Sign-up

ID

VAR-201012-0193


CVE

CVE-2010-4180


TITLE

Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL

Trust: 0.8

sources: CERT/CC: VU#737740

DESCRIPTION

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. Fiery Network Controllers for Xerox DocuColor 242/252/260 Printer/Copier use a vulnerable version of OpenSSL (0.9.8o). OpenSSL is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information or gain unauthorized access to an affected application that uses OpenSSL. Releases prior to OpenSSL 1.0.0c are affected. =========================================================== Ubuntu Security Notice USN-1029-1 December 08, 2010 openssl vulnerabilities CVE-2008-7270, CVE-2010-4180 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.14 Ubuntu 8.04 LTS: libssl0.9.8 0.9.8g-4ubuntu3.13 Ubuntu 9.10: libssl0.9.8 0.9.8g-16ubuntu3.5 Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.5 Ubuntu 10.10: libssl0.9.8 0.9.8o-1ubuntu4.3 After a standard system update you need to reboot your computer to make all the necessary changes. Details follow: It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. (CVE-2010-4180) It was discovered that an old bug workaround in the SSL/TLS server code allowed allowed an attacker to modify the stored session cache ciphersuite. An attacker could possibly take advantage of this to force the use of a disabled cipher. This vulnerability only affects the versions of OpenSSL in Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. (CVE-2008-7270) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz Size/MD5: 67296 3de8e480bcec0653b94001366e2f1f27 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc Size/MD5: 1465 a5f93020840f693044eb64af528fd01e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb Size/MD5: 572012 b3792d19d5f7783929e473b6eb1e239c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 2181644 746b74e9b6c42731ff2021c396789708 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 1696628 abe942986698bf86938312c5e344e0ba http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 880292 9d6d854dcef14c90ce24c1aa232a418a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb Size/MD5: 998466 9c51c334fd6c0b7c7b73340a01af61c8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb Size/MD5: 509644 e1617d062d546f7dad2298bf6463bc3c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 2031000 6755c67294ab2ff03255a3bf7079ab26 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 5195206 37fcd0cdefd012f0ea7d79d0e6a1b48f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 2660326 9083ddc71b89e4f4e95c4ca999bcedba http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb Size/MD5: 979408 518eaad303d089ab7dcc1b89fd019f19 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb Size/MD5: 558018 0e94d5f570a83f4b41bef642e032c256 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 2189034 6588292725cfa33c8d56a61c3d8120b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 1740524 0b98e950e59c538333716ee939710150 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 865778 d1e44ecc73dea8a8a11cd4d6b7c38abf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb Size/MD5: 984342 a3ff875c30b6721a1d6dd59d9a6393e0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb Size/MD5: 531126 7f598ce48b981eece01e0a1044bbdcc5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 2099640 38d18490bd40fcc6ee127965e460e6aa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 3977666 f532337b8bc186ee851d69f8af8f7fe3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 2101356 501fd6e860368e3682f9d6035ed3413d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb Size/MD5: 992232 52bd2a78e8d2452fbe873658433fbe45 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz Size/MD5: 73984 2e4386a45d0f3a7e3bbf13f1cd4f62fb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc Size/MD5: 1563 40d181ca10759fb3d78a24d3b61d6055 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb Size/MD5: 631720 68f4c61790241e78736eb6a2c2280a0d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb Size/MD5: 604222 f1aeb30abc9ff9f73749dced0982c312 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 2084282 472728da8f3b8474d23e128ab686b777 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 1621532 4aad22d7f98d57f9d582123f354bb499 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 941454 fbeb5e8cc138872158931bbde0be2336 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb Size/MD5: 392758 e337373509761ee9c3e54d26c3867cd6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb Size/MD5: 564986 a9cfb58458322b5c3253f5f21fcdff83 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 1951390 187734df71deb12de0aa6ba3da3ddfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 5415092 1919e018dc2473d10f05626cfdd4385a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 2859870 7b5ef116df18489408becd21d9d52649 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb Size/MD5: 387802 2fb486f8f17dfc6d384e54465f66f8a9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb Size/MD5: 535616 d196d8b0dc3d0c9864862f88a400f46e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 1932070 bc1a33e24ce141477caf0a4145d10284 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 1532992 6e69c3e3520bafbdbfbf2ff09a822530 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 852392 07d0adb80cd03837fd9d8ecbda86ea09 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb Size/MD5: 392096 c90b67fc5dbc0353a60b840ccdd632bd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb Size/MD5: 610446 e5db78f8999ea4da0e5ac1b6fdc35618 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 2091338 70f449d9738b0a05d293d97facb87f5e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 1658830 5dba0f3b3eb2e8ecc9953a5eba7e9339 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 953732 406c11752e6a69cea4f7c65e5c23f2bb http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb Size/MD5: 401076 c7572a53be4971e4537e1a3c52497a85 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb Size/MD5: 559792 69edc52b1e3b34fcb302fc7a9504223e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 1995782 dbf2c667cf2be687693d435e52959cfa http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 3927018 4a16b21b3e212031f4bd6e618197f8e2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 2264418 d0e9ea2c9df5406bf0b94746ce34a189 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb Size/MD5: 400272 6adb67ab18511683369b980fddb15e94 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz Size/MD5: 75247 09b8215b07ab841c39f8836ca47ee01d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc Size/MD5: 2078 0f11b8b1f104fdd3b7ef98b8f289e57a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb Size/MD5: 642466 eecc336759fa7b99eaed2ef541499e97 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb Size/MD5: 628186 29b1c5d8b32a0678a48d0a89556508e3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 2119392 d6862813a343ee9472b90f7139e7dc48 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 1642856 