VARIoT IoT vulnerabilities database

IRAI AUTOMGEN is an industrial control simulation software. IRAI AUTOMGEN is vulnerable to loopholes due to the insufficiency of handling certain files. An attacker can use this problem to execute arbitrary code on an affected machine to achieve the purpose of the attack. A remote attacker successfully exploited this vulnerability to execute arbitrary code, which could cause a denial of service if the exploit failed

Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter. There are security vulnerabilities in multiple Schneider products that allow malicious local users to increase privileges. The vulnerability is due to security issues with UnitelWay windows device drivers used by Schneider's multiple products. A local attacker can exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products UnitelWay Device Driver Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46534 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46534/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46534 RELEASE DATE: 2011-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/46534/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46534/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46534 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Schneider Electric products, which can be exploited by malicious, local users to gain escalated privileges. Successful exploitation may allow execution of arbitrary code. * OPC Factory Server version 3.34. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute - Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: Schneider Electric: http://www.scada.schneider-electric.com/sites/scada/en/login/vijeo-citect-unitelway-windows-device-driver.page ICS-CERT (ICSA-11-277-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-277-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The D-Link DCS-2121 is a network camera device. The D-Link DCS-2121 is based on the Linux embedded system. If the password field data is not properly filtered, the shell metacharacter (semicolon injection) can be injected and any command can be executed. D-Link DCS-2121 is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary commands within the context of the affected device. D-Link DCS-2121 with firmware version 1.04 is vulnerable; other versions may also be affected

The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. CiscoWorks Common Services is prone to a remote command-injection vulnerability. A remote attacker can exploit this issue to execute arbitrary commands with system-level privileges on the underlying operating system. This issue is being tracked by Cisco bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is posted at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs Note:Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is: http://tools.cisco.com/security/center/publicationListing You can also navigate to this page from the Cisco Products and Services menu of the Cisco Security Intelligence Operations (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy. The following CiscoWorks products with the default Common Services installed are affected by this vulnerability, due to their underlying Common Services version: * CiscoWorks LAN Management Solution +---------------------------------------------------------------+ | LAN Management Solution Versions | Common Services Versions | |------------------------------------+--------------------------| | Prior to 3.2 on Microsoft Windows | Various | |------------------------------------+--------------------------| | 3.2 on Microsoft Windows | 3.3 | |------------------------------------+--------------------------| | 3.2.1 on Microsoft Windows | 3.3.1 | |------------------------------------+--------------------------| | 4.0 on Microsoft Windows | 4.0 | |------------------------------------+--------------------------| | 4.0.1 on Microsoft Windows | 4.0.1 | +---------------------------------------------------------------+ Note: CiscoWorks LAN Management Solution versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks LAN Management Solution. * Cisco Security Manager +---------------------------------------------------------------+ | Security Manager Versions | Common Services | | | Versions | |-----------------------------------------+---------------------| | Prior to 3.2 | Various | |-----------------------------------------+---------------------| | 3.2, 3.2 SP1, 3.2 SP2 | 3.1 | |-----------------------------------------+---------------------| | 3.2.1, 3.2.1 SP1 | 3.1.1 | |-----------------------------------------+---------------------| | 3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, | 3.2 | | 3.2.2 SP4 | | |-----------------------------------------+---------------------| | 3.3, 3.3 SP1, 3.3 SP2 | 3.2 | |-----------------------------------------+---------------------| | 3.3.1, 3.3.1 SP1, 3.3.1 SP2, 3.3.1 SP3 | 3.2 | |-----------------------------------------+---------------------| | 4.0, 4.0 SP1 | 3.3 | |-----------------------------------------+---------------------| | 4.0.1, 4.0.1 SP1 | 3.3 | |-----------------------------------------+---------------------| | 4.1 | 3.3 | +---------------------------------------------------------------+ Note: Cisco Security Manager versions prior to 3.