ID

VAR-200911-0398


CVE

CVE-2009-3555


TITLE

SSL and TLS protocols renegotiation vulnerability

Trust: 0.8

sources: CERT/CC: VU#120541

DESCRIPTION

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Oracle WebLogic Server OpenSSL Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA44292 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44292/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 RELEASE DATE: 2011-04-24 DISCUSS ADVISORY: http://secunia.com/advisories/44292/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44292/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44292 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Weblogic Server, which can be exploited by malicious people to manipulate certain data. For more information see vulnerability #1: SA37291 The vulnerability is reported in versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, and 11gR1 (10.3.2, 10.3.3, 10.3.4). SOLUTION: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS). HP ProCurve Threat Management Services (TMS) zl Module J9155A and J9156A ST.1.1.100330 and earlier. Product Version: ST.1.1.100430 or later. The updates are available from the following location: http://www.procurve.com/customercare/support/software/network-security.htm PRODUCT SPECIFIC INFORMATION None HISTORY: Version: 1 (rev.1) 4 August 2010 Initial release. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: GnuTLS: Multiple vulnerabilities Date: October 10, 2011 Bugs: #281224, #292025 ID: 201110-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Background ========== GnuTLS is an Open Source implementation of the TLS 1.2 and SSL 3.0 protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/gnutls < 2.10.0 >= 2.10.0 Description =========== Multiple vulnerabilities have been discovered in GnuTLS. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GnuTLS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.10.0" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 6, 2010. It is likely that your system is already no longer affected by this issue. References ========== [ 1 ] CVE-2009-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2730 [ 2 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Customers should open a support case to request the following hotfixes. NNMi Version / Operating System Required Patch Hotfix 9.0x HP-UX Patch 5 Hotfix-NNMi-9.0xP5-HP-UX-JDK-20120710.zip 9.0x Linux Patch 5 Hotfix-NNMi-9.0xP5-Linux-JDK-20120523.zip 9.0x Solaris Patch 5 Hotfix-NNMi-9.0xP5-Solaris-JDK-20120523.zip 9.0x Windows Patch 5 Hotfix-NNMi-9.0xP5-Windows-JDK-20120523.zip Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled. MANUAL ACTIONS: Yes - Update Install the applicable patch and hotfix. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aruba Networks Security Advisory Title: TLS Protocol Session Renegotiation Security Vulnerability Aruba Advisory ID: AID-020810 Revision: 1.0 For Public Release on 02/08/2010 +---------------------------------------------------- SUMMARY This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol [1][2]. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. If a client browser (victim) is configured to authenticate to the WebUI over HTTPS using a client certificate, an attacker can potentially use the victim's credentials temporarily to execute arbitrary HTTP request for each initiation of an HTTPS session from the victim to the WebUI. This would happen without any HTTPS/TLS warnings to the victim. This condition can essentially be exploited by an attacker for command injection in beginning of a HTTPS session between the victim and the ArubaOS WebUI. ArubaOS itself does not initiate TLS renegotiation at any point and hence is only vulnerable to scenario where a client explicitly requests TLS renegotiation. Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. AFFECTED ArubaOS VERSIONS 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS, 2.4.8.x-FIPS CHECK IF YOU ARE VULNERABLE The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. ArubaOS is vulnerable only if its configuration permits WebUI administration interface clients to connect using either username/password or client certificates. If only one of the two authentication method is allowed, this issue does not seem to apply. Check if the following line appears in your configuration: web-server mgmt-auth username/password certificate If the exact line does not appear in the configuration, this issue does not apply. DETAILS An industry wide vulnerability was discovered in TLS protocol's renegotiation feature, which allows a client and server who already have a TLS connection to negotiate new session parameters and generate new key material. Renegotiation is carried out in the existing TLS connection. However there is no cryptographic binding between the renegotiated TLS session and the original TLS session. An attacker who has established MITM between client and server may be able to take advantage of this and inject arbitrary data into the beginning of the application protocol stream protected by TLS. Specifically arbitrary HTTP requests can be injected in a HTTPS session where attacker (MITM) blocks HTTPS session initiation between client and server, establishes HTTPS session with the server itself, injects HTTP data and initiates TLS renegotiation with the server. Then attacker allows the renegotiation to occur between the client and the server. After successful HTTPS session establishment with the server, now the client sends its HTTP request along with its HTTP credentials (cookie) to the server. However due to format of attacker's injected HTTP data, the client's HTTP request is not processed, rather the attacker's HTTP request gets executed with credentials of the client. The attacker is not able to view the results of the injected HTTP request due to the fact that data between the client and the server is encrypted over HTTPS. ArubaOS itself does not initiate TLS renegotiation at any point. The only ArubaOS component that seems affected by this issue is the HTTPS WebUI administration interface. Pre-requisites for this attack : 1. The attacker must be able to establish a MITM between the client and the server (ArubaOS WebUI). 2. The attacker must be able to establish a successful HTTPS session with the server (ArubaOS WebUI) 3. ArubaOS must be configured to allow certificate based HTTPS authentication for WebUI clients (client certs). Captive Portal users do not seem vulnerable to this issue unless somehow client certificates are being used to authenticate captive portal users. CVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) WORKAROUNDS Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following steps will help to mitigate the risk: - - - Disable certificate based HTTPS authentication (and only allow username-password based authentication) for WebUI clients. Client's username-password authentication POST request will prohibit attacker's injected HTTP data from executing with client's cookie. CLI command: web-server mgmt-auth username/password - - - Permit certificate based HTTPS authentication ONLY and disable username-password based authentication to WebUI. This will prohibit attacker from establishing a HTTPS session with ArubaOS (for MITM) without a valid client cert. CLI command: web-server mgmt-auth certificate Note: This step won't stop command injection from attackers who have valid client certificates but their assigned management role privileges are lower than that of the admin. This attack may allow them to run commands at higher privilege than what is permitted in their role. - - - Do not expose the Mobility Controller administrative interface to untrusted networks such as the Internet. SOLUTION Aruba Networks recommends that all customers apply the appropriate patch(es) as soon as practical. The following patches have the fix (any newer patch will also have the fix): - - - - 2.5.6.24 - - - - 3.3.2.23 - - - - 3.3.3.2 - - - - 3.4.0.7 - - - - 3.4.1.1 - - - - RN 3.1.4 Please contact Aruba support for obtaining patched FIPS releases. Please note: We highly recommend that you upgrade your Mobility Controller to the latest available patch on the Aruba support site corresponding to your currently installed release. REFERENCES [1] http://extendedsubset.com/?p=8 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 +---------------------------------------------------- OBTAINING FIXED FIRMWARE Aruba customers can obtain the firmware on the support website: http://www.arubanetworks.com/support. Aruba Support contacts are as follows: 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America) +1-408-754-1200 (toll call from anywhere in the world) e-mail: support(at)arubanetworks.com Please, do not contact either "wsirt(at)arubanetworks.com" or "security(at)arubanetworks.com" for software upgrades. EXPLOITATION AND PUBLIC ANNOUNCEMENTS This vulnerability will be announced at Aruba W.S.I.R.T. Advisory: http://www.arubanetworks.com/support/alerts/aid-020810.txt SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 STATUS OF THIS NOTICE: Final Although Aruba Networks cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Aruba Networks does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Aruba Networks may update this advisory. A stand-alone copy or paraphrase of the text of this security advisory that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. DISTRIBUTION OF THIS ANNOUNCEMENT This advisory will be posted on Aruba's website at: http://www.arubanetworks.com/support/alerts/aid-020810.txt Future updates of this advisory, if any, will be placed on Aruba's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. REVISION HISTORY Revision 1.0 / 02-08-2010 / Initial release ARUBA WSIRT SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Aruba Networks products, obtaining assistance with security incidents is available at http://www.arubanetworks.com/support/wsirt.php For reporting *NEW* Aruba Networks security issues, email can be sent to wsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.arubanetworks.com/support/wsirt.php (c) Copyright 2010 by Aruba Networks, Inc. This advisory may be redistributed freely after the release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN bWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP =CrHf -----END PGP SIGNATURE----- . Release Date: 2010-06-01 Last Updated: 2010-06-01 Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities. References: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.19 or earlier HP-UX B.11.11, B.11.23, B.11.31 running HP Java SDK and RTE 1.4.2.24 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.31 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.23 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent HP-UX B.11.11 JDK and JRE v6.0.07 or subsequent JDK and JRE v5.0.20 or subsequent SDK and JRE v1.4.2.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.06 and earlier, update to Java v6.0.07 or subsequent For Java v5.0.19 and earlier, update to Java v5.0.20 or subsequent For Java v1.4.2.24 and earlier, update to Java v1.4.2.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre14.JRE14-COM Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jdk14.JDK14-COM Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W action: install revision 1.4.2.25.00 or subsequent Jre15.JRE15-COM Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jdk15.JDK15-COM Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 action: install revision 1.5.0.20.00 or subsequent Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.07.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 1 June 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. =========================================================== Ubuntu Security Notice USN-1010-1 October 28, 2010 openjdk-6, openjdk-6b18 vulnerabilities CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~8.04.