2d76609a9262f9b5f2784c23e451baff http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 967526 afc32aefadd062851e456216d11d5a97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb Size/MD5: 402562 5aa66b898f890baac5194ada999ab1d3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb Size/MD5: 571494 c6ac5d5bce8786699abf9fd852c46393 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 1979806 bdeb6615f192f714451544068c74812d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 5630550 f26ccb94e593f7086a4e3b71cff68e3f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 2927046 5e0b91471526f867012b362cdcda1068 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb Size/MD5: 397776 07f6c0d04be2bd89d8e40fd8c13285bc armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb Size/MD5: 541448 2491f890b8dd2e0a93416d423ec5cc1b http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 1965226 20c3261921cd9d235ed2647f0756b045 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 1540070 9ffa955952e4d670ad29a9b39243d629 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 856998 0be4e4cd43bed15fc8363a879bf58c39 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb Size/MD5: 393692 802f3c5abea68a6054febb334452a7c0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb Size/MD5: 547524 6c19d36e99270da89d4adf0f76bdb0eb http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 1957254 5ee4cfcae8860529992874afc9f325fb http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 1590464 11e400cf0cc2c2e465adaecc9d477c75 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 868712 06e54b85b80b5f367bde9743d1aedbff http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb Size/MD5: 399902 0efbc32f3738c140b1c3efe2b1113aeb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb Size/MD5: 619104 e40b223ab89356348cf4c1de46bd8d77 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 2115846 01770253efeca9c2f7c5e432c6d6bf95 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 1697564 24d665973abab4ecbe08813d226556f2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 951140 f59e1d23b2b21412d8f068b0475fe773 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb Size/MD5: 399376 3703f492fe145305ee7766e2a0d52c5c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb Size/MD5: 563630 1df247a9584dbeb62fffde7b42c21a2f http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 2008260 d79476e6fa043ad83bd12fe9531f8b22 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 3995256 b60bf440e4e598947db86c4bf020e6fa http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 2283532 0799ba2774806fead522ef6972cde580 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb Size/MD5: 409314 82165b0cf05d27e318f0d64df876f8f8 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz Size/MD5: 112331 02b0f3bdc024b25dc2cb168628a42dac http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc Size/MD5: 2102 de69229286f2c7eb52183e2ededb0a48 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb Size/MD5: 640566 023f6b5527052d0341c40cbbf64f8e54 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb Size/MD5: 630234 2d2c5a442d4d2abc2e49feaef783c710 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 2143676 c9bf70ec94df02a89d99591471e44787 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 1650636 485f318a2457012aa489823e87d4f9b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb Size/MD5: 136130 e16feacb49a52ef72aa69da4f63718a8 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 979624 6a0c5f93f6371c4b41c0bccbc1e9b217 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb Size/MD5: 406378 2aee12190747b060f4ad6bfd3a182bd6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb Size/MD5: 582640 ce87be9268c6ce3550bb7935460b3976 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 2006462 cb6fe50961fe89ee67f0c13c26d424f5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 5806248 7c21c1a2ea1ce8201904b2a99537cad6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb Size/MD5: 129708 77ff3896e3c541f1d9c0eb161c919882 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 3014932 4e61de0d021f49ac5fc2884d2d252854 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb Size/MD5: 400398 7654a219a640549e8d34bb91e34a815b armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb Size/MD5: 532306 9a4d5169e5e3429581bb16d6e61e334a http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 1935426 fb725096f798314e1cd76248599ec61a http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 1624382 6833d33bed6fbe0ad61d8615d56089f7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb Size/MD5: 115630 55449ab904a6b52402a3cd88b763f384 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 849068 ace9af9701bd1aa8078f8371bb5a1249 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb Size/MD5: 394182 198be7154104014118c0bee633ad3524 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb Size/MD5: 627050 1057f1e1b4c7fb2129064149fdc15e7e http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 2147452 41e5eb249a3a2619d0add96808c9e6e4 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 1718790 6161e426e833e984a2dbe5fbae29ceec http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb Size/MD5: 135530 26aba12ee4ba7caff0f2653c12318e92 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 969544 822b91a90cf91650f12a3ce9200e9dc0 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb Size/MD5: 402878 79e80d92494b2f74241edcd18ba6f994 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb Size/MD5: 597964 a4e6860a52c0681b36b1ca553bccd805 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 2065638 05c803f4fd599d46162db5de530236f5 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 4094390 8a1251f546bf8e449fe2952b25029f53 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb Size/MD5: 125862 75b8bdc987cf37a65d73b31c74c664ee http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 2353876 6ef537e63f9551a927f52cc87befbc60 http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb Size/MD5: 419348 b17aeb96b578e199d33b02c5eab2ae19 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz Size/MD5: 92255 055df7f147cbad0066f88a0f2fa62cf5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc Size/MD5: 2118 8a81f824f312fb4033e1ab28a27ff99e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb Size/MD5: 645798 04eb700e0335d703bd6f610688bc3374 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb Size/MD5: 620316 df1d96cf5dbe9ea0b5ab1ef6f09b9194 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 2159884 a8fc3df0bf6af3350fe8f304eb29d90d http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 1550444 f51ab29ef9e5e2636eb9b943d6e1d4b1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb Size/MD5: 137384 72d04c14a09c287978aec689872bde8c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 923380 91e5f4df1c1e011ee449ff6424ecb832 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb Size/MD5: 406978 e9a055390d250ffc516518b53bb8bb36 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb Size/MD5: 570730 