Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird7)

The remote Solaris system is missing necessary patches to address security updates : - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey...

Oracle Solaris Third-Party Patch Update : nova (cve_2014_3517_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess...

Oracle Solaris Third-Party Patch Update : gnupg (cve_2013_4351_cryptographic_issues)

The remote Solaris system is missing necessary patches to address security updates : - GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended...

Oracle Solaris Third-Party Patch Update : pidgin (multiple_vulnerabilities_in_pidgin)

The remote Solaris system is missing necessary patches to address security updates : - proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service application crash vi...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark9)

The remote Solaris system is missing necessary patches to address security updates : - The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to caus...

Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

The remote Solaris system is missing necessary patches to address security updates : - The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of a...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_denial_of_service_dos)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attacke...

Oracle Solaris Third-Party Patch Update : gtk (cve_2012_2370_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in ...

Oracle Solaris Third-Party Patch Update : imagemagick (multiple_vulnerabilities_in_imagemagick2)

The remote Solaris system is missing necessary patches to address security updates : - The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service crash via a zero value in the component count of an EXIF XResolution tag in a...

Oracle Solaris Third-Party Patch Update : gimp (cve_2012_3236_buffer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed XTENSION header of a .fit file, as demonstrated using a long...

Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)

The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently ...

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_6329_code_injection1)

The remote Solaris system is missing necessary patches to address security updates : - The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, whi...

Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the jpccoxgetcompparms function in libjasper/ jpc/jpccs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Oracle Solaris Third-Party Patch Update : python (cve_2010_1634_integer_overflow)

The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service application crash via a large fragment, as...

Oracle Solaris Third-Party Patch Update : libexif (multiple_vulnerabilities_in_libexif1)

The remote Solaris system is missing necessary patches to address security updates : - The exifentrygetvalue function in exif-entry.c in the EXIF Tag Parsing Library aka libexif before 0.6.21 allows remote attackers to cause a denial of service out-of-bounds read or possibly obtain sensitive...

Oracle Solaris Third-Party Patch Update : libfxt (cve_2011_3256_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service...

Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet1)

The remote Solaris system is missing necessary patches to address security updates : - Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when...

Oracle Solaris Third-Party Patch Update : cvs (cve_2012_0804_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the proxyconnect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service crash and possibly execute arbitrary code via a crafted...