VARIoT IoT vulnerabilities database
| VAR-201202-0323 | CVE-2012-0870 | Samba of smbd Inside process.c Heap-based buffer overflow vulnerability |
CVSS V2: 7.9 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. It highlights game, media publishing and collaboration features. The BlackBerry PlayBook Tablet is a tablet from BlackBerry. The Samba service is used for file sharing between the platform computer and the computer, and remote attackers can exploit the vulnerability to gain control over the Wi-Fi file sharing system through the Wi-Fi network. This vulnerability is also affected when the tablet is connected to the computer using USB and if the attacker can physically access the computer. Samba is prone to a heap-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition.
Samba versions prior to 3.4.0 are affected. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Samba Any Batched Request Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA48152
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48152/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48152
RELEASE DATE:
2012-02-24
DISCUSS ADVISORY:
http://secunia.com/advisories/48152/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48152/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48152
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Samba, which can be exploited by
malicious people to compromise a vulnerable system.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Originally reported in BlackBerry Tablet OS by Andy Davis, NGS
Secure.
ORIGINAL ADVISORY:
http://www.samba.org/samba/security/CVE-2012-0870
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
f1c5c40a39960bf0be8b4f7b0eb07f1c mes5/i586/libnetapi0-3.3.12-0.8mdvmes5.2.i586.rpm
c09851ea48666122ce67fb3bb5d863b7 mes5/i586/libnetapi-devel-3.3.12-0.8mdvmes5.2.i586.rpm
574874125ee63e520110e73158fa1c53 mes5/i586/libsmbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
ed39a5badbcb3dff984d099d995e4654 mes5/i586/libsmbclient0-devel-3.3.12-0.8mdvmes5.2.i586.rpm
37f6c8edc6af9e4439fe1cfa74162fd4 mes5/i586/libsmbclient0-static-devel-3.3.12-0.8mdvmes5.2.i586.rpm
e06527be75deb64802f8bfa4c266f9bc mes5/i586/libsmbsharemodes0-3.3.12-0.8mdvmes5.2.i586.rpm
9926b5aa94649fe5e4563d7d30eea094 mes5/i586/libsmbsharemodes-devel-3.3.12-0.8mdvmes5.2.i586.rpm
13ed1d18924705829149f27c89cff483 mes5/i586/libtalloc1-3.3.12-0.8mdvmes5.2.i586.rpm
0dcc0cadaff5d3e9e9b26a4aa76320b9 mes5/i586/libtalloc-devel-3.3.12-0.8mdvmes5.2.i586.rpm
f66dc353d8f7cc28d9e9922bc731bd06 mes5/i586/libtdb1-3.3.12-0.8mdvmes5.2.i586.rpm
87689dca4f04ccc56c8b7e2958f870a5 mes5/i586/libtdb-devel-3.3.12-0.8mdvmes5.2.i586.rpm
eac4493389bdd505786b2a813800ec21 mes5/i586/libwbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
0a4d9665399a405ec33352bac8b085d7 mes5/i586/libwbclient-devel-3.3.12-0.8mdvmes5.2.i586.rpm
31d01f8f5ac236bdeb5da6c0b1103c26 mes5/i586/mount-cifs-3.3.12-0.8mdvmes5.2.i586.rpm
4d65a41c7adf287f33146cb51976c12f mes5/i586/nss_wins-3.3.12-0.8mdvmes5.2.i586.rpm
95851e4895bebace6a800c21411c2c98 mes5/i586/samba-client-3.3.12-0.8mdvmes5.2.i586.rpm
615ae2342634aa724e233fe7c38e1021 mes5/i586/samba-common-3.3.12-0.8mdvmes5.2.i586.rpm
593f4559e2e7927c3d2be07c75f69fc2 mes5/i586/samba-doc-3.3.12-0.8mdvmes5.2.i586.rpm
082b8b10f48f87102f5f4e5734192274 mes5/i586/samba-server-3.3.12-0.8mdvmes5.2.i586.rpm
671a8293f5c9970eff7f41a382ce1de8 mes5/i586/samba-swat-3.3.12-0.8mdvmes5.2.i586.rpm
d0826b2d50dd03a8a2def0ab8217a10b mes5/i586/samba-winbind-3.3.12-0.8mdvmes5.2.i586.rpm
e63162eb725a3c786a9d6ce6e3ffa834 mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
08052ae7f504d3afebc2592c4563cb26 mes5/x86_64/lib64netapi0-3.3.12-0.8mdvmes5.2.x86_64.rpm
959b440b7a52de85774c7826c23e5a0d mes5/x86_64/lib64netapi-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
4fbf3c6550bbd781101b19a5f59db31f mes5/x86_64/lib64smbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
fa0e52cf4f492cb5d991ca5305f4eca7 mes5/x86_64/lib64smbclient0-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
3aab55b5470b2dd3fe21bc22aac57881 mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
62faaa06906b9b03f73d130c30841e24 mes5/x86_64/lib64smbsharemodes0-3.3.12-0.8mdvmes5.2.x86_64.rpm
2989b58fbd3b45bc9f59c252c694970f mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
7b02247f56fbae2c39148fbbdb2a9753 mes5/x86_64/lib64talloc1-3.3.12-0.8mdvmes5.2.x86_64.rpm
c06c34fbdf4472157ce75f438c8975fe mes5/x86_64/lib64talloc-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
05412945bb2a1b2be22aab619395366e mes5/x86_64/lib64tdb1-3.3.12-0.8mdvmes5.2.x86_64.rpm
a5d3e798398970a92129d182766049ab mes5/x86_64/lib64tdb-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
fa4659a2d3591b354ed48fe4780e318a mes5/x86_64/lib64wbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
a647ebd6ed3d00f8e0cf32db8deddd89 mes5/x86_64/lib64wbclient-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
5075846b37b482eee78d1390284d221f mes5/x86_64/mount-cifs-3.3.12-0.8mdvmes5.2.x86_64.rpm
08968a5c3682f2af4dab4433d3c4906c mes5/x86_64/nss_wins-3.3.12-0.8mdvmes5.2.x86_64.rpm
1f391d0c654c0efa93a4a9b90ff8abad mes5/x86_64/samba-client-3.3.12-0.8mdvmes5.2.x86_64.rpm
9d374a84dab147dd3a7e20f38032740f mes5/x86_64/samba-common-3.3.12-0.8mdvmes5.2.x86_64.rpm
fbc801397a2f7b94b06397aed9e037a8 mes5/x86_64/samba-doc-3.3.12-0.8mdvmes5.2.x86_64.rpm
39fde58a25e8180b574cf6e5a8f7e432 mes5/x86_64/samba-server-3.3.12-0.8mdvmes5.2.x86_64.rpm
d9f108c12ade5b0f8905cb453cdb99dc mes5/x86_64/samba-swat-3.3.12-0.8mdvmes5.2.x86_64.rpm
78f300cd217228b7e44d0845f2b29c53 mes5/x86_64/samba-winbind-3.3.12-0.8mdvmes5.2.x86_64.rpm
e63162eb725a3c786a9d6ce6e3ffa834 mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPTQdAmqjQ0CJFipgRAjl5AKCHFXTjEFCIjESHT9QE+lzC/znTUQCeKcKO
gBbgJhbdLqBQlAb9QBUHTIM=
=j351
-----END PGP SIGNATURE-----
. High Risk Vulnerability in Samba
25 February 2012
Andy Davis of NGS Secure has discovered a high risk vulnerability in the Samba service
Impact: Remote Code Execution
Versions affected: Samba versions up to 3.4.0
More details about this vulnerability and how to obtain software updates can be found here:
http://www.samba.org/samba/security/CVE-2012-0870
NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.
NGS Secure Research
http://www.ngssecure.com
. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks. ============================================================================
Ubuntu Security Notice USN-1374-1
February 24, 2012
samba vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
Samba could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
Andy Davis discovered that Samba incorrectly handled certain AndX offsets.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 8.04 LTS:
samba 3.0.28a-1ubuntu4.17
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: samba security update
Advisory ID: RHSA-2012:0332-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0332.html
Issue date: 2012-02-23
CVE Names: CVE-2012-0870
=====================================================================
1. Summary:
Updated samba packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5, and Red Hat Enterprise Linux 5.3 Long
Life, and 5.6 Extended Update Support.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Long Life (v. 5.3 server) - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Description:
Samba is a suite of programs used by machines to share files, printers, and
other information.
An input validation flaw was found in the way Samba handled Any Batched
(AndX) requests. A remote, unauthenticated attacker could send a
specially-crafted SMB packet to the Samba server, possibly resulting in
arbitrary code execution with the privileges of the Samba server (root).
(CVE-2012-0870)
Red Hat would like to thank the Samba team for reporting this issue.
Upstream acknowledges Andy Davis of NGS Secure as the original reporter.
Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the smb service will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
795509 - CVE-2012-0870 samba: Any Batched ("AndX") request processing infinite recursion and heap-based buffer overflow
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/samba-3.0.33-0.35.el4.src.rpm
i386:
samba-3.0.33-0.35.el4.i386.rpm
samba-client-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-swat-3.0.33-0.35.el4.i386.rpm
ia64:
samba-3.0.33-0.35.el4.ia64.rpm
samba-client-3.0.33-0.35.el4.ia64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.ia64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.ia64.rpm
samba-swat-3.0.33-0.35.el4.ia64.rpm
ppc:
samba-3.0.33-0.35.el4.ppc.rpm
samba-client-3.0.33-0.35.el4.ppc.rpm
samba-common-3.0.33-0.35.el4.ppc.rpm
samba-common-3.0.33-0.35.el4.ppc64.rpm
samba-debuginfo-3.0.33-0.35.el4.ppc.rpm
samba-debuginfo-3.0.33-0.35.el4.ppc64.rpm
samba-swat-3.0.33-0.35.el4.ppc.rpm
s390:
samba-3.0.33-0.35.el4.s390.rpm
samba-client-3.0.33-0.35.el4.s390.rpm
samba-common-3.0.33-0.35.el4.s390.rpm
samba-debuginfo-3.0.33-0.35.el4.s390.rpm
samba-swat-3.0.33-0.35.el4.s390.rpm
s390x:
samba-3.0.33-0.35.el4.s390x.rpm
samba-client-3.0.33-0.35.el4.s390x.rpm
samba-common-3.0.33-0.35.el4.s390.rpm
samba-common-3.0.33-0.35.el4.s390x.rpm
samba-debuginfo-3.0.33-0.35.el4.s390.rpm
samba-debuginfo-3.0.33-0.35.el4.s390x.rpm
samba-swat-3.0.33-0.35.el4.s390x.rpm
x86_64:
samba-3.0.33-0.35.el4.x86_64.rpm
samba-client-3.0.33-0.35.el4.x86_64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.x86_64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.x86_64.rpm
samba-swat-3.0.33-0.35.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/samba-3.0.33-0.35.el4.src.rpm
i386:
samba-3.0.33-0.35.el4.i386.rpm
samba-client-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-swat-3.0.33-0.35.el4.i386.rpm
x86_64:
samba-3.0.33-0.35.el4.x86_64.rpm
samba-client-3.0.33-0.35.el4.x86_64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.x86_64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.x86_64.rpm
samba-swat-3.0.33-0.35.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/samba-3.0.33-0.35.el4.src.rpm
i386:
samba-3.0.33-0.35.el4.i386.rpm
samba-client-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-swat-3.0.33-0.35.el4.i386.rpm
ia64:
samba-3.0.33-0.35.el4.ia64.rpm
samba-client-3.0.33-0.35.el4.ia64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.ia64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.ia64.rpm
samba-swat-3.0.33-0.35.el4.ia64.rpm
x86_64:
samba-3.0.33-0.35.el4.x86_64.rpm
samba-client-3.0.33-0.35.el4.x86_64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.x86_64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.x86_64.rpm
samba-swat-3.0.33-0.35.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/samba-3.0.33-0.35.el4.src.rpm
i386:
samba-3.0.33-0.35.el4.i386.rpm
samba-client-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-swat-3.0.33-0.35.el4.i386.rpm
ia64:
samba-3.0.33-0.35.el4.ia64.rpm
samba-client-3.0.33-0.35.el4.ia64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.ia64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.ia64.rpm
samba-swat-3.0.33-0.35.el4.ia64.rpm
x86_64:
samba-3.0.33-0.35.el4.x86_64.rpm
samba-client-3.0.33-0.35.el4.x86_64.rpm
samba-common-3.0.33-0.35.el4.i386.rpm
samba-common-3.0.33-0.35.el4.x86_64.rpm
samba-debuginfo-3.0.33-0.35.el4.i386.rpm
samba-debuginfo-3.0.33-0.35.el4.x86_64.rpm
samba-swat-3.0.33-0.35.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.38.el5_8.src.rpm
i386:
libsmbclient-3.0.33-3.38.el5_8.i386.rpm
samba-3.0.33-3.38.el5_8.i386.rpm
samba-client-3.0.33-3.38.el5_8.i386.rpm
samba-common-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
samba-swat-3.0.33-3.38.el5_8.i386.rpm
x86_64:
libsmbclient-3.0.33-3.38.el5_8.i386.rpm
libsmbclient-3.0.33-3.38.el5_8.x86_64.rpm
samba-3.0.33-3.38.el5_8.x86_64.rpm
samba-client-3.0.33-3.38.el5_8.x86_64.rpm
samba-common-3.0.33-3.38.el5_8.i386.rpm
samba-common-3.0.33-3.38.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.x86_64.rpm
samba-swat-3.0.33-3.38.el5_8.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/samba-3.0.33-3.38.el5_8.src.rpm
i386:
libsmbclient-devel-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
x86_64:
libsmbclient-devel-3.0.33-3.38.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.x86_64.rpm
Red Hat Enterprise Linux Long Life (v. 5.3 server):
Source:
samba-3.0.33-3.7.el5_3.4.src.rpm
i386:
samba-3.0.33-3.7.el5_3.4.i386.rpm
samba-client-3.0.33-3.7.el5_3.4.i386.rpm
samba-common-3.0.33-3.7.el5_3.4.i386.rpm
samba-debuginfo-3.0.33-3.7.el5_3.4.i386.rpm
samba-swat-3.0.33-3.7.el5_3.4.i386.rpm
ia64:
samba-3.0.33-3.7.el5_3.4.ia64.rpm
samba-client-3.0.33-3.7.el5_3.4.ia64.rpm
samba-common-3.0.33-3.7.el5_3.4.ia64.rpm
samba-debuginfo-3.0.33-3.7.el5_3.4.ia64.rpm
samba-swat-3.0.33-3.7.el5_3.4.ia64.rpm
x86_64:
samba-3.0.33-3.7.el5_3.4.x86_64.rpm
samba-client-3.0.33-3.7.el5_3.4.x86_64.rpm
samba-common-3.0.33-3.7.el5_3.4.i386.rpm
samba-common-3.0.33-3.7.el5_3.4.x86_64.rpm
samba-debuginfo-3.0.33-3.7.el5_3.4.i386.rpm
samba-debuginfo-3.0.33-3.7.el5_3.4.x86_64.rpm
samba-swat-3.0.33-3.7.el5_3.4.x86_64.rpm
Red Hat Enterprise Linux EUS (v. 5.6 server):
Source:
samba-3.0.33-3.29.el5_6.4.src.rpm
i386:
libsmbclient-3.0.33-3.29.el5_6.4.i386.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.i386.rpm
samba-3.0.33-3.29.el5_6.4.i386.rpm
samba-client-3.0.33-3.29.el5_6.4.i386.rpm
samba-common-3.0.33-3.29.el5_6.4.i386.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.i386.rpm
samba-swat-3.0.33-3.29.el5_6.4.i386.rpm
ia64:
libsmbclient-3.0.33-3.29.el5_6.4.ia64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.ia64.rpm
samba-3.0.33-3.29.el5_6.4.ia64.rpm
samba-client-3.0.33-3.29.el5_6.4.ia64.rpm
samba-common-3.0.33-3.29.el5_6.4.ia64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.ia64.rpm
samba-swat-3.0.33-3.29.el5_6.4.ia64.rpm
ppc:
libsmbclient-3.0.33-3.29.el5_6.4.ppc.rpm
libsmbclient-3.0.33-3.29.el5_6.4.ppc64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.ppc.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.ppc64.rpm
samba-3.0.33-3.29.el5_6.4.ppc.rpm
samba-client-3.0.33-3.29.el5_6.4.ppc.rpm
samba-common-3.0.33-3.29.el5_6.4.ppc.rpm
samba-common-3.0.33-3.29.el5_6.4.ppc64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.ppc.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.ppc64.rpm
samba-swat-3.0.33-3.29.el5_6.4.ppc.rpm
s390x:
libsmbclient-3.0.33-3.29.el5_6.4.s390.rpm
libsmbclient-3.0.33-3.29.el5_6.4.s390x.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.s390.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.s390x.rpm
samba-3.0.33-3.29.el5_6.4.s390x.rpm
samba-client-3.0.33-3.29.el5_6.4.s390x.rpm
samba-common-3.0.33-3.29.el5_6.4.s390.rpm
samba-common-3.0.33-3.29.el5_6.4.s390x.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.s390.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.s390x.rpm
samba-swat-3.0.33-3.29.el5_6.4.s390x.rpm
x86_64:
libsmbclient-3.0.33-3.29.el5_6.4.i386.rpm
libsmbclient-3.0.33-3.29.el5_6.4.x86_64.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.i386.rpm
libsmbclient-devel-3.0.33-3.29.el5_6.4.x86_64.rpm
samba-3.0.33-3.29.el5_6.4.x86_64.rpm
samba-client-3.0.33-3.29.el5_6.4.x86_64.rpm
samba-common-3.0.33-3.29.el5_6.4.i386.rpm
samba-common-3.0.33-3.29.el5_6.4.x86_64.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.i386.rpm
samba-debuginfo-3.0.33-3.29.el5_6.4.x86_64.rpm
samba-swat-3.0.33-3.29.el5_6.4.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/samba-3.0.33-3.38.el5_8.src.rpm
i386:
libsmbclient-3.0.33-3.38.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.i386.rpm
samba-3.0.33-3.38.el5_8.i386.rpm
samba-client-3.0.33-3.38.el5_8.i386.rpm
samba-common-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
samba-swat-3.0.33-3.38.el5_8.i386.rpm
ia64:
libsmbclient-3.0.33-3.38.el5_8.ia64.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.ia64.rpm
samba-3.0.33-3.38.el5_8.ia64.rpm
samba-client-3.0.33-3.38.el5_8.ia64.rpm
samba-common-3.0.33-3.38.el5_8.ia64.rpm
samba-debuginfo-3.0.33-3.38.el5_8.ia64.rpm
samba-swat-3.0.33-3.38.el5_8.ia64.rpm
ppc:
libsmbclient-3.0.33-3.38.el5_8.ppc.rpm
libsmbclient-3.0.33-3.38.el5_8.ppc64.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.ppc.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.ppc64.rpm
samba-3.0.33-3.38.el5_8.ppc.rpm
samba-client-3.0.33-3.38.el5_8.ppc.rpm
samba-common-3.0.33-3.38.el5_8.ppc.rpm
samba-common-3.0.33-3.38.el5_8.ppc64.rpm
samba-debuginfo-3.0.33-3.38.el5_8.ppc.rpm
samba-debuginfo-3.0.33-3.38.el5_8.ppc64.rpm
samba-swat-3.0.33-3.38.el5_8.ppc.rpm
s390x:
libsmbclient-3.0.33-3.38.el5_8.s390.rpm
libsmbclient-3.0.33-3.38.el5_8.s390x.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.s390.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.s390x.rpm
samba-3.0.33-3.38.el5_8.s390x.rpm
samba-client-3.0.33-3.38.el5_8.s390x.rpm
samba-common-3.0.33-3.38.el5_8.s390.rpm
samba-common-3.0.33-3.38.el5_8.s390x.rpm
samba-debuginfo-3.0.33-3.38.el5_8.s390.rpm
samba-debuginfo-3.0.33-3.38.el5_8.s390x.rpm
samba-swat-3.0.33-3.38.el5_8.s390x.rpm
x86_64:
libsmbclient-3.0.33-3.38.el5_8.i386.rpm
libsmbclient-3.0.33-3.38.el5_8.x86_64.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.i386.rpm
libsmbclient-devel-3.0.33-3.38.el5_8.x86_64.rpm
samba-3.0.33-3.38.el5_8.x86_64.rpm
samba-client-3.0.33-3.38.el5_8.x86_64.rpm
samba-common-3.0.33-3.38.el5_8.i386.rpm
samba-common-3.0.33-3.38.el5_8.x86_64.rpm
samba-debuginfo-3.0.33-3.38.el5_8.i386.rpm
samba-debuginfo-3.0.33-3.38.el5_8.x86_64.rpm