42ed7f9d05ca2b4d260cb3eb07832306 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 2012542 2132edd3a3e0eecd04efd4645b8f583f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 1553718 a842382c89c5a0ad0a88f979b9ffbd7e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb Size/MD5: 130462 4d2506b23b5abfa3be3e7fb8543c8d70 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 866348 3c2ea45d798374c21b800dcf59d0a4c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb Size/MD5: 400064 b1b5e14e431ae7c6c5fad917f6ce596f armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb Size/MD5: 566054 5561d1894ad32ac689593ddd4b4a0609 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 2012710 fd1d0612b6a89b26b0d32c72087538fd http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 1542334 7609e92dc5d8d3030a65f4be81b862b2 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb Size/MD5: 120434 8d289d3446bdcdc8c297066608e72322 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 851396 f5c3eb4c55ef9a9985a88bbaed3ec2ca http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb Size/MD5: 406412 3bd3e64fd628b294b6ea47eb5f3c6a27 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb Size/MD5: 616138 19c9d86e43e2680921dd0a726a4dc955 http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 2154670 b22a1c4b9b05a87ab3b3ad494d5627f6 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 1618586 3b2e33b46a007144b61c2469c7a2cbc7 http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb Size/MD5: 136044 37e9e3fdc5d3dd5a9f931f33e523074e http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 917582 674b2479c79c72b479f91433a34cb0fb http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb Size/MD5: 402026 a9001ad881ad996d844b12bd7d427d76 . Summary: JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and Microsoft Windows, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1157) httpd: A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) A flaw was discovered in the way the mod_proxy_http module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. In some configurations, the proxy could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. Note: This issue only affected httpd running on the Windows operating system. (CVE-2010-2068) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) The following flaws were corrected in the packages for Solaris and Windows. Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat Network. Multiple flaws in OpenSSL, which could possibly cause a crash, code execution, or a change of session parameters, have been corrected. (CVE-2009-3245, CVE-2010-4180, CVE-2008-7270) Two denial of service flaws were corrected in Expat. (CVE-2009-3560, CVE-2009-3720) An X.509 certificate verification flaw was corrected in OpenLDAP. (CVE-2009-3767) More information about these flaws is available from the CVE links in the References. Solution: All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. The References section of this erratum contains a download link (you must log in to download the update). Before installing the update, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Apache Tomcat and the Apache HTTP Server must be restarted for the update to take effect. Bugs fixed (http://bugzilla.redhat.com/): 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824483 Version: 1 HPSBOV02670 SSRT100475 rev.1 - HP OpenVMS running SSL, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), Unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP OpenVMS running SSL. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS) or unauthorized disclosure of information, or by a remote unauthorized user to modify data, prompts, or responses. References: CVE-2011-0014, CVE-2010-4180, CVE-2010-4252, CVE-2010-3864 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SSL for OpenVMS v 1.4 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4180 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2010-4252 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2010-3864 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. HP SSL V1.4-453 for OpenVMS Alpha and OpenVMS Integrity servers: http://h71000.www7.hp.com/openvms/products/ssl/ssl.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0013 Synopsis: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Issue date: 2011-10-27 Updated on: 2011-10-27 (initial release of advisory) CVE numbers: --- openssl --- CVE-2008-7270 CVE-2010-4180 --- libuser --- CVE-2011-0002 --- nss, nspr --- CVE-2010-3170 CVE-2010-3173 --- Oracle (Sun) JRE 1.6.0 --- CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553 CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557 CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561 CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3570 CVE-2010-3571 CVE-2010-3572 CVE-2010-3573 CVE-2010-3574 CVE-2010-4422 CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4451 CVE-2010-4452 CVE-2010-4454 CVE-2010-4462 CVE-2010-4463 CVE-2010-4465 CVE-2010-4466 CVE-2010-4467 CVE-2010-4468 CVE-2010-4469 CVE-2010-4470 CVE-2010-4471 CVE-2010-4472 CVE-2010-4473 CVE-2010-4474 CVE-2010-4475 CVE-2010-4476 --- Oracle (Sun) JRE 1.5.0 --- CVE-2010-4447 CVE-2010-4448 CVE-2010-4450 CVE-2010-4454 CVE-2010-4462 CVE-2010-4465 CVE-2010-4466 CVE-2010-4468 CVE-2010-4469 CVE-2010-4473 CVE-2010-4475 CVE-2010-4476 CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0867 CVE-2011-0865 --- SFCB --- CVE-2010-2054 - ------------------------------------------------------------------------ 1. Summary Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 addresses several security issues. 2. Relevant releases vCenter Server 4.1 without Update 2 vCenter Update Manager 4.1 without Update 2 ESXi 4.1 without patch ESX410-201110201-SG. ESX 4.1 without patches ESX410-201110201-SG, ESX410-201110204-SG, ESX410-201110206-SG,ESX410-201110214-SG. 3. Problem Description a. ESX third party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el5_5.7 resolving two security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any any not affected ESX 4.1 ESX ESX410-201110204-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console libuser RPM The Service Console libuser RPM is updated to version 0.54.7-2.1.el5_5.2 to resolve a security issue. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2011-0002 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110206-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nss and nspr RPMs The Service Console Network Security Services (NSS) and Netscape Portable Runtime (NSPR) libraries are updated to nspr-4.8.6-1 and nss-3.12.8-4 resolving multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3170 and CVE-2010-3173 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110214-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable ESX 3.0.3 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. vCenter Server and ESX, Oracle (Sun) JRE update 1.6.0_24 Oracle (Sun) JRE is updated to version 1.6.0_24, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_24: CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475 and CVE-2010-4476. