RHEL 6 : tomcat6 (RHSA-2016:0492)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0492 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that the expression language resolver...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488,...

Scientific Linux Security Update : cups on SL6.x, SL7.x i386/x86_64 (20150617)

A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the...

RHEL 5 : wireshark (RHSA-2014:0341)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0341 advisory. Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were...

CentOS 5 : wireshark (CESA-2014:0341)

Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, a...

Scientific Linux Security Update : samba on SL5.x i386/x86_64 (20140317)

It was discovered that the Samba Web Administration Tool SWAT did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. CVE-2013-0213 A flaw was found in the...

Oracle Linux 4 : pidgin (ELSA-2010-0788)

From Red Hat Security Advisory 2010:0788 : Updated pidgin packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

CentOS 5 : gimp (CESA-2011:0838)

Updated gimp packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130312)

It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticatorauthenticate such as the Single-Sign-On valve, it was possible to bypass the security constraint checks in the FORM authenticator by...

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/x86_64 (20121120)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829,...

Scientific Linux Security Update : libsoup on SL4.x, SL5.x i386/x86_64

An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64...

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64

Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2010-1585, CVE-2011-0053, CVE-2011-0062 A flaw was found in the way...

Scientific Linux Security Update : evolution on SL3.x i386/x86_64

It was discovered that evolution did not properly validate NTLM NT LAN Manager authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. CVE-2009-0582 An integer overflow flaw which...

Scientific Linux Security Update : system-config-printer on SL4.x, SL5.x i386/x86_64

system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the...

Scientific Linux Security Update : gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain...

Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 (20120322)

OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework RDF...

Scientific Linux Security Update : apr on SL4.x, SL5.x, SL6.x i386/x86_64

It was discovered that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching such as an httpd server using th...

RHEL 6 : jasper (RHSA-2011:1807)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1807 advisory. JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the wa...

RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)

Updated java-1.6.0-ibm packages that fix several security issues and two bugs are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

CentOS 3 / 4 / 5 : openoffice.org (CESA-2010:0101)

Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes...