VARIoT IoT vulnerabilities database
| VAR-201305-0118 | CVE-2013-1245 | Cisco WebEx Social Vulnerability that bypasses access restrictions on user management pages |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The user-management page in Cisco WebEx Social relies on client-side validation of values in the Screen Name, First Name, Middle Name, Last Name, Email Address, and Job Title fields, which allows remote authenticated users to bypass intended access restrictions via crafted requests, aka Bug ID CSCue67190. Vendors have confirmed this vulnerability Bug ID CSCue67190 It is released as.Remotely authenticated users could bypass access restrictions through crafted requests. Cisco WebEx Social is prone to multiple security-bypass vulnerabilities.
Attackers can exploit these issues to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks.
This issue is being tracked by the Cisco Bug ID CSCue67190. Cisco WebEx Social is an enterprise collaboration system platform of Cisco (Cisco). The system platform provides functions such as voice, video, applications (Web conferencing applications, messaging applications, mobile applications) and enterprise social software
| VAR-201305-0370 | No CVE | Fujitsu Lifebook A512 Multiple Search Paths Handle Local Privilege Escalation Vulnerabilities |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Fujitsu Lifebook A512 is a notebook device. Fujitsu Lifebook A512 multiple pre-installers use unquoted search paths in UninstallString, allowing an attacker to exploit a vulnerability to build a malicious file and name it \"Program.exe\" in the system root directory, which can be high at system startup Permission to execute. These programs include Norton Internet Security, FJ Camera, Management Engine Driver for Intel and OpenCL SDK. Local attackers can exploit the vulnerability to escalate permissions
| VAR-201305-0292 | CVE-2013-2728 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Impact
======
A remote attacker could entice a user to open specially crafted SWF
content, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition.
Furthermore, a remote attacker may be able to bypass access
restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.310"
References
==========
[ 1 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 2 ] CVE-2012-5248
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5248
[ 3 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 4 ] CVE-2012-5249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5249
[ 5 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 6 ] CVE-2012-5250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5250
[ 7 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 8 ] CVE-2012-5251
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5251
[ 9 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 10 ] CVE-2012-5252
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5252
[ 11 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 12 ] CVE-2012-5253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5253
[ 13 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 14 ] CVE-2012-5254
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5254
[ 15 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 16 ] CVE-2012-5255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5255
[ 17 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 18 ] CVE-2012-5256
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5256
[ 19 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 20 ] CVE-2012-5257
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5257
[ 21 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 22 ] CVE-2012-5258
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5258
[ 23 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 24 ] CVE-2012-5259
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5259
[ 25 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 26 ] CVE-2012-5260
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5260
[ 27 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 28 ] CVE-2012-5261
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5261
[ 29 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 30 ] CVE-2012-5262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5262
[ 31 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 32 ] CVE-2012-5263
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5263
[ 33 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 34 ] CVE-2012-5264
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5264
[ 35 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 36 ] CVE-2012-5265
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5265
[ 37 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 38 ] CVE-2012-5266
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5266
[ 39 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 40 ] CVE-2012-5267
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5267
[ 41 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 42 ] CVE-2012-5268
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5268
[ 43 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 44 ] CVE-2012-5269
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5269
[ 45 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 46 ] CVE-2012-5270
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5270
[ 47 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 48 ] CVE-2012-5271
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5271
[ 49 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 50 ] CVE-2012-5272
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5272
[ 51 ] CVE-2012-5274
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5274
[ 52 ] CVE-2012-5275
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5275
[ 53 ] CVE-2012-5276
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5276
[ 54 ] CVE-2012-5277
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5277
[ 55 ] CVE-2012-5278
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5278
[ 56 ] CVE-2012-5279
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5279
[ 57 ] CVE-2012-5280
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5280
[ 58 ] CVE-2012-5676
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5676
[ 59 ] CVE-2012-5677
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5677
[ 60 ] CVE-2012-5678
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5678
[ 61 ] CVE-2013-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0504
[ 62 ] CVE-2013-0630
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0630
[ 63 ] CVE-2013-0633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0633