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Security Manager. * Cisco Unified Service Monitor +---------------------------------------------------------------+ | Unified Operations Monitor | Common Services Versions | | Versions | | |------------------------------------+--------------------------| | Prior to 2.2 | Various | |------------------------------------+--------------------------| | 2.2 | 3.2 | |------------------------------------+--------------------------| | 2.3 | 3.2 | |------------------------------------+--------------------------| | 8.0 | 4.0 | |------------------------------------+--------------------------| | 8.5 | 4.0 | +---------------------------------------------------------------+ Note: Cisco Unified Service Monitor versions prior to 2.2 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of Cisco Unified Service Monitor. * CiscoWorks Quality of Service Policy Manager +---------------------------------------------------------------+ | Quality of Service Policy | Common Services | | Manager Versions | Versions | |--------------------------------------------+------------------| | Prior to 4.1 on Microsoft Windows | Various | |--------------------------------------------+------------------| | 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6 | 3.2 | | on Microsoft Windows | | +---------------------------------------------------------------+ Note: CiscoWorks Quality of Service (QoS) Policy Manager versions prior to 4.1 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks QoS Policy Manager. * CiscoWorks Voice Manager +---------------------------------------------------------------+ | Voice Manager Versions | Common Services Versions | |------------------------------------+--------------------------| | Prior to 3.0 on Microsoft Windows | Various | |------------------------------------+--------------------------| | 3.0 on Microsoft Windows | 3.0.2 | |------------------------------------+--------------------------| | 3.1 on Microsoft Windows | 3.0.2 | |------------------------------------+--------------------------| | 3.2 on Microsoft Windows | 3.3 | +---------------------------------------------------------------+ Note: CiscoWorks Voice Manager versions prior to 3.0 reached end of software maintenance. Customers should contact their Cisco support team for assistance in upgrading to a supported version of CiscoWorks Voice Manager. Products Confirmed Not Vulnerable +-------------------------------- All versions of CiscoWorks Common Services-based products running on Solaris are not affected by this vulnerability. Details ======= CiscoWorks Common Services is a set of management services that are shared by network management applications in a CiscoWorks solution set. CiscoWorks Common Services provides the foundation for CiscoWorks applications to share a common model for data storage, login, user role definitions, access privileges, security protocols, and navigation. It creates a standard user experience for all management functions. It also provides the common framework for all basic system level operations such as installation, data management (including backup-restoration and importing-exporting), event and message handling, job and process management, and software updates. The vulnerability is due to improper input validation in the CiscoWorks Home Page component. An attacker could exploit this vulnerability by sending a specially crafted URL to the affected system. This vulnerability could be exploited over the default management ports, TCP port 1741 or 443. Note: The default management ports can be reconfigured on the server. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2011-3310. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtq48990 - CiscoWorks Arbitrary Command Execution Vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtq63992 - CSM Arbitrary command execution vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtq64019 - CUSM Arbitrary command execution vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtq64011 - CUOM Arbitrary command execution vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtr23090 - QPM Arbitrary command execution vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtt25535 - CWVM Arbitrary command execution vulnerability CVSS Base Score - 9.0 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability may allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Software Versions and Fixes =========================== Cisco has released free software updates that address this vulnerability. Prior to deploying software updates, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. The following tables report the remediation for each affected product and version: * CiscoWorks LAN Management Solution +---------------------------------------------------------------+ | LMS | Remediation | Location | | Version | | | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 3.2 | cwcs33-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282641053&flowid= | | | | 5150 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 3.2.1 | cwcs331-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282641053&flowid= | | | | 5150 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 4.0 | LMS40-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 283434800&flowid= | | | | 19062 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 4.0.1 | LMS401-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 283434800&flowid= | | | | 19062 | +---------------------------------------------------------------+ * Cisco Security Manager +---------------------------------------------------------------+ | CSM Version | Remediation | Location | |----------------------+-------------+--------------------------| | 3.2. 