glibc security and bug fix update

2.12-1.47.el62.5 - Avoid high cpu usage when accept fails with EMFILE 767692 2.12-1.47.el62.4 - Make implementation of ARENASTEST and ARENASMAX match documentation 769594 - Check malloc arena atomically 769594 2.12-1.47.el62.3 - Check values from TZ file header 767692 2.12-1.47.el62.2 - Correctly...

Mandriva Update for openssl MDVSA-2012:006 (openssl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Linux Kernel UDP Implementation IP Identification Field Remote OS Disclosure

The remote host appears to be run a version of the Linux kernel that sends UDP responses in which the IP identification field is constant and equal to zero 0. With this information, an attacker could mount further, more targeted attacks against this host. Note that RedHat does not consider this a...

Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)

Multiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack CVE-2011-410...

Debian DSA-2390-1 : openssl - several vulnerabilities

Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which make...

CVE-2012-0045

The emsyscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 aka syscall opcode, which allows guest OS users to cause a denial of service guest OS crash via a crafted application, as demonstrated by an NASM file...

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...

PHP < 5.3.9 Multiple DoS Vulnerabilities - Windows

PHP is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if...

Fedora 16 : glibc-2.14.90-24.fc16.4 (2011-17386)

Reverts 552960 patch which is causing a variety of problems. - Sun Dec 18 2011 Jeff Law - 2.14.90-24.fc16.3 - Check values from TZ file header 767696 - Handle EAGAIN from FUTEXWAITREQUEUEPI 552960 - Add dist. - Correct return value from pthreadcreate when stack allocation fails. 767746 - Wed Dec ...

Mozilla Products DOMAttrModified Memory Corruption Vulnerability - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to out of bounds memory corruption vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVE-2011-3658

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via vectors involving...

CVE-2011-4597

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series ...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7516)

This kernel update for the SUSE Linux Enterprise 10 SP4 kernel fixes several security issues and bugs. The following security issues were fixed : - The code for evaluating LDM partitions in fs/partitions/ldm.c contained bugs that could crash the kernel for certain corrupted LDM partitions...

[SECURITY] Fedora 15 Update: openswan-2.6.37-1.fc15

Openswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities

The host is installed with Internet Explorer and is prone to multiple information disclosure vulnerabilities. OpenVAS Vulnerability Test $Id: gbmsiemultinfodiscvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft Internet Explorer Multiple Information Disclosure Vulnerabilities Authors: Soora...

Ubuntu: Security Advisory (USN-1294-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Safari JavaScript Implementation Information Disclosure Vulnerability - Windows

Apple Safari web browser is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1294-1)

Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. CVE-2011-1162 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)

The host is installed with Apple Safari web browser and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafarijsimplinfodiscvulnwin.nasl 7019 2017-08-29 11:51:27Z teissa $ Apple Safari JavaScript Implementation Information Disclosure Vulnerability Windows...