Gentoo Security Advisory GLSA 201206-02 (qt-gui)

The remote host is missing updates announced in advisory GLSA 201206-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201206-31 (pam)

The remote host is missing updates announced in advisory GLSA 201206-31. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Scientific Linux Security Update : python on SL5.x i386/x86_64

It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySysSetArgv API function, which could result in the addition of the current working directory to the module search path sys.path. A local attacker...

Scientific Linux Security Update : bluez-libs and bluez-utils on SL4.x, SL5.x i386/x86_64

An input validation flaw was found in the Bluetooth Session Description Protocol SDP packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cau...

CentOS Update for krb5-devel CESA-2011:1851 centos4

Check for the Version of krb5-devel OpenVAS Vulnerability Test CentOS Update for krb5-devel CESA-2011:1851 centos4 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for krb5-devel CESA-2011:1851 centos5

Check for the Version of krb5-devel OpenVAS Vulnerability Test CentOS Update for krb5-devel CESA-2011:1851 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CentOS Update for krb5-devel CESA-2011:1851 centos4

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

libpng: Multiple vulnerabilities

Background libpng is a standard library used to process PNG Portable Network Graphics images. It is used by several programs, including web browsers and potentially server processes. Description Multiple vulnerabilities have been discovered in libpng: The “embeddedprofilelen” function in pngwutil...

python, tkinter security update

CentOS Errata and Security Advisory CESA-2012:0745 Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Gentoo Security Advisory GLSA 201203-16 (libmodplug)

The remote host is missing updates announced in advisory GLSA 201203-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201204-04 (FreeType)

The remote host is missing updates announced in advisory GLSA 201204-04. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX Service Console

The remote ESXi is missing one or more security related Updates from VMSA-2011-0012.3. Summary VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues. Relevant releases ESXi 5.0 without patch ESXi500-201112401-SG. ESXi 4.1 without patch...

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document...

Analyzing ASLR in Android Ice Cream Sandwich 4.0

When I first saw the release notes for the new Android Ice Cream Sandwich ICS platform, I was excited to see that Google mentioned that “Android 4.0 now provides address space layout randomization”. For the uninitiated, ASLR randomizes where various areas of memory eg. stack, heap, libs, etc are...

mysql security update

CentOS Errata and Security Advisory CESA-2012:0105 Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

Medium: krb5

Issue Overview: Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP Lightweight Directory Access Protocol or Berkeley Database Berkeley DB back end. A remote attacker could use these flaws to crash the KDC...

Ubuntu 10.04 LTS / 10.10 / 11.04 : kde4libs vulnerability (USN-1248-1)

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name CN for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This...

USN-1248-1: KDE-Libs vulnerability

Tim Brown discovered that KSSL in KDE-Libs did not properly perform input validation when displaying the common name CN for an SSL certificate. An attacker could exploit this to spoof the common name which could be used in an attack to trick the user into accepting a fraudulent certificate. This...

Fedora 16 : firefox-7.0-1.fc16 / mozvoikko-1.9.0-8.fc16 / xulrunner-7.0-1.fc16 (2011-13422)

Update to new upstream Firefox version 7.0, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/fi refox.htmlfirefox7 This update also includes all packages depending on gecko-libs rebuilt against the new version of Firefox...

Fedora 14 : firefox-3.6.23-1.fc14 / galeon-2.0.7-44.fc14.1 / gnome-python2-extras-2.25.3-34.fc14.1 / etc (2011-13467)

Update to new upstream Firefox version 3.6.23, fixing multiple security issues detailed in the upstream advisories : - http://www.mozilla.org/security/known-vulnerabilities/fi refox36.htmlfirefox3.6.23 This update also includes all packages depending on gecko-libs rebuilt against the new version ...