7843 matches found
acroread (critical)
acrobat reader was updated to version 9.4.6 to fix several security issues CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442...
apache2: Fixed several security issues (important)
This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...
pam: fixing stack overflow (CVE-2011-3148), a local DoS (CVE-2011-3149) and CVE-2010-3316. (important)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files. Additionally a missing return value check inside pamxauth has been fixed CVE-2010-3316...
pam: fixing stack overflow (CVE-2011-3148) and DoS (CVE-2011-3149) (important)
The pamenv module is vulnerable to a stack overflow CVE-2011-3148 and a DoS condition CVE-2011-3149 when parsing users .pamenvironment files...
rpm (CVE-2011-3378) (important)
Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures CVE-2011-3378...
opera: Release 11.52 to fix memory corruption via SVG content (important)
This update of Opera fixes a memory flaw in the code that processes SVG content which could be exploited by attackers to execute arbitrary code through specially crafted websites...
krb5: fixed kdc remote denial of service ( CVE-2011-1528, CVE-2011-1529) and unauthorized file access (CVE-2011-1526) (important)
The following issues have been fixed: - CVE-2011-1528: In releases krb5-1.8 and later, the KDC can crash due to an assertion failure. - CVE-2011-1529: In releases krb5-1.8 and later, the KDC can crash due to a null pointer dereference. Both bugs could be triggered by unauthenticated remote...
ldns (CVE-2011-3581) (important)
A boundary error in ldnsrrnewfrmstrinternal could lead to a heap-based buffer overfow when processing RR records CVE-2011-3581...
quagga: fixing multiple vulnerabilities (important)
This update fixes the following security issues: - 718056: OSPF6D buffer overflow while decoding Link State Update with Inter Area Prefix Lsa CVE-2011-3323 - 718058: OSPF6D DoS while decoding Database Description packet CVE-2011-3324 - 718059: OSPFD DoS while decoding Hello packet CVE-2011-3325 -...
seamonkey: Update to Mozilla Seamonkey 2.4.1 (important)
Mozilla Seamonkey was updated to version 2.4.1, which fixes some regressions found in the 2.4 release...
MozillaThunderbird: Update to Mozilla Thunderbird 3.1.14 (important)
Mozilla Thunderbird was updated to version 3.1.14, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...
MozillaFirefox: Update to Firefox 3.6.23 (important)
Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...
seamonkey: Update to Mozilla Seamonkey 2.4 (important)
Mozilla Seamonkey was updated to version 2.4, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...
mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)
Mozilla XULRunner was updated to version 1.9.2.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory...
jakarta-commons-daemon (important)
jsvc did not properly drop capabilities, therefore allowing applications to access files owned by the super user CVE-2011-2729...
MozillaThunderbird: 3.1.13 (important)
This update brings Mozilla Thunderbird to 3.1.13. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read: MFSA 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.ht ml...
MozillaFirefox: 6.0.2 (important)
This update brings Mozilla Firefox to 6.0.2. The purpose of this update is to blacklist the compromised DigiNotar Certificate Authority. For more information read: MFSA 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.ht ml...
mozilla-nss: Update 3.12.11 update (important)
This update updates mozilla nss to 3.12.11. It blacklists the lately compromised DigiNotar Certificate Authority...
VUL-0: CVE-2011-3205: squid: buffer overflow in Gopher reply parser (important)
This update of squid3 fixes a buffer overflow vulnerability in the Gopher reply parser code CVE-2011-3205...
Update SSL CA certificates (important)
This updates includes the latest SSL root certificates trusted by Mozilla as of 2011-08-31. This includes removing the DigiNotar CA...
apache2: Fixed a remote denial of service via byte-ranges (important)
This update fixes a remote denial of service bug memory exhaustion in the Apache 2 HTTP server, that could be triggered by remote attackers using multiple overlapping Request Ranges . CVE-2011-3192...
MozillaFirefox: Update to Firefox 6 (important)
Mozilla Firefox was updated to version 6. It brings new features, fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-29.ht ml Mozilla Foundation Security Advisory 2011-29 MFSA 2011-29 Miscellaneous memory safety hazards:...
MozillaThunderbird: Update to 3.1.12 (important)
Mozilla Thunderbird was updated to 3.1.12 fixing various bugs and security issues: Mozilla Foundation Security Advisory 2011-32 MFSA 2011-32 http://www.mozilla.org/security/announce/2011/mfsa2011-32.ht ml Many of the issues listed below are not exploitable through mail since JavaScript is disable...
