Details of VAR-200911-0398

ID

VAR-200911-0398

CVE

CVE-2009-3555

TITLE

SSL and TLS protocols renegotiation vulnerability

Trust: 0.8

sources: CERT/CC: VU#120541

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle WebLogic Server OpenSSL Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA44292 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44292/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44292/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44292/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Weblogic Server, which can be exploited by malicious people to manipulate certain data. For more information see vulnerability #1: SA37291 The vulnerability is reported in versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, and 11gR1 (10.3.2, 10.3.3, 10.3.4). SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A ST.1.1.100330 and earlier. Product Version: ST.1.1.100430 or later. The updates are available from the following location: http://www.procurve.com/customercare/support/software/network-security.htm PRODUCT SPECIFIC INFORMATION None HISTORY: Version: 1 (rev.1) 4 August 2010 Initial release. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuTLS: Multiple vulnerabilities Date: October 10, 2011 Bugs: #281224, #292025 ID: 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Background ========== GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/gnutls < 2.10.0 >= 2.10.0 Description =========== Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.10.0" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 6, 2010. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730 [ 2 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Customers should open a support case to request the following hotfixes. NNMi Version / Operating System Required Patch Hotfix 9.0x HP-UX Patch 5 Hotfix-NNMi-9.0xP5-HP-UX-JDK-20120710.zip 9.0x Linux Patch 5 Hotfix-NNMi-9.0xP5-Linux-JDK-20120523.zip 9.0x Solaris Patch 5 Hotfix-NNMi-9.0xP5-Solaris-JDK-20120523.zip 9.0x Windows Patch 5 Hotfix-NNMi-9.0xP5-Windows-JDK-20120523.zip Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled. MANUAL ACTIONS: Yes - Update Install the applicable patch and hotfix. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2]. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI. ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. AFFECTED ArubaOS VERSIONS 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS CHECK IF YOU ARE VULNERABLE The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply. Check if the following line appears in your configuration: web-server mgmt-auth username/password certificate If the exact line does not appear in the configuration, this issue does not apply. DETAILS An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS. ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs). Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) WORKAROUNDS Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk: - - - Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password - - - Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role. - - - Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet. SOLUTION Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any newer patch will also have the fix): - - - - 2.5.6.24 - - - - 3.3.2.23 - - - - 3.3.3.2 - - - - 3.4.0.7 - - - - 3.4.1.1 - - - - RN 3.1.4 Please contact Aruba support for obtaining patched FIPS releases. Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release. REFERENCES [1] http://extendedsubset.com/?p=8 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 +---------------------------------------------------- OBTAINING FIXED FIRMWARE Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 STATUS OF THIS NOTICE: Final Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUNCEMENT This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 / 02-08-2010 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2010 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Release Date: 2010-06-01 Last Updated: 2010-06-01 Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. References: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.31 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.23 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.11 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.06 and earlier, update to Java v6.0.07 or subsequent For Java v5.0.19 and earlier, update to Java v5.0.20 or subsequent For Java v1.4.2.24 and earlier, update to Java v1.4.2.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre14.JRE14-COM Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jdk14.JDK14-COM Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W action: install revision 1.4.2.25.00 or subsequent Jre15.JRE15-COM Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jdk15.JDK15-COM Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 action: install revision 1.5.0.20.00 or subsequent Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.07.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 1 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. =========================================================== Ubuntu Security Notice USN-1010-1 October 28, 2010 openjdk-6, openjdk-6b18 vulnerabilities CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~8.04.1 Ubuntu 9.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~9.10.1 Ubuntu 10.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu2 openjdk-6-jdk 6b18-1.8.2-4ubuntu2 openjdk-6-jre 6b18-1.8.2-4ubuntu2 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu2 Ubuntu 10.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1 openjdk-6-jre 6b18-1.8.2-4ubuntu1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1 After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. (CVE-2009-3555) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3541) It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. (CVE-2010-3548) It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. (CVE-2010-3551) It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. (CVE-2010-3553) It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. (CVE-2010-3557) It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) It was discovered that there exists a double free in java's indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. (CVE-2010-3562) It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. (CVE-2010-3564) It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3565) It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3566) It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. (CVE-2010-3567) It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. (CVE-2010-3568) It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3569) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3573) It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz Size/MD5: 135586 3ae71988a36862ce27867d523c7e0ec7 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc Size/MD5: 2466 0109ff8a5111bb4493a6e47d772092a6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 19755780 65b0eb04a5af50ea9f3482518bf582e6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 5661496 e1e071cf15c338a3dcd82a4aa4359f20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 26749920 71f229a65bfdf92d5212699094dc6ff9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 86460 66e287acc1a4ba54d75dc7d0b6212878 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 57825614 6343ea728cef27e27f9d68c83df40019 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 2361210 628df11e7f45298cb3b8b6bb50bbd170 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 10962050 0f1779b612e2caa1c8dacb204f28a7a8 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 25460526 85c96fcc8769e135d60e00f8e5690632 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 253918 aced66f96984c7188e3d0d0dea658254 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 80470 89535a3dbb0896b5f4d252aeae44a400 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 126182692 1671a3cc88704f77933c04dd818642ae http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 2341182 c0a947f9955762c8634b817d8dcb6cd0 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 10966052 6b94043956bd9131fdffcdbdbd765a7a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 27284156 d230929b6e39055bc08bc105a1a7b1cc http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 240692 05f1130918ab3688cee31f8883929f95 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 82496 b51720a574f40b01cebcc03c18af3079 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 126209760 f17e3f7e26d8bfbc2256fc972e840db1 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 2340616 e0eb51f44ad028ecf845f096e00504da http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 10963228 10a1a6785472f141ea8b9d158dff2789 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 27276810 a32eb244cdfe3c5637331863ce6830b4 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 240524 444fde4db3768af1725f6a4580e98e10 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 88880 73f90df7175dcf2e8e9d26eb87e7eb99 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 41166884 a4eaa0bd6627ae61a49beb5c0a664897 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 2399516 c629576b23baa32a5bf71e5536a0f2fd http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 8933216 dfd34a92a124cf1002f7ba2c431c9eb9 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 23835452 c1e4df9ec2dfeed5e6212b698a7463df http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 268410 1e0ccf90a8ae3ea7e0dbc0dfe8fdaf5f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz Size/MD5: 135674 1171639e5ed727c1a80362c97d25189a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc Size/MD5: 3043 e7ab8271e234b68f1b09096ebcba23c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 19755640 9d094756e91b2bcd3f68bd22c4253291 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 5788882 528906c13322b8dd43132944de7a31db http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 26751572 5d90c57d9d7c2a4a287ec0f90bd9a1f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 377596 ac1108d73532e67f7f7c41a95603b4ae http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 83644 3554e332def256dbaf16d4bfeeed3741 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 104653652 88cf032f0866ebe8498c8054f4796578 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 2383778 710352a303ecc96af071071ed8c8ceea http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 11157690 31b2888fb540d9fdd7841fa467d4ff70 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 25523836 b9ccdb5eef46a11cc824313508bb1ccc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 272506 7242a528594814b9ddc2c93e5814af20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 5421246 91e50b4539739c7cef99c6b81e0ca7c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 345384 a0d5fd362e00e8d3acfc8f34fc68c416 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 79224 a296415db11edafd48da8eec246dca03 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 168922366 c75e2e4e19a148b2d2c2af2d22a3c91c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 2348922 b68a532c61d133fe2a0dc83d28d646d5 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 10920294 1b2e094cac5360a085150c6c06c9880c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 27259892 941eaf3d4aed7cdbc0ddb963d1a7625e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 258086 869ea201bc123aec8eacc10cb84f8da6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 4927606 e00e6c5b66a77255dce2ee5bbca17fbc lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 346554 d5168b2338ffe0f583bcea81895d2c0e http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 81886 80f1c7a2a0065dc112c9117f478e594c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 169080714 1a818e649f10940483a68de3cef38053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 2346128 cc430ab6af852714db8e7c4206a0fc25 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 10919552 dfb5071724c66bee9a8298575207df05 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 27304524 576f5aa3552e42876672e8730cd34467 