samba-swat-3.0.33-3.38.el5_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0870.html
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPRq5BXlSAg2UNWIIRAi8UAKCeG0OK/toZruQMW71pNgX/9EFWJACfWhgR
2fYxfIbc/dSB94Bi22p/vW4=
=Pybf
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201206-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Samba: Multiple vulnerabilities
Date: June 24, 2012
Bugs: #290633, #310105, #323785, #332063, #337295, #356917,
#382263, #386375, #405551, #411487, #414319
ID: 201206-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Samba, the worst of which
may allow execution of arbitrary code with root privileges.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba < 3.5.15 >= 3.5.15
Description
===========
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details. Furthermore, a local attacker
may be able to cause a Denial of Service condition or obtain sensitive
information in a Samba credentials file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Samba users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.5.15"
References
==========
[ 1 ] CVE-2009-2906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2906
[ 2 ] CVE-2009-2948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2948
[ 3 ] CVE-2010-0728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0728
[ 4 ] CVE-2010-1635
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1635
[ 5 ] CVE-2010-1642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1642
[ 6 ] CVE-2010-2063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2063
[ 7 ] CVE-2010-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3069
[ 8 ] CVE-2011-0719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0719
[ 9 ] CVE-2011-1678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1678
[ 10 ] CVE-2011-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2724
[ 11 ] CVE-2012-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870
[ 12 ] CVE-2012-1182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182
[ 13 ] CVE-2012-2111
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2111
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-22.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201209-0274 | CVE-2012-4999 |
Mercury MR804 Denial of service in router (DoS) Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201202-0309 |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information. The Mercury MR804 Router is a router device. Mercury MR804 router is prone to multiple denial-of-service vulnerabilities.
Remote attackers can exploit these issues to cause the device to crash, denying service to legitimate users.
Mercury MR804 running version 3.8.1 Build 101220 is vulnerable. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Mercury MR804 Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA48079
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48079/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48079
RELEASE DATE:
2012-03-07
DISCUSS ADVISORY:
http://secunia.com/advisories/48079/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48079/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48079
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Mercury MR804, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is reported in version 8. Other versions may also
be affected.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
demonalex@163.com.
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0348 | CVE-2012-1292 | SAP NetWeaver In MessagingSystem Performance Data Vulnerability to get important information about |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a vulnerability in SAP NetWeaver. Because the input passed to the b2b/admin/log_view.jsp or b2b/admin/log.jsp script in the Internet Sales module via the \"logfilename\" parameter is missing validation before being used to display the file, it can result in arbitrary files being obtained through the directory traversal sequence. information. SAP NetWeaver is prone to multiple input-validation vulnerabilities, including:
1. A cross-site scripting vulnerability
2. Multiple directory traversal vulnerabilities
3. Multiple information-disclosure vulnerabilities
Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, and disclose sensitive information. Other attacks are also possible. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
SAP NetWeaver Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47861
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47861/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
RELEASE DATE:
2012-02-21
DISCUSS ADVISORY:
http://secunia.com/advisories/47861/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47861/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Digital Security Research Group has reported some vulnerabilities in
SAP NetWeaver, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users and malicious
people to disclose sensitive information.
This can be exploited to disclose the contents of arbitrary files via
directory traversal sequences. This can be exploited to disclose the contents of
arbitrary files via directory traversal sequences.
Successful exploitation of vulnerabilities #1 and #2 may require
permission to view logs.
The vulnerabilities are reported in version 7.0. Other versions may
also be affected.
SOLUTION:
Apply SAP Security Notes 1585527 and 1583300.
PROVIDED AND/OR DISCOVERED BY:
Dmitriy Chastukhin, Digital Security Research Group.
ORIGINAL ADVISORY:
Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=412
http://dsecrg.com/pages/vul/show.php?id=413
http://dsecrg.com/pages/vul/show.php?id=414
http://dsecrg.com/pages/vul/show.php?id=415
http://dsecrg.com/pages/vul/show.php?id=416
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0347 | CVE-2012-1291 | SAP NetWeaver In Adapter Monitor Vulnerability to get important information about |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a vulnerability in SAP NetWeaver. Because the input passed to the b2b/admin/log_view.jsp or b2b/admin/log.jsp script in the Internet Sales module via the \"logfilename\" parameter is missing validation before being used to display the file, it can result in arbitrary files being obtained through the directory traversal sequence. information. SAP NetWeaver is prone to multiple input-validation vulnerabilities, including:
1. A cross-site scripting vulnerability
2. Multiple directory traversal vulnerabilities
3. Multiple information-disclosure vulnerabilities
Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, and disclose sensitive information. Other attacks are also possible. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
SAP NetWeaver Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47861
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47861/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
RELEASE DATE:
2012-02-21
DISCUSS ADVISORY:
http://secunia.com/advisories/47861/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47861/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Digital Security Research Group has reported some vulnerabilities in
SAP NetWeaver, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users and malicious
people to disclose sensitive information.
This can be exploited to disclose the contents of arbitrary files via
directory traversal sequences. This can be exploited to disclose the contents of
arbitrary files via directory traversal sequences.
Successful exploitation of vulnerabilities #1 and #2 may require
permission to view logs.
The vulnerabilities are reported in version 7.0. Other versions may
also be affected.
SOLUTION:
Apply SAP Security Notes 1585527 and 1583300.
PROVIDED AND/OR DISCOVERED BY:
Dmitriy Chastukhin, Digital Security Research Group.
ORIGINAL ADVISORY:
Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=412
http://dsecrg.com/pages/vul/show.php?id=413
http://dsecrg.com/pages/vul/show.php?id=414
http://dsecrg.com/pages/vul/show.php?id=415
http://dsecrg.com/pages/vul/show.php?id=416
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0346 | CVE-2012-1290 | SAP NetWeaver of b2b/auction/container.jsp Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. There is a vulnerability in SAP NetWeaver. information. The SAP NetWeaver com.sap.aii.mdt.amt.web.AMTPageProcessor servlet error can be exploited to leak certain Adapter monitoring information. SAP NetWeaver is prone to multiple input-validation vulnerabilities, including:
1. A cross-site scripting vulnerability
2. Multiple directory traversal vulnerabilities
3. Multiple information-disclosure vulnerabilities
Attackers can exploit these issues to execute arbitrary script code in the context of the website, steal cookie-based authentication information, and disclose sensitive information. Other attacks are also possible. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
SAP NetWeaver Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47861
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47861/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
RELEASE DATE:
2012-02-21
DISCUSS ADVISORY:
http://secunia.com/advisories/47861/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47861/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47861
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Digital Security Research Group has reported some vulnerabilities in
SAP NetWeaver, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users and malicious
people to disclose sensitive information.
This can be exploited to disclose the contents of arbitrary files via
directory traversal sequences. This can be exploited to disclose the contents of
arbitrary files via directory traversal sequences.
Successful exploitation of vulnerabilities #1 and #2 may require
permission to view logs.
The vulnerabilities are reported in version 7.0. Other versions may
also be affected.
SOLUTION:
Apply SAP Security Notes 1585527 and 1583300.
PROVIDED AND/OR DISCOVERED BY:
Dmitriy Chastukhin, Digital Security Research Group.
ORIGINAL ADVISORY:
Digital Security Research Group:
http://dsecrg.com/pages/vul/show.php?id=412
http://dsecrg.com/pages/vul/show.php?id=413
http://dsecrg.com/pages/vul/show.php?id=414
http://dsecrg.com/pages/vul/show.php?id=415
http://dsecrg.com/pages/vul/show.php?id=416
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0344 | CVE-2012-1288 | UTC Fire & Security GE-MC100-NTP/GPS-ZB Trust Management Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock have default administrator login credentials that can not be modified by an administrator. A remote attacker could exploit the vulnerability to gain access via an HTTP session. Successful exploits will result in the complete compromise of the affected device. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock Default Account
Security Issue
SECUNIA ADVISORY ID:
SA48037
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48037/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48037
RELEASE DATE:
2012-02-23
DISCUSS ADVISORY:
http://secunia.com/advisories/48037/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48037/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48037
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in UTC Fire & Security
GE-MC100-NTP/GPS-ZB Master Clock, which can be exploited by malicious
people to bypass certain security restrictions.
SOLUTION:
Restrict access to trusted hosts only.
PROVIDED AND/OR DISCOVERED BY:
US-CERT credits Temple Murphy
ORIGINAL ADVISORY:
US-CERT (VU#707254):
http://www.kb.cert.org/vuls/id/707254
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0180 | CVE-2012-1193 | PowerDNS Vulnerabilities that allow continuous name resolution for invalid domain names |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. PowerDNS Recursor is a high performance recursive name server. A vulnerability exists in the resolver in version 3.3 of PowerDNS Recursor (also known as pdns_recursor). The cache server name and TTL value in the NS record are overwritten during the processing of the query record response.
Successfully exploiting these issues will allow an attacker to manipulate cache data, which may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201412-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: PowerDNS Recursor: Multiple vulnerabilities
Date: December 22, 2014
Bugs: #299942, #404377, #514946, #531992
ID: 201412-33
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in PowerDNS Recursor, the
worst of which may allow execution of arbitrary code.
Background
==========
PowerDNS Recursor is a high-end, high-performance resolving name server
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/pdns-recursor < 3.6.1-r1 >= 3.6.1-r1
Description
===========
Multiple vulnerabilities have been discovered in PowerDNS Recursor.
Please review the CVE identifiers and PowerDNS blog post referenced
below for details.
Impact
======
A remote attacker may be able to send specially crafted packets,
possibly resulting in arbitrary code execution or a Denial of Service
condition. Furthermore, a remote attacker may be able to spoof DNS
data.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PowerDNS Recursor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/pdns-recursor-3.6.1-r1"=
References
==========
[ 1 ] CVE-2009-4009
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4009
[ 2 ] CVE-2009-4010
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4010
[ 3 ] CVE-2012-1193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1193
[ 4 ] CVE-2014-8601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8601
[ 5 ] Related to recent DoS attacks: Recursor configuration file
guidance
http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recurso=
r-configuration-file-guidance/
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-33.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201202-0239 | CVE-2012-0224 | 7T TERMIS DLL Load arbitrary code execution vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. DLL It may be possible to get permission through the file. AQUIS Operation is a software product developed by 7-Technologies of Denmark (7T). Used in hydraulic models, automation engineering, systems engineering and software engineering. 7-Technologies AQUIS software has DLL hijacking problem. The attacker can prevent the malicious DLL from being loaded in the software directory and will be loaded before the legal DLL. The attacker must access the host file system to exploit this vulnerability, and the exploit can be exploited in the application context. Execute arbitrary code. 7-Technologies TERMIS is an energy network simulation platform designed to improve system design and operation.
An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic Link Library (DLL) file.
AQUIS 1.5 and prior versions are vulnerable. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
7-Technologies AQUIS / TERMIS Insecure Library Loading Vulnerability
SECUNIA ADVISORY ID:
SA48093
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48093/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48093
RELEASE DATE:
2012-02-20
DISCUSS ADVISORY:
http://secunia.com/advisories/48093/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48093/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48093
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in AQUIS and TERMIS, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to the application loading
unspecified libraries in an insecure manner. This can be exploited to
load arbitrary libraries by tricking a user into e.g. opening a
certain file located on a remote WebDAV or SMB share.
The vulnerability is reported in the following products:
* AQUIS version 1.5 dated October 13, 2011 and prior.
* TERMIS version 2.10 dated November 30, 2011 and prior.
SOLUTION:
Apply patches.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Kuang-Chun Hung, Security Research and Service
Institute−Information and Communication Security Technology
Center (ICST).
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0362 | No CVE | SAP Netweaver SOAP Message Remote Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: HIGH |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAPHostControl service has a boundary error when processing certain commands wrapped in SOAP messages. A stack-based buffer overflow can be triggered by a very long command, and a successful exploit can execute arbitrary code in the application context. SAP Netweaver is prone to a remote buffer-overflow vulnerability. Failed exploit attempts may result in a denial-of-service condition.
SAP Netweaver 7.02 is affected; other versions may also be vulnerable. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
SAP NetWeaver SAPHostControl Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA48047
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48047/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48047
RELEASE DATE:
2012-02-20
DISCUSS ADVISORY:
http://secunia.com/advisories/48047/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48047/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48047
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Context Information Security has reported a vulnerability in SAP
NetWeaver, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is reported in version 7.02.
SOLUTION:
Apply SAP security note 1638811.
PROVIDED AND/OR DISCOVERED BY:
Nico Leidecker, Context Information Security.