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~8.04.1 Ubuntu 9.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre 6b18-1.8.2-4ubuntu1~9.10.1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1~9.10.1 Ubuntu 10.04 LTS: icedtea6-plugin 6b18-1.8.2-4ubuntu2 openjdk-6-jdk 6b18-1.8.2-4ubuntu2 openjdk-6-jre 6b18-1.8.2-4ubuntu2 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu2 Ubuntu 10.10: icedtea6-plugin 6b18-1.8.2-4ubuntu1 openjdk-6-jdk 6b18-1.8.2-4ubuntu1 openjdk-6-jre 6b18-1.8.2-4ubuntu1 openjdk-6-jre-headless 6b18-1.8.2-4ubuntu1 After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. USN-923-1 disabled SSL/TLS renegotiation by default; this update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, and thus supports secure renegotiation between updated clients and servers. (CVE-2009-3555) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3541) It was discovered that JNDI could leak information that would allow an attacker to to access information about otherwise-protected internal network names. (CVE-2010-3548) It was discovered that HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) It was discovered that the NetworkInterface class improperly checked the network "connect" permissions for local network addresses. This could allow an attacker to read local network addresses. (CVE-2010-3551) It was discovered that UIDefault.ProxyLazyValue had unsafe reflection usage, allowing an attacker to create objects. (CVE-2010-3553) It was discovered that multiple flaws in the CORBA reflection implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) It was discovered that unspecified flaws in the Swing library could allow untrusted applications to modify the behavior and state of certain JDK classes. (CVE-2010-3557) It was discovered that the privileged accept method of the ServerSocket class in the CORBA implementation allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) It was discovered that there exists a double free in java's indexColorModel that could allow an attacker to cause an applet or application to crash, or possibly execute arbitrary code with the privilege of the user running the java applet or application. (CVE-2010-3562) It was discovered that the Kerberos implementation improperly checked AP-REQ requests, which could allow an attacker to cause a denial of service against the receiving JVM. (CVE-2010-3564) It was discovered that improper checks of unspecified image metadata in JPEGImageWriter.writeImage of the imageio API could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3565) It was discovered that an unspecified vulnerability in the ICC profile handling code could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3566) It was discovered that a miscalculation in the OpenType font rendering implementation would allow out-of-bounds memory access. (CVE-2010-3567) It was discovered that an unspecified race condition in the way objects were deserialized could allow an attacker to cause an applet or application to misuse the privileges of the user running the java applet or application. (CVE-2010-3568) It was discovered that the defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times. This could allow an attacker to execute arbitrary code with the privileges of the user running a java applet or application. (CVE-2010-3569) It was discovered that the HttpURLConnection class did not validate request headers set by java applets, which could allow an attacker to trigger actions otherwise not allowed to HTTP clients. (CVE-2010-3573) It was discovered that the HttpURLConnection class improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz Size/MD5: 135586 3ae71988a36862ce27867d523c7e0ec7 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc Size/MD5: 2466 0109ff8a5111bb4493a6e47d772092a6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 19755780 65b0eb04a5af50ea9f3482518bf582e6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 5661496 e1e071cf15c338a3dcd82a4aa4359f20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb Size/MD5: 26749920 71f229a65bfdf92d5212699094dc6ff9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 86460 66e287acc1a4ba54d75dc7d0b6212878 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 57825614 6343ea728cef27e27f9d68c83df40019 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 2361210 628df11e7f45298cb3b8b6bb50bbd170 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 10962050 0f1779b612e2caa1c8dacb204f28a7a8 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 25460526 85c96fcc8769e135d60e00f8e5690632 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb Size/MD5: 253918 aced66f96984c7188e3d0d0dea658254 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 80470 89535a3dbb0896b5f4d252aeae44a400 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 126182692 1671a3cc88704f77933c04dd818642ae http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 2341182 c0a947f9955762c8634b817d8dcb6cd0 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 10966052 6b94043956bd9131fdffcdbdbd765a7a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 27284156 d230929b6e39055bc08bc105a1a7b1cc http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb Size/MD5: 240692 05f1130918ab3688cee31f8883929f95 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 82496 b51720a574f40b01cebcc03c18af3079 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 126209760 f17e3f7e26d8bfbc2256fc972e840db1 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 2340616 e0eb51f44ad028ecf845f096e00504da http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 10963228 10a1a6785472f141ea8b9d158dff2789 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 27276810 a32eb244cdfe3c5637331863ce6830b4 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb Size/MD5: 240524 444fde4db3768af1725f6a4580e98e10 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 88880 73f90df7175dcf2e8e9d26eb87e7eb99 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 41166884 a4eaa0bd6627ae61a49beb5c0a664897 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 2399516 c629576b23baa32a5bf71e5536a0f2fd http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 8933216 dfd34a92a124cf1002f7ba2c431c9eb9 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 23835452 c1e4df9ec2dfeed5e6212b698a7463df http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb Size/MD5: 268410 1e0ccf90a8ae3ea7e0dbc0dfe8fdaf5f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz Size/MD5: 135674 1171639e5ed727c1a80362c97d25189a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc Size/MD5: 3043 e7ab8271e234b68f1b09096ebcba23c3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 19755640 9d094756e91b2bcd3f68bd22c4253291 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 5788882 528906c13322b8dd43132944de7a31db http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb Size/MD5: 26751572 5d90c57d9d7c2a4a287ec0f90bd9a1f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 377596 ac1108d73532e67f7f7c41a95603b4ae http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 83644 3554e332def256dbaf16d4bfeeed3741 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 104653652 88cf032f0866ebe8498c8054f4796578 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 2383778 710352a303ecc96af071071ed8c8ceea http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 11157690 31b2888fb540d9fdd7841fa467d4ff70 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 25523836 b9ccdb5eef46a11cc824313508bb1ccc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 272506 7242a528594814b9ddc2c93e5814af20 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb Size/MD5: 5421246 91e50b4539739c7cef99c6b81e0ca7c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 345384 a0d5fd362e00e8d3acfc8f34fc68c416 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 79224 a296415db11edafd48da8eec246dca03 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 168922366 c75e2e4e19a148b2d2c2af2d22a3c91c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 2348922 b68a532c61d133fe2a0dc83d28d646d5 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 10920294 1b2e094cac5360a085150c6c06c9880c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 27259892 941eaf3d4aed7cdbc0ddb963d1a7625e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 258086 869ea201bc123aec8eacc10cb84f8da6 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb Size/MD5: 4927606 e00e6c5b66a77255dce2ee5bbca17fbc lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 346554 d5168b2338ffe0f583bcea81895d2c0e http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 81886 80f1c7a2a0065dc112c9117f478e594c http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 169080714 1a818e649f10940483a68de3cef38053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 2346128 cc430ab6af852714db8e7c4206a0fc25 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 10919552 dfb5071724c66bee9a8298575207df05 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 27304524 576f5aa3552e42876672e8730cd34467 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 254244 5b4668359fe32254c9f76c1f9d8718cc http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb Size/MD5: 4918792 ebc9e7694d2a6f1ca7ee4eebde7b3401 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 366190 adf16d42bda00fa3202b81c12ed135f0 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 82942 eb4f84254cc1d065c05304ffc453da8d http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 87511500 e5c46b9b4a4b8ea4444a6490b4962252 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 2363812 c1e4245d923f42cb8c20dbac995ca677 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 8871546 9a498efde1247a19b437ca80cb4c5a04 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 23886082 a945c526247fcd4db66b69ecffdeb2c2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 277532 8d6ee031f6fe02667a9d6003c695b8e8 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb Size/MD5: 4746842 5dfde216d85312f3a5e22dcc67d42cae sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 79622 822b4116245df946903077d1c52ce499 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 125491074 cc8cd7a15a08f6fa696ed0612daa6188 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 2363090 acc768a146c60a42a4200765c2761400 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 10912448 4abd8741bdf1182ca5c8be2216a20ec6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 27107652 45ea3696b4bb7b4c0408b6e6478a5dba http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb Size/MD5: 258346 c94e52925aa5f93331a31c8ccd6cc51b Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz Size/MD5: 135754 65d8b4bdbc177e84604552cd846d77b1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc Size/MD5: 3070 31e61c20b2d9bf0fd2755567cb86a985 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz Size/MD5: 68727489 413e3c8a80355b2c6215078467303f58 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 19756634 e87012a63ffdff1af949ca680d819024 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 5776188 73335755c917fd549774ac05fe9ae79e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb Size/MD5: 26751610 ad735399747e646b8d0ce4878cdc5b9a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 375984 e39dbd2cd5854d54345d4b7b06166234 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 84120 61feb48ac0cf21dd2eda11783d201268 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 104352622 13e7e5dc02352e6d2d0a34244cd245da http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2362282 577ce2392e3a302deb21b219ce9818b3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 10930834 f3fd2d4fd323d8ef5a4ecdbf04bf68ce http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 25548006 4a57b587fef16ed39dd3524afd17d6fc http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 272606 