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 254244 5b4668359fe32254c9f76c1f9d8718cc http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 4918792 ebc9e7694d2a6f1ca7ee4eebde7b3401 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 366190 adf16d42bda00fa3202b81c12ed135f0 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 82942 eb4f84254cc1d065c05304ffc453da8d http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 87511500 e5c46b9b4a4b8ea4444a6490b4962252 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 2363812 c1e4245d923f42cb8c20dbac995ca677 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 8871546 9a498efde1247a19b437ca80cb4c5a04 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 23886082 a945c526247fcd4db66b69ecffdeb2c2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 277532 8d6ee031f6fe02667a9d6003c695b8e8 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 4746842 5dfde216d85312f3a5e22dcc67d42cae sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 79622 822b4116245df946903077d1c52ce499 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 125491074 cc8cd7a15a08f6fa696ed0612daa6188 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 2363090 acc768a146c60a42a4200765c2761400 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 10912448 4abd8741bdf1182ca5c8be2216a20ec6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 27107652 45ea3696b4bb7b4c0408b6e6478a5dba http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 258346 c94e52925aa5f93331a31c8ccd6cc51b Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz Size/MD5: 135754 65d8b4bdbc177e84604552cd846d77b1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc Size/MD5: 3070 31e61c20b2d9bf0fd2755567cb86a985 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 19756634 e87012a63ffdff1af949ca680d819024 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 5776188 73335755c917fd549774ac05fe9ae79e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 26751610 ad735399747e646b8d0ce4878cdc5b9a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 375984 e39dbd2cd5854d54345d4b7b06166234 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 84120 61feb48ac0cf21dd2eda11783d201268 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 104352622 13e7e5dc02352e6d2d0a34244cd245da http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2362282 577ce2392e3a302deb21b219ce9818b3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 10930834 f3fd2d4fd323d8ef5a4ecdbf04bf68ce http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 25548006 4a57b587fef16ed39dd3524afd17d6fc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 272606 b4f295db5117c2481dce1eab6720e959 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2097440 615063c47a103893cfbfe9fd66f3bc49 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 345580 a9f4b3af4b35d84b2431465f2e39c652 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 79584 a0554970f63cbd433e62bc9096ecb0f7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 168624244 1c584b5a99769f9081b66fc68d2f289d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 2349304 8fa85c3bdbc9c25238620f0925304671 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 10927402 4922fc1a90ab8b3376d67a999e323e21 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 27283760 64e7c7aadc850c297076276212e9f3d6 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 258124 9d94f92d6a1f83fc8a9fbdcc3bd7be0a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 1785538 e4904ec1f63446b9d8fa2f104d24c74d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 366016 e733ae6c51da3151ae78c30c7f666f09 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 83626 23fc3d4efaf4077632aa52dbb929f645 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 87247976 1c7e2f725e6096e101de5c1bd7e68e86 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 2363890 f7eedc13d9500e08bb699f5d88c5123a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 8875852 851a292b0dcfafb69c28c2e95bd6ae31 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 23890398 1c2d729f9f7077aaf0f2564f0aee2af8 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 277458 4860d4e029266c00fb5994bfe7664d4b http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 1916154 ec4e6ecb6c6ed793d177c34ae3e1129b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 77756 a5b0aeef4ef21dd8f670737541b1b05e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 125457728 862aa5dbf167e6d7a584f314f4c36c67 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 2363772 51b7f24736eb5d43f11eaff5c9945836 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 10949862 55f322ecdb2382249d1e669c4ab8f078 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 27039776 656aaefcf1530e54522bf60691a0c66e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 258778 ab27c03547114c8852b7b7677e0c1fd4 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz Size/MD5: 135370 83cdf469757721d89c4c3fa49e22252c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc Size/MD5: 3029 82a33984ae8d5bde63e5580a2c4aae6f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz Size/MD5: 61672998 05f27f8079d9e30a31fe5bcd84705fe9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz Size/MD5: 137851 b0e307a389b992cb6c2d1101460ba92a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc Size/MD5: 2985 9dbd071a98fa599f015a30f42d9a2a40 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz Size/MD5: 71591248 1011a983534e54cc059ab50b04d92c57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 19978052 fbb27721b0eb8cfa8d5de5e05841d162 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 6155146 07a2e90014f8bc21398b201f1be4d742 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 26835562 5ea7d1b170a1e3a2f2565a8c2db42605 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 432850 160667a93e2c00e7dc3d0f19cb7d80b2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 83386 0f926eced3d09115f7d141014ca3c31a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 112945964 b753bac7f8b7a35a33e9e38b1e4e0ab3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2379922 2b4933ddc1c32b82406af60219e97c18 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 10965436 5545beef5ed4e4e40f0aa16b1a42da5e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 25507696 0beb96691488a673e1b1352fe902c89a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 266958 bb13ed961544089e795be06dc800da85 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2215626 a3293e8d50133f466e7726bdc7273680 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 415868 279469932039d052718b746beefbb096 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 78702 1499544487aaa98e856b647703a7ab83 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 179616966 7623e3fbcfd64c57fb8d2d7e255d8aad http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 2348354 2b98cd98e095e50c5492a722c9c7ba99 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 10741114 88b21b6a59d2667dfbf3f58a44ff69c1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 27291046 acd1e396d25d29ba9a59d00ea7c91d23 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 251300 d33344bb93a34cae1673cb7c533566cd http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 1883488 4f2fd0a08726ef3c3b87d8eb75aa5cdd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 444244 10553b4cc81b3118e9c6aa34acebbf76 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 82772 b4574152841ad573019f87b45e8557f2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 97547350 6bf9459dfd625086b5f9db990208e4b6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2363306 b9ff356350058183d075ece3b78f1053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 8669820 855a1ea5a794a400fb68dd3ee7310b99 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 23872646 cbe5c87012d3a4406796a5b016a5f095 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 270434 61d401aaf4839b696f21a8ba2b635f57 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2020674 8d90fdae3a05f7854ff03c11fc5aab5f . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). This update provides a solution to this vulnerability. This could force the server to process an attacker's request as if authenticated using the victim's credentials. The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 48dfde02cfa9c869bb97ec71252b8af7 mes5/i586/gnutls-2.4.1-2.8mdvmes5.2.i586.rpm 9f534885a90c121ddb4f911d85462a42 mes5/i586/libgnutls26-2.4.1-2.8mdvmes5.2.i586.rpm 746200c5109707c76a71060672bedfa7 mes5/i586/libgnutls-devel-2.4.1-2.8mdvmes5.2.i586.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: dce865b93f4a52aeae1686aed09136f3 mes5/x86_64/gnutls-2.4.1-2.8mdvmes5.2.x86_64.rpm 345540258af6fde7320c7b518c179509 mes5/x86_64/lib64gnutls26-2.4.1-2.8mdvmes5.2.x86_64.rpm b7c9a97fd0f01c52728fbdbc96b3ba55 mes5/x86_64/lib64gnutls-devel-2.4.1-2.8mdvmes5.2.x86_64.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFROKS5mqjQ0CJFipgRAs45AKCEbVaRAwJpq/8XnLknkrr0u6t9bwCfRVAB /MdKwjI1wkjSmVwvRPHTwEM= =MbuE -----END PGP SIGNATURE----- . (CVE-2009-3555) It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094) It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845) It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. It was discovered that applets did not correctly handle certain trust chains. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:076-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : April 19, 2010 Affected: 2009.0 _______________________________________________________________________ Problem Description: This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors (CVE-2009-3245) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) (CVE-2010-0433) - Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks (CVE-2009-3555). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-4546 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 4.3 CVE-2009-3793 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-1297 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2160 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2161 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2162 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2163 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2164 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2165 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2166 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2167 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2169 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2170 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2171 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2172 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-2173 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2174 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2175 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2176 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2177 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2178 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2179 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-2180 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2181 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2182 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2183 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2184 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2185 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2186 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2187 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2188 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2189 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0090 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0850 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION Hp has provided HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows v6.1 or subsequent to resolve these vulnerabilities. The HP SIM v6.1 can be downloaded from http://www.hp.com/go/hpsim MANUAL ACTIONS: Yes - Update Update to HP SIM v6.1 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. Details follow: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10