[ 64 ] CVE-2013-0634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0634
[ 65 ] CVE-2013-0637
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0637
[ 66 ] CVE-2013-0638
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0638
[ 67 ] CVE-2013-0639
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0639
[ 68 ] CVE-2013-0642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0642
[ 69 ] CVE-2013-0643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0643
[ 70 ] CVE-2013-0644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0644
[ 71 ] CVE-2013-0645
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0645
[ 72 ] CVE-2013-0646
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646
[ 73 ] CVE-2013-0647
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0647
[ 74 ] CVE-2013-0648
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0648
[ 75 ] CVE-2013-0649
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0649
[ 76 ] CVE-2013-0650
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650
[ 77 ] CVE-2013-1365
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1365
[ 78 ] CVE-2013-1366
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1366
[ 79 ] CVE-2013-1367
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1367
[ 80 ] CVE-2013-1368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1368
[ 81 ] CVE-2013-1369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1369
[ 82 ] CVE-2013-1370
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1370
[ 83 ] CVE-2013-1371
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371
[ 84 ] CVE-2013-1372
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1372
[ 85 ] CVE-2013-1373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1373
[ 86 ] CVE-2013-1374
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1374
[ 87 ] CVE-2013-1375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375
[ 88 ] CVE-2013-1378
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1378
[ 89 ] CVE-2013-1379
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1379
[ 90 ] CVE-2013-1380
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1380
[ 91 ] CVE-2013-2555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2555
[ 92 ] CVE-2013-2728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2728
[ 93 ] CVE-2013-3343
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3343
[ 94 ] CVE-2013-3344
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3344
[ 95 ] CVE-2013-3345
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3345
[ 96 ] CVE-2013-3347
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3347
[ 97 ] CVE-2013-3361
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361
[ 98 ] CVE-2013-3362
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362
[ 99 ] CVE-2013-3363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363
[ 100 ] CVE-2013-5324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201305-0208 | CVE-2013-3335 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 ,and CVE-2013-3334 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0207 | CVE-2013-3334 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0204 | CVE-2013-3333 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0200 | CVE-2013-3329 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0203 | CVE-2013-3332 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0202 | CVE-2013-3331 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0201 | CVE-2013-3330 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0199 | CVE-2013-3328 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0198 | CVE-2013-3327 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0197 | CVE-2013-3326 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3325 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0196 | CVE-2013-3325 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3324 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201305-0192 | CVE-2013-3324 | Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335. This vulnerability CVE-2013-2728 , CVE-2013-3325 , CVE-2013-3326 , CVE-2013-3327 , CVE-2013-3328 , CVE-2013-3329 , CVE-2013-3330 , CVE-2013-3331 , CVE-2013-3332 , CVE-2013-3333 , CVE-2013-3334 ,and CVE-2013-3335 Is a different vulnerability.An attacker could execute arbitrary code or cause a denial of service ( Memory corruption ) There is a possibility of being put into a state.
Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe AIR is a cross-operating system runtime environment that can be used to build and configure cross-platform desktop RIA (Rich Internet Applications) applications. Vulnerabilities in versions prior to 0.1860; Adobe AIR SDK & Compiler prior to 3.7.0.1860. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2013:0825-01
Product: Red Hat Enterprise Linux Supplementary
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0825.html
Issue date: 2013-05-15
CVE Names: CVE-2013-2728 CVE-2013-3324 CVE-2013-3325
CVE-2013-3326 CVE-2013-3327 CVE-2013-3328
CVE-2013-3329 CVE-2013-3330 CVE-2013-3331
CVE-2013-3332 CVE-2013-3333 CVE-2013-3334
CVE-2013-3335
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed in the Adobe Security bulletin APSB13-14,
listed in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
962895 - flash-plugin: multiple code execution flaws (APSB13-14)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-11.2.202.285-1.el5.i386.rpm
x86_64:
flash-plugin-11.2.202.285-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.285-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.285-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2013-2728.html
https://www.redhat.com/security/data/cve/CVE-2013-3324.html
https://www.redhat.com/security/data/cve/CVE-2013-3325.html
https://www.redhat.com/security/data/cve/CVE-2013-3326.html
https://www.redhat.com/security/data/cve/CVE-2013-3327.html
https://www.redhat.com/security/data/cve/CVE-2013-3328.html
https://www.redhat.com/security/data/cve/CVE-2013-3329.html
https://www.redhat.com/security/data/cve/CVE-2013-3330.html
https://www.redhat.com/security/data/cve/CVE-2013-3331.html
https://www.redhat.com/security/data/cve/CVE-2013-3332.html
https://www.redhat.com/security/data/cve/CVE-2013-3333.html
https://www.redhat.com/security/data/cve/CVE-2013-3334.html
https://www.redhat.com/security/data/cve/CVE-2013-3335.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb13-14.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFRk0+VXlSAg2UNWIIRAkH8AJ4qnX1dCu9PQZVRQTc+jd80f3eHuQCgpBlA
pCXFdmTpNYaaRsAS+FVd7h4=
=8nby
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201306-0226 | CVE-2013-1862 | Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. Apache HTTP Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input.