ORIGINAL ADVISORY:
SAP:
https://service.sap.com/sap/support/notes/1638811
Context Information Security:
http://archives.neohapsis.com/archives/fulldisclosure/2012-02/0269.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0179 | CVE-2012-1192 | Unbound Vulnerabilities that allow continuous name resolution for invalid domain names |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. Unbound is an open source recursive DNS server software. A vulnerability exists in the resolver in versions prior to Unbound 1.4.11. Unbound is prone to a remote security vulnerability
| VAR-201209-0472 | CVE-2012-4924 | ASUS Net4Switch for ipswcom.dll ActiveX Component buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. ASUS Net4Switch is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions.
ASUS Net4Switch ipswcom.dll 1.0.0.1 is vulnerable; other versions may also be affected. ASUS Net4Switch is a network management software for ASUS computers. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Net4Switch ipswcom ActiveX Control Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA48125
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48125/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48125
RELEASE DATE:
2012-02-22
DISCUSS ADVISORY:
http://secunia.com/advisories/48125/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48125/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48125
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Digital Security Research Group has discovered a vulnerability in
Net4Switch ipswcom ActiveX Control, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the
"CxDbgPrint()" function (cxcmrt.dll) when creating a debug message
string.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.0.0020 (ipswcom 1.0.0.1).
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
Dmitriy Evdokimov, Digital Security Research Group
ORIGINAL ADVISORY:
DSECRG-12-017:
http://dsecrg.com/pages/vul/show.php?id=417
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201202-0137 | CVE-2011-3026 | Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng Contains an integer overflow vulnerability.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. Summary:
Updated libpng and libpng10 packages that fix one security issue are now
available for Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A heap-based buffer overflow flaw was found in libpng. An attacker could
create a specially-crafted PNG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-3026)
Users of libpng and libpng10 should upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.
4.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk (MFSA 2012-11)
6. Package List:
Red Hat Enterprise Linux AS version 4:
Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm
i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm
ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm
ppc:
libpng-1.2.7-9.el4.ppc.rpm
libpng-1.2.7-9.el4.ppc64.rpm
libpng-debuginfo-1.2.7-9.el4.ppc.rpm
libpng-debuginfo-1.2.7-9.el4.ppc64.rpm
libpng-devel-1.2.7-9.el4.ppc.rpm
libpng10-1.0.16-10.el4.ppc.rpm
libpng10-1.0.16-10.el4.ppc64.rpm
libpng10-debuginfo-1.0.16-10.el4.ppc.rpm
libpng10-debuginfo-1.0.16-10.el4.ppc64.rpm
libpng10-devel-1.0.16-10.el4.ppc.rpm
s390:
libpng-1.2.7-9.el4.s390.rpm
libpng-debuginfo-1.2.7-9.el4.s390.rpm
libpng-devel-1.2.7-9.el4.s390.rpm
libpng10-1.0.16-10.el4.s390.rpm
libpng10-debuginfo-1.0.16-10.el4.s390.rpm
libpng10-devel-1.0.16-10.el4.s390.rpm
s390x:
libpng-1.2.7-9.el4.s390.rpm
libpng-1.2.7-9.el4.s390x.rpm
libpng-debuginfo-1.2.7-9.el4.s390.rpm
libpng-debuginfo-1.2.7-9.el4.s390x.rpm
libpng-devel-1.2.7-9.el4.s390x.rpm
libpng10-1.0.16-10.el4.s390.rpm
libpng10-1.0.16-10.el4.s390x.rpm
libpng10-debuginfo-1.0.16-10.el4.s390.rpm
libpng10-debuginfo-1.0.16-10.el4.s390x.rpm
libpng10-devel-1.0.16-10.el4.s390x.rpm
x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm
i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm
x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm
i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm
ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm
x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm
i386:
libpng-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-devel-1.2.7-9.el4.i386.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-devel-1.0.16-10.el4.i386.rpm
ia64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.ia64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.ia64.rpm
libpng-devel-1.2.7-9.el4.ia64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.ia64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.ia64.rpm
libpng10-devel-1.0.16-10.el4.ia64.rpm
x86_64:
libpng-1.2.7-9.el4.i386.rpm
libpng-1.2.7-9.el4.x86_64.rpm
libpng-debuginfo-1.2.7-9.el4.i386.rpm
libpng-debuginfo-1.2.7-9.el4.x86_64.rpm
libpng-devel-1.2.7-9.el4.x86_64.rpm
libpng10-1.0.16-10.el4.i386.rpm
libpng10-1.0.16-10.el4.x86_64.rpm
libpng10-debuginfo-1.0.16-10.el4.i386.rpm
libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm
libpng10-devel-1.0.16-10.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm
i386:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
x86_64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.x86_64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm
i386:
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
x86_64:
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm
i386:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
ia64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.ia64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.ia64.rpm
libpng-devel-1.2.10-15.el5_7.ia64.rpm
ppc:
libpng-1.2.10-15.el5_7.ppc.rpm
libpng-1.2.10-15.el5_7.ppc64.rpm
libpng-debuginfo-1.2.10-15.el5_7.ppc.rpm
libpng-debuginfo-1.2.10-15.el5_7.ppc64.rpm
libpng-devel-1.2.10-15.el5_7.ppc.rpm
libpng-devel-1.2.10-15.el5_7.ppc64.rpm
s390x:
libpng-1.2.10-15.el5_7.s390.rpm
libpng-1.2.10-15.el5_7.s390x.rpm
libpng-debuginfo-1.2.10-15.el5_7.s390.rpm
libpng-debuginfo-1.2.10-15.el5_7.s390x.rpm
libpng-devel-1.2.10-15.el5_7.s390.rpm
libpng-devel-1.2.10-15.el5_7.s390x.rpm
x86_64:
libpng-1.2.10-15.el5_7.i386.rpm
libpng-1.2.10-15.el5_7.x86_64.rpm
libpng-debuginfo-1.2.10-15.el5_7.i386.rpm
libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm
libpng-devel-1.2.10-15.el5_7.i386.rpm
libpng-devel-1.2.10-15.el5_7.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm
x86_64:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
x86_64:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
ppc64:
libpng-1.2.46-2.el6_2.ppc.rpm
libpng-1.2.46-2.el6_2.ppc64.rpm
libpng-debuginfo-1.2.46-2.el6_2.ppc.rpm
libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm
libpng-devel-1.2.46-2.el6_2.ppc.rpm
libpng-devel-1.2.46-2.el6_2.ppc64.rpm
s390x:
libpng-1.2.46-2.el6_2.s390.rpm
libpng-1.2.46-2.el6_2.s390x.rpm
libpng-debuginfo-1.2.46-2.el6_2.s390.rpm
libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm
libpng-devel-1.2.46-2.el6_2.s390.rpm
libpng-devel-1.2.46-2.el6_2.s390x.rpm
x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm
ppc64:
libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm
libpng-static-1.2.46-2.el6_2.ppc64.rpm
s390x:
libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm
libpng-static-1.2.46-2.el6_2.s390x.rpm
x86_64:
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
x86_64:
libpng-1.2.46-2.el6_2.i686.rpm
libpng-1.2.46-2.el6_2.x86_64.rpm
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-devel-1.2.46-2.el6_2.i686.rpm
libpng-devel-1.2.46-2.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm
i386:
libpng-debuginfo-1.2.46-2.el6_2.i686.rpm
libpng-static-1.2.46-2.el6_2.i686.rpm
x86_64:
libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm
libpng-static-1.2.46-2.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-3026.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Symantec Products KeyView File Processing Vulnerabilities
SECUNIA ADVISORY ID:
SA51365
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/51365/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=51365
RELEASE DATE:
2012-11-21
DISCUSS ADVISORY:
http://secunia.com/advisories/51365/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/51365/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51365
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Symantec has acknowledged some vulnerabilities in multiple products,
which can be exploited by malicious people to compromise a vulnerable
system.
For more information:
SA51362
The vulnerabilities are reported in the following products:
* Symantec Mail Security for Microsoft Exchange (SMSMSE) versions
6.5.x
* Symantec Mail Security for Domino (SMSDOM) versions 8.1.x
* Symantec Messaging Gateway (SMG) versions 9.5.x
* Symantec Data Loss Prevention(DLP) Enforce/Detection Servers for
Windows versions 11.x
* Symantec Data Loss Prevention Enforce/Detection Servers for Linux
versions 11.x
* Symantec Data Loss Prevention Endpoint Agents versions 11.x
SOLUTION:
Update of upgrade to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
ORIGINAL ADVISORY:
Symantec:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121120_00
US-CERT:
http://www.kb.cert.org/vuls/id/849841
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ============================================================================
Ubuntu Security Notice USN-1367-2
February 17, 2012
firefox vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it opened a
specially crafted file. This provides the corresponding
update for Firefox.
Original advisory details:
Jueri Aedla discovered that libpng did not properly verify the size used
when allocating memory during chunk decompression. (CVE-2011-3026)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
firefox 10.0.2+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 10.0.2+build1-0ubuntu0.11.04.1
Ubuntu 10.10:
firefox 10.0.2+build1-0ubuntu0.10.10.1
Ubuntu 10.04 LTS:
firefox 10.0.2+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make all the
necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Products: Multiple vulnerabilities
Date: January 08, 2013
Bugs: #180159, #181361, #207261, #238535, #246602, #251322,
#255221, #255234, #255687, #257577, #260062, #261386,
#262704, #267234, #273918, #277752, #280226, #280234,
#280393, #282549, #284439, #286721, #290892, #292034,
#297532, #305689, #307045, #311021, #312361, #312645,
#312651, #312675, #312679, #312763, #313003, #324735,
#326341, #329279, #336396, #341821, #342847, #348316,
#357057, #360055, #360315, #365323, #373595, #379549,
#381245, #388045, #390771, #395431, #401701, #403183,
#404437, #408161, #413657, #419917, #427224, #433383,
#437780, #439586, #439960, #444318
ID: 201301-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which
may allow execution of arbitrary code or local privilege escalation.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications such as Firefox
and Thunderbird. NSS is Mozilla's Network Security Services library
that implements PKI support. IceCat is the GNU version of Firefox.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 10.0.11 >= 10.0.11
2 www-client/firefox-bin < 10.0.11 >= 10.0.11
3 mail-client/thunderbird < 10.0.11 >= 10.0.11
4 mail-client/thunderbird-bin
< 10.0.11 >= 10.0.11
5 www-client/seamonkey < 2.14-r1 >= 2.14-r1
6 www-client/seamonkey-bin
< 2.14 >= 2.14
7 dev-libs/nss < 3.14 >= 3.14
8 www-client/mozilla-firefox
<= 3.6.8 Vulnerable!
9 www-client/mozilla-firefox-bin
<= 3.5.6 Vulnerable!
10 mail-client/mozilla-thunderbird
<= 3.0.4-r1 Vulnerable!
11 mail-client/mozilla-thunderbird-bin
<= 3.0 Vulnerable!
12 www-client/icecat <= 10.0-r1 Vulnerable!
13 net-libs/xulrunner <= 2.0-r1 Vulnerable!
14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
14 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Mozilla Firefox,
Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review
the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able
to perform Man-in-the-Middle attacks, obtain sensitive information,
bypass restrictions and protection mechanisms, force file downloads,
conduct XML injection attacks, conduct XSS attacks, bypass the Same
Origin Policy, spoof URL's for phishing attacks, trigger a vertical
scroll, spoof the location bar, spoof an SSL indicator, modify the
browser's font, conduct clickjacking attacks, or have other unspecified
impact.
A local attacker could gain escalated privileges, obtain sensitive
information, or replace an arbitrary downloaded file.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
All users of the Mozilla Firefox binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
All users of the Mozilla Thunderbird binary package should upgrade to
the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
All Mozilla SeaMonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1"
All users of the Mozilla SeaMonkey binary package should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14"
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14"
The "www-client/mozilla-firefox" package has been merged into the
"www-client/firefox" package. To upgrade, please unmerge
"www-client/mozilla-firefox" and then emerge the latest
"www-client/firefox" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox"
# emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11"
The "www-client/mozilla-firefox-bin" package has been merged into the
"www-client/firefox-bin" package. To upgrade, please unmerge
"www-client/mozilla-firefox-bin" and then emerge the latest
"www-client/firefox-bin" package:
# emerge --sync
# emerge --unmerge "www-client/mozilla-firefox-bin"
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"=
The "mail-client/mozilla-thunderbird" package has been merged into the
"mail-client/thunderbird" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird" and then emerge the latest
"mail-client/thunderbird" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11"
The "mail-client/mozilla-thunderbird-bin" package has been merged into
the "mail-client/thunderbird-bin" package. To upgrade, please unmerge
"mail-client/mozilla-thunderbird-bin" and then emerge the latest
"mail-client/thunderbird-bin" package:
# emerge --sync
# emerge --unmerge "mail-client/mozilla-thunderbird-bin"
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11"
Gentoo discontinued support for GNU IceCat. We recommend that users
unmerge GNU IceCat:
# emerge --unmerge "www-client/icecat"
Gentoo discontinued support for XULRunner. We recommend that users
unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner"
Gentoo discontinued support for the XULRunner binary package. We
recommend that users unmerge XULRunner:
# emerge --unmerge "net-libs/xulrunner-bin"
References
==========
[ 1 ] CVE-2011-3101
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101
[ 2 ] CVE-2007-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436
[ 3 ] CVE-2007-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437
[ 4 ] CVE-2007-2671
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671
[ 5 ] CVE-2007-3073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073
[ 6 ] CVE-2008-0016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016
[ 7 ] CVE-2008-0017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017
[ 8 ] CVE-2008-0367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367
[ 9 ] CVE-2008-3835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835
[ 10 ] CVE-2008-3836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836
[ 11 ] CVE-2008-3837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837
[ 12 ] CVE-2008-4058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058
[ 13 ] CVE-2008-4059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059
[ 14 ] CVE-2008-4060
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060
[ 15 ] CVE-2008-4061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061
[ 16 ] CVE-2008-4062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062
[ 17 ] CVE-2008-4063
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063
[ 18 ] CVE-2008-4064
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064
[ 19 ] CVE-2008-4065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065
[ 20 ] CVE-2008-4066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066
[ 21 ] CVE-2008-4067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067
[ 22 ] CVE-2008-4068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068
[ 23 ] CVE-2008-4069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069
[ 24 ] CVE-2008-4070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070
[ 25 ] CVE-2008-4582
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582
[ 26 ] CVE-2008-5012
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012
[ 27 ] CVE-2008-5013
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013
[ 28 ] CVE-2008-5014
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014
[ 29 ] CVE-2008-5015
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015
[ 30 ] CVE-2008-5016
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016
[ 31 ] CVE-2008-5017
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017
[ 32 ] CVE-2008-5018
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018
[ 33 ] CVE-2008-5019
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019
[ 34 ] CVE-2008-5021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021
[ 35 ] CVE-2008-5022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022
[ 36 ] CVE-2008-5023
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023
[ 37 ] CVE-2008-5024
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024
[ 38 ] CVE-2008-5052
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052
[ 39 ] CVE-2008-5500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500
[ 40 ] CVE-2008-5501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501
[ 41 ] CVE-2008-5502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502
[ 42 ] CVE-2008-5503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503
[ 43 ] CVE-2008-5504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504
[ 44 ] CVE-2008-5505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505
[ 45 ] CVE-2008-5506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506
[ 46 ] CVE-2008-5507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507
[ 47 ] CVE-2008-5508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508
[ 48 ] CVE-2008-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510
[ 49 ] CVE-2008-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511
[ 50 ] CVE-2008-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512
[ 51 ] CVE-2008-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513
[ 52 ] CVE-2008-5822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822
[ 53 ] CVE-2008-5913
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913
[ 54 ] CVE-2008-6961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961
[ 55 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 56 ] CVE-2009-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071
[ 57 ] CVE-2009-0352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352
[ 58 ] CVE-2009-0353
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353
[ 59 ] CVE-2009-0354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354
[ 60 ] CVE-2009-0355
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355
[ 61 ] CVE-2009-0356
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356
[ 62 ] CVE-2009-0357
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357
[ 63 ] CVE-2009-0358
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358
[ 64 ] CVE-2009-0652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652
[ 65 ] CVE-2009-0771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771
[ 66 ] CVE-2009-0772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772
[ 67 ] CVE-2009-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773
[ 68 ] CVE-2009-0774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774
[ 69 ] CVE-2009-0775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775
[ 70 ] CVE-2009-0776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776
[ 71 ] CVE-2009-0777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777
[ 72 ] CVE-2009-1044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044
[ 73 ] CVE-2009-1169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169
[ 74 ] CVE-2009-1302
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302
[ 75 ] CVE-2009-1303
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303
[ 76 ] CVE-2009-1304
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304
[ 77 ] CVE-2009-1305
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305
[ 78 ] CVE-2009-1306
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306
[ 79 ] CVE-2009-1307
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307
[ 80 ] CVE-2009-1308
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308
[ 81 ] CVE-2009-1309
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309
[ 82 ] CVE-2009-1310
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310
[ 83 ] CVE-2009-1311
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311
[ 84 ] CVE-2009-1312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312
[ 85 ] CVE-2009-1313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313
[ 86 ] CVE-2009-1392
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392
[ 87 ] CVE-2009-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563
[ 88 ] CVE-2009-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571
[ 89 ] CVE-2009-1828
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828
[ 90 ] CVE-2009-1832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832
[ 91 ] CVE-2009-1833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833
[ 92 ] CVE-2009-1834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834
[ 93 ] CVE-2009-1835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835
[ 94 ] CVE-2009-1836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836
[ 95 ] CVE-2009-1837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837
[ 96 ] CVE-2009-1838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838
[ 97 ] CVE-2009-1839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839
[ 98 ] CVE-2009-1840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840
[ 99 ] CVE-2009-1841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841
[ 100 ] CVE-2009-2043
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043
[ 101 ] CVE-2009-2044
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044
[ 102 ] CVE-2009-2061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061
[ 103 ] CVE-2009-2065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065
[ 104 ] CVE-2009-2210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210
[ 105 ] CVE-2009-2404
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404
[ 106 ] CVE-2009-2408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408
[ 107 ] CVE-2009-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462
[ 108 ] CVE-2009-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463
[ 109 ] CVE-2009-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464
[ 110 ] CVE-2009-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465
[ 111 ] CVE-2009-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466
[ 112 ] CVE-2009-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467
[ 113 ] CVE-2009-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469
[ 114 ] CVE-2009-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470
[ 115 ] CVE-2009-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471
[ 116 ] CVE-2009-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472
[ 117 ] CVE-2009-2477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477
[ 118 ] CVE-2009-2478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478
[ 119 ] CVE-2009-2479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479
[ 120 ] CVE-2009-2535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535
[ 121 ] CVE-2009-2654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654
[ 122 ] CVE-2009-2662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662
[ 123 ] CVE-2009-2664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664
[ 124 ] CVE-2009-2665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665
[ 125 ] CVE-2009-3069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069
[ 126 ] CVE-2009-3070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070
[ 127 ] CVE-2009-3071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071
[ 128 ] CVE-2009-3072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072
[ 129 ] CVE-2009-3074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074
[ 130 ] CVE-2009-3075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075
[ 131 ] CVE-2009-3076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076
[ 132 ] CVE-2009-3077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077
[ 133 ] CVE-2009-3078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078
[ 134 ] CVE-2009-3079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079
[ 135 ] CVE-2009-3274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274
[ 136 ] CVE-2009-3371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371
[ 137 ] CVE-2009-3372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372
[ 138 ] CVE-2009-3373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373
[ 139 ] CVE-2009-3374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374
[ 140 ] CVE-2009-3375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375
[ 141 ] CVE-2009-3376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376
[ 142 ] CVE-2009-3377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377
[ 143 ] CVE-2009-3378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378
[ 144 ] CVE-2009-3379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379
[ 145 ] CVE-2009-3380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380
[ 146 ] CVE-2009-3381
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381
[ 147 ] CVE-2009-3382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382
[ 148 ] CVE-2009-3383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383
[ 149 ] CVE-2009-3388
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388
[ 150 ] CVE-2009-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389
[ 151 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 152 ] CVE-2009-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978
[ 153 ] CVE-2009-3979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979
[ 154 ] CVE-2009-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980
[ 155 ] CVE-2009-3981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981
[ 156 ] CVE-2009-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982
[ 157 ] CVE-2009-3983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983
[ 158 ] CVE-2009-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984
[ 159 ] CVE-2009-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985
[ 160 ] CVE-2009-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986
[ 161 ] CVE-2009-3987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987
[ 162 ] CVE-2009-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988
[ 163 ] CVE-2010-0159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159
[ 164 ] CVE-2010-0160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160
[ 165 ] CVE-2010-0162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162
[ 166 ] CVE-2010-0163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163
[ 167 ] CVE-2010-0164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164