Trust: 3.06

sources: NVD: CVE-2009-3555 // CERT/CC: VU#120541 // PACKETSTORM: 100765 // PACKETSTORM: 92497 // PACKETSTORM: 105653 // PACKETSTORM: 114810 // PACKETSTORM: 86075 // PACKETSTORM: 90262 // PACKETSTORM: 95279 // VULHUB: VHN-41001 // PACKETSTORM: 82652 // PACKETSTORM: 84181 // PACKETSTORM: 137201 // PACKETSTORM: 120714 // PACKETSTORM: 88173 // PACKETSTORM: 88698 // PACKETSTORM: 91749 // PACKETSTORM: 92095

AFFECTED PRODUCTS

vendor:	openssl	model:	openssl	scope:	lte	version:	0.9.8k	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	8.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	13	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lte	version:	0.8.22	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	4.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	10.04	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.2.14	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.10	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	10.10	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	9.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	openssl	model:	openssl	scope:	eq	version:	1.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	11	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	14	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	12	Trust: 1.0
vendor:	mozilla	model:	nss	scope:	lte	version:	3.12.4	Trust: 1.0
vendor:	gnu	model:	gnutls	scope:	lte	version:	2.8.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	6.0	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.1.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	barracuda	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	debian gnu linux	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gnutls	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ibm	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mcafee	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6f	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6g	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	7.0	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6i	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6c	Trust: 0.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.32	Trust: 0.6
vendor:	openssl	model:	openssl	scope:	eq	version:	0.9.6h	Trust: 0.6

sources: CERT/CC: VU#120541 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-3555
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2009-3555
value:	0
Trust: 0.8
CNNVD:	CNNVD-200911-069
value:	HIGH
Trust: 0.6
VULHUB:	VHN-41001
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2009-3555
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-41001
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	CWE-310	Trust: 0.1

sources: VULHUB: VHN-41001 // NVD: CVE-2009-3555

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 90262 // PACKETSTORM: 120714 // PACKETSTORM: 88698 // CNNVD: CNNVD-200911-069