b4f295db5117c2481dce1eab6720e959 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb Size/MD5: 2097440 615063c47a103893cfbfe9fd66f3bc49 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 345580 a9f4b3af4b35d84b2431465f2e39c652 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 79584 a0554970f63cbd433e62bc9096ecb0f7 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 168624244 1c584b5a99769f9081b66fc68d2f289d http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 2349304 8fa85c3bdbc9c25238620f0925304671 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 10927402 4922fc1a90ab8b3376d67a999e323e21 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 27283760 64e7c7aadc850c297076276212e9f3d6 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 258124 9d94f92d6a1f83fc8a9fbdcc3bd7be0a http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb Size/MD5: 1785538 e4904ec1f63446b9d8fa2f104d24c74d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 366016 e733ae6c51da3151ae78c30c7f666f09 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 83626 23fc3d4efaf4077632aa52dbb929f645 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 87247976 1c7e2f725e6096e101de5c1bd7e68e86 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 2363890 f7eedc13d9500e08bb699f5d88c5123a http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 8875852 851a292b0dcfafb69c28c2e95bd6ae31 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 23890398 1c2d729f9f7077aaf0f2564f0aee2af8 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 277458 4860d4e029266c00fb5994bfe7664d4b http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb Size/MD5: 1916154 ec4e6ecb6c6ed793d177c34ae3e1129b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 77756 a5b0aeef4ef21dd8f670737541b1b05e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 125457728 862aa5dbf167e6d7a584f314f4c36c67 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 2363772 51b7f24736eb5d43f11eaff5c9945836 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 10949862 55f322ecdb2382249d1e669c4ab8f078 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 27039776 656aaefcf1530e54522bf60691a0c66e http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb Size/MD5: 258778 ab27c03547114c8852b7b7677e0c1fd4 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz Size/MD5: 135370 83cdf469757721d89c4c3fa49e22252c http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc Size/MD5: 3029 82a33984ae8d5bde63e5580a2c4aae6f http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz Size/MD5: 61672998 05f27f8079d9e30a31fe5bcd84705fe9 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz Size/MD5: 137851 b0e307a389b992cb6c2d1101460ba92a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc Size/MD5: 2985 9dbd071a98fa599f015a30f42d9a2a40 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz Size/MD5: 71591248 1011a983534e54cc059ab50b04d92c57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 19978052 fbb27721b0eb8cfa8d5de5e05841d162 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 6155146 07a2e90014f8bc21398b201f1be4d742 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb Size/MD5: 26835562 5ea7d1b170a1e3a2f2565a8c2db42605 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 432850 160667a93e2c00e7dc3d0f19cb7d80b2 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 83386 0f926eced3d09115f7d141014ca3c31a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 112945964 b753bac7f8b7a35a33e9e38b1e4e0ab3 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2379922 2b4933ddc1c32b82406af60219e97c18 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 10965436 5545beef5ed4e4e40f0aa16b1a42da5e http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 25507696 0beb96691488a673e1b1352fe902c89a http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 266958 bb13ed961544089e795be06dc800da85 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb Size/MD5: 2215626 a3293e8d50133f466e7726bdc7273680 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 415868 279469932039d052718b746beefbb096 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 78702 1499544487aaa98e856b647703a7ab83 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 179616966 7623e3fbcfd64c57fb8d2d7e255d8aad http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 2348354 2b98cd98e095e50c5492a722c9c7ba99 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 10741114 88b21b6a59d2667dfbf3f58a44ff69c1 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 27291046 acd1e396d25d29ba9a59d00ea7c91d23 http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 251300 d33344bb93a34cae1673cb7c533566cd http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb Size/MD5: 1883488 4f2fd0a08726ef3c3b87d8eb75aa5cdd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 444244 10553b4cc81b3118e9c6aa34acebbf76 http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 82772 b4574152841ad573019f87b45e8557f2 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 97547350 6bf9459dfd625086b5f9db990208e4b6 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2363306 b9ff356350058183d075ece3b78f1053 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 8669820 855a1ea5a794a400fb68dd3ee7310b99 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 23872646 cbe5c87012d3a4406796a5b016a5f095 http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 270434 61d401aaf4839b696f21a8ba2b635f57 http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb Size/MD5: 2020674 8d90fdae3a05f7854ff03c11fc5aab5f . Transport Layer Security (TLS) is a protocol for ensuring the privacy of communication applications and their users over the Internet. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). This update provides a solution to this vulnerability. This could force the server to process an attacker&#039;s request as if authenticated using the victim&#039;s credentials. The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169 (CVE-2013-1619). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 48dfde02cfa9c869bb97ec71252b8af7 mes5/i586/gnutls-2.4.1-2.8mdvmes5.2.i586.rpm 9f534885a90c121ddb4f911d85462a42 mes5/i586/libgnutls26-2.4.1-2.8mdvmes5.2.i586.rpm 746200c5109707c76a71060672bedfa7 mes5/i586/libgnutls-devel-2.4.1-2.8mdvmes5.2.i586.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: dce865b93f4a52aeae1686aed09136f3 mes5/x86_64/gnutls-2.4.1-2.8mdvmes5.2.x86_64.rpm 345540258af6fde7320c7b518c179509 mes5/x86_64/lib64gnutls26-2.4.1-2.8mdvmes5.2.x86_64.rpm b7c9a97fd0f01c52728fbdbc96b3ba55 mes5/x86_64/lib64gnutls-devel-2.4.1-2.8mdvmes5.2.x86_64.rpm 8c9bbb918f94a539d82ef057dc201bd2 mes5/SRPMS/gnutls-2.4.1-2.8mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFROKS5mqjQ0CJFipgRAs45AKCEbVaRAwJpq/8XnLknkrr0u6t9bwCfRVAB /MdKwjI1wkjSmVwvRPHTwEM= =MbuE -----END PGP SIGNATURE----- . (CVE-2009-3555) It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094) It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. If a remote attacker could trigger specific error conditions, a Java application could crash, leading to a denial of service. (CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845) It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. It was discovered that applets did not correctly handle certain trust chains. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:076-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : April 19, 2010 Affected: 2009.0 _______________________________________________________________________ Problem Description: This update fixes several security issues in openssl: - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection (CVE-2010-0740) - OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors (CVE-2009-3245) - The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) (CVE-2010-0433) - Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks (CVE-2009-3555). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Update: Packages for 2009.0 are provided due to the Extended Maintenance Program. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.1. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2008-4546 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 4.3 CVE-2009-3793 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-1297 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2160 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2161 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2162 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2163 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2164 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2165 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2166 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2167 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2169 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2170 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2171 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2172 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-2173 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2174 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2175 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2176 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2177 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2178 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2179 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-2180 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2181 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2182 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2183 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2184 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2185 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2186 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2187 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2188 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-2189 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2010-0082 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0084 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-0085 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0087 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0088 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0089 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-0090 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0091 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-0092 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0093 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 5.1 CVE-2010-0094 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0095 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0837 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0838 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0839 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0840 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0841 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0842 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0843 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0844 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0845 (AV:N/AC:H/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0846 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0847 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0848 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0849 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-0850 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION Hp has provided HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows v6.1 or subsequent to resolve these vulnerabilities. The HP SIM v6.1 can be downloaded from http://www.hp.com/go/hpsim MANUAL ACTIONS: Yes - Update Update to HP SIM v6.1 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. Details follow: USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10

