7574 matches found
No summary available - BOX (important)
This version upgrade of horde3-dimp to 4.3.11 fixes several issues including security related flaws, CVE-2012-0791 and adds new features...
No summary available - BOX (important)
This version upgrade of horde3 to 3.3.13 fixes several issues including a security related flaw, CVE-2012-0909 and adds new features...
flash-player to 11.1.102.62 (critical)
flash-player was updated to the security update to 11.1.102.62. It fixes lots of security issues, some already exploited in the wild. Details can be found on: https://www.adobe.com/support/security/bulletins/apsb12-03.h tml These vulnerabilities could cause a crash and potentially allow an attack...
MozillaFirefox to 10.0.1 (critical)
MozillaFirefox was updated to 10.0.1 to fix critical bugs and security issue. Following security issue was fixed: CVE-2012-0452: Mozilla developers Andrew McCreight and Olli Pettay found that ReadPrototypeBindings will leave a XBL binding in a hash table even when the function fails. If this...
VUL-0: nginx: heap overflow (important)
A flaw in the custom DNS resolver of nginx could lead to a heap based buffer overflow which could potentially allow attackers to execute arbitrary code or to cause a Denial of Service bnc731084, CVE-2011-4315...
kernel: security and bugfix update. (important)
The openSUSE 11.4 kernel was updated to fix bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used. CVE-2011-269...
MozillaFirefox: Version 10 (important)
Mozilla Firefox was updated to version 10 to fix bugs and security issues. MFSA 2012-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...
xorg-x11-server (important)
The X server had two security issues and one bug that is fixed by this update. CVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. CVE-2011-4029: It is possible for a non-root local user to set the read...
tomcat6: Fix multiple weaknesses in HTTP DIGESTS (important)
This update fixes a regression in parameter passing in urldecoding of parameters that contain spaces. In addition, multiple weaknesses in HTTP DIGESTS are fixed CVE-2011-1184. CVE-2011-5062: The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0....
MozillaFirefox (important)
Mozilla Firefox Version 9 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
kernel: security and bugfix update. (important)
The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2011-4604: If root does read on a specific socket, it's possible to corrupt kernel memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used...
libxml2: fixing heap-based buffer overflow (CVE-2011-3919) (important)
A heap-based buffer overflow during decoding of entity references with overly long names has been fixed. CVE-2011-3919 has been assigned...
libqt4: fixed stack-based buffer overflow in glyph handling (CVE-2011-3922) (important)
A stack-based buffer overflow in the glyph handling of libqt4's harfbuzz has been fixed. CVE-2011-3922 has been assigned to this issue...
acroread (important)
Acrobat Reader was updated to version 9.4.7 to fix security issues CVE-2011-2462, CVE-2011-4369...
openssl: fixing various security issues (important)
Various security vulnerabilities have been fixed in openssl: - DTLS plaintext recovery attack CVE-2011-4108 - uninitialized SSL 3.0 padding CVE-2011-4576 - malformed RFC 3779 data can cause assertion failures CVE-2011-4577 - SGC restart DoS attack CVE-2011-4619 - invalid GOST parameters DoS attac...
glibc (important)
Specially crafted time zone files could cause a heap overflow in glibc CVE-2009-5029...
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd...
freetype2 (important)
This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts CVE-2011-3256, CVE-2011-3439...
seamonkey (important)
seamonkey version 2.6 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
krb5-appl: Fixed remote buffer overflow in ktelnetd (important)
This update of krb5 applications fixes two security issues. CVE-2011-4862: A remote code execution in the kerberized telnet daemon was fixed. This only affects the ktelnetd from the krb5-appl RPM, not the regular telnetd supplied by SUSE. CVE-2011-1526 / MITKRB5-SA-2011-005: Fixed krb5 ftpd...
freetype2 (important)
This update of freetype2 fixes multiple security flaws that could allow attackers to cause a denial of service or to execute arbitrary code via specially crafted fonts CVE-2011-3256, CVE-2011-3439...
seamonkey (important)
seamonkey version 2.6 fixes several security issues: MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular expression library MFSA 2011-55/CVE-2011-3658: nsSVGValue out-of-bounds access MFSA...
jasper (important)
Specially crafted JPEG2000 files could cause a heap buffer overflow in jasper CVE-2011-4516, CVE-2011-4517...
xorg-x11-libs (important)
Specially crafted font files could cause a buffer overflow in applications that use libXfont to load such files CVE-2011-2895...