Attackers can exploit this issue to execute arbitrary commands in the context of the application. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2015-043: RSA\xae Validation Manager Security Update for Multiple Vulnerabilities
EMC Identifier: ESA-2015-043
CVE Identifier: CVE-2014-3566, CVE-2014-0098, CVE-2014-0231, CVE-2014-0226, CVE-2013-1862, CVE-2012-3499, CVE-2015-0526, CVE-2013-2566
Severity Rating: CVSSv2 Base Score: See below for details
Affected Products:
RSA Validation Manager 3.2 prior to Build 201
Unaffected Products:
RSA Validation Manager 3.2 Build 201 or above
Summary:
RSA Validation Manager (RVM) requires a security update to address potential multiple vulnerabilities.
Details:
RSA Validation Manager (RVM) contains security fixes to address the following vulnerabilities:
CVE-2014-3566:The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0098: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 for more details. See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2014-0226: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226for more details.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1862 for more details.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3499 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-2013-2566: The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
See https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566 for more details.
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Reflected Cross-Site Scripting Vulnerability (CVE-2015-0526): A cross-site scripting vulnerability affecting the displayMode and wrapPreDisplayMode parameter could potentially be exploited by an attacker to execute arbitrary HTML and script code in RVM user\x92s browser session.
CVSSv2 Base Score:7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm. To search for a particular CVE, use the database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search.
Recommendation:
The following RVM release contains the resolution to these issues:
RSA Validation Manager 3.2 Build 201 or later
RSA recommends all customers upgrade to the version mentioned above at the earliest opportunity.
Credit:
RSA would like to thank Ken Cijsouw (ken.cijsouw@sincerus.nl) for reporting CVE-2015-0526.
Obtaining Downloads:
To obtain the latest RSA product downloads, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose download you want to obtain. Scroll to the section for the product download that you want and click on the link.
Obtaining Documentation:
To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Obtaining More Information:
For more information about RSA products, visit the RSA web site at http://www.rsa.com.
Getting Support and Service:
For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help & Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab.
General Customer Support Information:
http://www.emc.com/support/rsa/index.htm
RSA SecurCare Online:
https://knowledge.rsasecurity.com
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions.
http://www.emc.com/support/rsa/eops/index.htm
SecurCare Online Security Advisories
RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
About RSA SecurCare Notes & Security Advisories Subscription
RSA SecurCare Notes & Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If you\x92d like to stop receiving RSA SecurCare Notes & Security Advisories, or if you\x92d like to change which RSA product family Notes & Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3. Following the instructions on the page, remove the check mark next to the RSA product family whose Notes & Security Advisories you no longer want to receive. Click the Submit button to save your selection. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-02-25-1 OS X Mavericks 10.9.2 and Security Update
2014-001
OS X Mavericks 10.9.2 and Security Update 2014-001 is now available
and addresses the following:
Apache
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most
serious of which may lead to cross-site scripting. These issues were
addressed by updating Apache to version 2.2.26.
CVE-ID
CVE-2013-1862
CVE-2013-1896
App Sandbox
Available for: OS X Mountain Lion v10.8.5
Impact: The App Sandbox may be bypassed
Description: The LaunchServices interface for launching an
application allowed sandboxed apps to specify the list of arguments
passed to the new process. A compromised sandboxed application could
abuse this to bypass the sandbox. This issue was addressed by
preventing sandboxed applications from specifying arguments. This
issue does not affect systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR
ATS
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Viewing or downloading a document containing a maliciously
crafted embedded font may lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of
handling of Type 1 fonts. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-1254 : Felix Groebert of the Google Security Team
ATS
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: A memory corruption issue existed in the handling of
Mach messages passed to ATS. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1262 : Meder Kydyraliev of the Google Security Team
ATS
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: An arbitrary free issue existed in the handling of Mach
messages passed to ATS. This issue was addressed through additional
validation of Mach messages.
CVE-ID
CVE-2014-1255 : Meder Kydyraliev of the Google Security Team
ATS
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: The App Sandbox may be bypassed
Description: A buffer overflow issue existed in the handling of Mach
messages passed to ATS. This issue was addressed by additional bounds
checking.
CVE-ID
CVE-2014-1256 : Meder Kydyraliev of the Google Security Team
Certificate Trust Policy
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Root certificates have been updated
Description: The set of system root certificates has been updated.
The complete list of recognized system roots may be viewed via the
Keychain Access application.