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41001

PATCH

title:	Security Update for Windows XP (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39675	Trust: 0.6
title:	Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39679	Trust: 0.6
title:	Security Update for Windows Server 2008 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39683	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39687	Trust: 0.6
title:	Security Update for Windows Server 2003 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39615	Trust: 0.6
title:	Security Update for Windows Vista for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39619	Trust: 0.6
title:	Security Update for Windows 7 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39623	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39626	Trust: 0.6
title:	Security Update for Windows Server 2003 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39678	Trust: 0.6
title:	Security Update for Windows Server 2008 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39682	Trust: 0.6
title:	Security Update for Windows 7 for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39686	Trust: 0.6
title:	Security Update for Windows XP x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39614	Trust: 0.6
title:	Security Update for Windows Vista (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39618	Trust: 0.6
title:	Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39622	Trust: 0.6
title:	Security Update for Windows Server 2003 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39677	Trust: 0.6
title:	Security Update for Windows Vista for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39681	Trust: 0.6
title:	Security Update for Windows 7 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39685	Trust: 0.6
title:	Security Update for Windows XP (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39613	Trust: 0.6
title:	Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39617	Trust: 0.6
title:	Security Update for Windows Server 2008 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39621	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39625	Trust: 0.6
title:	Security Update for Windows XP x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39676	Trust: 0.6
title:	Security Update for Windows Vista (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39680	Trust: 0.6
title:	Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39684	Trust: 0.6
title:	Security Update for Windows Server 2008 R2 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39688	Trust: 0.6
title:	Security Update for Windows Server 2003 x64 Edition (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39616	Trust: 0.6
title:	Security Update for Windows Server 2008 (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39620	Trust: 0.6
title:	Security Update for Windows 7 for x64-based Systems (KB980436)	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=39624	Trust: 0.6
title:	Thunderbird Setup 3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4468	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4472	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4471	Trust: 0.6
title:	thunderbird-3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4470	Trust: 0.6
title:	Thunderbird 3.1	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4469	Trust: 0.6
title:	FirefoxChinaEdition 2010.7	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=4473	Trust: 0.6

