Important: Red Hat Security Advisory: bind security update

Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2012-4537

CVE-2012-4537 is a Xen memory DoS issue: when set_p2m_entry fails, Xen 3.4–4.2 may fail to synchronize p2m and m2p tables, enabling local HVM guests to cause memory consumption and assertion failures. The vulnerability is documented in Xen advisories (e.g., AXSA:2013-80:01) and related vendor adv...

CVE-2012-4187

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

CVE-2012-4187

CVE-2012-4187 is listed in the MiracleLinux/Miracle Linux AXSA advisory as affecting Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. The vulnerability is described as an issue with managing a cert...

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

Authentication flaw

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

Authentication flaw

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

CVE-2012-5352

Java Open Single Sign-On Project Home JOSSO allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

CVE-2012-5353

CVE-2012-5353 affects Eduserv OpenAthens SP 2.0 for Java. The vulnerability arises when a SAML assertion lacks a Signature element, enabling remote attackers to forge messages and bypass authentication (a “Signature exclusion attack”). The issue is documented across multiple sources (NVD entry an...

CVE-2012-5351

CVE-2012-5351 affects Apache Axis2 and allows remote attackers to bypass authentication by forging a SAML assertion that lacks a Signature element (Signature exclusion attack). This is the same family as CVE-2012-4418 and enables message forgery without proper XML-signature verification. IBM-rela...

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service assertion...

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...

CVE-2012-5238

epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of 1 PPP and 2 LCP data, which allows remote attackers to cause a denial of service assertion failure and application exit via a malformed packet...

GLSA-201209-04 : BIND: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201209-04 BIND: Multiple vulnerabilities Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy CVE-2012-1033. BIND accepts records with zero-length...

Important: bind

Issue Overview: A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an...

SuSE 10 Security Update : bind (ZYPP Patch Number 8298)

The bind nameserver was updated to version 9.6-ESV-R7-P3 to fix a single security problem, where loading a zone file could have caused an assertion abort of the named service. CVE-2012-4244 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

CentOS Update for quagga CESA-2012:1259 centos6

Check for the Version of quagga OpenVAS Vulnerability Test CentOS Update for quagga CESA-2012:1259 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...