[ 168 ] CVE-2010-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165
[ 169 ] CVE-2010-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166
[ 170 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 171 ] CVE-2010-0167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167
[ 172 ] CVE-2010-0168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168
[ 173 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 174 ] CVE-2010-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169
[ 175 ] CVE-2010-0170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170
[ 176 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 177 ] CVE-2010-0171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171
[ 178 ] CVE-2010-0172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172
[ 179 ] CVE-2010-0173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173
[ 180 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 181 ] CVE-2010-0174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174
[ 182 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 183 ] CVE-2010-0175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175
[ 184 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 185 ] CVE-2010-0176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176
[ 186 ] CVE-2010-0177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177
[ 187 ] CVE-2010-0178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178
[ 188 ] CVE-2010-0179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179
[ 189 ] CVE-2010-0181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181
[ 190 ] CVE-2010-0182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182
[ 191 ] CVE-2010-0183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183
[ 192 ] CVE-2010-0220
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220
[ 193 ] CVE-2010-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648
[ 194 ] CVE-2010-0654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654
[ 195 ] CVE-2010-1028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028
[ 196 ] CVE-2010-1121
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121
[ 197 ] CVE-2010-1125
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125
[ 198 ] CVE-2010-1196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196
[ 199 ] CVE-2010-1197
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197
[ 200 ] CVE-2010-1198
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198
[ 201 ] CVE-2010-1199
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199
[ 202 ] CVE-2010-1200
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200
[ 203 ] CVE-2010-1201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201
[ 204 ] CVE-2010-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202
[ 205 ] CVE-2010-1203
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203
[ 206 ] CVE-2010-1205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205
[ 207 ] CVE-2010-1206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206
[ 208 ] CVE-2010-1207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207
[ 209 ] CVE-2010-1208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208
[ 210 ] CVE-2010-1209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209
[ 211 ] CVE-2010-1210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210
[ 212 ] CVE-2010-1211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211
[ 213 ] CVE-2010-1212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212
[ 214 ] CVE-2010-1213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213
[ 215 ] CVE-2010-1214
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214
[ 216 ] CVE-2010-1215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215
[ 217 ] CVE-2010-1585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585
[ 218 ] CVE-2010-2751
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751
[ 219 ] CVE-2010-2752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752
[ 220 ] CVE-2010-2753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753
[ 221 ] CVE-2010-2754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754
[ 222 ] CVE-2010-2755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755
[ 223 ] CVE-2010-2760
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760
[ 224 ] CVE-2010-2762
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762
[ 225 ] CVE-2010-2763
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763
[ 226 ] CVE-2010-2764
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764
[ 227 ] CVE-2010-2765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765
[ 228 ] CVE-2010-2766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766
[ 229 ] CVE-2010-2767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767
[ 230 ] CVE-2010-2768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768
[ 231 ] CVE-2010-2769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769
[ 232 ] CVE-2010-2770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770
[ 233 ] CVE-2010-3131
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131
[ 234 ] CVE-2010-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166
[ 235 ] CVE-2010-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167
[ 236 ] CVE-2010-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168
[ 237 ] CVE-2010-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169
[ 238 ] CVE-2010-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170
[ 239 ] CVE-2010-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171
[ 240 ] CVE-2010-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173
[ 241 ] CVE-2010-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174
[ 242 ] CVE-2010-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175
[ 243 ] CVE-2010-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176
[ 244 ] CVE-2010-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177
[ 245 ] CVE-2010-3178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178
[ 246 ] CVE-2010-3179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179
[ 247 ] CVE-2010-3180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180
[ 248 ] CVE-2010-3182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182
[ 249 ] CVE-2010-3183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183
[ 250 ] CVE-2010-3399
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399
[ 251 ] CVE-2010-3400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400
[ 252 ] CVE-2010-3765
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765
[ 253 ] CVE-2010-3766
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766
[ 254 ] CVE-2010-3767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767
[ 255 ] CVE-2010-3768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768
[ 256 ] CVE-2010-3769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769
[ 257 ] CVE-2010-3770
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770
[ 258 ] CVE-2010-3771
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771
[ 259 ] CVE-2010-3772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772
[ 260 ] CVE-2010-3773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773
[ 261 ] CVE-2010-3774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774
[ 262 ] CVE-2010-3775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775
[ 263 ] CVE-2010-3776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776
[ 264 ] CVE-2010-3777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777
[ 265 ] CVE-2010-3778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778
[ 266 ] CVE-2010-4508
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508
[ 267 ] CVE-2010-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074
[ 268 ] CVE-2011-0051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051
[ 269 ] CVE-2011-0053
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053
[ 270 ] CVE-2011-0054
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054
[ 271 ] CVE-2011-0055
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055
[ 272 ] CVE-2011-0056
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056
[ 273 ] CVE-2011-0057
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057
[ 274 ] CVE-2011-0058
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058
[ 275 ] CVE-2011-0059
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059
[ 276 ] CVE-2011-0061
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061
[ 277 ] CVE-2011-0062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062
[ 278 ] CVE-2011-0065
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065
[ 279 ] CVE-2011-0066
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066
[ 280 ] CVE-2011-0067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067
[ 281 ] CVE-2011-0068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068
[ 282 ] CVE-2011-0069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069
[ 283 ] CVE-2011-0070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070
[ 284 ] CVE-2011-0071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071
[ 285 ] CVE-2011-0072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072
[ 286 ] CVE-2011-0073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073
[ 287 ] CVE-2011-0074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074
[ 288 ] CVE-2011-0075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075
[ 289 ] CVE-2011-0076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076
[ 290 ] CVE-2011-0077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077
[ 291 ] CVE-2011-0078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078
[ 292 ] CVE-2011-0079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079
[ 293 ] CVE-2011-0080
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080
[ 294 ] CVE-2011-0081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081
[ 295 ] CVE-2011-0082
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082
[ 296 ] CVE-2011-0083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083
[ 297 ] CVE-2011-0084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084
[ 298 ] CVE-2011-0085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085
[ 299 ] CVE-2011-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187
[ 300 ] CVE-2011-1202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202
[ 301 ] CVE-2011-1712
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712
[ 302 ] CVE-2011-2362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362
[ 303 ] CVE-2011-2363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363
[ 304 ] CVE-2011-2364
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364
[ 305 ] CVE-2011-2365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365
[ 306 ] CVE-2011-2369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369
[ 307 ] CVE-2011-2370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370
[ 308 ] CVE-2011-2371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371
[ 309 ] CVE-2011-2372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372
[ 310 ] CVE-2011-2373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373
[ 311 ] CVE-2011-2374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374
[ 312 ] CVE-2011-2375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375
[ 313 ] CVE-2011-2376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376
[ 314 ] CVE-2011-2377
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377
[ 315 ] CVE-2011-2378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378
[ 316 ] CVE-2011-2605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605
[ 317 ] CVE-2011-2980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980
[ 318 ] CVE-2011-2981
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981
[ 319 ] CVE-2011-2982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982
[ 320 ] CVE-2011-2983
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983
[ 321 ] CVE-2011-2984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984
[ 322 ] CVE-2011-2985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985
[ 323 ] CVE-2011-2986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986
[ 324 ] CVE-2011-2987
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987
[ 325 ] CVE-2011-2988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988
[ 326 ] CVE-2011-2989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989
[ 327 ] CVE-2011-2990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990
[ 328 ] CVE-2011-2991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991
[ 329 ] CVE-2011-2993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993
[ 330 ] CVE-2011-2995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995
[ 331 ] CVE-2011-2996
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996
[ 332 ] CVE-2011-2997
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997
[ 333 ] CVE-2011-2998
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998
[ 334 ] CVE-2011-2999
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999
[ 335 ] CVE-2011-3000
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000
[ 336 ] CVE-2011-3001
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001
[ 337 ] CVE-2011-3002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002
[ 338 ] CVE-2011-3003
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003
[ 339 ] CVE-2011-3004
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004
[ 340 ] CVE-2011-3005
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005
[ 341 ] CVE-2011-3026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026
[ 342 ] CVE-2011-3062
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062
[ 343 ] CVE-2011-3232
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232
[ 344 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 345 ] CVE-2011-3640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640
[ 346 ] CVE-2011-3647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647
[ 347 ] CVE-2011-3648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648
[ 348 ] CVE-2011-3649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649
[ 349 ] CVE-2011-3650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650
[ 350 ] CVE-2011-3651
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651
[ 351 ] CVE-2011-3652
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652
[ 352 ] CVE-2011-3653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653
[ 353 ] CVE-2011-3654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654
[ 354 ] CVE-2011-3655
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655
[ 355 ] CVE-2011-3658
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658
[ 356 ] CVE-2011-3659
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659
[ 357 ] CVE-2011-3660
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660
[ 358 ] CVE-2011-3661
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661
[ 359 ] CVE-2011-3663
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663
[ 360 ] CVE-2011-3665
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665
[ 361 ] CVE-2011-3670
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670
[ 362 ] CVE-2011-3866
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866
[ 363 ] CVE-2011-4688
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688
[ 364 ] CVE-2012-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441
[ 365 ] CVE-2012-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442
[ 366 ] CVE-2012-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443
[ 367 ] CVE-2012-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444
[ 368 ] CVE-2012-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445
[ 369 ] CVE-2012-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446
[ 370 ] CVE-2012-0447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447
[ 371 ] CVE-2012-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449
[ 372 ] CVE-2012-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450
[ 373 ] CVE-2012-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451
[ 374 ] CVE-2012-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452
[ 375 ] CVE-2012-0455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455
[ 376 ] CVE-2012-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456
[ 377 ] CVE-2012-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457
[ 378 ] CVE-2012-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458
[ 379 ] CVE-2012-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459
[ 380 ] CVE-2012-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460
[ 381 ] CVE-2012-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461
[ 382 ] CVE-2012-0462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462
[ 383 ] CVE-2012-0463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463
[ 384 ] CVE-2012-0464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464
[ 385 ] CVE-2012-0467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467
[ 386 ] CVE-2012-0468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468
[ 387 ] CVE-2012-0469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469
[ 388 ] CVE-2012-0470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470
[ 389 ] CVE-2012-0471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471
[ 390 ] CVE-2012-0473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473
[ 391 ] CVE-2012-0474
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474
[ 392 ] CVE-2012-0475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475
[ 393 ] CVE-2012-0477
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477
[ 394 ] CVE-2012-0478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478
[ 395 ] CVE-2012-0479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479
[ 396 ] CVE-2012-1937
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937
[ 397 ] CVE-2012-1938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938
[ 398 ] CVE-2012-1939
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939
[ 399 ] CVE-2012-1940
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940
[ 400 ] CVE-2012-1941
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941
[ 401 ] CVE-2012-1945
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945
[ 402 ] CVE-2012-1946
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946
[ 403 ] CVE-2012-1947
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947
[ 404 ] CVE-2012-1948
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948
[ 405 ] CVE-2012-1949
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949
[ 406 ] CVE-2012-1950
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950
[ 407 ] CVE-2012-1951
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951
[ 408 ] CVE-2012-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952
[ 409 ] CVE-2012-1953
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953
[ 410 ] CVE-2012-1954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954
[ 411 ] CVE-2012-1955
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955
[ 412 ] CVE-2012-1956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956
[ 413 ] CVE-2012-1957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957
[ 414 ] CVE-2012-1958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958
[ 415 ] CVE-2012-1959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959
[ 416 ] CVE-2012-1960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960
[ 417 ] CVE-2012-1961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961
[ 418 ] CVE-2012-1962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962
[ 419 ] CVE-2012-1963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963
[ 420 ] CVE-2012-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964
[ 421 ] CVE-2012-1965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965
[ 422 ] CVE-2012-1966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966
[ 423 ] CVE-2012-1967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967
[ 424 ] CVE-2012-1970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970
[ 425 ] CVE-2012-1971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971
[ 426 ] CVE-2012-1972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972
[ 427 ] CVE-2012-1973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973
[ 428 ] CVE-2012-1974
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974
[ 429 ] CVE-2012-1975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975
[ 430 ] CVE-2012-1976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976
[ 431 ] CVE-2012-1994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994
[ 432 ] CVE-2012-3956
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956
[ 433 ] CVE-2012-3957
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957
[ 434 ] CVE-2012-3958
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958
[ 435 ] CVE-2012-3959
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959
[ 436 ] CVE-2012-3960
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960
[ 437 ] CVE-2012-3961
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961
[ 438 ] CVE-2012-3962
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962
[ 439 ] CVE-2012-3963
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963
[ 440 ] CVE-2012-3964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964
[ 441 ] CVE-2012-3965
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965
[ 442 ] CVE-2012-3966
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966
[ 443 ] CVE-2012-3967
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967
[ 444 ] CVE-2012-3968
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968
[ 445 ] CVE-2012-3969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969
[ 446 ] CVE-2012-3970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970
[ 447 ] CVE-2012-3971
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971
[ 448 ] CVE-2012-3972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972
[ 449 ] CVE-2012-3973
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973
[ 450 ] CVE-2012-3975
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975
[ 451 ] CVE-2012-3976
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976
[ 452 ] CVE-2012-3977
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977
[ 453 ] CVE-2012-3978
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978
[ 454 ] CVE-2012-3980
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980
[ 455 ] CVE-2012-3982
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982
[ 456 ] CVE-2012-3984
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984
[ 457 ] CVE-2012-3985
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985
[ 458 ] CVE-2012-3986
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986
[ 459 ] CVE-2012-3988
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988
[ 460 ] CVE-2012-3989
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989
[ 461 ] CVE-2012-3990
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990
[ 462 ] CVE-2012-3991
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991
[ 463 ] CVE-2012-3992
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992
[ 464 ] CVE-2012-3993
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993
[ 465 ] CVE-2012-3994
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994
[ 466 ] CVE-2012-3995
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995
[ 467 ] CVE-2012-4179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179
[ 468 ] CVE-2012-4180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180
[ 469 ] CVE-2012-4181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181
[ 470 ] CVE-2012-4182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182
[ 471 ] CVE-2012-4183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183
[ 472 ] CVE-2012-4184
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184
[ 473 ] CVE-2012-4185
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185
[ 474 ] CVE-2012-4186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186
[ 475 ] CVE-2012-4187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187
[ 476 ] CVE-2012-4188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188
[ 477 ] CVE-2012-4190
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190
[ 478 ] CVE-2012-4191
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191
[ 479 ] CVE-2012-4192
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192
[ 480 ] CVE-2012-4193
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193
[ 481 ] CVE-2012-4194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194
[ 482 ] CVE-2012-4195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195
[ 483 ] CVE-2012-4196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196
[ 484 ] CVE-2012-4201
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201
[ 485 ] CVE-2012-4202
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202
[ 486 ] CVE-2012-4204
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204
[ 487 ] CVE-2012-4205
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205
[ 488 ] CVE-2012-4206
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206
[ 489 ] CVE-2012-4207
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207
[ 490 ] CVE-2012-4208
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208
[ 491 ] CVE-2012-4209
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209
[ 492 ] CVE-2012-4210
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210
[ 493 ] CVE-2012-4212
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212
[ 494 ] CVE-2012-4215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215
[ 495 ] CVE-2012-4216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216
[ 496 ] CVE-2012-5354
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354
[ 497 ] CVE-2012-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829
[ 498 ] CVE-2012-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830
[ 499 ] CVE-2012-5833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833
[ 500 ] CVE-2012-5835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835
[ 501 ] CVE-2012-5836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836
[ 502 ] CVE-2012-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838
[ 503 ] CVE-2012-5839
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839
[ 504 ] CVE-2012-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840
[ 505 ] CVE-2012-5841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841
[ 506 ] CVE-2012-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842
[ 507 ] CVE-2012-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843
[ 508 ] Firefox Blocking Fraudulent Certificates
http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c=
ertificates/
[ 509 ] Mozilla Foundation Security Advisory 2011-11
http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
[ 510 ] Mozilla Foundation Security Advisory 2011-34
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201301-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Description:
XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine. Description:
SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC
chat client, and HTML editor. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and
Security Update 2012-004
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update
2012-004 are now available and address the following:
Apache
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4
Impact: Multiple vulnerabilities in Apache
Description: Apache is updated to version 2.2.22 to address several
vulnerabilities, the most serious of which may lead to a denial of
service. Further information is available via the Apache web site at
http://httpd.apache.org/. This issue does not affect OS X Mountain
Lion systems.