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.6.0_22: CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573 and CVE-2010-3574. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 5.0 Windows not affected vCenter 4.1 Windows Update 2 vCenter 4.0 Windows not applicable ** VirtualCenter 2.5 Windows not applicable ** Update Manager 5.0 Windows not affected Update Manager 4.1 Windows not applicable ** Update Manager 4.0 Windows not applicable ** hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX not applicable ** ESX 3.5 ESX not applicable ** ESX 3.0.3 ESX not applicable ** * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.5.0 family e. vCenter Update Manager Oracle (Sun) JRE update 1.5.0_30 Oracle (Sun) JRE is updated to version 1.5.0_30, which addresses multiple security issues that existed in earlier releases of Oracle (Sun) JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter 5.0 Windows not applicable ** vCenter 4.1 Windows not applicable ** vCenter 4.0 Windows patch pending VirtualCenter 2.5 Windows patch pending Update Manager 5.0 Windows not applicable ** Update Manager 4.1 Windows Update 2 Update Manager 4.0 Windows patch pending hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX not applicable ** ESX 4.0 ESX patch pending ESX 3.5 ESX patch pending ESX 3.0.3 ESX affected, no patch planned * hosted products are VMware Workstation, Player, ACE, Fusion. ** this product uses the Oracle (Sun) JRE 1.6.0 family f. Integer overflow in VMware third party component sfcb This release resolves an integer overflow issue present in the third party library SFCB when the httpMaxContentLength has been changed from its default value to 0 in in /etc/sfcb/sfcb.cfg. The integer overflow could allow remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a large integer in the Content-Length HTTP header. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2054 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========= ======== ======= ================= vCenter any Windows not affected hosted* any any not affected ESXi 5.0 ESXi not affected ESXi 4.1 ESXi ESXi410-201110201-SG ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.1 ESX ESX410-201110201-SG ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware vCenter Server 4.1 ---------------------------------------------- vCenter Server 4.1 Update 2 The download for vCenter Server includes VMware Update Manager. Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html https://www.vmware.com/support/pubs/vum_pubs.html File: VMware-VIMSetup-all-4.1.0-493063.iso md5sum: d132326846a85bfc9ebbc53defeee6e1 sha1sum: 192c3e5d2a10bbe53c025cc7eedb3133a23e0541 File: VMware-VIMSetup-all-4.1.0-493063.zip md5sum: 7fd7b09e501bd8fde52649b395491222 sha1sum: 46dd00e7c594ac672a5d7c3c27d15be2f5a5f1f1 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESXi 4.1 --------------- VMware ESXi 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html File: VMware-VMvisor-Installer-4.1.0.update02-502767.x86_64.iso md5sum: 0aa78790a336c5fc6ba3d9807c98bfea sha1sum: 7eebd34ab5bdc81401ae20dcf59a8f8ae22086ce File: upgrade-from-esxi4.0-to-4.1-update02-502767.zip md5sum: 459d9142a885854ef0fa6edd8d6a5677 sha1sum: 75978b6f0fc3b0ccc63babe6a65cfde6ec420d33 File: upgrade-from-ESXi3.5-to-4.1_update02.502767.zip md5sum: 3047fac78a4aaa05cf9528d62fad9d73 sha1sum: dc99b6ff352ace77d5513b4c6d8a2cb7e766a09f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESXi 4.1 Update 2 contains ESXi410-201110201-SG. VMware ESX 4.1 -------------- VMware ESX 4.1 Update 2 Download link: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1 Release Notes: http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html File: ESX-4.1.0-update02-502767.iso md5sum: 9a2b524446cbd756f0f1c7d8d88077f8 sha1sum: 2824c0628c341357a180b3ab20eb2b7ef1bee61c File: pre-upgrade-from-esx4.0-to-4.1-502767.zip md5sum: 9060ad94d9d3bad7d4fa3e4af69a41cf sha1sum: 9b96ba630377946c42a8ce96f0b5745c56ca46b4 File: upgrade-from-esx4.0-to-4.1-update02-502767.zip md5sum: 4b60f36ee89db8cb7e1243aa02cdb549 sha1sum: 6b9168a1b01379dce7db9d79fd280509e16d013f File: VMware-tools-linux-8.3.12-493255.iso md5sum: 63028f2bf605d26798ac24525a0e6208 sha1sum: 95ca96eec7817da9d6e0c326ac44d8b050328932 File: VMware-viclient-all-4.1.0-491557.exe md5sum: dafd31619ae66da65115ac3900697e3a sha1sum: 98be4d349c9a655621c068d105593be4a8e542ef VMware ESX 4.1 Update 2 contains ESX410-201110204-SG, ESX410-201110206-SG, ESX410-201110201-SG and ESX410-201110214-SG. 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4180 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4451 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4454 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4466 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0871 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0873 - ------------------------------------------------------------------------ 6. Change log 2011-10-27 VMSA-2011-0013 Initial security advisory in conjunction with the release of Update 2 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1 and ESX 4.1 on 2011-10-27. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6qRrIACgkQDEcm8Vbi9kPemwCeM4Q4S8aRp8X/8/LQ8NGVdU8l lJkAmweROyq5t0iWwM0EN2iP9ly6trbc =Dm8O -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: OpenSSL: Multiple vulnerabilities Date: October 09, 2011 Bugs: #303739, #308011, #322575, #332027, #345767, #347623, #354139, #382069 ID: 201110-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSSL, allowing for the execution of arbitrary code and other attacks. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 1.0.0e >= 1.0.0e Description =========== Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.0e" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues. References ========== [ 1 ] CVE-2009-3245 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3245 [ 2 ] CVE-2009-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4355 [ 3 ] CVE-2010-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0433 [ 4 ] CVE-2010-0740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0740 [ 5 ] CVE-2010-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0742 [ 6 ] CVE-2010-1633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1633 [ 7 ] CVE-2010-2939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2939 [ 8 ] CVE-2010-3864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3864 [ 9 ] CVE-2010-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4180 [ 10 ] CVE-2010-4252 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4252 [ 11 ] CVE-2011-0014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0014 [ 12 ] CVE-2011-3207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3207 [ 13 ] CVE-2011-3210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3210 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM/jI/mqjQ0CJFipgRAvhxAJ4hupGMeQ2SW/SJBOrsRXb/TmuSigCfaETn X4x5UtqVB5mfmzjkXQQ2VNo= =Lyfg -----END PGP SIGNATURE-----