sources: CNNVD: CNNVD-200911-069

EXTERNAL IDS

db:	NVD	id:	CVE-2009-3555	Trust: 3.9
db:	CERT/CC	id:	VU#120541	Trust: 2.5
db:	SECUNIA	id:	38781	Trust: 1.7
db:	SECUNIA	id:	42377	Trust: 1.7
db:	SECUNIA	id:	37501	Trust: 1.7
db:	SECUNIA	id:	39632	Trust: 1.7
db:	SECUNIA	id:	37604	Trust: 1.7
db:	SECUNIA	id:	41972	Trust: 1.7
db:	SECUNIA	id:	43308	Trust: 1.7
db:	SECUNIA	id:	38241	Trust: 1.7
db:	SECUNIA	id:	37859	Trust: 1.7
db:	SECUNIA	id:	40070	Trust: 1.7
db:	SECUNIA	id:	41818	Trust: 1.7
db:	SECUNIA	id:	39292	Trust: 1.7
db:	SECUNIA	id:	42816	Trust: 1.7
db:	SECUNIA	id:	42379	Trust: 1.7
db:	SECUNIA	id:	39317	Trust: 1.7
db:	SECUNIA	id:	38020	Trust: 1.7
db:	SECUNIA	id:	42467	Trust: 1.7
db:	SECUNIA	id:	37320	Trust: 1.7
db:	SECUNIA	id:	37640	Trust: 1.7
db:	SECUNIA	id:	37656	Trust: 1.7
db:	SECUNIA	id:	37383	Trust: 1.7
db:	SECUNIA	id:	42724	Trust: 1.7
db:	SECUNIA	id:	38003	Trust: 1.7
db:	SECUNIA	id:	44183	Trust: 1.7
db:	SECUNIA	id:	42733	Trust: 1.7
db:	SECUNIA	id:	38484	Trust: 1.7
db:	SECUNIA	id:	40545	Trust: 1.7
db:	SECUNIA	id:	40866	Trust: 1.7
db:	SECUNIA	id:	39242	Trust: 1.7
db:	SECUNIA	id:	38056	Trust: 1.7
db:	SECUNIA	id:	39278	Trust: 1.7
db:	SECUNIA	id:	39243	Trust: 1.7
db:	SECUNIA	id:	42808	Trust: 1.7
db:	SECUNIA	id:	37675	Trust: 1.7
db:	SECUNIA	id:	39127	Trust: 1.7
db:	SECUNIA	id:	39461	Trust: 1.7
db:	SECUNIA	id:	39819	Trust: 1.7
db:	SECUNIA	id:	37453	Trust: 1.7
db:	SECUNIA	id:	40747	Trust: 1.7
db:	SECUNIA	id:	41490	Trust: 1.7
db:	SECUNIA	id:	39628	Trust: 1.7
db:	SECUNIA	id:	44954	Trust: 1.7
db:	SECUNIA	id:	39500	Trust: 1.7
db:	SECUNIA	id:	48577	Trust: 1.7
db:	SECUNIA	id:	42811	Trust: 1.7
db:	SECUNIA	id:	37291	Trust: 1.7
db:	SECUNIA	id:	41480	Trust: 1.7
db:	SECUNIA	id:	37292	Trust: 1.7
db:	SECUNIA	id:	37399	Trust: 1.7
db:	SECUNIA	id:	39713	Trust: 1.7
db:	SECUNIA	id:	38687	Trust: 1.7
db:	SECUNIA	id:	37504	Trust: 1.7
db:	SECUNIA	id:	39136	Trust: 1.7
db:	SECUNIA	id:	41967	Trust: 1.7
db:	SECTRACK	id:	1023217	Trust: 1.7
db:	SECTRACK	id:	1023273	Trust: 1.7
db:	SECTRACK	id:	1023274	Trust: 1.7
db:	SECTRACK	id:	1023206	Trust: 1.7
db:	SECTRACK	id:	1023272	Trust: 1.7
db:	SECTRACK	id:	1023427	Trust: 1.7
db:	SECTRACK	id:	1023218	Trust: 1.7
db:	SECTRACK	id:	1023163	Trust: 1.7
db:	SECTRACK	id:	1023214	Trust: 1.7
db:	SECTRACK	id:	1023211	Trust: 1.7
db:	SECTRACK	id:	1023219	Trust: 1.7
db:	SECTRACK	id:	1023216	Trust: 1.7
db:	SECTRACK	id:	1024789	Trust: 1.7
db:	SECTRACK	id:	1023148	Trust: 1.7
db:	SECTRACK	id:	1023213	Trust: 1.7
db:	SECTRACK	id:	1023271	Trust: 1.7
db:	SECTRACK	id:	1023243	Trust: 1.7
db:	SECTRACK	id:	1023209	Trust: 1.7
db:	SECTRACK	id:	1023215	Trust: 1.7
db:	SECTRACK	id:	1023208	Trust: 1.7
db:	SECTRACK	id:	1023411	Trust: 1.7
db:	SECTRACK	id:	1023204	Trust: 1.7
db:	SECTRACK	id:	1023224	Trust: 1.7
db:	SECTRACK	id:	1023210	Trust: 1.7
db:	SECTRACK	id:	1023207	Trust: 1.7
db:	SECTRACK	id:	1023426	Trust: 1.7
db:	SECTRACK	id:	1023428	Trust: 1.7
db:	SECTRACK	id:	1023205	Trust: 1.7
db:	SECTRACK	id:	1023275	Trust: 1.7
db:	SECTRACK	id:	1023270	Trust: 1.7
db:	SECTRACK	id:	1023212	Trust: 1.7
db:	VUPEN	id:	ADV-2010-2745	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3353	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3069	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0086	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3354	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3484	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1793	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3310	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0982	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0033	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3220	Trust: 1.7
db:	VUPEN	id:	ADV-2010-2010	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1639	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1107	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3126	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0916	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3164	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0032	Trust: 1.7
db:	VUPEN	id:	ADV-2011-0086	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3313	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0748	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1350	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3521	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0994	Trust: 1.7
db:	VUPEN	id:	ADV-2010-3086	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1191	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0173	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3587	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0933	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3205	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1054	Trust: 1.7
db:	VUPEN	id:	ADV-2010-0848	Trust: 1.7
db:	VUPEN	id:	ADV-2010-1673	Trust: 1.7
db:	VUPEN	id:	ADV-2009-3165	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/05/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/07/3	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/23/10	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/05/5	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/20/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2009/11/06/3	Trust: 1.7
db:	OSVDB	id:	65202	Trust: 1.7
db:	OSVDB	id:	62210	Trust: 1.7
db:	OSVDB	id:	60521	Trust: 1.7
db:	OSVDB	id:	60972	Trust: 1.7
db:	HITACHI	id:	HS10-030	Trust: 1.7
db:	USCERT	id:	TA10-222A	Trust: 1.7
db:	USCERT	id:	TA10-287A	Trust: 1.7
db:	BID	id:	36935	Trust: 1.7
db:	CNNVD	id:	CNNVD-200911-069	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.2853	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2561	Trust: 0.6
db:	JUNIPER	id:	JSA10939	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-160-01	Trust: 0.6
db:	PACKETSTORM	id:	90262	Trust: 0.2
db:	PACKETSTORM	id:	88173	Trust: 0.2
db:	PACKETSTORM	id:	92095	Trust: 0.2
db:	PACKETSTORM	id:	120714	Trust: 0.2
db:	PACKETSTORM	id:	82652	Trust: 0.2
db:	PACKETSTORM	id:	95279	Trust: 0.2
db:	PACKETSTORM	id:	137201	Trust: 0.2
db:	PACKETSTORM	id:	92497	Trust: 0.2
db:	PACKETSTORM	id:	88698	Trust: 0.2
db:	PACKETSTORM	id:	86075	Trust: 0.2
db:	PACKETSTORM	id:	114810	Trust: 0.2
db:	PACKETSTORM	id:	84181	Trust: 0.2
db:	EXPLOIT-DB	id:	10071	Trust: 0.1
db:	EXPLOIT-DB	id:	10579	Trust: 0.1
db:	PACKETSTORM	id:	82657	Trust: 0.1
db:	PACKETSTORM	id:	82770	Trust: 0.1
db:	PACKETSTORM	id:	130868	Trust: 0.1
db:	PACKETSTORM	id:	83271	Trust: 0.1
db:	PACKETSTORM	id:	91309	Trust: 0.1
db:	PACKETSTORM	id:	120365	Trust: 0.1
db:	PACKETSTORM	id:	106155	Trust: 0.1
db:	PACKETSTORM	id:	83415	Trust: 0.1
db:	PACKETSTORM	id:	111273	Trust: 0.1
db:	PACKETSTORM	id:	83414	Trust: 0.1
db:	PACKETSTORM	id:	88167	Trust: 0.1
db:	PACKETSTORM	id:	124088	Trust: 0.1
db:	PACKETSTORM	id:	94087	Trust: 0.1
db:	PACKETSTORM	id:	97489	Trust: 0.1
db:	PACKETSTORM	id:	131826	Trust: 0.1
db:	PACKETSTORM	id:	102374	Trust: 0.1
db:	PACKETSTORM	id:	106156	Trust: 0.1
db:	PACKETSTORM	id:	89136	Trust: 0.1
db:	PACKETSTORM	id:	88621	Trust: 0.1
db:	PACKETSTORM	id:	94088	Trust: 0.1
db:	PACKETSTORM	id:	89667	Trust: 0.1
db:	PACKETSTORM	id:	84112	Trust: 0.1
db:	PACKETSTORM	id:	90286	Trust: 0.1
db:	PACKETSTORM	id:	127267	Trust: 0.1
db:	PACKETSTORM	id:	84183	Trust: 0.1
db:	PACKETSTORM	id:	88224	Trust: 0.1
db:	PACKETSTORM	id:	123380	Trust: 0.1
db:	SEEBUG	id:	SSVID-67231	Trust: 0.1
db:	VULHUB	id:	VHN-41001	Trust: 0.1
db:	SECUNIA	id:	44292	Trust: 0.1
db:	PACKETSTORM	id:	100765	Trust: 0.1
db:	PACKETSTORM	id:	105653	Trust: 0.1
db:	PACKETSTORM	id:	91749	Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // PACKETSTORM: 100765 // PACKETSTORM: 92497 // PACKETSTORM: 105653 // PACKETSTORM: 114810 // PACKETSTORM: 86075 // PACKETSTORM: 90262 // PACKETSTORM: 95279 // PACKETSTORM: 92095 // PACKETSTORM: 82652 // PACKETSTORM: 84181 // PACKETSTORM: 137201 // PACKETSTORM: 120714 // PACKETSTORM: 88173 // PACKETSTORM: 88698 // PACKETSTORM: 91749 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