CVE-ID
CVE-2011-3368
CVE-2011-3607
CVE-2011-4317
CVE-2012-0021
CVE-2012-0031
CVE-2012-0053
BIND
Available for: OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4
Impact: A remote attacker may be able to cause a denial of service
in systems configured to run BIND as a DNS nameserver
Description: A reachable assertion issue existed in the handling of
DNS records.
This issue does not affect OS X Mountain Lion systems.
CVE-ID
CVE-2011-4313
BIND
Available for: OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4,
OS X Mountain Lion v10.8 and v10.8.1
Impact: A remote attacker may be able to cause a denial of service,
data corruption, or obtain sensitive information from process memory
in systems configured to run BIND as a DNS nameserver
Description: A memory management issue existed in the handling of
DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on
OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. This issue does
not affect Mac OS X v10.6 or OS X Mountain Lion systems.
CVE-ID
CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation
Data Security
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,
OS X Mountain Lion v10.8 and v10.8.1
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update adds the
involved sub-CA certificate to OS X's list of untrusted certificates.
This issue does not affect OS X Lion and Mountain Lion systems. These issues do not affect OS X Mountain
Lion systems. This issue does not affect OS X Mountain Lion
systems.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
Installer
Available for: OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4
Impact: Remote admins and persons with physical access to the system
may obtain account information
Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented
user passwords from being recorded in the system log, but did not
remove the old log entries. This issue does not affect Mac OS X
10.6 or OS X Mountain Lion systems. This issue does not affect OS X Mountain Lion systems.
CVE-ID
CVE-2011-4599
Kernel
Available for: OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4
Impact: A malicious program could bypass sandbox restrictions
Description: A logic issue existed in the handling of debug system
calls. This may allow a malicious program to gain code execution in
other programs with the same user privileges. This issue does not affect OS X Mountain Lion systems.
CVE-ID
CVE-2012-0643 : iOS Jailbreak Dream Team
LoginWindow
Available for: OS X Mountain Lion v10.8 and v10.8.1
Impact: A local user may be able to obtain other user's login
passwords
Description: A user-installed input method could intercept password
keystrokes from Login Window or Screen Saver Unlock.
CVE-ID
CVE-2012-3718 : An anonymous researcher
Mail
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4
Impact: Viewing an e-mail message may lead to execution of web
plugins
Description: An input validation issue existed in Mail's handling of
embedded web plugins. This issue does not affect OS X Mountain Lion
systems.
CVE-ID
CVE-2012-3719 : Will Dormann of the CERT/CC
Mobile Accounts
Available for: OS X Mountain Lion v10.8 and v10.8.1
Impact: A user with access to the contents of a mobile account may
obtain the account password
Description: Creating a mobile account saved a hash of the password
in the account, which was used to login when the mobile account was
used as an external account. The password hash could be used to
determine the user's password. This issue was addressed by creating
the password hash only if external accounts are enabled on the system
where the mobile account is created.
CVE-ID
CVE-2012-3720 : Harald Wagener of Google, Inc.
PHP
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4,
OS X Mountain Lion v10.8 and v10.8.1
Impact: Multiple vulnerabilities in PHP
Description: >PHP is updated to version 5.3.15 to address multiple
vulnerabilities, the most serious of which may lead to arbitrary code
execution. This issue does not affect OS X Mountain Lion
systems.
CVE-ID
CVE-2011-3048
Profile Manager
Available for: OS X Lion Server v10.7 to v10.7.4
Impact: An unauthenticated user could enumerate managed devices
Description: An authentication issue existed in the Device
Management private interface. This issue does not affect OS X Mountain Lion
systems. This issue does not affect OS X Mountain Lion systems. This issue does not affect OS X Mountain Lion systems. This issue does not affect OS X
Mountain Lion systems. This issue does not affect OS X Mountain Lion systems.
CVE-ID
CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative
Ruby
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.
The Ruby OpenSSL module disabled the 'empty fragment' countermeasure
which prevented these attacks. This issue does not affect OS X Mountain Lion
systems. This issue does not
affect OS X Mountain Lion systems.
CVE-ID
CVE-2012-3723 : Andy Davis of NGS Secure
Note: OS X Mountain Lion v10.8.2 includes the content of
Safari 6.0.1. Only one is needed, either
OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update
2012-004.
For OS X Mountain Lion v10.8.1
The download file is named: OSXUpd10.8.2.dmg
Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33
For OS X Mountain Lion v10.8
The download file is named: OSXUpdCombo10.8.2.dmg
Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c
For OS X Lion v10.7.4
The download file is named: MacOSXUpd10.7.5.dmg
Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532
For OS X Lion v10.7 and v10.7.3
The download file is named: MacOSXUpdCombo10.7.5.dmg
Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b
For OS X Lion Server v10.7.4
The download file is named: MacOSXServerUpd10.7.5.dmg
Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a
For OS X Lion Server v10.7 and v10.7.3
The download file is named: MacOSXServerUpdCombo10.7.5.dmg
Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e
For Mac OS X v10.6.8
The download file is named: SecUpd2012-004.dmg
Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7
For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2012-004.dmg
Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e
Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW
pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE
DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO
QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n
7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm
7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO
BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5
w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3
+9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK
q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2
xyBfrQfG/dsif6jGHaot
=8joH
-----END PGP SIGNATURE-----
. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
| VAR-201202-0132 | CVE-2011-3021 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 18, 2012
Bugs: #402841, #404067
ID: 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 17.0.963.56 >= 17.0.963.56
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
information leak (clipboard contents), bypass of the Same Origin
Policy, or escape from NativeClient's sandbox.
A remote attacker could also entice the user to perform a set of UI
actions (drag and drop) to trigger an URL bar spoofing vulnerability.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56"
References
==========
[ 1 ] CVE-2011-3016
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016
[ 2 ] CVE-2011-3017
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017
[ 3 ] CVE-2011-3018
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018
[ 4 ] CVE-2011-3019
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019
[ 5 ] CVE-2011-3020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020
[ 6 ] CVE-2011-3021
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021
[ 7 ] CVE-2011-3022
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022
[ 8 ] CVE-2011-3023
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023
[ 9 ] CVE-2011-3024
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024
[ 10 ] CVE-2011-3025
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025
[ 11 ] CVE-2011-3027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027
[ 12 ] CVE-2011-3953
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953
[ 13 ] CVE-2011-3954
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954
[ 14 ] CVE-2011-3955
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955
[ 15 ] CVE-2011-3956
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956
[ 16 ] CVE-2011-3957
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957
[ 17 ] CVE-2011-3958
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958
[ 18 ] CVE-2011-3959
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959
[ 19 ] CVE-2011-3960
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960
[ 20 ] CVE-2011-3961
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961
[ 21 ] CVE-2011-3962
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962
[ 22 ] CVE-2011-3963
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963
[ 23 ] CVE-2011-3964
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964
[ 24 ] CVE-2011-3965
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965
[ 25 ] CVE-2011-3966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966
[ 26 ] CVE-2011-3967
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967
[ 27 ] CVE-2011-3968
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968
[ 28 ] CVE-2011-3969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969
[ 29 ] CVE-2011-3970
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970
[ 30 ] CVE-2011-3971
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971
[ 31 ] CVE-2011-3972
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972
[ 32 ] Release Notes 17.0.963.46
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht=
ml
[ 33 ] Release Notes 17.0.963.56
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm=
l
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48016
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
RELEASE DATE:
2012-02-16
DISCUSS ADVISORY:
http://secunia.com/advisories/48016/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48016/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to compromise a user's system.
1) An integer overflow error exists in PDF codecs.
2) A use-after-free error exists within counter nodes.
4) An error within path rendering can be exploited to cause a
heap-based buffer overflow.
5) An error within MKV handling can be exploited to cause a
heap-based buffer overflow.
6) An unspecified error exists within native client validator.
7) A use-after-free error exists in subframe loading.
8) An unspecified error exists when using HTTP for a translation
script.
9) A use-after-free error exists when performing drag and drop.
10) An error when parsing H.264 content can be exploited to cause an
out-of-bounds read.
11) An integer overflow and integer truncation error exists in
libpng.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1, 5) scarybeasts, Google Chrome Security Team
2, 3, 12) miaubiz
4) Aki Helin, OUSPG
5) Mateusz Jurczyk, Google Security Team
6) Nick Bray, Chromium development community
7) Arthur Gerkis
8) Jorge Obes, Google Chrome Security Team
9) pa_kt
10) Slawomir Blazek
11) Juri Aedla
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
-----END PGP SIGNATURE-----
| VAR-201202-0138 | CVE-2011-3027 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from incorrectly performing conversions of unspecified variables during column processing. This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 18, 2012
Bugs: #402841, #404067
ID: 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 17.0.963.56 >= 17.0.963.56
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
information leak (clipboard contents), bypass of the Same Origin
Policy, or escape from NativeClient's sandbox.
A remote attacker could also entice the user to perform a set of UI
actions (drag and drop) to trigger an URL bar spoofing vulnerability.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56"
References
==========
[ 1 ] CVE-2011-3016
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016
[ 2 ] CVE-2011-3017
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017
[ 3 ] CVE-2011-3018
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018
[ 4 ] CVE-2011-3019
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019
[ 5 ] CVE-2011-3020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020
[ 6 ] CVE-2011-3021
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021
[ 7 ] CVE-2011-3022
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022
[ 8 ] CVE-2011-3023
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023
[ 9 ] CVE-2011-3024
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024
[ 10 ] CVE-2011-3025
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025
[ 11 ] CVE-2011-3027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027
[ 12 ] CVE-2011-3953
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953
[ 13 ] CVE-2011-3954
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954
[ 14 ] CVE-2011-3955
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955
[ 15 ] CVE-2011-3956
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956
[ 16 ] CVE-2011-3957
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957
[ 17 ] CVE-2011-3958
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958
[ 18 ] CVE-2011-3959
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959
[ 19 ] CVE-2011-3960
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960
[ 20 ] CVE-2011-3961
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961
[ 21 ] CVE-2011-3962
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962
[ 22 ] CVE-2011-3963
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963
[ 23 ] CVE-2011-3964
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964
[ 24 ] CVE-2011-3965
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965
[ 25 ] CVE-2011-3966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966
[ 26 ] CVE-2011-3967
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967
[ 27 ] CVE-2011-3968
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968
[ 28 ] CVE-2011-3969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969
[ 29 ] CVE-2011-3970
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970
[ 30 ] CVE-2011-3971
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971
[ 31 ] CVE-2011-3972
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972
[ 32 ] Release Notes 17.0.963.46
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht=
ml
[ 33 ] Release Notes 17.0.963.56
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm=
l
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48016
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
RELEASE DATE:
2012-02-16
DISCUSS ADVISORY:
http://secunia.com/advisories/48016/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48016/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to compromise a user's system.
1) An integer overflow error exists in PDF codecs.
2) A use-after-free error exists within counter nodes.
4) An error within path rendering can be exploited to cause a
heap-based buffer overflow.
5) An error within MKV handling can be exploited to cause a
heap-based buffer overflow.
6) An unspecified error exists within native client validator.
7) A use-after-free error exists in subframe loading.
8) An unspecified error exists when using HTTP for a translation
script.
9) A use-after-free error exists when performing drag and drop.
10) An error when parsing H.264 content can be exploited to cause an
out-of-bounds read.
11) An integer overflow and integer truncation error exists in
libpng.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1, 5) scarybeasts, Google Chrome Security Team
2, 3, 12) miaubiz
4) Aki Helin, OUSPG
5) Mateusz Jurczyk, Google Security Team
6) Nick Bray, Chromium development community
7) Arthur Gerkis
8) Jorge Obes, Google Chrome Security Team
9) pa_kt
10) Slawomir Blazek
11) Juri Aedla
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
-----END PGP SIGNATURE-----
| VAR-201202-0127 | CVE-2011-3016 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. Google Chrome There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) May be affected or unknown in detail.
Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible.
Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: February 18, 2012
Bugs: #402841, #404067
ID: 201202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 17.0.963.56 >= 17.0.963.56
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
information leak (clipboard contents), bypass of the Same Origin
Policy, or escape from NativeClient's sandbox.
A remote attacker could also entice the user to perform a set of UI
actions (drag and drop) to trigger an URL bar spoofing vulnerability.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56"
References
==========
[ 1 ] CVE-2011-3016
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016
[ 2 ] CVE-2011-3017
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017
[ 3 ] CVE-2011-3018
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018
[ 4 ] CVE-2011-3019
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019
[ 5 ] CVE-2011-3020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020
[ 6 ] CVE-2011-3021
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021
[ 7 ] CVE-2011-3022
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022
[ 8 ] CVE-2011-3023
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023
[ 9 ] CVE-2011-3024
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024
[ 10 ] CVE-2011-3025
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025
[ 11 ] CVE-2011-3027
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027
[ 12 ] CVE-2011-3953
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953
[ 13 ] CVE-2011-3954
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954
[ 14 ] CVE-2011-3955
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955
[ 15 ] CVE-2011-3956
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956
[ 16 ] CVE-2011-3957
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957
[ 17 ] CVE-2011-3958
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958
[ 18 ] CVE-2011-3959
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959
[ 19 ] CVE-2011-3960
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960
[ 20 ] CVE-2011-3961
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961
[ 21 ] CVE-2011-3962
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962
[ 22 ] CVE-2011-3963
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963
[ 23 ] CVE-2011-3964
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964
[ 24 ] CVE-2011-3965
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965
[ 25 ] CVE-2011-3966
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966
[ 26 ] CVE-2011-3967
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967
[ 27 ] CVE-2011-3968
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968
[ 28 ] CVE-2011-3969
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969
[ 29 ] CVE-2011-3970
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970
[ 30 ] CVE-2011-3971
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971
[ 31 ] CVE-2011-3972
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972
[ 32 ] Release Notes 17.0.963.46
http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht=
ml
[ 33 ] Release Notes 17.0.963.56
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm=
l
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201202-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48016
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48016/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
RELEASE DATE:
2012-02-16
DISCUSS ADVISORY:
http://secunia.com/advisories/48016/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48016/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48016
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome, where
some have an unknown impact and others can be exploited by malicious
people to compromise a user's system.
