Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)

The remote Solaris system is missing necessary patches to address security updates : - The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remot...

Oracle Solaris Third-Party Patch Update : texinfo (cve_2006_4810_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the readline function in util/texindex.c, as used by the 1 texi2dvi and 2 texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code...

Oracle Solaris Third-Party Patch Update : ruby (multiple_vulnerabilities_in_ruby1)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service...

Oracle Solaris Third-Party Patch Update : libtasn1 (multiple_vulnerabilities_in_gnu_libtasn1)

The remote Solaris system is missing necessary patches to address security updates : - The asn1getbitder function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via craft...

Oracle Solaris Third-Party Patch Update : ibutils (cve_2013_2561_link_following)

The remote Solaris system is missing necessary patches to address security updates : - OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on 1 ibdiagnet.db, 2 ibdiagnet.fdbs, 3 ibdiagnetibis.log, 4 ibdiagnet.log, 5 ibdiagnet.lst, 6 ibdiagnet.mcfdbs, 7...

Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that t...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)

The remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packe...

Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)

The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird3)

The remote Solaris system is missing necessary patches to address security updates : - Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assiste...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4243_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...

Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into...

Oracle Solaris Third-Party Patch Update : gimp (multiple_vulnerabilities_in_gimp)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file,...

Oracle Solaris Third-Party Patch Update : python (cve_2014_7185_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a 'buffer' function. CVE-2014-7185...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)

The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...

Oracle Solaris Third-Party Patch Update : openssl (multiple_vulnerabilities_in_openssl4) (Heartbleed)

The remote Solaris system is missing necessary patches to address security updates : - The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...

Oracle Solaris Third-Party Patch Update : bind (cve_2012_5166_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service named daemon hang via unspecified...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_4564_design_error)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...

Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities)

The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting XSS vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving...