crafted yaml document. oval:org.secpod.oval:def:701608 cups-filters: OpenPrinting CUPS Filters cups-filters could be made to run programs as the lp user if it processed a specially crafted file. oval:org.secpod.oval:def:701609 libssh: A tiny C SSH library A security issue was fixed in libssh. oval:org.secpod.oval:def:701566 lxc: Linux Containers userspace tools LXC would allow unintended access to the host, bypassing intended confinement. oval:org.secpod.oval:def:701567 libyaml: Fast YAML 1.1 parser and emitter library Details: USN-2098-1 fixed a vulnerability in LibYAML. The security fix used introduced a regression that caused parsing failures for certain valid YAML files. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-20 ... oval:org.secpod.oval:def:701565 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701961 python-django: High-level Python web development framework Django applications could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701568 maas: Ubuntu MAAS Server The cluster could be made to run programs as an administrator. oval:org.secpod.oval:def:702120 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702085 cinder: OpenStack storage service OpenStack Cinder could be made to run programs as an administrator under certain conditions. oval:org.secpod.oval:def:701551 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received a specially crafted certificate. oval:org.secpod.oval:def:701552 munin: Network-wide graphing framework Several security issues were fixed in Munin. oval:org.secpod.oval:def:701670 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:702082 openssl: Secure Socket Layer cryptographic library and tools Details: USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem. Original advisory USN-2232-1 ... oval:org.secpod.oval:def:702081 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2. oval:org.secpod.oval:def:701957 swift: OpenStack distributed virtual object store OpenStack Swift would allow unintended access to files over the network. oval:org.secpod.oval:def:701555 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:701951 pidgin: graphical multi-protocol instant messaging client for X Pidgin could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701952 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701553 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:701559 curl: HTTP, HTTPS, and FTP client and client libraries libcurl could be made to expose sensitive information. oval:org.secpod.oval:def:701956 dpkg: Debian package management system A malicious source package could write files outside the unpack directory. oval:org.secpod.oval:def:702075 nova: OpenStack Compute cloud infrastructure Several security issues were fixed in OpenStack Nova. oval:org.secpod.oval:def:701540 puppet: Centralized configuration management Details: USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2077-1 introduced ... oval:org.secpod.oval:def:701541 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:702078 apt: Advanced front-end for dpkg An attacker could trick APT into installing altered source packages. oval:org.secpod.oval:def:702071 libav: Multimedia player, server, encoder and transcoder Libav could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:702070 chkrootkit: rootkit detector chkrootkit could be made to run programs as an administrator. oval:org.secpod.oval:def:701947 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:701544 memcached: A high-performance memory object caching system Several security issues were fixed in Memcached. oval:org.secpod.oval:def:701940 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:701545 graphviz: rich set of graph drawing tools Graphviz could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701941 dovecot: IMAP and POP3 email server Dovecot could be made to stop responding if it received specially crafted network traffic. oval:org.secpod.oval:def:702116 transmission: lightweight BitTorrent client Transmission could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:701542 cups: Common UNIX Printing System CUPS could be made to expose sensitive information. oval:org.secpod.oval:def:702115 miniupnpc: UPnP IGD client lightweight library client MiniUPnPc could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701548 devscripts: scripts to make the life of a Debian Package maintainer easier devscripts could be made to run programs if it opened a specially crafted file. oval:org.secpod.oval:def:701944 dpkg: Debian package management system Details: USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered that the fix introduced a vulnerability in releases with an older version of the patch utility. This update fixes the problem. Original advisory A malicious source package could w ... oval:org.secpod.oval:def:701945 jbigkit: JBIG1 data compression library JBIG-KIT could be made to crash or run programs if it processed a specially crafted image file. oval:org.secpod.oval:def:701667 neutron: Openstack Virtual Network Service OpenStack Neutron would allow unintended access to other tenant networks. oval:org.secpod.oval:def:701665 glance: OpenStack Image Registry and Delivery Service OpenStack Glance could be made to run programs as the glance user if it processed a specially crafted request. oval:org.secpod.oval:def:701958 qemu: Machine emulator and virtualizer - qemu-kvm: Machine emulator and virtualizer Several security issues were fixed in QEMU. oval:org.secpod.oval:def:701946 libvirt: Libvirt virtualization toolkit Several security issues were fixed in libvirt. oval:org.secpod.oval:def:701950 horizon: Web interface for OpenStack cloud infrastructure OpenStack Horizon did not properly process Heat templates. oval:org.secpod.oval:def:701627 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network, possibly including private keys. oval:org.secpod.oval:def:701606 udisks: service to access and manipulate storage devices - udisks2: service to access and manipulate storage devices UDisks could be made to manipulate directories as the administrator. oval:org.secpod.oval:def:701518 qt4-x11: Qt 4 libraries - qtbase-opensource-src: Qt 5 libraries Qt could be made to consume resources and hang if it processed XML data. oval:org.secpod.oval:def:701486 libvirt: Libvirt virtualization toolkit libvirt would allow unintended access privileges. oval:org.secpod.oval:def:702069 json-c: JSON manipulation library json-c could be made to crash or consume CPU if it processed a specially crafted JSON document. oval:org.secpod.oval:def:702061 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:701539 