Trust: 3.06

sources: NVD: CVE-2009-3555 // CERT/CC: VU#120541 // PACKETSTORM: 100765 // PACKETSTORM: 92497 // PACKETSTORM: 105653 // PACKETSTORM: 114810 // PACKETSTORM: 86075 // PACKETSTORM: 90262 // PACKETSTORM: 95279 // VULHUB: VHN-41001 // PACKETSTORM: 82652 // PACKETSTORM: 84181 // PACKETSTORM: 137201 // PACKETSTORM: 120714 // PACKETSTORM: 88173 // PACKETSTORM: 88698 // PACKETSTORM: 91749 // PACKETSTORM: 92095

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:lteversion:0.9.8k

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:13

Trust: 1.0

vendor:f5model:nginxscope:lteversion:0.8.22

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.2.14

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.10

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:14

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:12

Trust: 1.0

vendor:mozillamodel:nssscope:lteversion:3.12.4

Trust: 1.0

vendor:gnumodel:gnutlsscope:lteversion:2.8.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.1.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.0

vendor:barracudamodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gnutlsmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 0.6

vendor:microsoftmodel:iisscope:eqversion:7.0

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 0.6

vendor:apachemodel:http serverscope:eqversion:2.0.32

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 0.6

sources: CERT/CC: VU#120541 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3555
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3555
value: 0

Trust: 0.8

CNNVD: CNNVD-200911-069
value: HIGH

Trust: 0.6

VULHUB: VHN-41001
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3555
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-41001
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.1

problemtype:CWE-310

Trust: 0.1

sources: VULHUB: VHN-41001 // NVD: CVE-2009-3555

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 90262 // PACKETSTORM: 120714 // PACKETSTORM: 88698 // CNNVD: CNNVD-200911-069

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41001

PATCH

title:Security Update for Windows XP (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39675

Trust: 0.6

title:Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39679

Trust: 0.6

title:Security Update for Windows Server 2008 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39683

Trust: 0.6

title:Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39687

Trust: 0.6

title:Security Update for Windows Server 2003 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39615

Trust: 0.6

title:Security Update for Windows Vista for x64-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39619

Trust: 0.6

title:Security Update for Windows 7 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39623

Trust: 0.6

title:Security Update for Windows Server 2008 R2 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39626

Trust: 0.6

title:Security Update for Windows Server 2003 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39678

Trust: 0.6

title:Security Update for Windows Server 2008 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39682

Trust: 0.6

title:Security Update for Windows 7 for x64-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39686

Trust: 0.6

title:Security Update for Windows XP x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39614

Trust: 0.6

title:Security Update for Windows Vista (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39618

Trust: 0.6

title:Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39622

Trust: 0.6

title:Security Update for Windows Server 2003 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39677

Trust: 0.6

title:Security Update for Windows Vista for x64-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39681

Trust: 0.6

title:Security Update for Windows 7 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39685

Trust: 0.6

title:Security Update for Windows XP (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39613

Trust: 0.6

title:Security Update for Windows Server 2003 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39617

Trust: 0.6

title:Security Update for Windows Server 2008 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39621

Trust: 0.6

title:Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39625

Trust: 0.6

title:Security Update for Windows XP x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39676

Trust: 0.6

title:Security Update for Windows Vista (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39680

Trust: 0.6

title:Security Update for Windows Server 2008 for Itanium-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39684

Trust: 0.6

title:Security Update for Windows Server 2008 R2 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39688

Trust: 0.6

title:Security Update for Windows Server 2003 x64 Edition (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39616

Trust: 0.6

title:Security Update for Windows Server 2008 (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39620

Trust: 0.6

title:Security Update for Windows 7 for x64-based Systems (KB980436)url:http://123.124.177.30/web/xxk/bdxqById.tag?id=39624

Trust: 0.6

title:Thunderbird Setup 3.1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4468

Trust: 0.6

title:FirefoxChinaEdition 2010.7url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4472

Trust: 0.6

title:FirefoxChinaEdition 2010.7url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4471

Trust: 0.6

title:thunderbird-3.1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4470

Trust: 0.6

title:Thunderbird 3.1url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4469

Trust: 0.6

title:FirefoxChinaEdition 2010.7url:http://123.124.177.30/web/xxk/bdxqById.tag?id=4473

