Fedora 18 : php-symfony2-Validator-2.2.5-1.fc18 (2013-14590)

Updated to 2.2.5 CVE-2013-4751 Validation metadata serialization and loss of information Release blog posts : - http://symfony.com/blog/symfony-2-2-4-released - http://symfony.com/blog/security-releases-symfony-2-0- 24-2-1-12-2-2-5-and-2-3-3-released Full change log:...

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

SuSE 11.2 Security Update : java-1_6_0-openjdk (SAT Patch Number 8084)

java-160-openjdk has been updated to Icedtea6-1.12.6 version. Security fixes : - S6741606, CVE-2013-2407: Integrate Apache Santuario - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls - S7170730, CVE-2013-2451: Improve Windows network stack support. - S8000638, CVE-2013-2450:...

OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...

OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the...

OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the...

OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...

OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...

OpenJDK: ObjectOutputStream access checks (Serialization, 8008132)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the...

Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0958)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0958 advisory. 1.7.0.25-2.3.10.4.0.1.el59 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.25-2.3.10.4.el5 - updated to newer IcedTea7-fores...

Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-0751)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0751 advisory. 1.7.0.19-2.3.9.1.0.1.el64 - Update DISTRONAME in specfile 1.7.0.19-2.3.9.1.el6 - updated to updated IcedTea 2.3.9 with fix to one of security fixes -...

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-2470,...

CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

RHEL 5 / 6 : richfaces (RHSA-2013:1042)

Updated richfaces packages that fix one security issue are now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring...

CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Design/Logic Flaw

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

CVE-2013-3171

CVE-2013-3171 : The.NET Framework serialization path does not properly check permissions of delegate objects, enabling remote code execution via a crafted XBAP or a partial-trust .NET app. Affected products include .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5. The underlying root cause...

CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities : - A vulnerability exists in the way that affected components handle specially crafted TrueType font files that could lead to remote code execution. An attacker could leverage...