libxfont: X11 font rasterisation library libXfont could be made to crash or run programs as an administrator if it opened a specially crafted font file. oval:org.secpod.oval:def:701935 tiff: Tag Image File Format library LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701934 libxalan2-java: XSL Transformations processor in Java Xalan-Java could be made to load arbitrary classes or access external resources. oval:org.secpod.oval:def:701487 spice: SPICE protocol client and server library SPICE could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701520 gnupg: GNU privacy guard - a free PGP replacement GnuPG could expose sensitive information when performing decryption. oval:org.secpod.oval:def:701470 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701590 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:701638 mysql-5.5: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:701512 gimp: The GNU Image Manipulation Program GIMP could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:701634 php5: HTML-embedded scripting language interpreter PHP could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:701635 file: Tool to determine file types File could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:701514 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:701584 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:701588 file: Tool to determine file types File could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:701621 samba: SMB/CIFS file, print, and login server for Unix Samba did not properly enforce the password guessing protection mechanism. oval:org.secpod.oval:def:701469 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:701618 apache2: Apache HTTP server Apache HTTP server could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701616 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701611 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:701615 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:702089 samba: SMB/CIFS file, print, and login server for Unix Several security issues were fixed in Samba. oval:org.secpod.oval:def:701959 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701954 libxfont: X11 font rasterisation library Several security issues were fixed in libXfont. oval:org.secpod.oval:def:702113 file: Tool to determine file types File could be made to crash or hang if it processed specially crafted data. oval:org.secpod.oval:def:702112 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:702077 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701543 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701549 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:701547 mysql-5.5: MySQL database - mysql-dfsg-5.1: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:701943 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:701521 libjpeg-turbo: library for handling JPEG files - libjpeg6b: library for handling JPEG files libjpeg and libjpeg-turbo could be made to expose sensitive information. oval:org.secpod.oval:def:701515 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:701513 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:702103 dbus: simple interprocess messaging system Several security issues were fixed in DBus. oval:org.secpod.oval:def:701558 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:701490 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:701491 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:701498 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701641 net-snmp: SNMP server and applications Net-SNMP could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:701516 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:701620 openssh: secure shell for secure access to remote machines OpenSSH incorrectly handled environment restrictions with wildcards. oval:org.secpod.oval:def:702094 php5: HTML-embedded scripting language interpreter Details: USN-2254-1 fixed vulnerabilities in PHP. The fix for CVE-2014-0185 further restricted the permissions on the PHP FastCGI Process Manager UNIX socket. This update grants socket access to the www-data user and group so installations and docu ... oval:org.secpod.oval:def:702080 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:701591 gnutls26: GNU TLS library Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet. oval:org.secpod.oval:def:702044 gnutls26: GNU TLS library GnuTLS could be made to crash or run programs if it connected to a malicious server. oval:org.secpod.oval:def:701587 gnutls26: GNU TLS library GnuTLS incorrectly validated certain intermediate certificates. oval:org.secpod.oval:def:701583 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:701624 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:702092 nspr: NetScape Portable Runtime Library NSPR could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:701564 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:701550 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:701948 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:701510 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702068 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:701589 python2.7: An interactive high-level object-oriented language - python3.3: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language - python2.6: An interactive high-level object-oriented language Python could be made to crash or run programs ... oval:org.secpod.oval:def:701533 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701532 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701643 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701647 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701599 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701509 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701575 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701576 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701601 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702088 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702111 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:701664 linux: Linux kernel The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:701468 mysql-5.5: MySQL database - mysql-dfsg-5.1: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:701546 hplip: HP Linux Printing and Imaging System Several security issues were fixed in HPLIP. oval:org.secpod.oval:def:702056 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:702050 linux: Linux kernel Several security issues were fixed in the kernel. |