1) An integer overflow error exists in PDF codecs.
2) A use-after-free error exists within counter nodes.
4) An error within path rendering can be exploited to cause a
heap-based buffer overflow.
5) An error within MKV handling can be exploited to cause a
heap-based buffer overflow.
6) An unspecified error exists within native client validator.
7) A use-after-free error exists in subframe loading.
8) An unspecified error exists when using HTTP for a translation
script.
9) A use-after-free error exists when performing drag and drop.
10) An error when parsing H.264 content can be exploited to cause an
out-of-bounds read.
11) An integer overflow and integer truncation error exists in
libpng.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1, 5) scarybeasts, Google Chrome Security Team
2, 3, 12) miaubiz
4) Aki Helin, OUSPG
5) Mateusz Jurczyk, Google Security Team
6) Nick Bray, Chromium development community
7) Arthur Gerkis
8) Jorge Obes, Google Chrome Security Team
9) pa_kt
10) Slawomir Blazek
11) Juri Aedla
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
-----END PGP SIGNATURE-----
| VAR-201202-0072 | CVE-2012-0503 | Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the 'I18n' sub-component.
This vulnerability affects the following supported versions:
7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and
Java for Mac OS X 10.6 Update 7
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now
available and addresses the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_31.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2011-3563
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667
For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx
VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh
7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc
Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA
wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd
V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=
=Pf96
-----END PGP SIGNATURE-----
.
Release Date: 2012-03-26
Last Updated: 2012-04-02
------------------------------------------------------------------------------
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities.
The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.14 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
===========
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.14.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 March 2012 Initial release
Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update
Advisory ID: RHSA-2012:0514-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0514.html
Issue date: 2012-04-24
CVE Names: CVE-2011-3563 CVE-2011-5035 CVE-2012-0497
CVE-2012-0498 CVE-2012-0499 CVE-2012-0500
CVE-2012-0501 CVE-2012-0502 CVE-2012-0503
CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Detailed
vulnerability descriptions are linked from the IBM "Security alerts" page,
listed in the References section. (CVE-2011-3563, CVE-2011-5035,
CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,
CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java 6 SR10-FP1 release. All running instances
of IBM Java must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm
ppc:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.ppc.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.s390x.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.s390.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.i386.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.1.el5.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
ppc64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.s390.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.i686.rpm
java-1.6.0-ibm-devel-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.10.1-1jpp.5.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0497.html
https://www.redhat.com/security/data/cve/CVE-2012-0498.html
https://www.redhat.com/security/data/cve/CVE-2012-0499.html
https://www.redhat.com/security/data/cve/CVE-2012-0500.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://www.redhat.com/security/data/cve/CVE-2012-0507.html
https://access.redhat.com/security/updates/classification/#critical
http://www.ibm.com/developerworks/java/jdk/alerts/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPlw5rXlSAg2UNWIIRAldKAKC7OdjIpVAFu5MrW0lG1jFHFHzI9gCfWzbN
SE8HYoxhvF72EszgwBS3Iy8=
=WeNz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ============================================================================
Ubuntu Security Notice USN-1373-2
March 01, 2012
openjdk-6b18 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have
been fixed.
Software Description:
- openjdk-6b18: Open Source Java implementation
Details:
USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,
Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM
(armel). This provides the corresponding OpenJDK 6 update for use
with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10
and Ubuntu 11.04.
Original advisory details:
It was discovered that the Java HttpServer class did not limit the
number of headers read from a HTTP request. A remote attacker could
cause a denial of service by sending special requests that trigger
hash collisions predictably. (CVE-2011-5035)
ATTENTION: this update changes previous Java HttpServer class behavior
by limiting the number of request headers to 200. This may be increased
by adjusting the sun.net.httpserver.maxReqHeaders property.
It was discovered that the Java Sound component did not properly
check buffer boundaries. A remote attacker could use this to cause
a denial of service or view confidential data. (CVE-2011-3563)
It was discovered that the Java2D implementation does not properly
check graphics rendering objects before passing them to the native
renderer. A remote attacker could use this to cause a denial of
service or to bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that an off-by-one error exists in the Java ZIP
file processing code. An attacker could us this to cause a denial of
service through a maliciously crafted ZIP file. (CVE-2012-0501)
It was discovered that the Java AWT KeyboardFocusManager did not
properly enforce keyboard focus security policy. A remote attacker
could use this with an untrusted application or applet to grab keyboard
focus and possibly expose confidential data. (CVE-2012-0502)
It was discovered that the Java TimeZone class did not properly enforce
security policy around setting the default time zone. A remote attacker
could use this with an untrusted application or applet to set a new
default time zone and bypass Java sandbox restrictions. (CVE-2012-0503)
It was discovered the Java ObjectStreamClass did not throw
an accurately identifiable exception when a deserialization
failure occurred. A remote attacker could use this with
an untrusted application or applet to bypass Java sandbox
restrictions. (CVE-2012-0505)
It was discovered that the Java CORBA implementation did not properly
protect repository identifiers on certain CORBA objects. A remote
attacker could use this to corrupt object data. (CVE-2012-0506)
It was discovered that the Java AtomicReferenceArray class
implementation did not properly check if an array was of
the expected Object[] type. A remote attacker could use this
with a malicious application or applet to bypass Java sandbox
restrictions. (CVE-2012-0507)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1
icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1
openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1
openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1
openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1
Ubuntu 10.10:
icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1
openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1
openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1
openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1
openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1
openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1
openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1
After a standard system update you need to restart any Java applications
or applets to make all the necessary changes. 6) - x86_64
3
| VAR-201202-0070 | CVE-2012-0501 | Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
The vulnerability can be exploited over multiple protocols. This issue affects the 'Java Runtime Environment' sub-component.
This vulnerability affects the following supported versions:
7 Update 2, 6 Update 30, 5.0 Update 33. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and
Java for Mac OS X 10.6 Update 7
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now
available and addresses the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
OS X Lion v10.7.3, OS X Lion Server v10.7.3
Impact: Multiple vulnerabilities in Java 1.6.0_29
Description: Multiple vulnerabilities exist in Java 1.6.0_29, the
most serious of which may allow an untrusted Java applet to execute
arbitrary code outside the Java sandbox. Visiting a web page
containing a maliciously crafted untrusted Java applet may lead to
arbitrary code execution with the privileges of the current user.
These issues are addressed by updating to Java version 1.6.0_31.
Further information is available via the Java website at http://www.o
racle.com/technetwork/java/javase/releasenotes-136954.html
CVE-ID
CVE-2011-3563
CVE-2011-5035
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0500
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
may be obtained from the Software Update pane in System Preferences,
or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems
The download file is named: JavaForMacOSX10.6.dmg
Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667
For OS X Lion systems
The download file is named: JavaForOSX.dmg
Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx
VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh
7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc
Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA
wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd
V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=
=Pf96
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Low: Red Hat Network Satellite server IBM Java Runtime security update
Advisory ID: RHSA-2013:1455-01
Product: Red Hat Satellite
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1455.html
Issue date: 2013-10-23
CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862
CVE-2011-0863 CVE-2011-0865 CVE-2011-0867
CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
CVE-2011-0873 CVE-2011-3389 CVE-2011-3516
CVE-2011-3521 CVE-2011-3544 CVE-2011-3545
CVE-2011-3546 CVE-2011-3547 CVE-2011-3548
CVE-2011-3549 CVE-2011-3550 CVE-2011-3551
CVE-2011-3552 CVE-2011-3553 CVE-2011-3554
CVE-2011-3556 CVE-2011-3557 CVE-2011-3560
CVE-2011-3561 CVE-2011-3563 CVE-2011-5035
CVE-2012-0497 CVE-2012-0498 CVE-2012-0499
CVE-2012-0500 CVE-2012-0501 CVE-2012-0502
CVE-2012-0503 CVE-2012-0505 CVE-2012-0506
CVE-2012-0507 CVE-2012-0547 CVE-2012-0551
CVE-2012-1531 CVE-2012-1532 CVE-2012-1533
CVE-2012-1541 CVE-2012-1682 CVE-2012-1713
CVE-2012-1716 CVE-2012-1717 CVE-2012-1718
CVE-2012-1719 CVE-2012-1721 CVE-2012-1722
CVE-2012-1725 CVE-2012-3143 CVE-2012-3159
CVE-2012-3213 CVE-2012-3216 CVE-2012-3342
CVE-2012-4820 CVE-2012-4822 CVE-2012-4823
CVE-2012-5068 CVE-2012-5069 CVE-2012-5071
CVE-2012-5072 CVE-2012-5073 CVE-2012-5075
CVE-2012-5079 CVE-2012-5081 CVE-2012-5083
CVE-2012-5084 CVE-2012-5089 CVE-2013-0169
CVE-2013-0351 CVE-2013-0401 CVE-2013-0409
CVE-2013-0419 CVE-2013-0423 CVE-2013-0424
CVE-2013-0425 CVE-2013-0426 CVE-2013-0427
CVE-2013-0428 CVE-2013-0432 CVE-2013-0433
CVE-2013-0434 CVE-2013-0435 CVE-2013-0438
CVE-2013-0440 CVE-2013-0441 CVE-2013-0442
CVE-2013-0443 CVE-2013-0445 CVE-2013-0446
CVE-2013-0450 CVE-2013-0809 CVE-2013-1473
CVE-2013-1476 CVE-2013-1478 CVE-2013-1480
CVE-2013-1481 CVE-2013-1486 CVE-2013-1487
CVE-2013-1491 CVE-2013-1493 CVE-2013-1500
CVE-2013-1537 CVE-2013-1540 CVE-2013-1557
CVE-2013-1563 CVE-2013-1569 CVE-2013-1571
CVE-2013-2383 CVE-2013-2384 CVE-2013-2394
CVE-2013-2407 CVE-2013-2412 CVE-2013-2417
CVE-2013-2418 CVE-2013-2419 CVE-2013-2420
CVE-2013-2422 CVE-2013-2424 CVE-2013-2429
CVE-2013-2430 CVE-2013-2432 CVE-2013-2433
CVE-2013-2435 CVE-2013-2437 CVE-2013-2440
CVE-2013-2442 CVE-2013-2443 CVE-2013-2444
CVE-2013-2446 CVE-2013-2447 CVE-2013-2448
CVE-2013-2450 CVE-2013-2451 CVE-2013-2452
CVE-2013-2453 CVE-2013-2454 CVE-2013-2455
CVE-2013-2456 CVE-2013-2457 CVE-2013-2459
CVE-2013-2463 CVE-2013-2464 CVE-2013-2465
CVE-2013-2466 CVE-2013-2468 CVE-2013-2469
CVE-2013-2470 CVE-2013-2471 CVE-2013-2472
CVE-2013-2473 CVE-2013-3743
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Network Satellite Server 5.4.
The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Satellite 5.4 (RHEL v.5) - i386, s390x, x86_64
Red Hat Satellite 5.4 (RHEL v.6) - s390x, x86_64
3. Description:
This update corrects several security vulnerabilities in the IBM Java
Runtime Environment shipped as part of Red Hat Network Satellite Server
5.4. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865,
CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873,
CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545,
CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550,
CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556,
CVE-2011-3557, CVE-2011-3560, CVE-2011-3561, CVE-2011-3563, CVE-2011-5035,
CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501,
CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507,
CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533,
CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717,
CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725,
CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342,
CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069,
CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5079,
CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089, CVE-2013-0169,
CVE-2013-0351, CVE-2013-0401, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423,
CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428,
CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0438,
CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445,
CVE-2013-0446, CVE-2013-0450, CVE-2013-0809, CVE-2013-1473, CVE-2013-1476,
CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1487,
CVE-2013-1491, CVE-2013-1493, CVE-2013-1500, CVE-2013-1537, CVE-2013-1540,
CVE-2013-1557, CVE-2013-1563, CVE-2013-1569, CVE-2013-1571, CVE-2013-2383,
CVE-2013-2384, CVE-2013-2394, CVE-2013-2407, CVE-2013-2412, CVE-2013-2417,
CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2422, CVE-2013-2424,
CVE-2013-2429, CVE-2013-2430, CVE-2013-2432, CVE-2013-2433, CVE-2013-2435,
CVE-2013-2437, CVE-2013-2440, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444,
CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451,
CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456,
CVE-2013-2457, CVE-2013-2459, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743)
Users of Red Hat Network Satellite Server 5.4 are advised to upgrade to
these updated packages, which contain the IBM Java SE 6 SR14 release. For
this update to take effect, Red Hat Network Satellite Server must be
restarted ("/usr/sbin/rhn-satellite restart"), as well as all running
instances of IBM Java.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
711675 - CVE-2011-0873 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (2D)
711676 - CVE-2011-0863 Oracle/IBM JDK: unspecified vulnerability fixed in 6u26 (Deployment)
711677 - CVE-2011-0802 CVE-2011-0814 Oracle/IBM JDK: unspecified vulnerabilities fixed in 6u26 (Sound)
737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417)
745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)
745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902)
745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857)
745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466)
745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012)
745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794)
747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound)
747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing)
747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT)
747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2012-0507 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment)
829358 - CVE-2012-1717 OpenJDK: insecure temporary file permissions (JRE, 7143606)
829360 - CVE-2012-1716 OpenJDK: SynthLookAndFeel application context bypass (Swing, 7143614)
829361 - CVE-2012-1713 OpenJDK: fontmanager layout lookup code memory corruption (2D, 7143617)
829371 - CVE-2012-1719 OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
829372 - CVE-2012-1718 OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
829376 - CVE-2012-1725 OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
831353 - CVE-2012-1721 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831354 - CVE-2012-1722 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
831355 - CVE-2012-0551 Oracle JDK: unspecified vulnerability fixed in 6u33 and 7u5 (Deployment)
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
859140 - CVE-2013-0440 OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
906813 - CVE-2013-0424 OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
906892 - CVE-2013-0435 OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
906894 - CVE-2013-1478 OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)
906899 - CVE-2013-0442 OpenJDK: insufficient privilege checking issue (AWT, 7192977)
906900 - CVE-2013-0445 OpenJDK: insufficient privilege checking issue (AWT, 8001057)
906904 - CVE-2013-1480 OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)
906911 - CVE-2013-0450 OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
906914 - CVE-2012-1541 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906916 - CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906917 - CVE-2012-3342 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906918 - CVE-2013-0419 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906921 - CVE-2013-0423 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906923 - CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906933 - CVE-2013-1473 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
906935 - CVE-2013-0438 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
907207 - CVE-2013-0428 OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
907219 - CVE-2013-0432 OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
907223 - CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)
907224 - CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)
907226 - CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
907340 - CVE-2013-0443 OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
907344 - CVE-2013-0425 OpenJDK: logging insufficient access control checks (Libraries, 6664509)
907346 - CVE-2013-0426 OpenJDK: logging insufficient access control checks (Libraries, 6664528)
907453 - CVE-2013-0434 OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
907455 - CVE-2013-0427 OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
907456 - CVE-2013-0433 OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
907457 - CVE-2013-1476 OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
907458 - CVE-2013-0441 OpenJDK: missing serialization restriction (CORBA, 7201066)
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)
913014 - CVE-2013-1486 OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
913030 - CVE-2013-1487 Oracle JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
917550 - CVE-2013-0809 OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
917553 - CVE-2013-1493 OpenJDK: CMM malformed raster memory corruption (2D, 8007675)
920245 - CVE-2013-0401 OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)
920248 - CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)
952387 - CVE-2013-1537 OpenJDK: remote code loading enabled by default (RMI, 8001040)
952509 - CVE-2013-2424 OpenJDK: MBeanInstantiator insufficient class access checks (JMX, 8006435)
952521 - CVE-2013-2429 OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
952524 - CVE-2013-2430 OpenJDK: JPEGImageReader state corruption (ImageIO, 8007667)
952638 - CVE-2013-2420 OpenJDK: image processing vulnerability (2D, 8007617)
952642 - CVE-2013-2422 OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
952648 - CVE-2013-1557 OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)
952656 - CVE-2013-2419 ICU: Layout Engine font processing errors (JDK 2D, 8001031)
952657 - CVE-2013-2417 OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
952708 - CVE-2013-2383 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004986)
952709 - CVE-2013-2384 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004987)
952711 - CVE-2013-1569 ICU: Layout Engine font layout and glyph table errors (JDK 2D, 8004994)
953166 - CVE-2013-1540 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953172 - CVE-2013-1563 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Install)
953265 - CVE-2013-2394 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953267 - CVE-2013-2418 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953269 - CVE-2013-2432 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
953270 - CVE-2013-2433 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953273 - CVE-2013-2435 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
953275 - CVE-2013-2440 Oracle JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
973474 - CVE-2013-1571 OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
975099 - CVE-2013-2470 OpenJDK: ImagingLib byte lookup processing (2D, 8011243)
975102 - CVE-2013-2471 OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)
975107 - CVE-2013-2472 OpenJDK: Incorrect ShortBandedRaster size checks (2D, 8011253)
975110 - CVE-2013-2473 OpenJDK: Incorrect ByteBandedRaster size checks (2D, 8011257)
975115 - CVE-2013-2463 OpenJDK: Incorrect image attribute verification (2D, 8012438)
975118 - CVE-2013-2465 OpenJDK: Incorrect image channel verification (2D, 8012597)
975120 - CVE-2013-2469 OpenJDK: Incorrect image layout verification (2D, 8012601)
975121 - CVE-2013-2459 OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
975125 - CVE-2013-2448 OpenJDK: Better access restrictions (Sound, 8006328)
975127 - CVE-2013-2407 OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)
975129 - CVE-2013-2454 OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
975131 - CVE-2013-2444 OpenJDK: Resource denial of service (AWT, 8001038)
975132 - CVE-2013-2446 OpenJDK: output stream access restrictions (CORBA, 8000642)
975133 - CVE-2013-2457 OpenJDK: Proper class checking (JMX, 8008120)
975134 - CVE-2013-2453 OpenJDK: MBeanServer Introspector package access (JMX, 8008124)
975137 - CVE-2013-2443 OpenJDK: AccessControlContext check order issue (Libraries, 8001330)
975138 - CVE-2013-2452 OpenJDK: Unique VMIDs (Libraries, 8001033)
975139 - CVE-2013-2455 OpenJDK: getEnclosing* checks (Libraries, 8007812)
975140 - CVE-2013-2447 OpenJDK: Prevent revealing the local address (Networking, 8001318)
975141 - CVE-2013-2450 OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)
975142 - CVE-2013-2456 OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)
975144 - CVE-2013-2412 OpenJDK: JConsole SSL support (Serviceability, 8003703)
975146 - CVE-2013-2451 OpenJDK: exclusive port binding (Networking, 7170730)
975148 - CVE-2013-1500 OpenJDK: Insecure shared memory permissions (2D, 8001034)
975757 - CVE-2013-2464 Oracle JDK: unspecified vulnerability fixed in 7u25 (2D)
975761 - CVE-2013-2468 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975764 - CVE-2013-2466 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975767 - CVE-2013-3743 Oracle JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)
975770 - CVE-2013-2442 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
975773 - CVE-2013-2437 Oracle JDK: unspecified vulnerability fixed in 7u25 (Deployment)
6. Package List:
Red Hat Satellite 5.4 (RHEL v.5):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.src.rpm