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

EXTERNAL IDS

db:NVDid:CVE-2009-3555

Trust: 3.9

db:CERT/CCid:VU#120541

Trust: 2.5

db:SECUNIAid:38781

Trust: 1.7

db:SECUNIAid:42377

Trust: 1.7

db:SECUNIAid:37501

Trust: 1.7

db:SECUNIAid:39632

Trust: 1.7

db:SECUNIAid:37604

Trust: 1.7

db:SECUNIAid:41972

Trust: 1.7

db:SECUNIAid:43308

Trust: 1.7

db:SECUNIAid:38241

Trust: 1.7

db:SECUNIAid:37859

Trust: 1.7

db:SECUNIAid:40070

Trust: 1.7

db:SECUNIAid:41818

Trust: 1.7

db:SECUNIAid:39292

Trust: 1.7

db:SECUNIAid:42816

Trust: 1.7

db:SECUNIAid:42379

Trust: 1.7

db:SECUNIAid:39317

Trust: 1.7

db:SECUNIAid:38020

Trust: 1.7

db:SECUNIAid:42467

Trust: 1.7

db:SECUNIAid:37320

Trust: 1.7

db:SECUNIAid:37640

Trust: 1.7

db:SECUNIAid:37656

Trust: 1.7

db:SECUNIAid:37383

Trust: 1.7

db:SECUNIAid:42724

Trust: 1.7

db:SECUNIAid:38003

Trust: 1.7

db:SECUNIAid:44183

Trust: 1.7

db:SECUNIAid:42733

Trust: 1.7

db:SECUNIAid:38484

Trust: 1.7

db:SECUNIAid:40545

Trust: 1.7

db:SECUNIAid:40866

Trust: 1.7

db:SECUNIAid:39242

Trust: 1.7

db:SECUNIAid:38056

Trust: 1.7

db:SECUNIAid:39278

Trust: 1.7

db:SECUNIAid:39243

Trust: 1.7

db:SECUNIAid:42808

Trust: 1.7

db:SECUNIAid:37675

Trust: 1.7

db:SECUNIAid:39127

Trust: 1.7

db:SECUNIAid:39461

Trust: 1.7

db:SECUNIAid:39819

Trust: 1.7

db:SECUNIAid:37453

Trust: 1.7

db:SECUNIAid:40747

Trust: 1.7

db:SECUNIAid:41490

Trust: 1.7

db:SECUNIAid:39628

Trust: 1.7

db:SECUNIAid:44954

Trust: 1.7

db:SECUNIAid:39500

Trust: 1.7

db:SECUNIAid:48577

Trust: 1.7

db:SECUNIAid:42811

Trust: 1.7

db:SECUNIAid:37291

Trust: 1.7

db:SECUNIAid:41480

Trust: 1.7

db:SECUNIAid:37292

Trust: 1.7

db:SECUNIAid:37399

Trust: 1.7

db:SECUNIAid:39713

Trust: 1.7

db:SECUNIAid:38687

Trust: 1.7

db:SECUNIAid:37504

Trust: 1.7

db:SECUNIAid:39136

Trust: 1.7

db:SECUNIAid:41967

Trust: 1.7

db:SECTRACKid:1023217

Trust: 1.7

db:SECTRACKid:1023273

Trust: 1.7

db:SECTRACKid:1023274

Trust: 1.7

db:SECTRACKid:1023206

Trust: 1.7

db:SECTRACKid:1023272

Trust: 1.7

db:SECTRACKid:1023427

Trust: 1.7

db:SECTRACKid:1023218

Trust: 1.7

db:SECTRACKid:1023163

Trust: 1.7

db:SECTRACKid:1023214

Trust: 1.7

db:SECTRACKid:1023211

Trust: 1.7

db:SECTRACKid:1023219

Trust: 1.7

db:SECTRACKid:1023216

Trust: 1.7

db:SECTRACKid:1024789

Trust: 1.7

db:SECTRACKid:1023148

Trust: 1.7

db:SECTRACKid:1023213

Trust: 1.7

db:SECTRACKid:1023271

Trust: 1.7

db:SECTRACKid:1023243

Trust: 1.7

db:SECTRACKid:1023209

Trust: 1.7

db:SECTRACKid:1023215

Trust: 1.7

db:SECTRACKid:1023208

Trust: 1.7

db:SECTRACKid:1023411

Trust: 1.7

db:SECTRACKid:1023204

Trust: 1.7

db:SECTRACKid:1023224

Trust: 1.7

db:SECTRACKid:1023210

Trust: 1.7

db:SECTRACKid:1023207

Trust: 1.7

db:SECTRACKid:1023426

Trust: 1.7

db:SECTRACKid:1023428

Trust: 1.7

db:SECTRACKid:1023205

Trust: 1.7

db:SECTRACKid:1023275

Trust: 1.7

db:SECTRACKid:1023270

Trust: 1.7

db:SECTRACKid:1023212

Trust: 1.7

db:VUPENid:ADV-2010-2745

Trust: 1.7

db:VUPENid:ADV-2009-3353

Trust: 1.7

db:VUPENid:ADV-2010-3069

Trust: 1.7

db:VUPENid:ADV-2010-0086

Trust: 1.7

db:VUPENid:ADV-2009-3354

Trust: 1.7

db:VUPENid:ADV-2009-3484

Trust: 1.7

db:VUPENid:ADV-2010-1793

Trust: 1.7

db:VUPENid:ADV-2009-3310

Trust: 1.7

db:VUPENid:ADV-2010-0982

Trust: 1.7

db:VUPENid:ADV-2011-0033

Trust: 1.7

db:VUPENid:ADV-2009-3220

Trust: 1.7

db:VUPENid:ADV-2010-2010

Trust: 1.7

db:VUPENid:ADV-2010-1639

Trust: 1.7

db:VUPENid:ADV-2010-1107

Trust: 1.7

db:VUPENid:ADV-2010-3126

Trust: 1.7

db:VUPENid:ADV-2010-0916

Trust: 1.7

db:VUPENid:ADV-2009-3164

Trust: 1.7

db:VUPENid:ADV-2011-0032

Trust: 1.7

db:VUPENid:ADV-2011-0086

Trust: 1.7

db:VUPENid:ADV-2009-3313

Trust: 1.7

db:VUPENid:ADV-2010-0748

Trust: 1.7

db:VUPENid:ADV-2010-1350

Trust: 1.7

db:VUPENid:ADV-2009-3521

Trust: 1.7

db:VUPENid:ADV-2010-0994

Trust: 1.7

db:VUPENid:ADV-2010-3086

Trust: 1.7

db:VUPENid:ADV-2010-1191

Trust: 1.7

db:VUPENid:ADV-2010-0173

Trust: 1.7

db:VUPENid:ADV-2009-3587

Trust: 1.7

db:VUPENid:ADV-2010-0933

Trust: 1.7

db:VUPENid:ADV-2009-3205

Trust: 1.7

db:VUPENid:ADV-2010-1054

Trust: 1.7

db:VUPENid:ADV-2010-0848

Trust: 1.7

db:VUPENid:ADV-2010-1673

Trust: 1.7

db:VUPENid:ADV-2009-3165

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/05/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/07/3

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/23/10

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/05/5

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/20/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/06/3

Trust: 1.7

db:OSVDBid:65202

Trust: 1.7

db:OSVDBid:62210

Trust: 1.7

db:OSVDBid:60521

Trust: 1.7

db:OSVDBid:60972

Trust: 1.7

db:HITACHIid:HS10-030

Trust: 1.7

db:USCERTid:TA10-222A

Trust: 1.7

db:USCERTid:TA10-287A

Trust: 1.7

db:BIDid:36935

Trust: 1.7

db:CNNVDid:CNNVD-200911-069

Trust: 0.7

db:AUSCERTid:ESB-2022.2853

Trust: 0.6

db:AUSCERTid:ESB-2019.2561

Trust: 0.6

db:JUNIPERid:JSA10939

Trust: 0.6

db:ICS CERTid:ICSA-22-160-01

Trust: 0.6

db:PACKETSTORMid:90262

Trust: 0.2

db:PACKETSTORMid:88173

Trust: 0.2

db:PACKETSTORMid:92095

Trust: 0.2

db:PACKETSTORMid:120714

Trust: 0.2

db:PACKETSTORMid:82652

Trust: 0.2

db:PACKETSTORMid:95279

Trust: 0.2

db:PACKETSTORMid:137201

Trust: 0.2

db:PACKETSTORMid:92497

Trust: 0.2

db:PACKETSTORMid:88698

Trust: 0.2

db:PACKETSTORMid:86075

Trust: 0.2

db:PACKETSTORMid:114810

Trust: 0.2

db:PACKETSTORMid:84181

Trust: 0.2

db:EXPLOIT-DBid:10071

Trust: 0.1

db:EXPLOIT-DBid:10579

Trust: 0.1

db:PACKETSTORMid:82657

Trust: 0.1

db:PACKETSTORMid:82770

Trust: 0.1

db:PACKETSTORMid:130868

Trust: 0.1

db:PACKETSTORMid:83271

Trust: 0.1

db:PACKETSTORMid:91309

Trust: 0.1

db:PACKETSTORMid:120365

Trust: 0.1

db:PACKETSTORMid:106155

Trust: 0.1

db:PACKETSTORMid:83415

Trust: 0.1

db:PACKETSTORMid:111273

Trust: 0.1

db:PACKETSTORMid:83414

Trust: 0.1

db:PACKETSTORMid:88167

Trust: 0.1

db:PACKETSTORMid:124088

Trust: 0.1

db:PACKETSTORMid:94087

Trust: 0.1

db:PACKETSTORMid:97489

Trust: 0.1

db:PACKETSTORMid:131826

Trust: 0.1

db:PACKETSTORMid:102374

Trust: 0.1

db:PACKETSTORMid:106156

Trust: 0.1

db:PACKETSTORMid:89136

Trust: 0.1

db:PACKETSTORMid:88621

Trust: 0.1

db:PACKETSTORMid:94088

Trust: 0.1

db:PACKETSTORMid:89667

Trust: 0.1

db:PACKETSTORMid:84112

Trust: 0.1

db:PACKETSTORMid:90286

Trust: 0.1

db:PACKETSTORMid:127267

Trust: 0.1

db:PACKETSTORMid:84183

Trust: 0.1

db:PACKETSTORMid:88224

Trust: 0.1

db:PACKETSTORMid:123380

Trust: 0.1

db:SEEBUGid:SSVID-67231

Trust: 0.1

db:VULHUBid:VHN-41001

Trust: 0.1

db:SECUNIAid:44292

Trust: 0.1

db:PACKETSTORMid:100765

Trust: 0.1

db:PACKETSTORMid:105653

Trust: 0.1

db:PACKETSTORMid:91749

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // PACKETSTORM: 100765 // PACKETSTORM: 92497 // PACKETSTORM: 105653 // PACKETSTORM: 114810 // PACKETSTORM: 86075 // PACKETSTORM: 90262 // PACKETSTORM: 95279 // PACKETSTORM: 92095 // PACKETSTORM: 82652 // PACKETSTORM: 84181 // PACKETSTORM: 137201 // PACKETSTORM: 120714 // PACKETSTORM: 88173 // PACKETSTORM: 88698 // PACKETSTORM: 91749 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

