Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_4564_design_error1)

The remote Solaris system is missing necessary patches to address security updates : - ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PPM image that...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark9)

The remote Solaris system is missing necessary patches to address security updates : - The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to caus...

Oracle Solaris Third-Party Patch Update : slocate (cve_2007_0227_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that t...

Oracle Solaris Third-Party Patch Update : gtk (cve_2012_2370_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the readbitmapfiledata function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service application crash via a negative 1 height or 2 width in ...

Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

The remote Solaris system is missing necessary patches to address security updates : - The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of a...

Oracle Solaris Third-Party Patch Update : imagemagick (multiple_vulnerabilities_in_imagemagick2)

The remote Solaris system is missing necessary patches to address security updates : - The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service crash via a zero value in the component count of an EXIF XResolution tag in a...

Oracle Solaris Third-Party Patch Update : mysql (multiple_vulnerabilities_in_mysql)

The remote Solaris system is missing necessary patches to address security updates : - MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified 1 DATA DIRECTORY or 2 INDEX DIRECTORY arguments that are originally associated...

Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)

The remote Solaris system is missing necessary patches to address security updates : - libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS...

Oracle Solaris Third-Party Patch Update : quagga (cve_2013_2236_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the newmsglsachangenotify function in the OSPFD API ospfapi.c in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers...

Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)

The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5encodekrbsecretkey function in plugins/kdb/ldap/ libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 1.6.x through 1.11.x before 1.11.6 and 1.12....

Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)

The remote Solaris system is missing necessary patches to address security updates : - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently ...

Oracle Solaris Third-Party Patch Update : apache (cve_2013_4365_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the fcgidheaderbucketread function in fcgidbucket.c in the modfcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown...

Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4243_buffer_errors)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a...

Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_6329_code_injection1)

The remote Solaris system is missing necessary patches to address security updates : - The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, whi...

Oracle Solaris Third-Party Patch Update : ghostscript (multiple_denial_of_service_vulnerabilities7)

The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the jpccoxgetcompparms function in libjasper/ jpc/jpccs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_tomcat)

The remote Solaris system is missing necessary patches to address security updates : - Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...

Oracle Solaris Third-Party Patch Update : thunderbird (multiple_vulnerabilities_in_thunderbird4)

The remote Solaris system is missing necessary patches to address security updates : - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_vulnerabilities_in_wireshark7)

The remote Solaris system is missing necessary patches to address security updates : - The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service application crash via a crafted packe...

Oracle Solaris Third-Party Patch Update : nss (cve_2013_1620_lucky_thirteen)

The remote Solaris system is missing necessary patches to address security updates : - The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which...

Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3505_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application...