REFERENCES

url:	http://extendedsubset.com/?p=8	Trust: 2.6
url:	http://www.links.org/?p=780	Trust: 2.5
url:	http://www.links.org/?p=786	Trust: 2.5
url:	http://www.links.org/?p=789	Trust: 2.5
url:	http://blogs.iss.net/archive/sslmitmiscsrf.html	Trust: 2.5
url:	http://www.ietf.org/mail-archive/web/tls/current/msg03948.html	Trust: 2.5
url:	https://bugzilla.redhat.com/show_bug.cgi?id=533125	Trust: 2.5
url:	https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt	Trust: 2.5
url:	http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/36935	Trust: 2.3
url:	http://www.debian.org/security/2009/dsa-1934	Trust: 2.3
url:	http://www.debian.org/security/2011/dsa-2141	Trust: 2.3
url:	http://www.debian.org/security/2015/dsa-3253	Trust: 2.3
url:	http://support.citrix.com/article/ctx123359	Trust: 2.3
url:	http://www.vmware.com/security/advisories/vmsa-2010-0019.html	Trust: 2.3
url:	http://www.vmware.com/security/advisories/vmsa-2011-0003.html	Trust: 2.3
url:	http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	Trust: 2.3
url:	http://www.arubanetworks.com/support/alerts/aid-020810.txt	Trust: 1.8
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1	Trust: 1.7
url:	http://securitytracker.com/id?1023148	Trust: 1.7
url:	http://www.securitytracker.com/id?1023163	Trust: 1.7
url:	http://www.securitytracker.com/id?1023204	Trust: 1.7
url:	http://www.securitytracker.com/id?1023205	Trust: 1.7
url:	http://www.securitytracker.com/id?1023206	Trust: 1.7
url:	http://www.securitytracker.com/id?1023207	Trust: 1.7
url:	http://www.securitytracker.com/id?1023208	Trust: 1.7
url:	http://www.securitytracker.com/id?1023209	Trust: 1.7
url:	http://www.securitytracker.com/id?1023210	Trust: 1.7
url:	http://www.securitytracker.com/id?1023211	Trust: 1.7
url:	http://www.securitytracker.com/id?1023212	Trust: 1.7
url:	http://www.securitytracker.com/id?1023213	Trust: 1.7
url:	http://www.securitytracker.com/id?1023214	Trust: 1.7
url:	http://www.securitytracker.com/id?1023215	Trust: 1.7
url:	http://www.securitytracker.com/id?1023216	Trust: 1.7
url:	http://www.securitytracker.com/id?1023217	Trust: 1.7
url:	http://www.securitytracker.com/id?1023218	Trust: 1.7
url:	http://www.securitytracker.com/id?1023219	Trust: 1.7
url:	http://www.securitytracker.com/id?1023224	Trust: 1.7
url:	http://www.securitytracker.com/id?1023243	Trust: 1.7
url:	http://www.securitytracker.com/id?1023270	Trust: 1.7
url:	http://www.securitytracker.com/id?1023271	Trust: 1.7
url:	http://www.securitytracker.com/id?1023272	Trust: 1.7
url:	http://www.securitytracker.com/id?1023273	Trust: 1.7
url:	http://www.securitytracker.com/id?1023274	Trust: 1.7
url:	http://www.securitytracker.com/id?1023275	Trust: 1.7
url:	http://www.securitytracker.com/id?1023411	Trust: 1.7
url:	http://www.securitytracker.com/id?1023426	Trust: 1.7
url:	http://www.securitytracker.com/id?1023427	Trust: 1.7
url:	http://www.securitytracker.com/id?1023428	Trust: 1.7
url:	http://www.securitytracker.com/id?1024789	Trust: 1.7
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2009/nov/139	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/507952/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/508075/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/508130/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/515055/100/0/threaded	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/516397/100/0/threaded	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1	Trust: 1.7
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1	Trust: 1.7
url:	http://secunia.com/advisories/37291	Trust: 1.7
url:	http://secunia.com/advisories/37292	Trust: 1.7
url:	http://secunia.com/advisories/37320	Trust: 1.7
url:	http://secunia.com/advisories/37383	Trust: 1.7
url:	http://secunia.com/advisories/37399	Trust: 1.7
url:	http://secunia.com/advisories/37453	Trust: 1.7
url:	http://secunia.com/advisories/37501	Trust: 1.7
url:	http://secunia.com/advisories/37504	Trust: 1.7
url:	http://secunia.com/advisories/37604	Trust: 1.7
url:	http://secunia.com/advisories/37640	Trust: 1.7
url:	http://secunia.com/advisories/37656	Trust: 1.7
url:	http://secunia.com/advisories/37675	Trust: 1.7
url:	http://secunia.com/advisories/37859	Trust: 1.7
url:	http://secunia.com/advisories/38003	Trust: 1.7
url:	http://secunia.com/advisories/38020	Trust: 1.7
url:	http://secunia.com/advisories/38056	Trust: 1.7
url:	http://secunia.com/advisories/38241	Trust: 1.7
url:	http://secunia.com/advisories/38484	Trust: 1.7
url:	http://secunia.com/advisories/38687	Trust: 1.7
url:	http://secunia.com/advisories/38781	Trust: 1.7
url:	http://secunia.com/advisories/39127	Trust: 1.7
url:	http://secunia.com/advisories/39136	Trust: 1.7
url:	http://secunia.com/advisories/39242	Trust: 1.7
url:	http://secunia.com/advisories/39243	Trust: 1.7
url:	http://secunia.com/advisories/39278	Trust: 1.7
url:	http://secunia.com/advisories/39292	Trust: 1.7
url:	http://secunia.com/advisories/39317	Trust: 1.7
url:	http://secunia.com/advisories/39461	Trust: 1.7
url:	http://secunia.com/advisories/39500	Trust: 1.7
url:	http://secunia.com/advisories/39628	Trust: 1.7
url:	http://secunia.com/advisories/39632	Trust: 1.7
url:	http://secunia.com/advisories/39713	Trust: 1.7
url:	http://secunia.com/advisories/39819	Trust: 1.7
url:	http://secunia.com/advisories/40070	Trust: 1.7
url:	http://secunia.com/advisories/40545	Trust: 1.7
url:	http://secunia.com/advisories/40747	Trust: 1.7
url:	http://secunia.com/advisories/40866	Trust: 1.7
url:	http://secunia.com/advisories/41480	Trust: 1.7
url:	http://secunia.com/advisories/41490	Trust: 1.7
url:	http://secunia.com/advisories/41818	Trust: 1.7
url:	http://secunia.com/advisories/41967	Trust: 1.7
url:	http://secunia.com/advisories/41972	Trust: 1.7
url:	http://secunia.com/advisories/42377	Trust: 1.7
url:	http://secunia.com/advisories/42379	Trust: 1.7
url:	http://secunia.com/advisories/42467	Trust: 1.7
url:	http://secunia.com/advisories/42724	Trust: 1.7
url:	http://secunia.com/advisories/42733	Trust: 1.7
url:	http://secunia.com/advisories/42808	Trust: 1.7
url:	http://secunia.com/advisories/42811	Trust: 1.7
url:	http://secunia.com/advisories/42816	Trust: 1.7
url:	http://secunia.com/advisories/43308	Trust: 1.7
url:	http://secunia.com/advisories/44183	Trust: 1.7
url:	http://secunia.com/advisories/44954	Trust: 1.7
url:	http://secunia.com/advisories/48577	Trust: 1.7
url:	http://osvdb.org/60521	Trust: 1.7
url:	http://osvdb.org/60972	Trust: 1.7
url:	http://osvdb.org/62210	Trust: 1.7
url:	http://osvdb.org/65202	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3164	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3165	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3205	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3220	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3310	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3313	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3353	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3354	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3484	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3521	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2009/3587	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0086	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0173	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0748	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0848	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0916	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0933	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0982	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/0994	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1054	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1107	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1191	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1350	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1639	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1673	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1793	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2010	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/2745	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3069	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3086	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/3126	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0032	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0033	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2011/0086	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010//may/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2010//may/msg00002.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html	Trust: 1.7
url:	https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-200912-01.xml	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-201203-22.xml	Trust: 1.7
url:	http://security.gentoo.org/glsa/glsa-201406-32.xml	Trust: 1.7
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041	Trust: 1.7
url:	http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751	Trust: 1.7
url:	http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/522176	Trust: 1.7
url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:076	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:084	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdvsa-2010:089	Trust: 1.7
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0119.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0130.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0155.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0165.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0167.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0337.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0338.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0339.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0768.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0770.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0786.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0807.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0865.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0986.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2010-0987.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2011-0880.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta10-222a.html	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta10-287a.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-1010-1	Trust: 1.7
url:	http://ubuntu.com/usn/usn-923-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-1	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-4	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-927-5	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/120541	Trust: 1.7
url:	http://openbsd.org/errata45.html#010_openssl	Trust: 1.7
url:	http://openbsd.org/errata46.html#004_openssl	Trust: 1.7
url:	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/05/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/05/5	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/06/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/07/3	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/20/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2009/11/23/10	Trust: 1.7
url:	http://www.ietf.org/mail-archive/web/tls/current/msg03928.html	Trust: 1.7
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e	Trust: 1.7
url:	http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html	Trust: 1.7
url:	http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during	Trust: 1.7
url:	http://clicky.me/tlsvuln	Trust: 1.7
url:	http://extendedsubset.com/renegotiating_tls.pdf	Trust: 1.7
url:	http://kbase.redhat.com/faq/docs/doc-20491	Trust: 1.7
url:	http://support.apple.com/kb/ht4004	Trust: 1.7
url:	http://support.apple.com/kb/ht4170	Trust: 1.7
url:	http://support.apple.com/kb/ht4171	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100070150	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100081611	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100114315	Trust: 1.7
url:	http://support.avaya.com/css/p8/documents/100114327	Trust: 1.7
url:	http://support.zeus.com/zws/media/docs/4.3/release_notes	Trust: 1.7
url:	http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released	Trust: 1.7
url:	http://sysoev.ru/nginx/patch.cve-2009-3555.txt	Trust: 1.7
url:	http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html	Trust: 1.7