REFERENCES

url:http://extendedsubset.com/?p=8

Trust: 2.6

url:http://www.links.org/?p=780

Trust: 2.5

url:http://www.links.org/?p=786

Trust: 2.5

url:http://www.links.org/?p=789

Trust: 2.5

url:http://blogs.iss.net/archive/sslmitmiscsrf.html

Trust: 2.5

url:http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

Trust: 2.5

url:https://bugzilla.redhat.com/show_bug.cgi?id=533125

Trust: 2.5

url:https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt

Trust: 2.5

url:http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

Trust: 2.5

url:http://www.securityfocus.com/bid/36935

Trust: 2.3

url:http://www.debian.org/security/2009/dsa-1934

Trust: 2.3

url:http://www.debian.org/security/2011/dsa-2141

Trust: 2.3

url:http://www.debian.org/security/2015/dsa-3253

Trust: 2.3

url:http://support.citrix.com/article/ctx123359

Trust: 2.3

url:http://www.vmware.com/security/advisories/vmsa-2010-0019.html

Trust: 2.3

url:http://www.vmware.com/security/advisories/vmsa-2011-0003.html

Trust: 2.3

url:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Trust: 2.3

url:http://www.arubanetworks.com/support/alerts/aid-020810.txt

Trust: 1.8

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1

Trust: 1.7

url:http://securitytracker.com/id?1023148

Trust: 1.7

url:http://www.securitytracker.com/id?1023163

Trust: 1.7

url:http://www.securitytracker.com/id?1023204

Trust: 1.7

url:http://www.securitytracker.com/id?1023205

Trust: 1.7

url:http://www.securitytracker.com/id?1023206

Trust: 1.7

url:http://www.securitytracker.com/id?1023207

Trust: 1.7

url:http://www.securitytracker.com/id?1023208

Trust: 1.7

url:http://www.securitytracker.com/id?1023209

Trust: 1.7

url:http://www.securitytracker.com/id?1023210

Trust: 1.7

url:http://www.securitytracker.com/id?1023211

Trust: 1.7

url:http://www.securitytracker.com/id?1023212

Trust: 1.7

url:http://www.securitytracker.com/id?1023213

Trust: 1.7

url:http://www.securitytracker.com/id?1023214

Trust: 1.7

url:http://www.securitytracker.com/id?1023215

Trust: 1.7

url:http://www.securitytracker.com/id?1023216

Trust: 1.7

url:http://www.securitytracker.com/id?1023217

Trust: 1.7

url:http://www.securitytracker.com/id?1023218

Trust: 1.7

url:http://www.securitytracker.com/id?1023219

Trust: 1.7

url:http://www.securitytracker.com/id?1023224

Trust: 1.7

url:http://www.securitytracker.com/id?1023243

Trust: 1.7

url:http://www.securitytracker.com/id?1023270

Trust: 1.7

url:http://www.securitytracker.com/id?1023271

Trust: 1.7

url:http://www.securitytracker.com/id?1023272

Trust: 1.7

url:http://www.securitytracker.com/id?1023273

Trust: 1.7

url:http://www.securitytracker.com/id?1023274

Trust: 1.7

url:http://www.securitytracker.com/id?1023275

Trust: 1.7

url:http://www.securitytracker.com/id?1023411

Trust: 1.7

url:http://www.securitytracker.com/id?1023426

Trust: 1.7

url:http://www.securitytracker.com/id?1023427

Trust: 1.7

url:http://www.securitytracker.com/id?1023428

Trust: 1.7

url:http://www.securitytracker.com/id?1024789

Trust: 1.7

url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080b01d1d.shtml

Trust: 1.7

url:http://seclists.org/fulldisclosure/2009/nov/139

Trust: 1.7

url:http://www.securityfocus.com/archive/1/507952/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/508075/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/508130/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/515055/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/516397/100/0/threaded

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1

Trust: 1.7

url:http://secunia.com/advisories/37291

Trust: 1.7

url:http://secunia.com/advisories/37292

Trust: 1.7

url:http://secunia.com/advisories/37320

Trust: 1.7

url:http://secunia.com/advisories/37383

Trust: 1.7

url:http://secunia.com/advisories/37399

Trust: 1.7

url:http://secunia.com/advisories/37453

Trust: 1.7

url:http://secunia.com/advisories/37501

Trust: 1.7

url:http://secunia.com/advisories/37504

Trust: 1.7

url:http://secunia.com/advisories/37604

Trust: 1.7

url:http://secunia.com/advisories/37640

Trust: 1.7

url:http://secunia.com/advisories/37656

Trust: 1.7

url:http://secunia.com/advisories/37675

Trust: 1.7

url:http://secunia.com/advisories/37859

Trust: 1.7

url:http://secunia.com/advisories/38003

Trust: 1.7

url:http://secunia.com/advisories/38020

Trust: 1.7

url:http://secunia.com/advisories/38056

Trust: 1.7

url:http://secunia.com/advisories/38241

Trust: 1.7

url:http://secunia.com/advisories/38484

Trust: 1.7

url:http://secunia.com/advisories/38687

Trust: 1.7

url:http://secunia.com/advisories/38781

Trust: 1.7

url:http://secunia.com/advisories/39127

Trust: 1.7

url:http://secunia.com/advisories/39136

Trust: 1.7

url:http://secunia.com/advisories/39242

Trust: 1.7

url:http://secunia.com/advisories/39243

Trust: 1.7

url:http://secunia.com/advisories/39278

Trust: 1.7

url:http://secunia.com/advisories/39292

Trust: 1.7

url:http://secunia.com/advisories/39317

Trust: 1.7

url:http://secunia.com/advisories/39461

Trust: 1.7

url:http://secunia.com/advisories/39500

Trust: 1.7

url:http://secunia.com/advisories/39628

Trust: 1.7

url:http://secunia.com/advisories/39632

Trust: 1.7

url:http://secunia.com/advisories/39713

Trust: 1.7

url:http://secunia.com/advisories/39819

Trust: 1.7

url:http://secunia.com/advisories/40070

Trust: 1.7

url:http://secunia.com/advisories/40545

Trust: 1.7

url:http://secunia.com/advisories/40747

Trust: 1.7

url:http://secunia.com/advisories/40866

Trust: 1.7

url:http://secunia.com/advisories/41480

Trust: 1.7

url:http://secunia.com/advisories/41490

Trust: 1.7

url:http://secunia.com/advisories/41818

Trust: 1.7

url:http://secunia.com/advisories/41967

Trust: 1.7

url:http://secunia.com/advisories/41972

Trust: 1.7

url:http://secunia.com/advisories/42377

Trust: 1.7

url:http://secunia.com/advisories/42379

Trust: 1.7

url:http://secunia.com/advisories/42467

Trust: 1.7

url:http://secunia.com/advisories/42724

Trust: 1.7

url:http://secunia.com/advisories/42733

Trust: 1.7

url:http://secunia.com/advisories/42808

Trust: 1.7

url:http://secunia.com/advisories/42811

Trust: 1.7

url:http://secunia.com/advisories/42816

Trust: 1.7

url:http://secunia.com/advisories/43308

Trust: 1.7

url:http://secunia.com/advisories/44183

Trust: 1.7

url:http://secunia.com/advisories/44954

Trust: 1.7

url:http://secunia.com/advisories/48577

Trust: 1.7

url:http://osvdb.org/60521

Trust: 1.7

url:http://osvdb.org/60972

Trust: 1.7

url:http://osvdb.org/62210

Trust: 1.7

url:http://osvdb.org/65202

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3164

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3165

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3205

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3220

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3310

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3313

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3353

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3354

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3484

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3521

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/3587

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0086

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0173

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0748

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0848

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0916

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0933

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0982

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/0994

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1054

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1107

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1191

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1350

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1639

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1673

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/1793

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/2010

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/2745

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3069

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3086

Trust: 1.7

url:http://www.vupen.com/english/advisories/2010/3126

Trust: 1.7

url:http://www.vupen.com/english/advisories/2011/0032

Trust: 1.7

url:http://www.vupen.com/english/advisories/2011/0033

Trust: 1.7

url:http://www.vupen.com/english/advisories/2011/0086

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010/jan/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010//may/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2010//may/msg00002.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01029.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg01020.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00645.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00944.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00634.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049702.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049528.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-october/049455.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039561.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-april/039957.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2010-may/040652.html