i386:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.i386.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el5_9.x86_64.rpm
Red Hat Satellite 5.4 (RHEL v.6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHNSAT/SRPMS/java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.src.rpm
s390x:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.14.0-1jpp.1.el6_4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-0802.html
https://www.redhat.com/security/data/cve/CVE-2011-0814.html
https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0863.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://www.redhat.com/security/data/cve/CVE-2011-0873.html
https://www.redhat.com/security/data/cve/CVE-2011-3389.html
https://www.redhat.com/security/data/cve/CVE-2011-3516.html
https://www.redhat.com/security/data/cve/CVE-2011-3521.html
https://www.redhat.com/security/data/cve/CVE-2011-3544.html
https://www.redhat.com/security/data/cve/CVE-2011-3545.html
https://www.redhat.com/security/data/cve/CVE-2011-3546.html
https://www.redhat.com/security/data/cve/CVE-2011-3547.html
https://www.redhat.com/security/data/cve/CVE-2011-3548.html
https://www.redhat.com/security/data/cve/CVE-2011-3549.html
https://www.redhat.com/security/data/cve/CVE-2011-3550.html
https://www.redhat.com/security/data/cve/CVE-2011-3551.html
https://www.redhat.com/security/data/cve/CVE-2011-3552.html
https://www.redhat.com/security/data/cve/CVE-2011-3553.html
https://www.redhat.com/security/data/cve/CVE-2011-3554.html
https://www.redhat.com/security/data/cve/CVE-2011-3556.html
https://www.redhat.com/security/data/cve/CVE-2011-3557.html
https://www.redhat.com/security/data/cve/CVE-2011-3560.html
https://www.redhat.com/security/data/cve/CVE-2011-3561.html
https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0497.html
https://www.redhat.com/security/data/cve/CVE-2012-0498.html
https://www.redhat.com/security/data/cve/CVE-2012-0499.html
https://www.redhat.com/security/data/cve/CVE-2012-0500.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://www.redhat.com/security/data/cve/CVE-2012-0507.html
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-0551.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-1541.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-1713.html
https://www.redhat.com/security/data/cve/CVE-2012-1716.html
https://www.redhat.com/security/data/cve/CVE-2012-1717.html
https://www.redhat.com/security/data/cve/CVE-2012-1718.html
https://www.redhat.com/security/data/cve/CVE-2012-1719.html
https://www.redhat.com/security/data/cve/CVE-2012-1721.html
https://www.redhat.com/security/data/cve/CVE-2012-1722.html
https://www.redhat.com/security/data/cve/CVE-2012-1725.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3213.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-3342.html
https://www.redhat.com/security/data/cve/CVE-2012-4820.html
https://www.redhat.com/security/data/cve/CVE-2012-4822.html
https://www.redhat.com/security/data/cve/CVE-2012-4823.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://www.redhat.com/security/data/cve/CVE-2013-0169.html
https://www.redhat.com/security/data/cve/CVE-2013-0351.html
https://www.redhat.com/security/data/cve/CVE-2013-0401.html
https://www.redhat.com/security/data/cve/CVE-2013-0409.html
https://www.redhat.com/security/data/cve/CVE-2013-0419.html
https://www.redhat.com/security/data/cve/CVE-2013-0423.html
https://www.redhat.com/security/data/cve/CVE-2013-0424.html
https://www.redhat.com/security/data/cve/CVE-2013-0425.html
https://www.redhat.com/security/data/cve/CVE-2013-0426.html
https://www.redhat.com/security/data/cve/CVE-2013-0427.html
https://www.redhat.com/security/data/cve/CVE-2013-0428.html
https://www.redhat.com/security/data/cve/CVE-2013-0432.html
https://www.redhat.com/security/data/cve/CVE-2013-0433.html
https://www.redhat.com/security/data/cve/CVE-2013-0434.html
https://www.redhat.com/security/data/cve/CVE-2013-0435.html
https://www.redhat.com/security/data/cve/CVE-2013-0438.html
https://www.redhat.com/security/data/cve/CVE-2013-0440.html
https://www.redhat.com/security/data/cve/CVE-2013-0441.html
https://www.redhat.com/security/data/cve/CVE-2013-0442.html
https://www.redhat.com/security/data/cve/CVE-2013-0443.html
https://www.redhat.com/security/data/cve/CVE-2013-0445.html
https://www.redhat.com/security/data/cve/CVE-2013-0446.html
https://www.redhat.com/security/data/cve/CVE-2013-0450.html
https://www.redhat.com/security/data/cve/CVE-2013-0809.html
https://www.redhat.com/security/data/cve/CVE-2013-1473.html
https://www.redhat.com/security/data/cve/CVE-2013-1476.html
https://www.redhat.com/security/data/cve/CVE-2013-1478.html
https://www.redhat.com/security/data/cve/CVE-2013-1480.html
https://www.redhat.com/security/data/cve/CVE-2013-1481.html
https://www.redhat.com/security/data/cve/CVE-2013-1486.html
https://www.redhat.com/security/data/cve/CVE-2013-1487.html
https://www.redhat.com/security/data/cve/CVE-2013-1491.html
https://www.redhat.com/security/data/cve/CVE-2013-1493.html
https://www.redhat.com/security/data/cve/CVE-2013-1500.html
https://www.redhat.com/security/data/cve/CVE-2013-1537.html
https://www.redhat.com/security/data/cve/CVE-2013-1540.html
https://www.redhat.com/security/data/cve/CVE-2013-1557.html
https://www.redhat.com/security/data/cve/CVE-2013-1563.html
https://www.redhat.com/security/data/cve/CVE-2013-1569.html
https://www.redhat.com/security/data/cve/CVE-2013-1571.html
https://www.redhat.com/security/data/cve/CVE-2013-2383.html
https://www.redhat.com/security/data/cve/CVE-2013-2384.html
https://www.redhat.com/security/data/cve/CVE-2013-2394.html
https://www.redhat.com/security/data/cve/CVE-2013-2407.html
https://www.redhat.com/security/data/cve/CVE-2013-2412.html
https://www.redhat.com/security/data/cve/CVE-2013-2417.html
https://www.redhat.com/security/data/cve/CVE-2013-2418.html
https://www.redhat.com/security/data/cve/CVE-2013-2419.html
https://www.redhat.com/security/data/cve/CVE-2013-2420.html
https://www.redhat.com/security/data/cve/CVE-2013-2422.html
https://www.redhat.com/security/data/cve/CVE-2013-2424.html
https://www.redhat.com/security/data/cve/CVE-2013-2429.html
https://www.redhat.com/security/data/cve/CVE-2013-2430.html
https://www.redhat.com/security/data/cve/CVE-2013-2432.html
https://www.redhat.com/security/data/cve/CVE-2013-2433.html
https://www.redhat.com/security/data/cve/CVE-2013-2435.html
https://www.redhat.com/security/data/cve/CVE-2013-2437.html
https://www.redhat.com/security/data/cve/CVE-2013-2440.html
https://www.redhat.com/security/data/cve/CVE-2013-2442.html
https://www.redhat.com/security/data/cve/CVE-2013-2443.html
https://www.redhat.com/security/data/cve/CVE-2013-2444.html
https://www.redhat.com/security/data/cve/CVE-2013-2446.html
https://www.redhat.com/security/data/cve/CVE-2013-2447.html
https://www.redhat.com/security/data/cve/CVE-2013-2448.html
https://www.redhat.com/security/data/cve/CVE-2013-2450.html
https://www.redhat.com/security/data/cve/CVE-2013-2451.html
https://www.redhat.com/security/data/cve/CVE-2013-2452.html
https://www.redhat.com/security/data/cve/CVE-2013-2453.html
https://www.redhat.com/security/data/cve/CVE-2013-2454.html
https://www.redhat.com/security/data/cve/CVE-2013-2455.html
https://www.redhat.com/security/data/cve/CVE-2013-2456.html
https://www.redhat.com/security/data/cve/CVE-2013-2457.html
https://www.redhat.com/security/data/cve/CVE-2013-2459.html
https://www.redhat.com/security/data/cve/CVE-2013-2463.html
https://www.redhat.com/security/data/cve/CVE-2013-2464.html
https://www.redhat.com/security/data/cve/CVE-2013-2465.html
https://www.redhat.com/security/data/cve/CVE-2013-2466.html
https://www.redhat.com/security/data/cve/CVE-2013-2468.html
https://www.redhat.com/security/data/cve/CVE-2013-2469.html
https://www.redhat.com/security/data/cve/CVE-2013-2470.html
https://www.redhat.com/security/data/cve/CVE-2013-2471.html
https://www.redhat.com/security/data/cve/CVE-2013-2472.html
https://www.redhat.com/security/data/cve/CVE-2013-2473.html
https://www.redhat.com/security/data/cve/CVE-2013-3743.html
https://access.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSZ/v5XlSAg2UNWIIRAsEBAKCkmjlhUy0YBafaRQhQiomriK+mYACfVSqy
yJ2NIMe3T4TlQKxpvQoCAIA=
=i9I6
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: IcedTea JDK: Multiple vulnerabilities
Date: June 29, 2014
Bugs: #312297, #330205, #340819, #346799, #352035, #353418,
#354231, #355127, #370787, #387637, #404095, #421031,
#429522, #433389, #438750, #442478, #457206, #458410,
#461714, #466822, #477210, #489570, #508270
ID: 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the IcedTea JDK, the worst
of which could lead to arbitrary code execution.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
===========
Multiple vulnerabilities have been discovered in the IcedTea JDK.
Please review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, obtain
sensitive information, bypass intended security policies, or have other
unspecified impact.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
==========
[ 1 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 2 ] CVE-2010-2548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548
[ 3 ] CVE-2010-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783
[ 4 ] CVE-2010-3541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541
[ 5 ] CVE-2010-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548
[ 6 ] CVE-2010-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549
[ 7 ] CVE-2010-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551
[ 8 ] CVE-2010-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553
[ 9 ] CVE-2010-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554
[ 10 ] CVE-2010-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557
[ 11 ] CVE-2010-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561
[ 12 ] CVE-2010-3562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562
[ 13 ] CVE-2010-3564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564
[ 14 ] CVE-2010-3565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565
[ 15 ] CVE-2010-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566
[ 16 ] CVE-2010-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567
[ 17 ] CVE-2010-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568
[ 18 ] CVE-2010-3569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569
[ 19 ] CVE-2010-3573
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573
[ 20 ] CVE-2010-3574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574
[ 21 ] CVE-2010-3860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860
[ 22 ] CVE-2010-4351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351
[ 23 ] CVE-2010-4448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448
[ 24 ] CVE-2010-4450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450
[ 25 ] CVE-2010-4465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465
[ 26 ] CVE-2010-4467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467
[ 27 ] CVE-2010-4469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469
[ 28 ] CVE-2010-4470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470
[ 29 ] CVE-2010-4471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471
[ 30 ] CVE-2010-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472
[ 31 ] CVE-2010-4476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476
[ 32 ] CVE-2011-0025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025
[ 33 ] CVE-2011-0706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706
[ 34 ] CVE-2011-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815
[ 35 ] CVE-2011-0822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822
[ 36 ] CVE-2011-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862
[ 37 ] CVE-2011-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864
[ 38 ] CVE-2011-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865
[ 39 ] CVE-2011-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868
[ 40 ] CVE-2011-0869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869
[ 41 ] CVE-2011-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870
[ 42 ] CVE-2011-0871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871
[ 43 ] CVE-2011-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872
[ 44 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 45 ] CVE-2011-3521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521
[ 46 ] CVE-2011-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544
[ 47 ] CVE-2011-3547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547
[ 48 ] CVE-2011-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548
[ 49 ] CVE-2011-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551
[ 50 ] CVE-2011-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552
[ 51 ] CVE-2011-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553
[ 52 ] CVE-2011-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554
[ 53 ] CVE-2011-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556
[ 54 ] CVE-2011-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557
[ 55 ] CVE-2011-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558
[ 56 ] CVE-2011-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560
[ 57 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 58 ] CVE-2011-3571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571
[ 59 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 60 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 61 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 62 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 63 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 64 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 65 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 66 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 67 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 68 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 69 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 70 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 71 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 72 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 73 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 74 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 75 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 76 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 77 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 78 ] CVE-2012-3422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422
[ 79 ] CVE-2012-3423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423
[ 80 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 81 ] CVE-2012-4540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540
[ 82 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 83 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 84 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 85 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 86 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 87 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 88 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 89 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 90 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 91 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 92 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 93 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 94 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 95 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 96 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 97 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 98 ] CVE-2012-5979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979
[ 99 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 100 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 101 ] CVE-2013-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424
[ 102 ] CVE-2013-0425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425
[ 103 ] CVE-2013-0426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426
[ 104 ] CVE-2013-0427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427
[ 105 ] CVE-2013-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428
[ 106 ] CVE-2013-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429
[ 107 ] CVE-2013-0431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431
[ 108 ] CVE-2013-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432
[ 109 ] CVE-2013-0433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433
[ 110 ] CVE-2013-0434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434
[ 111 ] CVE-2013-0435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435
[ 112 ] CVE-2013-0440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440
[ 113 ] CVE-2013-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441
[ 114 ] CVE-2013-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442
[ 115 ] CVE-2013-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443
[ 116 ] CVE-2013-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444
[ 117 ] CVE-2013-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450
[ 118 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 119 ] CVE-2013-1475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475
[ 120 ] CVE-2013-1476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476
[ 121 ] CVE-2013-1478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478
[ 122 ] CVE-2013-1480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480
[ 123 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 124 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 125 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 126 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 127 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 128 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 129 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 130 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 131 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 132 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 133 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 134 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 135 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 136 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 137 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 138 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 139 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 140 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 141 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 142 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 143 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 144 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 145 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 146 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 147 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 148 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 149 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 150 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 151 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 152 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 153 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 154 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 155 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 156 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 157 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 158 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 159 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 160 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 161 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 162 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 163 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 164 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 165 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 166 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 167 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 168 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 169 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 170 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 171 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 172 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 173 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 174 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 175 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 176 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 177 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 178 ] CVE-2013-4002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002
[ 179 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 180 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 181 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 182 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 183 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 184 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 185 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 186 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 187 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 188 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 189 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 190 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 191 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 192 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 193 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 194 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 195 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 196 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 197 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 198 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 199 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 200 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 201 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 202 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 203 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 204 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 205 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 206 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 207 ] CVE-2013-6629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629
[ 208 ] CVE-2013-6954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954
[ 209 ] CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 210 ] CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 211 ] CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 212 ] CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 213 ] CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 214 ] CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 215 ] CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 216 ] CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 217 ] CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 218 ] CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 219 ] CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 220 ] CVE-2014-1876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876
[ 221 ] CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 222 ] CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 223 ] CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 224 ] CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 225 ] CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 226 ] CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 227 ] CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 228 ] CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. PRE-CERT Security Advisory
==========================
* Advisory: PRE-SA-2012-01
* Released on: 16th February 2012
* Affected products: Oracle Java SE 7 below Update 3
Oracle Java SE 6 below Update 31
IcedTea6 1.8.x below 1.8.13
IcedTea6 1.9.x below 1.9.13
IcedTea6 1.10.x below 1.10.6
IcedTea6 1.11.x below 1.11.1
IcedTea 2.x below 2.0.1
Older versions may also be affected.