CFNetwork Cookies
Available for: OS X Mountain Lion v10.8.5
Impact: Session cookies may persist even after resetting Safari
Description: Resetting Safari did not always delete session cookies
until Safari was closed. This issue was addressed through improved
handling of session cookies. This issue does not affect systems
running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett
CoreAnimation
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Visiting a maliciously crafted site may lead to an
unexpected application termination or arbitrary code execution
Description: A heap buffer overflow existed in CoreAnimation's
handling of images. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1258 : Karl Smith of NCC Group
CoreText
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: Applications that use CoreText may be vulnerable to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in CoreText in the handling
of Unicode fonts. This issue is addressed through improved bounds
checking.
CVE-ID
CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs
curl
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: When using curl to connect to an HTTPS URL containing
an IP address, the IP address was not validated against the
certificate. This issue does not affect systems prior to OS X
Mavericks v10.9.
CVE-ID
CVE-2014-1263 : Roland Moriz of Moriz GmbH
Data Security
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266
Date and Time
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: An unprivileged user may change the system clock
Description: This update changes the behavior of the systemsetup
command to require administrator privileges to change the system
clock.
CVE-ID
CVE-2014-1265
File Bookmark
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a file with a maliciously crafted name may lead to
an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of file
names. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1259
Finder
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: Accessing a file's ACL via Finder may lead to other users
gaining unauthorized access to files
Description: Accessing a file's ACL via Finder may corrupt the ACLs
on the file. This issue was addressed through improved handling of
ACLs.
CVE-ID
CVE-2014-1264
ImageIO
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a maliciously crafted JPEG file may lead to the
disclosure of memory contents
Description: An uninitialized memory access issue existed in
libjpeg's handling of JPEG markers, resulting in the disclosure of
memory contents. This issue was addressed by better JPEG handling.
CVE-ID
CVE-2013-6629 : Michal Zalewski
IOSerialFamily
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5139 : @dent1zt
LaunchServices
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5
Impact: A file could show the wrong extension
Description: An issue existed in the handling of certain unicode
characters that could allow filenames to show incorrect extensions.
The issue was addressed by filtering unsafe unicode characters from
display in filenames. This issue does not affect systems running OS X
Mavericks v10.9 or later.
CVE-ID
CVE-2013-5178 : Jesse Ruderman of Mozilla Corporation, Stephane Sudre
of Intego
NVIDIA Drivers
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Executing a malicious application could result in arbitrary
code execution within the graphics card
Description: An issue existed that allowed writes to some trusted
memory on the graphics card. This issue was addressed by removing the
ability of the host to write to that memory.
CVE-ID
CVE-2013-5986 : Marcin KoĆcielnicki from the X.Org Foundation
Nouveau project
CVE-2013-5987 : Marcin KoĆcielnicki from the X.Org Foundation
Nouveau project
PHP
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP, the most
serious of which may have led to arbitrary code execution. These
issues were addressed by updating PHP to version 5.4.22 on OS X
Mavericks v10.9, and 5.3.28 on OS X Lion and Mountain Lion.
CVE-ID
CVE-2013-4073
CVE-2013-4113
CVE-2013-4248
CVE-2013-6420
QuickLook
Available for: OS X Mountain Lion v10.8.5
Impact: Downloading a maliciously crafted Microsoft Office file may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue existed in QuickLook's
handling of Microsoft Office files. Downloading a maliciously crafted
Microsoft Office file may have led to an unexpected application
termination or arbitrary code execution. This issue does not affect
systems running OS X Mavericks 10.9 or later.
CVE-ID
CVE-2014-1260 : Felix Groebert of the Google Security Team
QuickLook
Available for: OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 and 10.9.1
Impact: Downloading a maliciously crafted Microsoft Word document
may lead to an unexpected application termination or arbitrary code
execution
Description: A double free issue existed in QuickLook's handling of
Microsoft Word documents. This issue was addressed through improved
memory management.
CVE-ID
CVE-2014-1252 : Felix Groebert of the Google Security Team
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'ftab'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1246 : An anonymous researcher working with HP's Zero Day
Initiative
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
'dref' atoms. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-1247 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'ldat'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1248 : Jason Kratzer working with iDefense VCP
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Viewing a maliciously crafted PSD image may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of PSD
images. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1249 : dragonltx of Tencent Security Team
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An out of bounds byte swapping issue existed in the
handling of 'ttfo' elements. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-1250 : Jason Kratzer working with iDefense VCP
QuickTime
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A signedness issue existed in the handling of 'stsz'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-1245 : Tom Gallagher & Paul Bates working with HP's Zero Day
Initiative
Secure Transport
Available for: OS X Mountain Lion v10.8.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There were known attacks on the confidentiality of SSL
3.0 and TLS 1.0 when a cipher suite used a block cipher in CBC mode.
To address these issues for applications using Secure Transport, the
1-byte fragment mitigation was enabled by default for this
configuration.