Trust: 3.24

sources: NVD: CVE-2010-4180 // CERT/CC: VU#737740 // JVNDB: JVNDB-2010-002548 // BID: 45164 // VULMON: CVE-2010-4180 // PACKETSTORM: 96487 // PACKETSTORM: 102534 // PACKETSTORM: 101256 // PACKETSTORM: 106330 // PACKETSTORM: 105638 // PACKETSTORM: 96467

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:ltversion:0.9.8q

Trust: 1.8

vendor:opensslmodel:opensslscope:ltversion:1.0.0c

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 1.3

vendor:vmwaremodel:esxscope:eqversion:3.5

Trust: 1.1

vendor:vmwaremodel:esxscope:eqversion:4.0

Trust: 1.1

vendor:vmwaremodel:esxscope:eqversion:4.1

Trust: 1.1

vendor:canonicalmodel:ubuntu linuxscope:eqversion:8.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:6.06

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:13

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.04

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.1

Trust: 1.0

vendor:susemodel:linux enterprise desktopscope:eqversion:11

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:10.10

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.2

Trust: 1.0

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.9.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:14

Trust: 1.0

vendor:susemodel:linux enterprisescope:eqversion:11.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.0

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.3

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:9.04

Trust: 1.0

vendor:efimodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel:esxscope:eqversion:3.0.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.7

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.11

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.23

Trust: 0.8

vendor:hewlett packardmodel:hp-uxscope:eqversion:11.31

Trust: 0.8

vendor:blue coatmodel:cacheflowscope:ltversion:2.1.4.7

Trust: 0.8

vendor:blue coatmodel:directorscope: - version: -

Trust: 0.8

vendor:blue coatmodel:packetshaperscope: - version: -

Trust: 0.8

vendor:blue coatmodel:policycenterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyavscope: - version: -

Trust: 0.8

vendor:blue coatmodel:reporterscope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxyonescope: - version: -

Trust: 0.8

vendor:blue coatmodel:proxysgscope:ltversion:6.1.2.1

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.3.3

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:5.2.4.3

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:hpmodel:integrated lights outscope:eqversion:21.16

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.4

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:eqversion:41.0

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:3.2

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:eqversion:61.0

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.8

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.8

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:balabitmodel:syslog-ng premium editionscope:eqversion:3.0.6

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.7

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:balabitmodel:syslog-ng premium edition 3.2.1ascope: - version: -

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.7

Trust: 0.3

vendor:opensslmodel:project openssl b-36.8scope:eqversion:0.9.6

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:3.2.6.1

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.3

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.8

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.2.6

Trust: 0.3

vendor:avayamodel:aura system platform sp2scope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.1

Trust: 0.3

vendor:bluemodel:coat systems cacheflowscope:neversion:2.1.47

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:susemodel:linux enterprise sp4scope:eqversion:10

Trust: 0.3

vendor:bluemodel:coat systems policy centerscope:eqversion:8.6

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8mscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.11

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:balabitmodel:syslog-ng premium editionscope:eqversion:3.2

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:5.2.4.8

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:1.0

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:5.2.2.5

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.7

Trust: 0.3

vendor:hpmodel:integrated lights outscope:eqversion:32.05

Trust: 0.3

vendor:novellmodel:edirectory sp6 patchscope:neversion:8.83

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8nscope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.1

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0cscope:neversion: -

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhelscope:neversion:61.0.2

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:novellmodel:edirectory sp1scope:eqversion:8.8

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.2

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:5.2.4.8

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:2.4.2

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8pscope: - version: -

Trust: 0.3

vendor:novellmodel:edirectory sp3scope:eqversion:8.8

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.3

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.3

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:bluemodel:coat systems proxyonescope:eqversion:0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:5.0

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:redmodel:hat enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.32

Trust: 0.3

vendor:avayamodel:intuity audix lx sp2scope:eqversion:2.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5300-06

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.31

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:novellmodel:edirectory sp4scope:eqversion:8.8

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5200-10

Trust: 0.3

vendor:balabitmodel:syslog-ng premium edition 3.2.1bscope:neversion: -

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.1

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:3.5

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:bluemodel:coat systems packetshaperscope:neversion:8.7.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:eqversion:51.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:susemodel:linux enterprise sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:5.2.6

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.4

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.3

vendor:balabitmodel:syslog-ng premium edition 3.0.7ascope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:neversion:1.0.2

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:bluemodel:coat systems policy centerscope:neversion:8.7.1

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:avayamodel:message networking sp1scope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.2.6.1

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.0

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:opensslmodel:project openssl lscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8lscope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp3scope:eqversion:5.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.9

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:neversion:41.0.2

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:neversion:1.0.2

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:hpmodel:insight controlscope:eqversion:6.2

Trust: 0.3

vendor:bluemodel:coat systems directorscope:eqversion:5.2.2.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.7

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.8

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.4

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.12

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:6.0

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2.1

Trust: 0.3

vendor:balabitmodel:syslog-ng premium edition 4.0.1ascope:neversion: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:opensslmodel:project openssl lscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.2.8.7

Trust: 0.3

vendor:bluemodel:coat systems policy centerscope:eqversion:8.7

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:2

Trust: 0.3

vendor:redmodel:hat jboss enterprise web serverscope:eqversion:5.0

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:5.2.2.4

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:novellmodel:edirectory sp2scope:eqversion:8.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:2.4.2.3

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2.1

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.1

Trust: 0.3

vendor:balabitmodel:syslog-ng premium editionscope:eqversion:4.0.1

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0bscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.3

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.0

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel asscope:neversion:41.0.2

Trust: 0.3

vendor:bluemodel:coat systems packetshaperscope:eqversion:8.3.2

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:susemodel:linux enterprise teradata sp3scope:eqversion:10

Trust: 0.3

vendor:balabitmodel:syslog-ng premium editionscope:eqversion:3.0.7

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.1

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel serverscope:neversion:51.0.2

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:susemodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for windowsscope:eqversion:1.0

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.7

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:neversion:6.1.21

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.2.1.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:balabitmodel:syslog-ng premium editionscope:eqversion:3.0.5

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:eqversion:0.9.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:bluemodel:coat systems proxyavscope:eqversion:3.2.6.0

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.7

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for rhel esscope:eqversion:41.0

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.8

Trust: 0.3

vendor:redmodel:hat enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:opensslmodel:project openssl mscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:intuity audix lx sp1scope:eqversion:2.0

Trust: 0.3

vendor:opensslmodel:project openssl 1.0.0ascope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:6.0

