[BSA-052] Security Update for libvirt

Guido Günther uploaded new packages for libvirt which fixed the following security problems: CVE-2011-2511 Integer overflow in VirDomainGetVcpus CVE-2011-1486 Non thread safe error reporting For the squeeze-backports distribution the problems have been fixed in version 0.9.2-7bpo60+1. For the...

CVE-2011-2879

Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

CVE-2011-2879

CVE-2011-2879 affects Google Chrome older than 14.0.835.202. The root cause is improper handling of object lifetimes and thread safety during audio node processing, allowing remote attackers to cause a denial of service or potentially other unspecified impact via unknown vectors. Public reference...

CVE-2011-2879

Removed by vendor...

Mandriva Update for openssl MDVSA-2011:137 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDVSA-2011:137 openssl Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for openssl MDVSA-2011:137 (openssl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Linux Security Advisory : openssl (MDVSA-2011:137)

Multiple vulnerabilities has been discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary...

CVE-2011-3210

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

DEBIAN-CVE-2011-3210

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

Code injection

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

CVE-2011-3210

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

CVE-2011-3210

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service daemon crash via out-of-order messages that violate t...

OpenSSL 1.0.0 < 1.0.0e Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0e. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0e advisory. - The BNGF2mmodinv function in crypto/bn/bngf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 befo...

Suggested The Linux 3.1 Kernel logo

Suggested The Linux 3.1 Kernel logo This new logo was proposed just this weekend and the current discussion to see whether it will be accepted for Linux 3.1 can be found in this LKML thread. To mark the upcoming release of the Linux 3.1 kernel IBM's Darrick Wong has proposed changing the familiar...

FreeBSD : OpenSSL -- multiple vulnerabilities (2ecb7b20-d97e-11e0-b2e2-00215c6a37bb)

OpenSSL Team reports : Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...

OpenSSL -- multiple vulnerabilities

OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...

Design/Logic Flaw

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...

Ubuntu 10.04 LTS / 10.10 / 11.04 : libvirt vulnerabilities (USN-1152-1)

It was discovered that libvirt did not use thread-safe error reporting. A remote attacker could exploit this to cause a denial of service via application crash. CVE-2011-1486 Eric Blake discovered that libvirt had an off-by-one error which could be used to reopen disk probing and bypass the fix f...