CVE-ID
CVE-2011-3389 : Juliano Rizzo and Thai Duong
OS X Mavericks v10.9.2 includes the content of Safari 7.0.2.
OS X Mavericks v10.9.2 and Security Update 2014-001 may be obtained from
the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTDNeoAAoJEPefwLHPlZEwaRAP/3i/2qRvNv6JqmE9p48uEyXn
mlxwXpMyop+vrgMmuiSP14EGSv06HO04PNUtaWPxm7tVYXu0tMtjDcYdIu40TAy6
U0T6QhRZC/uag1DCvdEOvqRUajKmmPtHTCJ6OsQGtGJHlEM+S5XgxRr7qgfkHMfb
OlqFsgpdL/AAiYNfzItN2C+r2Lfwro6LDlxhikpASojlMFQrk8nJ6irRv617anSZ
3DwJW2iJxNfpVrgqA1Nrx1fkrPmeT/8jgGuEP6RaKiWIbfXjRG5BW9WuarMqmaP8
C6XoTaJaqEO9zb7F2uJR0HIYpJd065y/xiYNm91yDWIjdrO3wVgNVPGo1pHVyYsY
Y7lcyHUVJortKF8SHquw0j3Ujeugu8iWp6ND/00/4dGvwb0jzrxPUxkEmJ43130O
t2Obtxdsaa+ub8cZHDN93WB3FQR5hd+KaeXLJC55q0qYY8o8zqdPqXAlYAP2gUQX
iB4Bs7NAh2CNJWNTtk2soTjZOwPvPLSPZ6I3w5i0HVP7HQl5K8chjihAwSeyezCZ
q5gxCiK0lBW88AUd9n3L7ZOW2Rg53mh6+RiUL/VQ7TfidoP417VDKum300pZkgNv
kBCklX9ya7QeLjOMnbnsTk32qG+TiDPgiGZ5IrK6C6T26dexJWbm8tuwPjy5r8mI
aiYIh+SzR0rBdMZRgyzv
=+DAJ
-----END PGP SIGNATURE-----
.
Background
==========
Apache HTTP Server is one of the most popular web servers on the
Internet. Please
review the CVE identifiers and research paper referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Apache HTTP Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.25"
References
==========
[ 1 ] CVE-2007-6750
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6750
[ 2 ] CVE-2012-4929
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4929
[ 3 ] CVE-2013-1862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1862
[ 4 ] CVE-2013-1896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1896
[ 5 ] Compression and Information Leakage of Plaintext
http://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update
Advisory ID: RHSA-2013:1208-01
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1208.html
Issue date: 2013-09-04
CVE Names: CVE-2012-3499 CVE-2012-4558 CVE-2013-1862
CVE-2013-1896 CVE-2013-1921 CVE-2013-2172
CVE-2013-4112
=====================================================================
1. Summary:
Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple
security issues, various bugs, and adds enhancements, is now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server - i386, noarch, x86_64
3. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.1.0, and includes bug fixes and enhancements. Refer
to the 6.1.1 Release Notes for information on the most significant of these
changes, available shortly from
https://access.redhat.com/site/documentation/
Security fixes:
Cross-site scripting (XSS) flaws were found in the mod_info, mod_status,
mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could
possibly use these flaws to perform XSS attacks if they were able to make
the victim's browser generate an HTTP request with a specially-crafted Host
header. (CVE-2012-3499)
Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer
module's manager web interface. If a remote attacker could trick a user,
who was logged into the manager web interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's manager interface session. (CVE-2012-4558)
A flaw was found in the way the mod_dav module handled merge requests. An
attacker could use this flaw to send a crafted merge request that contains
URIs that are not configured for DAV, causing the httpd child process to
crash. (CVE-2013-1896)
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially-crafted XML signature block. (CVE-2013-2172)
It was found that mod_rewrite did not filter terminal escape sequences from
its log file. (CVE-2013-1862)
The data file used by PicketBox Vault to store encrypted passwords contains
a copy of its own admin key. The file is encrypted using only this admin
key, not the corresponding JKS key. A local attacker with permission to
read the vault data file could read the admin key from the file, and use it
to decrypt the file and read the stored passwords in clear text.
(CVE-2013-1921)
A flaw was found in JGroup's DiagnosticsHandler that allowed an attacker on
an adjacent network to reuse the credentials from a previous successful
authentication. This could be exploited to read diagnostic information
(information disclosure) and attain limited remote code execution.
(CVE-2013-4112)
Warning: Before applying this update, back up your existing Red Hat JBoss
Enterprise Application Platform installation and deployed applications.
Refer to the Solution section for further details.