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:neversion:1.4-453

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8oscope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:aura system platform sp3scope:eqversion:6.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:bluemodel:coat systems cacheflowscope:eqversion:2.1.46

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0.1

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:7.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:bluemodel:coat systems proxysgscope:eqversion:4.2.10

Trust: 0.3

vendor:novellmodel:edirectory sp5 patchscope:eqversion:8.84

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.2

Trust: 0.3

vendor:ibmmodel:aixscope:eqversion:5.3.10

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:hpmodel:insight controlscope:neversion:6.3

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.5

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:novellmodel:edirectory sp4 ftf1scope:eqversion:8.8

Trust: 0.3

vendor:avayamodel:communication server 1000e signaling serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:novellmodel:edirectory sp5 ftf1scope:eqversion:8.8

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:opensslmodel:project openssl mscope:eqversion:0.9.6

Trust: 0.3

vendor:vmwaremodel:esxiscope:eqversion:4.0

Trust: 0.3

vendor:redmodel:hat jboss enterprise web server for solarisscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:communication server 1000m signaling serverscope:eqversion:7.5

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:novellmodel:edirectory sp3 ftf3scope:eqversion:8.8

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:ibmmodel:aix lscope:eqversion:5.3

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2.2

Trust: 0.3

vendor:hpmodel:onboard administratorscope:eqversion:3.21

Trust: 0.3

vendor:avayamodel:communication server 1000escope:eqversion:7.5

Trust: 0.3

vendor:bluemodel:coat systems packetshaperscope:eqversion:8.4

Trust: 0.3

vendor:redhatmodel:jboss enterprise web server el4scope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.6

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:9.10

Trust: 0.3

vendor:avayamodel:messaging storage server sp2scope:eqversion:5.1

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:novellmodel:edirectory sp5scope:eqversion:8.8

Trust: 0.3

vendor:avayamodel:communication server 1000mscope:eqversion:7.0

Trust: 0.3

sources: CERT/CC: VU#737740 // BID: 45164 // JVNDB: JVNDB-2010-002548 // NVD: CVE-2010-4180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-4180
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-4180
value: MEDIUM

Trust: 0.8

VULMON: CVE-2010-4180
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-4180
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2010-4180 // JVNDB: JVNDB-2010-002548 // NVD: CVE-2010-4180

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2010-002548 // NVD: CVE-2010-4180

THREAT TYPE

network

Trust: 0.3

sources: BID: 45164

TYPE

Design Error

Trust: 0.3

sources: BID: 45164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002548

PATCH
title:HT4723url:http://support.apple.com/kb/HT4723
Trust: 0.8
title:openssl-0.9.8e-12.AXS3.7url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1324
Trust: 0.8
title:HPSBUX02638url:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02737002
Trust: 0.8
title:2168url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2168
Trust: 0.8
title:20131url:http://cvs.openssl.org/chngview?cn=20131
Trust: 0.8
title:secadv_20101202url:http://openssl.org/news/secadv_20101202.txt
Trust: 0.8
title:RHSA-2010:0977url:https://rhn.redhat.com/errata/RHSA-2010-0977.html
Trust: 0.8
title:RHSA-2010:0978url:https://rhn.redhat.com/errata/RHSA-2010-0978.html
Trust: 0.8
title:RHSA-2010:0979url:https://rhn.redhat.com/errata/RHSA-2010-0979.html
Trust: 0.8
title:SA53url:https://kb.bluecoat.com/index?page=content&id=SA53
Trust: 0.8
title:cve_2010_4180_affects_opensslurl:http://blogs.oracle.com/sunsecurity/entry/cve_2010_4180_affects_openssl
Trust: 0.8
title:Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmwareurl:https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun
Trust: 0.8
title:TLSA-2013-3url:http://www.turbolinux.co.jp/security/2013/TLSA-2013-3j.html
Trust: 0.8
title:VMSA-2011-0013url:http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html
Trust: 0.8
title:Ubuntu Security Notice: openssl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1029-1
Trust: 0.1
title:Debian Security Advisories: DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flawurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=1c00cc4c6dbe7bb057db61e10ff97d6d
Trust: 0.1
title:Symantec Security Advisories: SA53 : OpenSSL Ciphersuite Downgrade Attack (CVE-2010-4180)url:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=92a9a237511ca120aa4255feb5bdf611
Trust: 0.1
title: - url:https://github.com/hrbrmstr/internetdb 
Trust: 0.1
title: - url:https://github.com/khulnasoft-labs/awesome-security 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2010-4180 // 
            
            
            
            JVNDB: JVNDB-2010-002548

EXTERNAL IDS
db:NVDid:CVE-2010-4180
Trust: 2.8
db:CERT/CCid:VU#737740
Trust: 2.2
db:BIDid:45164
Trust: 2.2
db:SECUNIAid:42473
Trust: 1.9
db:VUPENid:ADV-2010-3120
Trust: 1.9
db:SECTRACKid:1024822
Trust: 1.9
db:OSVDBid:69565
Trust: 1.9
db:SECUNIAid:43169
Trust: 1.1
db:SECUNIAid:42811
Trust: 1.1
db:SECUNIAid:42469
Trust: 1.1
db:SECUNIAid:43172
Trust: 1.1
db:SECUNIAid:42571
Trust: 1.1
db:SECUNIAid:42493
Trust: 1.1
db:SECUNIAid:43173
Trust: 1.1
db:SECUNIAid:44269
Trust: 1.1
db:SECUNIAid:43170
Trust: 1.1
db:SECUNIAid:42620
Trust: 1.1
db:SECUNIAid:42877
Trust: 1.1
db:SECUNIAid:43171
Trust: 1.1
db:VUPENid:ADV-2011-0076
Trust: 1.1
db:VUPENid:ADV-2010-3188
Trust: 1.1
db:VUPENid:ADV-2011-0268
Trust: 1.1
db:VUPENid:ADV-2010-3122
Trust: 1.1
db:VUPENid:ADV-2011-0032
Trust: 1.1
db:VUPENid:ADV-2010-3134
Trust: 1.1
db:JVNid:JVNVU91284469
Trust: 0.8
db:JVNDBid:JVNDB-2010-002548
Trust: 0.8
db:VULMONid:CVE-2010-4180
Trust: 0.1
db:PACKETSTORMid:96487
Trust: 0.1
db:PACKETSTORMid:102534
Trust: 0.1
db:PACKETSTORMid:101256
Trust: 0.1
db:PACKETSTORMid:106330
Trust: 0.1
db:PACKETSTORMid:105638
Trust: 0.1
db:PACKETSTORMid:96467
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737740 // 
            