url:	http://wiki.rpath.com/advisories:rpsa-2009-0155	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21426108	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg21432298	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24006386	Trust: 1.7
url:	http://www-01.ibm.com/support/docview.wss?uid=swg24025312	Trust: 1.7
url:	http://www.betanews.com/article/1257452450	Trust: 1.7
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html	Trust: 1.7
url:	http://www.ingate.com/relnote.php?ver=481	Trust: 1.7
url:	http://www.mozilla.org/security/announce/2010/mfsa2010-22.html	Trust: 1.7
url:	http://www.openoffice.org/security/cves/cve-2009-3555.html	Trust: 1.7
url:	http://www.openssl.org/news/secadv_20091111.txt	Trust: 1.7
url:	http://www.opera.com/docs/changelogs/unix/1060/	Trust: 1.7
url:	http://www.opera.com/support/search/view/944/	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html	Trust: 1.7
url:	http://www.proftpd.org/docs/release_notes-1.3.2c	Trust: 1.7
url:	http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html	Trust: 1.7
url:	http://www.tombom.co.uk/blog/?p=85	Trust: 1.7
url:	http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=526689	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=545755	Trust: 1.7
url:	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888	Trust: 1.7
url:	https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/54158	Trust: 1.7
url:	http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=130497311408250&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127557596201693&w=2	Trust: 1.6
url:	http://marc.info/?l=cryptography&m=125752275331877&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 1.6
url:	https://kb.bluecoat.com/index?page=content&id=sa50	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127419602507642&w=2	Trust: 1.6
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=132077688910227&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=127128920008563&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=126150535619567&w=2	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3555	Trust: 1.4
url:	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	Trust: 1.1
url:	http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html	Trust: 0.8
url:	http://cvs.openssl.org/chngview?cn=18790	Trust: 0.8
url:	http://www.links.org/files/no-renegotiation-2.patch	Trust: 0.8
url:	http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html	Trust: 0.8
url:	https://access.redhat.com/errata/rhsa-2009:1694	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2009:1580	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0119	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2011:0880	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2009:1579	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0440	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0338	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0339	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0337	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0155	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2009-3555	Trust: 0.6
url:	https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0807	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0011	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0130	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0987	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0865	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0986	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1591	Trust: 0.6
url:	https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0166	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0165	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0167	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0162	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0164	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0163	Trust: 0.6
url:	https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e	Trust: 0.6
url:	httpd-announce&m=125755783724966&w=2	Trust: 0.6
url:	http://marc.info/?l=apache-	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0786	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0408	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0768	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2010:0770	Trust: 0.6
url:	http://kb.juniper.net/infocenter/index?page=content&id=jsa10939	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2561/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2853	Trust: 0.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0838	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0088	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0085	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0084	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0091	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0837	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0092	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0095	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0093	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0082	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0094	Trust: 0.4
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.3
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.3
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0087	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0839	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0089	Trust: 0.3
url:	https://www.hp.com/go/swa	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0840	Trust: 0.3
url:	http://www.mandriva.com/security/	Trust: 0.3
url:	http://www.mandriva.com/security/advisories	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0090	Trust: 0.2
url:	http://marc.info/?l=bugtraq&m=132077688910227&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=142660345230545&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127419602507642&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=134254866602253&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=130497311408250&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=133469267822771&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=126150535619567&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127128920008563&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=127557596201693&w=2	Trust: 0.1
url:	http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only	Trust: 0.1
url:	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446	Trust: 0.1
url:	http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2	Trust: 0.1
url:	http://marc.info/?l=cryptography&m=125752275331877&w=2	Trust: 0.1
url:	https://kb.bluecoat.com/index?page=content&id=sa50	Trust: 0.1
url:	http://secunia.com/advisories/44292/	Trust: 0.1
url:	http://secunia.com/research/	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=44292	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/company/jobs/open_positions/reverse_engineer	Trust: 0.1
url:	http://secunia.com/advisories/44292/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://www.procurve.com/customercare/support/software/network-security.htm	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-2730	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-201110-05.xml	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2730	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3876	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3873	Trust: 0.1
url:	http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/	Trust: 0.1
url:	http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3865	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3867	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3868	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3872	Trust: 0.1
url:	https://h20566.www2.hp.com/portal/site/hpsc/public/kb/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3871	Trust: 0.1
url:	http://www.arubanetworks.com/support.	Trust: 0.1
url:	http://enigmail.mozdev.org/	Trust: 0.1
url:	http://www.arubanetworks.com/support/wsirt.php	Trust: 0.1
url:	http://www.securityfocus.com/archive/1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0842	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0841	Trust: 0.1
url:	http://www.hp.com/go/java	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3562	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3567	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3568	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3541	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3566	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3564	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3554	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3569	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3573	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3548	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3549	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3565	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3574	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3553	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3561	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3551	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-3557	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz	Trust: 0.1
url:	http://www.canonical.com	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz	Trust: 0.1
url:	http://bugs.proftpd.org/show_bug.cgi?id=3324	Trust: 0.1
url:	http://www.hpe.com/support/security_bulletin_archive	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1790	Trust: 0.1
url:	http://www.hpe.com/info/insightmanagement	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2019	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0705	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1788	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1792	Trust: 0.1
url:	http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085	Trust: 0.1
url:	http://www.hpe.com/support/subscriber_choice	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0799	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3567	Trust: 0.1
url:	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2020	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2018	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3513	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1791	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2017	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7501	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2027	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6565	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-0205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3568	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3194	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2026	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3569	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3509	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2021	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-3511	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/	Trust: 0.1
url:	http://www.mandriva.com/en/support/security/advisories/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-1619	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1.orig.tar.gz	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0848	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0845	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b14-1.4.1-0ubuntu13_all.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0847	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b16-1.6.1-3ubuntu3_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.7_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b11-2ubuntu2.2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_i386.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0740	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740	Trust: 0.1
url:	http://secunia.com/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0433	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245	Trust: 0.1
url:	http://lists.grok.org.uk/full-disclosure-charter.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3245	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-4546	Trust: 0.1
url:	http://www.hp.com/go/hpsim	Trust: 0.1