All users of Red Hat JBoss Enterprise Application Platform 6.1.0 on Red Hat
Enterprise Linux 6 are advised to upgrade to these updated packages. The
JBoss server process must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied. Also, back up any customized
Red Hat JBoss Enterprise Application Platform 6 configuration files. On
update, the configuration files that have been locally modified will not be
updated. The updated version of such files will be stored as the rpmnew
files. Make sure to locate any such files after the update and merge any
changes manually.
For more details, refer to the Release Notes for Red Hat JBoss Enterprise
Application Platform 6.1.1, available shortly from
https://access.redhat.com/site/documentation/
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
915883 - CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames
915884 - CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface
948106 - CVE-2013-1921 JBoss PicketBox: Insecure storage of masked passwords
953729 - CVE-2013-1862 httpd: mod_rewrite allows terminal escape sequences to be written to the log file
983489 - CVE-2013-4112 JGroups: Authentication via cached credentials
983549 - CVE-2013-1896 httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
985025 - Upgrade jbossweb to 7.2.2.Final-redhat-1
985061 - Upgrade jboss-as-console to 1.5.5.Final-redhat-1
985173 - Upgrade jboss-hal to 1.5.6.Final-redhat-1
989597 - Upgrade jbossws-common to 2.1.3.Final-redhat-1
989606 - Upgrade jboss-stdio to 1.0.2.GA-redhat-1
990636 - Upgrade jboss-aesh to 0.33.6-redhat-1
990657 - Upgrade jaxbintros to 1.0.2.GA-redhat-5
990662 - Upgrade picketlink-federation to 2.1.6.2.Final-redhat-2
990671 - Upgrade jbossts to 4.17.7.Final-redhat-3
990686 - Upgrade jboss-logmanager to 1.4.3.Final-redhat-1
995115 - Upgrade hornetq to 2.3.5.Final-redhat-1
995290 - Upgrade jgroups to 3.2.10.Final-redhat-1
995563 - Upgrade picketbox to 4.0.17.SP2-redhat-1
996313 - Upgrade hornetq-native to 2.3.5.Final-redhat-1
999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing
6. Package List:
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server:
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-2.6.8-8.redhat_7.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hibernate4-4.2.0-7.SP1_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-2.3.5-2.Final_redhat_2.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/httpd-2.2.22-25.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/infinispan-5.2.7-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/ironjacamar-1.0.19-1.Final_redhat_2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jaxbintros-1.0.2-16.GA_redhat_6.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-aesh-0.33.7-2.redhat_2.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-marshalling-1.3.18-1.GA_redhat_1.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-modules-1.2.2-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossts-4.17.7-4.Final_redhat_4.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-common-2.1.3-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jcip-annotations-eap6-1.0-4.redhat_4.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/jgroups-3.2.10-1.Final_redhat_2.2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/netty-3.6.6-2.Final_redhat_1.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/opensaml-2.5.1-2.redhat_2.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/openws-1.4.2-10.redhat_4.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/wss4j-1.6.10-1.redhat_1.ep6.el6.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/JBEAP/SRPMS/xml-security-1.5.5-1.redhat_1.ep6.el6.src.rpm
i386:
apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.i386.rpm
apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-2.redhat_2.ep6.el6.i386.rpm
hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm
hornetq-native-debuginfo-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm
httpd-2.2.22-25.ep6.el6.i386.rpm
httpd-debuginfo-2.2.22-25.ep6.el6.i386.rpm
httpd-devel-2.2.22-25.ep6.el6.i386.rpm
httpd-tools-2.2.22-25.ep6.el6.i386.rpm
jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.i386.rpm
mod_ssl-2.2.22-25.ep6.el6.i386.rpm
noarch:
apache-commons-beanutils-1.8.3-12.redhat_3.2.ep6.el6.noarch.rpm
apache-cxf-2.6.8-8.redhat_7.1.ep6.el6.noarch.rpm
apache-cxf-xjc-utils-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm
cxf-xjc-boolean-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm
cxf-xjc-dv-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm
cxf-xjc-ts-2.6.0-2.redhat_4.1.ep6.el6.noarch.rpm
hibernate4-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm
hibernate4-core-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm
hibernate4-entitymanager-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm
hibernate4-envers-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm
hibernate4-infinispan-4.2.0-7.SP1_redhat_1.ep6.el6.noarch.rpm
hornetq-2.3.5-2.Final_redhat_2.1.ep6.el6.noarch.rpm
infinispan-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm
infinispan-cachestore-jdbc-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm
infinispan-cachestore-remote-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm
infinispan-client-hotrod-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm
infinispan-core-5.2.7-1.Final_redhat_1.ep6.el6.noarch.rpm
ironjacamar-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-common-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-common-impl-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-common-spi-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-core-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-core-impl-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-deployers-common-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-jdbc-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-spec-api-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
ironjacamar-validator-1.0.19-1.Final_redhat_2.ep6.el6.noarch.rpm
jaxbintros-1.0.2-16.GA_redhat_6.ep6.el6.noarch.rpm
jboss-aesh-0.33.7-2.redhat_2.1.ep6.el6.noarch.rpm
jboss-as-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-cli-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-client-all-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-clustering-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-cmp-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-connector-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-console-1.5.6-2.Final_redhat_2.1.ep6.el6.noarch.rpm