Trust: 1.7

url:http://security.gentoo.org/glsa/glsa-200912-01.xml

Trust: 1.7

url:http://security.gentoo.org/glsa/glsa-201203-22.xml

Trust: 1.7

url:http://security.gentoo.org/glsa/glsa-201406-32.xml

Trust: 1.7

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02436041

Trust: 1.7

url:http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02273751

Trust: 1.7

url:http://www.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02512995

Trust: 1.7

url:http://www.securityfocus.com/archive/1/522176

Trust: 1.7

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01945686

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic67848

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68054

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1ic68055

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:076

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:084

Trust: 1.7

url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:089

Trust: 1.7

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm12247

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0119.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0130.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0155.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0165.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0167.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0337.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0338.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0339.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0768.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0770.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0786.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0807.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0865.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0986.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2010-0987.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2011-0880.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Trust: 1.7

url:http://www.us-cert.gov/cas/techalerts/ta10-222a.html

Trust: 1.7

url:http://www.us-cert.gov/cas/techalerts/ta10-287a.html

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-1010-1

Trust: 1.7

url:http://ubuntu.com/usn/usn-923-1

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-927-1

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-927-4

Trust: 1.7

url:http://www.ubuntu.com/usn/usn-927-5

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/120541

Trust: 1.7

url:http://openbsd.org/errata45.html#010_openssl

Trust: 1.7

url:http://openbsd.org/errata46.html#004_openssl

Trust: 1.7

url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/05/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/05/5

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/06/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/07/3

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/20/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/23/10

Trust: 1.7

url:http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

Trust: 1.7

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e

Trust: 1.7

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e

Trust: 1.7

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e

Trust: 1.7

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e

Trust: 1.7

url:http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html

Trust: 1.7

url:http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during

Trust: 1.7

url:http://clicky.me/tlsvuln

Trust: 1.7

url:http://extendedsubset.com/renegotiating_tls.pdf

Trust: 1.7

url:http://kbase.redhat.com/faq/docs/doc-20491

Trust: 1.7

url:http://support.apple.com/kb/ht4004

Trust: 1.7

url:http://support.apple.com/kb/ht4170

Trust: 1.7

url:http://support.apple.com/kb/ht4171

Trust: 1.7

url:http://support.avaya.com/css/p8/documents/100070150

Trust: 1.7

url:http://support.avaya.com/css/p8/documents/100081611

Trust: 1.7

url:http://support.avaya.com/css/p8/documents/100114315

Trust: 1.7

url:http://support.avaya.com/css/p8/documents/100114327

Trust: 1.7

url:http://support.zeus.com/zws/media/docs/4.3/release_notes

Trust: 1.7

url:http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released

Trust: 1.7

url:http://sysoev.ru/nginx/patch.cve-2009-3555.txt

Trust: 1.7

url:http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html

Trust: 1.7

url:http://wiki.rpath.com/advisories:rpsa-2009-0155

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21426108

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg21432298

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg24006386

Trust: 1.7

url:http://www-01.ibm.com/support/docview.wss?uid=swg24025312

Trust: 1.7

url:http://www.betanews.com/article/1257452450

Trust: 1.7

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs10-030/index.html

Trust: 1.7

url:http://www.ingate.com/relnote.php?ver=481

Trust: 1.7

url:http://www.mozilla.org/security/announce/2010/mfsa2010-22.html

Trust: 1.7

url:http://www.openoffice.org/security/cves/cve-2009-3555.html

Trust: 1.7

url:http://www.openssl.org/news/secadv_20091111.txt

Trust: 1.7

url:http://www.opera.com/docs/changelogs/unix/1060/

Trust: 1.7

url:http://www.opera.com/support/search/view/944/

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Trust: 1.7

url:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Trust: 1.7

url:http://www.proftpd.org/docs/release_notes-1.3.2c

Trust: 1.7

url:http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html

Trust: 1.7

url:http://www.tombom.co.uk/blog/?p=85

Trust: 1.7

url:http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

Trust: 1.7

url:https://bugzilla.mozilla.org/show_bug.cgi?id=526689

Trust: 1.7

url:https://bugzilla.mozilla.org/show_bug.cgi?id=545755

Trust: 1.7

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888

Trust: 1.7

url:https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10088

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11578

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11617

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7315

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7478

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7973

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8366

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8535

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54158

Trust: 1.7

url:http://www-1.ibm.com/support/search.wss?rs=0&q=pm00675&apar=only

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=130497311408250&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=142660345230545&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=127557596201693&w=2

Trust: 1.6

url:http://marc.info/?l=cryptography&m=125752275331877&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=134254866602253&w=2

Trust: 1.6

url:https://kb.bluecoat.com/index?page=content&id=sa50

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=127419602507642&w=2

Trust: 1.6

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=132077688910227&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=127128920008563&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=126150535619567&w=2

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=133469267822771&w=2

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 1.4

url:http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2

Trust: 1.1

url:http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html

Trust: 0.8

url:http://cvs.openssl.org/chngview?cn=18790

Trust: 0.8

url:http://www.links.org/files/no-renegotiation-2.patch

Trust: 0.8

url:http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2009:1694

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2009:1580

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0119

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2011:0880

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2009:1579

Trust: 0.6

url:https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0440

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0338

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0339

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0337

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0155

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2009-3555

Trust: 0.6

url:https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0807

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0011

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0130

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0987

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0865

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0986

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2015:1591

Trust: 0.6

url:https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0166

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0165

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0167

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0162

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0164

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0163

Trust: 0.6

url:https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:httpd-announce&m=125755783724966&w=2

Trust: 0.6

url:http://marc.info/?l=apache-

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0786

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0408

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0768

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2010:0770

Trust: 0.6

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10939

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-160-01

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-ibm-tivoli-netcool-omnibus-probe-for-network-node-manager-i-cve-2009-3555/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2561/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2853

Trust: 0.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3555

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2010-0838

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0088

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0085

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0084

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0091

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0837

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0092

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0095

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0093

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0082

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2010-0094

Trust: 0.4

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.3

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.3

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-0087

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-0839

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-0089

Trust: 0.3

url:https://www.hp.com/go/swa

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-0840

Trust: 0.3

url:http://www.mandriva.com/security/

Trust: 0.3

url:http://www.mandriva.com/security/advisories

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-0090

Trust: 0.2

url:http://marc.info/?l=bugtraq&amp;m=132077688910227&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=142660345230545&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127419602507642&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=134254866602253&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=130497311408250&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=133469267822771&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=126150535619567&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127128920008563&amp;w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&amp;m=127557596201693&amp;w=2

Trust: 0.1

url:http://www-1.ibm.com/support/search.wss?rs=0&amp;q=pm00675&amp;apar=only

Trust: 0.1

url:http://slackware.com/security/viewer.php?l=slackware-security&amp;y=2009&amp;m=slackware-security.597446

Trust: 0.1

url:http://marc.info/?l=apache-httpd-announce&amp;m=125755783724966&amp;w=2

Trust: 0.1

url:http://marc.info/?l=cryptography&amp;m=125752275331877&amp;w=2

Trust: 0.1

url:https://kb.bluecoat.com/index?page=content&amp;id=sa50

Trust: 0.1

url:http://secunia.com/advisories/44292/

Trust: 0.1

url:http://secunia.com/research/

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#appendixas

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44292

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/company/jobs/open_positions/reverse_engineer

Trust: 0.1

url:http://secunia.com/advisories/44292/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:http://www.procurve.com/customercare/support/software/network-security.htm

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-2730

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201110-05.xml

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2730

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3874

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3875

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3873

Trust: 0.1

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.1

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3865

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3867

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3868

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3872

Trust: 0.1

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3871

Trust: 0.1

url:http://www.arubanetworks.com/support.

