OracleVM 2.2 : ntp (OVMSA-2015-0002)

The remote OracleVM system is missing necessary patches to address critical security updates : - don't generate weak control key for resolver CVE-2014-9293 - don't generate weak MD5 keys in ntp-keygen CVE-2014-9294 - fix buffer overflows via specially-crafted packets CVE-2014-9295 - increase...

OracleVM 2.2 : ntp (OVMSA-2009-0036)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix DoS with mode 7 packets 532639, CVE-2009-3563 - compile with -fno-strict-aliasing %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleV...

thunderbird security update

17.0.8-5.0.1.el64 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 17.0.8-5 - Update to 17.0.8 ESR - Added strict aliasing patch mozbz821502...

Fedora 18 : bzr-2.5.1-11.fc18 (2013-9620)

Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...

Fedora 19 : bzr-2.5.1-11.fc19 (2013-9538)

Fixes CVE-2013-2099, maliciously crafted SSL certificate can cause a denial of service. - Builds the C extensions from the Cython source instead of the pregenerated C files. - Build without strict-aliasing on Fedora versions which have a bug in the python distutils module. - Install the...

boost security update

1.41.0-15 - Add in explicit dependences between some boost subpackages 1.41.0-14 - Build with -fno-strict-aliasing 1.41.0-13 - In Boost.Pool, be careful not to overflow allocated chunk size boost-1.41.0-pool.patch 1.41.0-12 - Add an upstream patch that fixes computation of CRC in zlib streams. -...

freetype security update

2.3.11-6.el61.6 - A little change in configure part - Resolves: 723467 2.3.11-6.el61.5 - Use -fno-strict-aliasing instead of attributemayalias - Resolves: 723467 2.3.11-6.el61.4 - Allow FTGlyph to alias to pass Rpmdiff - Resolves: 723467 2.3.11-6.el61.3 - Add freetype-2.3.11-CVE-2011-0226.patch A...

cyrus-imapd security update

2.3.16-6.2 - do not use strict aliasing 2.3.16-6.1 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability...

CVE-2010-4698

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service application crash via a large number of anti-aliasing steps in an argument to the imagepstext function...

CVE-2010-4698

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service application crash via a large number of anti-aliasing steps in an argument to the imagepstext function...

PHP 5.2 < 5.2.15 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2 installed on the remote host is older than 5.2.15. Such versions may be affected by several security issues : - A crash in the zip extract method. - A possible double free exists in the imap extension. CVE-2010-4150 - An unspecified flaw exists in...

PHP 5.3.3 GD Stack Buffer Overflow

Description: Prior to version 5.3.4, PHP's GD extension did not properly validate the number of anti-aliasing steps passed to the function imagepstext. The value of this parameter is expected to be either 4 or 16. To accommodate this, an array of 16 integers, aa, is located on the stack. Before t...

Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...

Mac OS X Server v10.6.5 (10H575)

A memory aliasing issue in Dovecot's handling of user names in Mac OS X Server v10.6.5 may result in a user receiving mail intended for other users. Note that this vulnerability arises only on Mac OS X Server systems when Dovecot is configured as a mail server. TRUSTED...

Design/Logic Flaw

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issu...

CVE-2010-4011

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issu...

CVE-2010-4011

CVE-2010-4011 affects Dovecot on Apple Mac OS X 10.6.5 (10H574; server variants noted in Nessus). The root cause is a memory handling issue (described as a memory aliasing issue) in Dovecot’s processing of user names, which allows remote authenticated users to read another person’s private email ...

Security fix for the ALT Linux 5 package MySQL version 5.0.89-alt1

Jan. 25, 2010 Anton Farygin 5.0.89-alt1 - new version closes 18943 - fixed CVE-2009-2446 from upstream closes 20724 - setup utf8 encoding instead of latin1 by default closes 12390 - include C99 aliasing violation patch from mythtv closes 22452 - removed username-length patch - wait for mysqld...

ntp security update

4.2.2p1-9.el54.1 - fix DoS with mode 7 packets 532639, CVE-2009-3563 - compile with -fno-strict-aliasing...

cyrus-imapd security update

2.3.7-2.2 - add -fno-strict-aliasing to cflags 2.3.7-2.1 - fix saslencode64's buffers 505427...