            
            
            VULMON: CVE-2010-4180 // 
            
            
            
            BID: 45164 // 
            
            
            
            JVNDB: JVNDB-2010-002548 // 
            
            
            
            PACKETSTORM: 96487 // 
            
            
            
            PACKETSTORM: 102534 // 
            
            
            
            PACKETSTORM: 101256 // 
            
            
            
            PACKETSTORM: 106330 // 
            
            
            
            PACKETSTORM: 105638 // 
            
            
            
            PACKETSTORM: 96467 // 
            
            
            
            NVD: CVE-2010-4180

REFERENCES
url:http://www.vupen.com/english/advisories/2010/3120
Trust: 1.9
url:http://secunia.com/advisories/42473
Trust: 1.9
url:http://osvdb.org/69565
Trust: 1.9
url:http://www.securitytracker.com/id?1024822
Trust: 1.9
url:http://www.securityfocus.com/bid/45164
Trust: 1.9
url:http://www.kb.cert.org/vuls/id/737740
Trust: 1.5
url:http://w3.efi.com/fiery
Trust: 1.1
url:http://cvs.openssl.org/chngview?cn=20131
Trust: 1.1
url:https://bugzilla.redhat.com/show_bug.cgi?id=659462
Trust: 1.1
url:http://openssl.org/news/secadv_20101202.txt
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3122
Trust: 1.1
url:http://ubuntu.com/usn/usn-1029-1
Trust: 1.1
url:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3134
Trust: 1.1
url:http://secunia.com/advisories/42493
Trust: 1.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2010:248
Trust: 1.1
url:http://secunia.com/advisories/42469
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3188
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052027.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0979.html
Trust: 1.1
url:http://secunia.com/advisories/42620
Trust: 1.1
url:http://secunia.com/advisories/42571
Trust: 1.1
url:http://lists.fedoraproject.org/pipermail/package-announce/2010-december/052315.html
Trust: 1.1
url:http://www.debian.org/security/2011/dsa-2141
Trust: 1.1
url:http://secunia.com/advisories/42811
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0032
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0977.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2010-0978.html
Trust: 1.1
url:http://secunia.com/advisories/42877
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0076
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0268
Trust: 1.1
url:http://secunia.com/advisories/43171
Trust: 1.1
url:http://secunia.com/advisories/43172
Trust: 1.1
url:http://secunia.com/advisories/43169
Trust: 1.1
url:http://secunia.com/advisories/43173
Trust: 1.1
url:http://secunia.com/advisories/43170
Trust: 1.1
url:https://kb.bluecoat.com/index?page=content&id=sa53&actp=list
Trust: 1.1
url:http://secunia.com/advisories/44269
Trust: 1.1
url:http://support.apple.com/kb/ht4723
Trust: 1.1
url:http://lists.apple.com/archives/security-announce/2011//jun/msg00000.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2011-0896.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=132077688910227&w=2
Trust: 1.1
url:http://www.securityfocus.com/archive/1/522176
Trust: 1.1
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02794777
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=129916880600544&w=2
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=130497251507577&w=2
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18910
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4180
Trust: 1.0
url:http://www.support.xerox.com/support/docucolor-242-252-260/downloads/enus.html?associatedproduct=fiery-exp260&operatingsystem=win7x64
Trust: 0.8
url:https://www.openssl.org/news/vulnerabilities.html
Trust: 0.8
url:http://jvn.jp/cert/jvnvu976710
Trust: 0.8
url:http://jvn.jp/cert/jvnvu91284469/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4180
Trust: 0.8
url:http://support.avaya.com/css/p8/documents/100124969
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2010-4180
Trust: 0.4
url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000107.html
Trust: 0.3
url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000111.html
Trust: 0.3
url:https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-february/000108.html
Trust: 0.3
url:http://blogs.sun.com/security/entry/cve_2010_4180_affects_openssl
Trust: 0.3
url:http://www.novell.com/support/viewcontent.do?externalid=3426981
Trust: 0.3
url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03263573
Trust: 0.3
url:https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun
Trust: 0.3
url:http://openssl.org/
Trust: 0.3
url:http://www.openssl.org/news/secadv_20101202.txt\
Trust: 0.3
url:http://www.vmware.com/security/advisories/vmsa-2011-0013.html
Trust: 0.3
url:/archive/1/516801
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100124972
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100131810
Trust: 0.3
url:https://kb.bluecoat.com/index?page=content&id=sa53
Trust: 0.3
url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03024266&ac.admitted=1320706848406.876444892.492883150
Trust: 0.3
url:http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02794777
Trust: 0.3
url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc
Trust: 0.3
url:https://downloads.avaya.com/css/p8/documents/100124969
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=swg21625170
Trust: 0.3
url:http://www.vmware.com/security/advisories/vmsa-2012-0013.html
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2008-7270
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2009-3245
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://usn.ubuntu.com/1029-1/
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.debian.tar.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.5_all.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_sparc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.5_all.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_armel.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.diff.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.3_all.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5.dsc
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_powerpc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.13_all.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14.diff.gz
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_armel.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.3_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_armel.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.13_lpia.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.13_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5.dsc
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_sparc.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.3_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_i386.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_armel.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.14_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.14_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_armel.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.5_sparc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.13_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_sparc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.5_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.3_amd64.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_sparc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.3_powerpc.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.5_lpia.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.14_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.5_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_armel.udeb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.14_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.5_powerpc.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_armel.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.5_powerpc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.5_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.3_amd64.udeb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_lpia.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.3_i386.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.5_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.14_sparc.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.13_amd64.deb
Trust: 0.1
url:http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.5_i386.deb
Trust: 0.1
url:http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.13_lpia.udeb
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1623
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-3718.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2009-3560.html
Trust: 0.1
url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=webserver&version=1.0.2
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3718
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3720
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1452
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-1623.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-1157.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2009-3767.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2011-0013.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3767
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-4172.html
Trust: 0.1
url:https://access.redhat.com/security/team/contact/
Trust: 0.1
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0419
Trust: 0.1
url:https://rhn.redhat.com/errata/rhsa-2011-0896.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-4180.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2068
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2011-0419.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-3560
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-4172
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2008-7270.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-1452.html
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2010-2068.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0013
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1157
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2009-3245.html
Trust: 0.1
url:http://bugzilla.redhat.com/):
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2009-3720.html
Trust: 0.1
url:http://docs.redhat.com/docs/en-us/jboss_enterprise_web_server/1.0/html-single/release_notes_1.0.2/index.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3864
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-0014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-4252
Trust: 0.1
url:http://www.itrc.hp.com/service/cki/secbullarchive.do
Trust: 0.1
url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc
Trust: 0.1
url:http://h30046.www3.hp.com/subsignin.php
Trust: 0.1
url:http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4473
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3556
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3563
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3560
Trust: 0.1
url:https://www.vmware.com/support/pubs/vs_pages/vsp_pubs_esxi41_i_vc41.html
Trust: 0.1
url:http://kb.vmware.com/kb/1055
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3571
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4474
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0862
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3554
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3562
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3170
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3562
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3567
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3556
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3550
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-1321
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3557
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3550
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3173
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3567
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4451
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3553
Trust: 0.1
url:http://www.vmware.com/support/policies/eos_vi.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3568
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2054
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3555
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3558
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3541
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3566
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0864
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3561
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3541
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3559
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3565
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0802
Trust: 0.1
url:http://www.vmware.com/support/policies/eos.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3574
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3559
Trust: 0.1
url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4466
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3554
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3563
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4452
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3569
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3573
Trust: 0.1
url:http://www.vmware.com/security/advisories
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3548
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4422
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3549
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3565
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3549
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3548
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3552
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0873
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3568
Trust: 0.1
url:http://www.vmware.com/support/policies/security_response.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1321
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3560
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3572
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4463
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3553
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0815
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4447
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3566
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476
Trust: 0.1
url:http://enigmail.mozdev.org/
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4467
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0865
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0867
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3558
Trust: 0.1
url:http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3570
Trust: 0.1
url:http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/4_1
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0871
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3552
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7270
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3570
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0002
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4475
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4454
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3555
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4462
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3173
Trust: 0.1
url:https://www.vmware.com/support/pubs/vum_pubs.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3561
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3170
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-2054
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3569
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0814
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4468
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3551
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3551
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3557
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0742
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-4355
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4180
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3207
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3864
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2939
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1633
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3210
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0740
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:http://security.gentoo.org/glsa/glsa-201110-01.xml
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3245
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-0433
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0014
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2009-4355
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4252
Trust: 0.1
url:http://www.mandriva.com/security/
Trust: 0.1
url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490
Trust: 0.1
url:http://www.mandriva.com/security/advisories
Trust: 0.1
sources:
            