Trust: 0.1

url:http://enigmail.mozdev.org/

Trust: 0.1

url:http://www.arubanetworks.com/support/wsirt.php

Trust: 0.1

url:http://www.securityfocus.com/archive/1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0842

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0841

Trust: 0.1

url:http://www.hp.com/go/java

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~9.10.1_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3562

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3567

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu1~8.04.1_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b18-1.8.2-4ubuntu2_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3568

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2-4ubuntu1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b20-1.9.1-1ubuntu3_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3541

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3566

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3564

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~8.04.1_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b20-1.9.1-1ubuntu3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b20-1.9.1-1ubuntu3_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3554

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~9.10.1_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3569

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b20-1.9.1-1ubuntu3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3573

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3548

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3565

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu1~9.10.1_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b18-1.8.2-4ubuntu2_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3574

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3553

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~8.04.1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~8.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b20-1.9.1-1ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b18-1.8.2.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b18-1.8.2-4ubuntu1~9.10.1.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b18-1.8.2-4ubuntu2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b18-1.8.2-4ubuntu1~8.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b20-1.9.1-1ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu1~9.10.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.2.orig.tar.gz

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3561

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b18-1.8.2-4ubuntu1~9.10.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~9.10.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b18-1.8.2-4ubuntu1~8.04.1_powerpc.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3551

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b18-1.8.2-4ubuntu2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b18-1.8.2-4ubuntu1~8.04.1_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3557

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.diff.gz

Trust: 0.1

url:http://www.canonical.com

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6-0ubuntu0.9.04.1.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.6-0ubuntu0.9.04.1_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.6-0ubuntu0.9.04.1_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.6-0ubuntu0.9.04.1_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.6.orig.tar.gz

Trust: 0.1

url:http://bugs.proftpd.org/show_bug.cgi?id=3324

Trust: 0.1

url:http://www.hpe.com/support/security_bulletin_archive

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1790

Trust: 0.1

url:http://www.hpe.com/info/insightmanagement

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2019

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0705

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1792

Trust: 0.1

url:http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085

Trust: 0.1

url:http://www.hpe.com/support/subscriber_choice

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3195

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-0799

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3567

Trust: 0.1

url:https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2020

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2018

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3513

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-1791

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7501

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2027

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-6565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3568

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-3194

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2026

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3569

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3509

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-2021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2014-3511

Trust: 0.1

url:http://www.mandriva.com/en/support/security/

Trust: 0.1

url:http://www.mandriva.com/en/support/security/advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-1619

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1619

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b12-0ubuntu6.7_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b12-0ubuntu6.7_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-lib_6b11-2ubuntu2.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b14-1.4.1-0ubuntu13_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1-0ubuntu13.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1.orig.tar.gz

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0848

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b16-1.6.1-3ubuntu3.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source-files_6b14-1.4.1-0ubuntu13_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0845

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b12-0ubuntu6.7.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-doc_6b11-2ubuntu2.2_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b14-1.4.1-0ubuntu13_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea6-plugin_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-dbg_6b11-2ubuntu2.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b12-0ubuntu6.7_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b16-1.6.1-3ubuntu3_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b14-1.4.1-0ubuntu13_all.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0847

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b16-1.6.1-3ubuntu3_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6_6b14-1.4.1.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubuntu6.7_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jdk_6b11-2ubuntu2.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-headless_6b11-2ubuntu2.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6_6b11-2ubuntu2.2.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b16-1.6.1-3ubuntu3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre-zero_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-source_6b16-1.6.1-3ubuntu3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-lib_6b16-1.6.1-3ubuntu3_all.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_6b12-0ubuntu6.7_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b14-1.4.1-0ubuntu13_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/o/openjdk-6/openjdk-6-jre_6b11-2ubuntu2.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ubuntu6.7_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubuntu6.7_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b16-1.6.1-3ubuntu3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-demo_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-source_6b11-2ubuntu2.2_all.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre_6b14-1.4.1-0ubuntu13_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6-demo_6b11-2ubuntu2.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b16-1.6.1-3ubuntu3_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/icedtea-6-jre-cacao_6b14-1.4.1-0ubuntu13_i386.deb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0740

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0740

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-0433

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3245

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3245

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0433

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3793

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4546

Trust: 0.1

url:http://www.hp.com/go/hpsim

Trust: 0.1

sources: CERT/CC: VU#120541 // VULHUB: VHN-41001 // PACKETSTORM: 100765 // PACKETSTORM: 92497 // PACKETSTORM: 105653 // PACKETSTORM: 114810 // PACKETSTORM: 86075 // PACKETSTORM: 90262 // PACKETSTORM: 95279 // PACKETSTORM: 92095 // PACKETSTORM: 82652 // PACKETSTORM: 84181 // PACKETSTORM: 137201 // PACKETSTORM: 120714 // PACKETSTORM: 88173 // PACKETSTORM: 88698 // PACKETSTORM: 91749 // CNNVD: CNNVD-200911-069 // NVD: CVE-2009-3555

CREDITS

Mitsubishi Electric reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-200911-069

SOURCES

db:CERT/CCid:VU#120541
db:VULHUBid:VHN-41001
db:PACKETSTORMid:100765
db:PACKETSTORMid:92497
db:PACKETSTORMid:105653
db:PACKETSTORMid:114810
db:PACKETSTORMid:86075
db:PACKETSTORMid:90262
db:PACKETSTORMid:95279
db:PACKETSTORMid:92095
db:PACKETSTORMid:82652
db:PACKETSTORMid:84181
db:PACKETSTORMid:137201
db:PACKETSTORMid:120714
db:PACKETSTORMid:88173
db:PACKETSTORMid:88698
db:PACKETSTORMid:91749
db:CNNVDid:CNNVD-200911-069
db:NVDid:CVE-2009-3555

LAST UPDATE DATE

2024-11-07T19:47:48.731000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#120541date:2011-07-22T00:00:00
db:VULHUBid:VHN-41001date:2023-02-13T00:00:00
db:CNNVDid:CNNVD-200911-069date:2023-04-27T00:00:00
db:NVDid:CVE-2009-3555date:2023-02-13T02:20:27.983

SOURCES RELEASE DATE

db:CERT/CCid:VU#120541date:2009-11-11T00:00:00
db:VULHUBid:VHN-41001date:2009-11-09T00:00:00
db:PACKETSTORMid:100765date:2011-04-24T07:03:17
db:PACKETSTORMid:92497date:2010-08-06T17:53:12
db:PACKETSTORMid:105653date:2011-10-10T22:56:06
db:PACKETSTORMid:114810date:2012-07-17T21:46:46
db:PACKETSTORMid:86075date:2010-02-09T18:53:40
db:PACKETSTORMid:90262date:2010-06-04T04:23:32
db:PACKETSTORMid:95279date:2010-10-29T15:50:22
db:PACKETSTORMid:92095date:2010-07-23T18:03:56
db:PACKETSTORMid:82652date:2009-11-17T01:07:45
db:PACKETSTORMid:84181date:2009-12-22T20:42:09
db:PACKETSTORMid:137201date:2016-05-26T09:22:00
db:PACKETSTORMid:120714date:2013-03-08T04:15:53
db:PACKETSTORMid:88173date:2010-04-07T22:23:17
db:PACKETSTORMid:88698date:2010-04-20T15:07:58
db:PACKETSTORMid:91749date:2010-07-14T04:19:30
db:CNNVDid:CNNVD-200911-069date:2009-11-09T00:00:00
db:NVDid:CVE-2009-3555date:2009-11-09T17:30:00.407