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

SOURCES

db:	CERT/CC	id:	VU#120541
db:	VULHUB	id:	VHN-41001
db:	PACKETSTORM	id:	100765
db:	PACKETSTORM	id:	92497
db:	PACKETSTORM	id:	105653
db:	PACKETSTORM	id:	114810
db:	PACKETSTORM	id:	86075
db:	PACKETSTORM	id:	90262
db:	PACKETSTORM	id:	95279
db:	PACKETSTORM	id:	92095
db:	PACKETSTORM	id:	82652
db:	PACKETSTORM	id:	84181
db:	PACKETSTORM	id:	137201
db:	PACKETSTORM	id:	120714
db:	PACKETSTORM	id:	88173
db:	PACKETSTORM	id:	88698
db:	PACKETSTORM	id:	91749
db:	CNNVD	id:	CNNVD-200911-069
db:	NVD	id:	CVE-2009-3555

LAST UPDATE DATE

2024-11-07T19:47:48.731000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#120541	date:	2011-07-22T00:00:00
db:	VULHUB	id:	VHN-41001	date:	2023-02-13T00:00:00
db:	CNNVD	id:	CNNVD-200911-069	date:	2023-04-27T00:00:00
db:	NVD	id:	CVE-2009-3555	date:	2023-02-13T02:20:27.983

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#120541	date:	2009-11-11T00:00:00
db:	VULHUB	id:	VHN-41001	date:	2009-11-09T00:00:00
db:	PACKETSTORM	id:	100765	date:	2011-04-24T07:03:17
db:	PACKETSTORM	id:	92497	date:	2010-08-06T17:53:12
db:	PACKETSTORM	id:	105653	date:	2011-10-10T22:56:06
db:	PACKETSTORM	id:	114810	date:	2012-07-17T21:46:46
db:	PACKETSTORM	id:	86075	date:	2010-02-09T18:53:40
db:	PACKETSTORM	id:	90262	date:	2010-06-04T04:23:32
db:	PACKETSTORM	id:	95279	date:	2010-10-29T15:50:22
db:	PACKETSTORM	id:	92095	date:	2010-07-23T18:03:56
db:	PACKETSTORM	id:	82652	date:	2009-11-17T01:07:45
db:	PACKETSTORM	id:	84181	date:	2009-12-22T20:42:09
db:	PACKETSTORM	id:	137201	date:	2016-05-26T09:22:00
db:	PACKETSTORM	id:	120714	date:	2013-03-08T04:15:53
db:	PACKETSTORM	id:	88173	date:	2010-04-07T22:23:17
db:	PACKETSTORM	id:	88698	date:	2010-04-20T15:07:58
db:	PACKETSTORM	id:	91749	date:	2010-07-14T04:19:30
db:	CNNVD	id:	CNNVD-200911-069	date:	2009-11-09T00:00:00
db:	NVD	id:	CVE-2009-3555	date:	2009-11-09T17:30:00.407