* Impact: denial-of-service
* Origin: java.util.zip
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2012-0501
Summary
-------
The function countCENHeaders() in zip_util.c of the java.util.zip
implementation contains an off-by-one bug. The bug can be exploited via
corrupted ZIP files to cause an endless recursion. The endless recursion
results in a segmentation fault of the JVM.
The following assessment is based on the JDK sources available from
Oracle's website (jdk-6u23-fcs-src-b05-jrl-12_nov_2010.jar).
readCEN() in zip_util.c is used by java.util.zip to read the central
directory of ZIP files.
It reads the total number of entries from the ZIP file via the
ENDTOT field:
(543) total = (knownTotal != -1) ? knownTotal : ENDTOT(endbuf);
A corrupted ZIP file may have set the total number of entries to 0.
Alternatively, knownTotal may have been passed as a parameter with
value 0.
readCEN() iterates over all directory entries
(552) for (i = 0, cp = cenbuf; cp <= cenend - CENHDR; i++, cp +=
CENSIZE(cp)) {
and recognizes an incorrect total field
(557) if (i >= total) {
In this case, readCEN() counts the total number of fields via
countCENHeaders() before calling itself recursively
(561) cenpos = readCEN(zip, countCENHeaders(cenbuf, cenend));
However, countCENHeaders() has an off-by-one bug. It fails to count
an entry that is precisely CENHDR bytes long
(431) for (i = 0; i + CENHDR < end - beg; i += CENSIZE(beg + i))
and returns 0 in this case.
Hence, readCEN() is called recursively with knownTotal = 0 resulting
in an endless recursion.
Solution
--------
The issue was fixed in the following versions:
Oracle Java SE 7 Update 3
Oracle Java SE 6 Update 31
IcedTea6 1.8.13
IcedTea6 1.9.13
IcedTea6 1.10.6
IcedTea6 1.11.1
IcedTea 2.0.1
IcedTea 2.1
References
----------
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://blog.fuseyism.com/index.php/2012/02/15/security-icedtea6-1-8-13-1-9-13-1-10-6-and-icedtea-2-0-1-released/
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017233.html
http://blog.fuseyism.com/index.php/2012/02/15/icedtea-2-1-released-openjdk7-u3-release/
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt
Contact
--------
PRE-CERT can be reached under precert@pre-secure.de. For PGP key
information, refer to http://www.pre-cert.de/.
CVE-2011-3377
The Iced Tea browser plugin included in the openjdk-6 package
does not properly enforce the Same Origin Policy on web content
served under a domain name which has a common suffix with the
required domain name.
CVE-2011-3563
The Java Sound component did not properly check for array
boundaries. A malicious input or an untrusted Java application
or applet could use this flaw to cause Java Virtual Machine to
crash or disclose portion of its memory.
CVE-2011-5035
The OpenJDK embedded web server did not guard against an
excessive number of a request parameters, leading to a denial
of service vulnerability involving hash collisions.
CVE-2012-0497
It was discovered that Java2D did not properly check graphics
rendering objects before passing them to the native renderer.
This could lead to JVM crash or Java sandbox bypass.
CVE-2012-0501
The ZIP central directory parser used by java.util.zip.ZipFile
entered an infinite recursion in native code when processing a
crafted ZIP file, leading to a denial of service.
CVE-2012-0502
A flaw was found in the AWT KeyboardFocusManager class that
could allow untrusted Java applets to acquire keyboard focus
and possibly steal sensitive information.
CVE-2012-0503
The java.util.TimeZone.setDefault() method lacked a security
manager invocation, allowing an untrusted Java application or
applet to set a new default time zone.
CVE-2012-0505
The Java serialization code leaked references to serialization
exceptions, possibly leaking critical objects to untrusted
code in Java applets and applications.
CVE-2012-0506
It was discovered that CORBA implementation in Java did not
properly protect repository identifiers (that can be obtained
using _ids() method) on certain Corba objects. This could
have been used to perform modification of the data that should
have been immutable.
CVE-2012-0507
The AtomicReferenceArray class implementation did not properly
check if the array is of an expected Object[] type. A
malicious Java application or applet could use this flaw to
cause Java Virtual Machine to crash or bypass Java sandbox
restrictions
For the stable distribution (squeeze), these problems have been fixed in
version 6b18-1.8.13-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 6b24-1.11.1-1.
We recommend that you upgrade your openjdk-6 packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03350339
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03350339
Version: 1
HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized
Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2012-05-30
Last Updated: 2012-05-29
- -----------------------------------------------------------------------------
Potential Security Impact: Remote unauthorized access, disclosure of
information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime
Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These
vulnerabilities could allow remote unauthorized access, disclosure of
information, and other vulnerabilities.
HP-UX B.11.23, B.11.31 running HP JDK and JRE 7.0.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2012-0507 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/go/java
HP-UX B.11.23, B.11.31
JDK and JRE v7.0.01 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v7.0.0, update to Java v7.0.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk70.JDK70-COM
Jdk70.JDK70-DEMO
Jdk70.JDK70-IPF32
Jdk70.JDK70-IPF64
Jre70.JRE70-COM
Jre70.JRE70-IPF32
Jre70.JRE70-IPF32-HS
Jre70.JRE70-IPF64
Jre70.JRE70-IPF64-HS
action: install revision 1.7.0.01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 30 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
Fix in AtomicReferenceArray (CVE-2011-3571).
Add property to limit number of request headers to the HTTP Server
(CVE-2011-5035). CVE-2012-0499, CVE-2012-0500).
Better input parameter checking in zip file processing (CVE-2012-0501).
Issues with some KeyboardFocusManager method (CVE-2012-0502).
Issues with TimeZone class (CVE-2012-0503).
Enhance exception throwing mechanism in ObjectStreamClass
(CVE-2012-0505).
Issues with some method in corba (CVE-2012-0506).
The updated packages provides icedtea6-1.10.6 which is not vulnerable
to these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0506
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
63b2f376c592f7ff1e4aa7890ceee280 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
a08e86738341f9de864419817e40a6f6 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
18c0c0f3474444c88fc484868497a9c4 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
b21b456d9ee21b88a7193bcbf0d240bf 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
edaff496f231bf9e47e1758c5c9cc7d9 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.i586.rpm
ce1bb936f26002c752975b1045d58e76 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0b4aacfa0120ea55489efe2d88eeea5d 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
f63f343302f4375071aacac5884b6b9a 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
cbc96ed4843f65a29d664cd0f07a8968 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
f66189cfbc78cbe7403f880fa8ef070f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
0a1d5214c532f3a1e2737ee7dfb0ec14 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdv2010.2.x86_64.rpm
ce1bb936f26002c752975b1045d58e76 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdv2010.2.src.rpm
Mandriva Linux 2011:
276091edbd4821862b203b78ab4c7e8e 2011/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
0d5576a07181d2d61020fc9ce76ccacc 2011/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
a4c0e4b7e7b577867cc380242a82a58d 2011/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
7a49bc6419d25297e02b0b6151bca85e 2011/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
abda3919ff6e3d4f2cc4c8e8135c2130 2011/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.i586.rpm
c3237479dc9690bc6bda4d7b8054f2ae 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm
Mandriva Linux 2011/X86_64:
f8179f159c950005e677a07b7a7d7b28 2011/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
4e99ad3e7f81d18c766dc13260b3686b 2011/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
799eaa638565a4839906c41642f8621d 2011/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
fee264489439ecb48de37409524194dd 2011/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
95ffcf2aa45429fb1b31fa044560da9b 2011/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1-mdv2011.0.x86_64.rpm
c3237479dc9690bc6bda4d7b8054f2ae 2011/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1.src.rpm
Mandriva Enterprise Server 5:
3991eab3dad14d627a4e4a286e658076 mes5/i586/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
1da6d0464e870345b512e423ce8e541d mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
1335da0e8ed5b37147b2ec5d8a68b20d mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
e10aebb0b91428325a308e576f50aa45 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
d30e1ae2d47cd23c063357973dd870a9 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.i586.rpm
b9d795124e16f852b188cb9c92dc3d77 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b9c5058e2009da89418b8056e23511ad mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
cecb580e05f61fe3dba56e33276f8185 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
8d8d67bda8662b88e6d56956e5739a2e mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
960a85c526378996f6ef6511638335f4 mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
b068fd26387d11fea69f4a99190faab3 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-26.b22.1mdvmes5.2.x86_64.rpm
b9d795124e16f852b188cb9c92dc3d77 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-26.b22.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you
| VAR-201202-0071 | CVE-2012-0502 | Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
The vulnerability can be exploited over multiple protocols. This issue affects the 'AWT' sub-component.
This vulnerability affects the following supported versions:
7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35.
Release Date: 2012-03-26
Last Updated: 2012-04-02
------------------------------------------------------------------------------
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4
CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrades to resolve these vulnerabilities.
The upgrades are available from the following location
http://www.hp.com/go/java
HP-UX B.11.11, B.11.23, B.11.31
JDK and JRE v6.0.14 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
HP-UX B.11.23
HP-UX B.11.31
===========
Jre60.JRE60-COM
Jre60.JRE60-IPF32
Jre60.JRE60-IPF32-HS
Jre60.JRE60-IPF64
Jre60.JRE60-IPF64-HS
Jre60.JRE60-PA20
Jre60.JRE60-PA20-HS
Jre60.JRE60-PA20W
Jre60.JRE60-PA20W-HS
Jdk60.JDK60-COM
Jdk60.JDK60-IPF32
Jdk60.JDK60-IPF64
Jdk60.JDK60-PA20
Jdk60.JDK60-PA20W
action: install revision 1.6.0.14.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 March 2012 Initial release
Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools.
CVE-2011-3377
The Iced Tea browser plugin included in the openjdk-6 package
does not properly enforce the Same Origin Policy on web content
served under a domain name which has a common suffix with the
required domain name.
CVE-2011-5035
The OpenJDK embedded web server did not guard against an
excessive number of a request parameters, leading to a denial
of service vulnerability involving hash collisions.
CVE-2012-0501
The ZIP central directory parser used by java.util.zip.ZipFile
entered an infinite recursion in native code when processing a
crafted ZIP file, leading to a denial of service.
CVE-2012-0505
The Java serialization code leaked references to serialization
exceptions, possibly leaking critical objects to untrusted
code in Java applets and applications.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 6b24-1.11.1-1. 6) - x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-openjdk security update
Advisory ID: RHSA-2012:0135-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0135.html
Issue date: 2012-02-14
CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035
CVE-2012-0497 CVE-2012-0501 CVE-2012-0502
CVE-2012-0503 CVE-2012-0505 CVE-2012-0506
=====================================================================
1. Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.
It was discovered that Java2D did not properly check graphics rendering
objects before passing them to the native renderer. Malicious input, or an
untrusted Java application or applet could use this flaw to crash the Java
Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that the exception thrown on deserialization failure did
not always contain a proper identification of the cause of the failure. An
untrusted Java application or applet could use this flaw to bypass Java
sandbox restrictions. (CVE-2012-0505)
The AtomicReferenceArray class implementation did not properly check if
the array was of the expected Object[] type. A malicious Java application
or applet could use this flaw to bypass Java sandbox restrictions.
(CVE-2011-3571)
It was discovered that the use of TimeZone.setDefault() was not restricted
by the SecurityManager, allowing an untrusted Java application or applet to
set a new default time zone, and hence bypass Java sandbox restrictions.
(CVE-2012-0503)
The HttpServer class did not limit the number of headers read from HTTP
requests. A remote attacker could use this flaw to make an application
using HttpServer use an excessive amount of CPU time via a
specially-crafted request. This update introduces a header count limit
controlled using the sun.net.httpserver.maxReqHeaders property. The default
value is 200. (CVE-2011-5035)
The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this
flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion
of its memory. (CVE-2011-3563)
A flaw was found in the AWT KeyboardFocusManager that could allow an
untrusted Java application or applet to acquire keyboard focus and possibly
steal sensitive information. (CVE-2012-0502)
It was discovered that the CORBA (Common Object Request Broker
Architecture) implementation in Java did not properly protect repository
identifiers on certain CORBA objects. This could have been used to modify
immutable object data. (CVE-2012-0506)
An off-by-one flaw, causing a stack overflow, was found in the unpacker for
ZIP files. A specially-crafted ZIP archive could cause the Java Virtual
Machine (JVM) to crash when opened. (CVE-2012-0501)
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to
the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)
788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)
789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)
789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.43.1.10.6.el6_2.src.rpm
i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.i686.rpm
x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.43.1.10.6.el6_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-3563.html
https://www.redhat.com/security/data/cve/CVE-2011-3571.html
https://www.redhat.com/security/data/cve/CVE-2011-5035.html
https://www.redhat.com/security/data/cve/CVE-2012-0497.html
https://www.redhat.com/security/data/cve/CVE-2012-0501.html
https://www.redhat.com/security/data/cve/CVE-2012-0502.html
https://www.redhat.com/security/data/cve/CVE-2012-0503.html
https://www.redhat.com/security/data/cve/CVE-2012-0505.html
https://www.redhat.com/security/data/cve/CVE-2012-0506.html
https://access.redhat.com/security/updates/classification/#critical
http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPOwEiXlSAg2UNWIIRAnYKAKCorWMpTAsiiuJ4uSywvmAym2EK0wCfa/8B
lhqpUTdPMNmgswBpMj4pV/M=
=9liL
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable!
2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 *
3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable!
4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 *
5 app-emulation/emul-linux-x86-java
< 1.7.0.51 >= 1.7.0.51 *
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages
Description
===========
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Impact
======
An unauthenticated, remote attacker could exploit these vulnerabilities
to execute arbitrary code.
Furthermore, a local or remote attacker could exploit these
vulnerabilities to cause unspecified impact, possibly including remote
execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java
implementation, the packages can no longer be updated automatically.
References
==========
[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201202-0054 | CVE-2012-0014 | Microsoft .NET Framework and Silverlight Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability.". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability.
Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to
address these vulnerabilities.
I. Description
The Microsoft Security Bulletin Summary for February 2012 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities.
II.
III. Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2012, which
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.
IV. References
* Microsoft Security Bulletin Summary for February 2012 -
<https://technet.microsoft.com/en-us/security/bulletin/ms12-feb>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
* Microsoft Update - <https://www.update.microsoft.com/>
* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>
* Turn Automatic Updating On or Off -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA12-045A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-045A Feedback VU#752838" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2012 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
February 14, 2012: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw
2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7
gtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP
40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK
joX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW
iRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ==
=E3Fg
-----END PGP SIGNATURE-----
| VAR-201202-0094 | CVE-2012-0340 | Cisco IronPort Encryption Appliance Management interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. The Cisco IronPort family of products is a widely used mail encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. Since the WEB interface provided by the device fails to properly filter the input submitted by the user, the unauthenticated remote attacker can construct a malicious link, induce the user to parse, obtain the target user's browser sensitive information or hijack the user session.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by IronPort bug 72410