Seamonkey update (critical)
Seamonkey was upgraded to version 2.5 in order to fix the following security problems: MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards MFSA 2011-49/CVE-2011-3650 bmo674776...
bind (important)
specially crafted DNS queries could crash the bind name server CVE-2011-4313...
VUL-1: wireshark: new updates fix two DoS issues (important)
Wireshark version upgrade to 1.4.10 to fix various security flaws and other non-security issues...
VUL-0: flash-player: sec. update to version 11.1.102.55 (critical)
flash-player update to version 11.1.102.55 to fix the following critical security issues: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460...
MozillaFirefox secuirty update (critical)
MozillaFirefox was updated to version 8 bnc728520 to fix the following security issues: MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards MFSA 2011-49/CVE-2011-3650 bmo674776...
MozillaFirefox (critical)
MozillaFirefox has been updated to version 3.6.24 to fix the following security issues: MFSA 2011-46/CVE-2011-3647 bmo680880 loadSubScript unwraps XPCNativeWrapper scope parameter MFSA 2011-47/CVE-2011-3648 bmo690225 Potential XSS against sites using Shift-JIS MFSA 2011-49/CVE-2011-3650 bmo674776...
VUL-0: flash-player: sec. update to version 11.1.102.55 (critical)
flash-player update to version 11.1.102.55 to fix the following critical security issues: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460...
acroread (critical)
acrobat reader was updated to version 9.4.6 to fix several security issues CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442...
apache2: Fixed several security issues (important)
This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...
pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed CVE-2010-3316...
pam: fixing stack overflow (CVE-2011-3148) and DoS (CVE-2011-3149) (important)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files...
rpm (CVE-2011-3378) (important)
Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures CVE-2011-3378...
opera: Release 11.52 to fix memory corruption via SVG content (important)
This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites...
krb5: fixed kdc remote denial of service ( CVE-2011-1528, CVE-2011-1529) and unauthorized file access (CVE-2011-1526) (important)
The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote...
ldns (CVE-2011-3581) (important)
A boundary error in ldnsrrnewfrmstrinternal could lead to a heap-based buffer overfow when processing RR records CVE-2011-3581...
quagga: fixing multiple vulnerabilities (important)
This update fixes the following security issues: - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa CVE-2011-3323 - 718058: OSPF6D DoS while decoding Database Description packet CVE-2011-3324 - 718059: OSPFD DoS while decoding Hello packet CVE-2011-3325 -...
seamonkey: Update to Mozilla Seamonkey 2.4.1 (important)
Mozilla Seamonkey was updated to version 2.4.1, which fixes some regressions found in the 2.4 release...
MozillaThunderbird: Update to Mozilla Thunderbird 3.1.14 (important)
Mozilla Thunderbird was updated to version 3.1.14, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...
MozillaFirefox: Update to Firefox 3.6.23 (important)
Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...
seamonkey: Update to Mozilla Seamonkey 2.4 (important)
Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...
mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)
Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...
jakarta-commons-daemon (important)
jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729...
MozillaThunderbird: 3.1.13 (important)
This update brings Mozilla Thunderbird to 3.1.13. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read: MFSA 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.ht ml...
MozillaFirefox: 6.0.2 (important)
This update brings Mozilla Firefox to 6.0.2. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read: MFSA 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.ht ml...
mozilla-nss: Update 3.12.11 update (important)
This update updates mozilla nss to 3.12.11. It blacklists the lately compromised DigiNotar Certificate Authority...
VUL-0: CVE-2011-3205: squid: buffer overflow in Gopher reply parser (important)
This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code CVE-2011-3205...