            
            CERT/CC: VU#737740 // 
            
            
            
            VULMON: CVE-2010-4180 // 
            
            
            
            BID: 45164 // 
            
            
            
            JVNDB: JVNDB-2010-002548 // 
            
            
            
            PACKETSTORM: 96487 // 
            
            
            
            PACKETSTORM: 102534 // 
            
            
            
            PACKETSTORM: 101256 // 
            
            
            
            PACKETSTORM: 106330 // 
            
            
            
            PACKETSTORM: 105638 // 
            
            
            
            PACKETSTORM: 96467 // 
            
            
            
            NVD: CVE-2010-4180

CREDITS
Martin Rex
Trust: 0.3
sources:
            
            
            BID: 45164

SOURCES
db:CERT/CCid:VU#737740
db:VULMONid:CVE-2010-4180
db:BIDid:45164
db:JVNDBid:JVNDB-2010-002548
db:PACKETSTORMid:96487
db:PACKETSTORMid:102534
db:PACKETSTORMid:101256
db:PACKETSTORMid:106330
db:PACKETSTORMid:105638
db:PACKETSTORMid:96467
db:NVDid:CVE-2010-4180

LAST UPDATE DATE
2024-12-21T22:29:57.959000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#737740date:2013-05-02T00:00:00
db:VULMONid:CVE-2010-4180date:2022-08-04T00:00:00
db:BIDid:45164date:2015-04-13T21:15:00
db:JVNDBid:JVNDB-2010-002548date:2012-12-18T00:00:00
db:NVDid:CVE-2010-4180date:2024-11-21T01:20:23.207

SOURCES RELEASE DATE
db:CERT/CCid:VU#737740date:2013-03-18T00:00:00
db:VULMONid:CVE-2010-4180date:2010-12-06T00:00:00
db:BIDid:45164date:2010-12-02T00:00:00
db:JVNDBid:JVNDB-2010-002548date:2010-12-24T00:00:00
db:PACKETSTORMid:96487date:2010-12-08T19:24:47
db:PACKETSTORMid:102534date:2011-06-24T08:07:26
db:PACKETSTORMid:101256date:2011-05-10T00:44:30
db:PACKETSTORMid:106330date:2011-10-28T14:46:28
db:PACKETSTORMid:105638date:2011-10-09T16:42:00
db:PACKETSTORMid:96467date:2010-12-08T18:39:21
db:NVDid:CVE-2010-4180date:2010-12-06T21:05:48.687