jboss-as-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-controller-client-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-deployment-repository-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-deployment-scanner-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-domain-http-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-domain-management-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-ee-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-ee-deployment-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-ejb3-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-embedded-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-host-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jacorb-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jaxr-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jaxrs-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jdr-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jpa-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jsf-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-jsr77-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-logging-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-mail-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-management-client-content-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-messaging-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-modcluster-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-naming-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-network-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-osgi-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-osgi-configadmin-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-osgi-service-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-platform-mbean-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-pojo-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-process-controller-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-protocol-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-remoting-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-sar-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-security-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-server-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-system-jmx-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-threads-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-transactions-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-version-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-web-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-webservices-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-weld-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-as-xts-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jboss-ejb-client-1.0.23-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-hal-1.5.7-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jboss-invocation-1.1.2-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-jsp-api_2.2_spec-1.0.1-6.Final_redhat_2.ep6.el6.noarch.rpm
jboss-logmanager-1.4.3-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-marshalling-1.3.18-1.GA_redhat_1.1.ep6.el6.noarch.rpm
jboss-modules-1.2.2-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-remote-naming-1.0.7-1.Final_redhat_1.ep6.el6.noarch.rpm
jboss-security-negotiation-2.2.5-2.Final_redhat_2.ep6.el6.noarch.rpm
jboss-stdio-1.0.2-1.GA_redhat_1.ep6.el6.noarch.rpm
jbossas-appclient-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-bundles-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-core-7.2.1-6.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-domain-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-javadocs-7.2.1-2.Final_redhat_10.ep6.el6.noarch.rpm
jbossas-modules-eap-7.2.1-9.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-product-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-standalone-7.2.1-6.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossas-welcome-content-eap-7.2.1-5.Final_redhat_10.1.ep6.el6.noarch.rpm
jbossts-4.17.7-4.Final_redhat_4.ep6.el6.noarch.rpm
jbossweb-7.2.2-1.Final_redhat_1.1.ep6.el6.noarch.rpm
jbossws-common-2.1.3-1.Final_redhat_1.ep6.el6.noarch.rpm
jbossws-cxf-4.1.4-7.Final_redhat_7.ep6.el6.noarch.rpm
jbossws-spi-2.1.3-1.Final_redhat_1.ep6.el6.noarch.rpm
jcip-annotations-eap6-1.0-4.redhat_4.ep6.el6.noarch.rpm
jgroups-3.2.10-1.Final_redhat_2.2.ep6.el6.noarch.rpm
log4j-jboss-logmanager-1.0.2-1.Final_redhat_1.ep6.el6.noarch.rpm
netty-3.6.6-2.Final_redhat_1.1.ep6.el6.noarch.rpm
opensaml-2.5.1-2.redhat_2.1.ep6.el6.noarch.rpm
openws-1.4.2-10.redhat_4.1.ep6.el6.noarch.rpm
picketbox-4.0.17-3.SP2_redhat_2.1.ep6.el6.noarch.rpm
picketlink-federation-2.1.6.3-2.Final_redhat_2.2.ep6.el6.noarch.rpm
wss4j-1.6.10-1.redhat_1.ep6.el6.noarch.rpm
xml-security-1.5.5-1.redhat_1.ep6.el6.noarch.rpm
x86_64:
apache-commons-daemon-jsvc-eap6-1.0.15-2.redhat_2.ep6.el6.x86_64.rpm
apache-commons-daemon-jsvc-eap6-debuginfo-1.0.15-2.redhat_2.ep6.el6.x86_64.rpm
hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm
hornetq-native-debuginfo-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm
httpd-2.2.22-25.ep6.el6.x86_64.rpm
httpd-debuginfo-2.2.22-25.ep6.el6.x86_64.rpm
httpd-devel-2.2.22-25.ep6.el6.x86_64.rpm
httpd-tools-2.2.22-25.ep6.el6.x86_64.rpm
jbossas-hornetq-native-2.3.5-1.Final_redhat_1.ep6.el6.x86_64.rpm
mod_ssl-2.2.22-25.ep6.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-3499.html
https://www.redhat.com/security/data/cve/CVE-2012-4558.html
https://www.redhat.com/security/data/cve/CVE-2013-1862.html
https://www.redhat.com/security/data/cve/CVE-2013-1896.html
https://www.redhat.com/security/data/cve/CVE-2013-1921.html
https://www.redhat.com/security/data/cve/CVE-2013-2172.html
https://www.redhat.com/security/data/cve/CVE-2013-4112.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/site/documentation/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFSJ4RUXlSAg2UNWIIRAkONAJ9Gj4TeEJd7Dh9Yjd2ixoHf3Ww08wCgmeRo
TN/pCGYMRQOd86d72g1mzjI=
=8oZG
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201307-0482 | CVE-2013-2070 | nginx of http/modules/ngx_http_proxy_module.c Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability.
Attackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: nginx: Multiple vulnerabilities
Date: October 06, 2013
Bugs: #458726, #468870
ID: 201310-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in nginx, the worst of which
may allow execution of arbitrary code.
Background
==========
nginx is a robust, small, and high performance HTTP and reverse proxy
server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2
Description
===========
Multiple vulnerabilities have been discovered in nginx. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could send a specially crafted request, possibly
resulting in execution of arbitrary code with the privileges of the
process, or a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All nginx users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2"
References
==========
[ 1 ] CVE-2013-0337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337
[ 2 ] CVE-2013-2028
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028
[ 3 ] CVE-2013-2070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2721-1 security@debian.org
http://www.debian.org/security/ Nico Golde
July 07, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nginx
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-2070
Debian Bug : 708164
A buffer overflow has been identified in nginx, a small, powerful,
scalable web/proxy server, when processing certain chunked transfer
encoding requests if proxy_pass to untrusted upstream HTTP servers is
used.
The oldstable distribution (squeeze), is not affected by this problem.
For the stable distribution (wheezy), this problem has been fixed in
version 1.2.1-2.2+wheezy1.
For the unstable distribution (sid), this problem has been fixed in
version 1.4.1-1.
We recommend that you upgrade your nginx packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL
+m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi
kRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5
dnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP
auORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H
MNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH
0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez
o8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF
NUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX
6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM
CsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f
8xcpghy474tAclbQPQUi
=4eCV
-----END PGP SIGNATURE-----
| VAR-201306-0348 | CVE-2013-4629 | Huawei Video Conference system For Huawei viewpoint VP9610 and VP9620 Vulnerability in unit hijacking sessions |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method. Huawei VP9610 and VP9620 are prone to a session-hijacking vulnerability.
An attacker can exploit this issue to hijack user sessions and gain unauthorized access to the affected applications
| VAR-201305-0268 | CVE-2013-1136 | Cisco Aggregation Services Router Route Processor Run on Cisco IOS Service disruption in (DoS) Vulnerability made into a state |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS is prone to a local denial-of-service vulnerability.
A local attacker can exploit this issue to crash the system, resulting in denial-of-service conditions.
This issue is being tracked by Cisco bug ID CSCuc52193
| VAR-201305-0366 | No CVE | Fujitsu Desktop Update Permission Elevation Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Fujitsu is an ICT integrated service provider that provides industry solutions for the global market. There is a privilege elevation vulnerability in Fujitsu Desktop Update that allows malicious programs to execute in the context of the current user.
The application is registered as control panel item via
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]
@="Fujitsu DeskUpdate"
The "shell object" with GUID {070B64FF-795D-4DAA-88AD-6D3277C7E445} is
registered with
[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]
@="Fujitsu DeskUpdate"
"InfoTip"=expand:"@C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-132"
"System.ControlPanel.Category"=dword:00000005
"System.Software.TasksFileUrl"="C:\\Program Files (x86)\\Fujitsu\DeskUpdate\\duconfig.xml"
[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\DefaultIcon]
@=expand:"C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe,-0"
[HKLM\SOFTWARE\Classes\CLSID\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\Shell\Open\Command]
@="C:\\Program Files (x86)\\Fujitsu\\DeskUpdate\\DeskUpdate.exe"
The last entry is a pathname with unquoted spaces and allows the
execution of the rogue programs "C:\Program.exe" and/or
"C:\Program Files.exe", as documented in
<http://msdn.microsoft.com/library/ms682425.aspx>
Stefan Kanthak
PS: long pathnames containing spaces exist for about 20 years
now in Windows, EVERY developer should know how to use them
properly, and EVERY QA should check their proper use!