MozillaFirefox: Update to Firefox 3.6.20 (important)
Mozilla Firefox was updated to version 3.6.20. It fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-30.ht ml Mozilla Foundation Security Advisory 2011-30 MFSA 2011-30 Miscellaneous memory safety hazards Mozilla developers...
seamonkey: Update to Mozilla Seamonkey 2.3 (important)
Mozilla Seamonkey suite was updated to version 2.3. The update fixes bugs and security issues. Following security issues were fixed: http://www.mozilla.org/security/announce/2011/mfsa2011-33.ht ml Mozilla Foundation Security Advisory 2011-33 MFSA 2011-33 Mozilla Foundation Security Advisory 2011-...
libmodplug: Fixed multiple vulnerabilities reported in <= 0.8.8.3 (important)
This update of libmodplug0 fixes the following issues: 1 An integer overflow error exists within the "CSoundFile::ReadWav" function src/loadwav.cpp when processing certain WAV files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted WA...
xen: Fixed a security bug and various other bugs (important)
Security / Collective Update for Xen Xen: - bnc702025 - VUL-0: xen: VT-d PCI passthrough MSI trap injection CVE-2011-1898 - bnc703924 - update block-npiv scripts to support BFA HBA - bnc689954 - L3: Live migrations fail when guest crashes: domaincrashsync called from entry.S - bnc693472 - Bridge...
mozilla-nss: Update to 3.12.11 (important)
The mozilla NSS libraries were updated to 3.12.11 to align with newer Mozilla seamonkey and Firefox releases. Interesting changes are: - blacklisting malicious root certificates - several bugfixes...
ecryptfs-utils: Update to fix various symlink race attacks (important)
This update of ecryptfs-utils fixes several security problems: - CVE-2011-1831 - Race condition when checking mountpoint during mount. - CVE-2011-1832 - Race condition when checking mountpoint during unmount. - CVE-2011-1833 - Race condition when checking source during mount. - CVE-2011-1834 -...
flash-player (critical)
The update to Flash-Player 10.3.188.5 fixes various security issues: - CVE-2011-2130: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P - CVE-2011-2134: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P - CVE-2011-2135: CVSS v2 Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P - CVE-2011-2136: CVSS v2...
apache2-mod_fcgid: fixed possible stack overflow due to wrong pointer arithmetic (CVE-2010-3872) (important)
A possible stack overflow in apache2-modfcgid due to wrong pointer arithmetic has been fixed. CVE-2010-3872 has been assigned to this issue...
freetype: Fixed several off-by-one / length checks missing (important)
This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products. CVE-2011-0226...
compat-openssl097g (important)
This update adds openssl patches since 2007 for: - CVE-2008-5077 - CVE-2009-0590 - CVE-2009-0789 - CVE-2009-3555 - CVE-2010-4180...
kvm (important)
A privileged guest user could cause a buffer overflow in the virtio subsystem of the host, therefore crashing the guest or potentially execute arbitrary code on the host CVE-2011-2212, CVE-2011-2512...
bind: fixing remote Denial of Service (CVE-2011-2464) (important)
A remote Denial of Service vulnerability has been fixed in bind. Specially crafted packets could cause bind servers recursive as well as authoritative to exit. CVE-2011-2464 has been assigned to this issue...
mariadb: Fixed missing innodb support after last update (critical)
The last security version upgrade of MariaDB a MySQL fork removed innodb support, breaking old databases. This update fixes this problem. - 704811: mariadb "security update" breaks database...
MozillaThunderbird: Update to Thunderbird 3.1.11 (important)
Mozilla Thunderbird was updated to the 3.1.11 release. It has new features, fixes lots of bugs, and also fixes the following security issues: MFSA 2011-19/CVE-2011-2374 CVE-2011-2376 CVE-2011-2364 CVE-2011-2365 Miscellaneous memory safety hazards MFSA 2011-20/CVE-2011-2373 bmo617247 Use-after-fre...
java-1_6_0-openjdk (important)
Icedtea as included in java-160-openjdk was updated to fix several security issues: S6213702, CVE-2011-0872: so non-blocking sockets with TCP urgent disabled get still selected for read ops win S6618658, CVE-2011-0865: Vulnerability in deserialization S7012520, CVE-2011-0815: Heap overflow...
subversion: security udpate (important)
Subversion was updated to version 1.6.17 to fix several security issues: - CVE-2011-1752: The moddavsvn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The moddavsvn Apache HTTPD server module can trigger a loop which consumes al...
subversion security udpate (important)
CVE-2011-1752: The moddavsvn Apache HTTPD server module can be crashed though when asked to deliver baselined WebDAV resources. - CVE-2011-1783: The moddavsvn Apache HTTPD server module can trigger a loop which consumes all available memory on the system. - CVE-2011-1921: The moddavsvn Apache...
opera (important)
opera 11.11 fixes a security vulnerability. Citing http://www.opera.com/support/kb/view/992/: Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional...
flash-player: Update to 10.3.181.26 (critical)
A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption vulnerability CVE-2011-2110 could cause a crash and potentiall...
Oracle Java 26 (critical)
Oracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle's site for further information: http://www.oracle.com/technetwork/topics/security/javacpujun e2011-313339.html CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0817, CVE-2011-0863, CVE-2011-0864,...