3.2 SP1, 3.2 | Upgrade to | - | | SP2 | 3.3.1 SP4 | | |----------------------+-------------+--------------------------| | 3.2.1, 3.2.1 SP1 | Upgrade to | - | | | 3.3.1 SP4 | | |----------------------+-------------+--------------------------| | 3.2.2, 3.2.2 SP1, | Upgrade to | | | 3.2.2 SP2, 3.2.2 | 3.3.1 SP4 | - | | SP3, 3.2.2 SP4 | | | |----------------------+-------------+--------------------------| | 3.3, 3.3 SP1, 3.3 | Upgrade to | - | | SP2 | 3.3.1 SP4 | | |----------------------+-------------+--------------------------| | | | http://www.cisco.com/ | | 3.3.1, 3.3.1 SP1, | 3.3.1 SP4 | cisco/software/ | | 3.3.1 SP2, 3.3.1 SP3 | | type.html?mdfid= | | | | 280033778 | |----------------------+-------------+--------------------------| | 4.0, 4.0 SP1 | Upgrade to | - | | | 4.0.1 SP2 | | |----------------------+-------------+--------------------------| | | | http://www.cisco.com/ | | 4.0.1, 4.0.1 SP1 | 4.0.1 SP2 | cisco/software/ | | | | type.html?mdfid= | | | | 280033778 | |----------------------+-------------+--------------------------| | | | http://www.cisco.com/ | | 4.1 | 4.1 SP1 | cisco/software/ | | | | type.html?mdfid= | | | | 280033778 | +---------------------------------------------------------------+ * Cisco Unified Operations Manager +---------------------------------------------------------------+ | CUOM | Remediation | Location | | Version | | | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 2.2 | cwcs32-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282214601&flowid= | | | | 5149 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 2.3 | cwcs32-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282214601&flowid= | | | | 5149 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | | | /software/ | | 8.0 | CUOM8.0-win-Oct2011-su1-0.zip | release.html?mdfid= | | | | 283112898&flowid= | | | | 20421&softwareid= | | | | 282790483 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | | | /software/ | | 8.5 | CUOM8.5-win-Oct2011-su1-0.zip | release.html?mdfid= | | | | 283749793&flowid= | | | | 24321&softwareid= | | | | 282790483 | +---------------------------------------------------------------+ * Cisco Unified Service Monitor +---------------------------------------------------------------+ | CUSM | Remediation | Location | | Version | | | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 2.2 | cwcs32-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282214601&flowid= | | | | 5149 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | 2.3 | cwcs32-win-Oct2011-su1-0.zip | /software/ | | | | type.html?mdfid= | | | | 282214601&flowid= | | | | 5149 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | | | /software/ | | 8.0 | CUSM8.0-win-Oct2011-su1-0.zip | release.html?mdfid= | | | | 283315738&flowid= | | | | 20461&softwareid= | | | | 282773198 | |---------+-------------------------------+---------------------| | | | http:// | | | | www.cisco.com/cisco | | | | /software/ | | 8.5 | CUSM8.5-win-Oct2011-su1-0.zip | release.html?mdfid= | | | | 283749795&flowid= | | | | 24323&softwareid= | | | | 282801893 | +---------------------------------------------------------------+ * CiscoWorks QoS Policy Manager +---------------------------------------------------------------+ | QPM | Remediation | Location | | Version | | | |------------+------------------------------+-------------------| | 4.1.1, | | http:// | | 4.1.2, | | www.cisco.com/ | | 4.1.3, | cwcs32-win-Oct2011-su1-0.zip | cisco/software/ | | 4.1.4, | | type.html?mdfid= | | 4.1.5, | | 282214601&flowid= | | 4.1.6 | | 5149 | +---------------------------------------------------------------+ * CiscoWorks Voice Manager +---------------------------------------------------------------+ | CWVM | Remediation | Location | | Version | | | |---------+------------------------------+----------------------| | 3.0 and | Upgrade to 3.2 and apply the | - | | 3.1 | patch | | |---------+------------------------------+----------------------| | | | http://www.cisco.com | | | | /cisco/software/ | | 3.2 | cwcs33-win-Oct2011-su1-0.zip | type.html?mdfid= | | | | 282641053&flowid= | | | | 5150 | +---------------------------------------------------------------+ When considering software upgrades, also consult: http://www.cisco.com/go/psirt And any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html For additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by Noam Rathaus from Beyond Security. Status of this Notice: Final ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2011-October-19 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk6e09YACgkQQXnnBKKRMNCFFAD/Yj223bMnZ56jw9d27satYrJi AxlUJTreZhkfFKP7MdUA/iK+xR5/53gpdXbFpb4oy1egF4NA2CCH+QWhaEfuw7Ha =9EHc -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Home Page Component Command Injection Vulnerability SECUNIA ADVISORY ID: SA46533 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46533/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46533 RELEASE DATE: 2011-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/46533/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46533/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46533 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability have been reported in CiscoWorks Common Services, which can be exploited by malicious users to compromise a vulnerable system. SOLUTION: Update to a fixed version (please see vendor's advisory for details). ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-cs OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. Cisco Show and Share is prone to a security-bypass vulnerability. Remote attackers can exploit this issue to gain anonymous access to certain administration pages. Successful exploits may compromise the affected application and possibly the underlying computer. This issue is being tracked by Cisco Bug ID CSCto73758. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities Advisory ID: cisco-sa-20111019-sns Revision 1.0 For Public Release 2011 October 19 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. The first vulnerability allows an unauthenticated user to access several administrative web pages. The second vulnerability permits an authenticated user to execute arbitrary code on the device under the privileges of the web server user account. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities. This advisory is posted at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns Note:Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is: http://tools.cisco.com/security/center/publicationListing You can also navigate to this page from the CiscoProducts and Services menu of the Cisco Security Intelligence Operations (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy. Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect all versions of Cisco Show and Share prior to the first fixed releases as indicated in the Software Version and Fixes section of this Cisco Security Advisory. To determine the Cisco Show and Share Software release that an appliance is running, administrators can log in to the Appliance Administrative Interface (AAI), and access the main menu. The software version is identified next to the Cisco Show and Share field. The following example identifies a Cisco Show and Share appliance running version 5.2.2 Cisco Show and Share Application Administration Interface Main Menu IP: 192.168.0.1 Cisco Show and Share 5.2.2 http://sns.example.com/vportal SHOW_INFO Show system information. BACKUP_AND_RESTORE Back up and restore. APPLIANCE_CONTROL Configure advance options NETWORK_SETTINGS Configure network parameters. DATE_TIME_SETTINGS Configure date and time CERTIFICATE_MANAGEMENT Manage all certificates in the system < OK > <LOG OUT> Products Confirmed Not Vulnerable +-------------------------------- The following products are confirmed not vulnerable: * Cisco Video Portal No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Show and Share is a webcasting and video sharing application that helps organizations create secure video communities to share ideas and expertise, optimize global video collaboration, and personalize the connection between customers, employees, and students with user-generated content. Cisco Show and Share provides the ability to create live and on-demand video content, and define who can watch specific content. It offers viewer collaboration tools such as commenting, rating, and word tagging, and provides comprehensive access reporting. Cisco Show and Share contains the following vulnerabilities: * Anonymous users can access some administration pages Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. * Cisco Show and Share arbitrary code execution vulnerability An authenticated user with privileges to upload videos could upload code that could then be executed under the privileges of the web server. Note: The web server runs as a non-root user. Details regarding the impact of accessing each one of these administrative pages are included in the Impact section of this Cisco Security Advisory. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCto73758 - Anonymous users can access some administration pages CVSS Base Score - 7.5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 6.2 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCto69857 - Cisco Show and Share arbitrary code execution CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== These vulnerabilities have the following impact on Cisco Show and Share: * CSCto73758: Anonymous users can access some administration pages Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. The impact of the different administrative web pages include: Encoders Configurations +---------------------- The Encoders Configuration pages have a direct impact on live events. If all of the encoders from the encoders' configurations are removed, then a live event cannot be created. An encoder or a push configuration is required in order for a live event to be created. This page also reveals information about the encoders, such as Encoder IP Address and associated username. If all of the encoders of push configurations are removed, then a live event cannot be created. An encoder or a push configuration is required in order for a live event to be created. Video Encoding Formats +--------------------- Video encoding formats have a direct impact on the encoders. Even with an encoder or a push configuration configured, if no video format is specified then the encoder cannot encode the video stream for the live event. Transcoding +---------- This page does not have a direct impact on live events or the encoders. This page will only set a task to be executed for transcoding. Transcoding is a process of deriving digital media files that use one codec from digital media files that use a different codec; the source file is not changed or destroyed. If all tasks are removed the set task for transcoding will not be executed. * CSCto69857: Cisco Show and Share arbitrary code execution vulnerability An authenticated user may upload arbitrary code that can be executed on the appliance with the same privileges as the web server. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt And any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the software table (below) names a Cisco SnS release train. If a given release train is vulnerable, then the earliest possible releases that contains the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Each row of the software table (below) names a Cisco Show and Share release train. If a given release train is vulnerable, then the earliest possible releases that contains the fix are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the "First Fixed Release" is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "First Fixed Release" column of the table. WARNING: Please read the release notes on Cisco Show and Share version 5.2(3) regarding MCS Server Appliance support. The following MCS Server Appliances are not supported in Cisco Show and Share version 5.2(3), and administrators should use a recommended release of 5.2(2.1) or later: * MCS 7825-H2 * MCS 7825-H3 * MCS 7835-H1 * MCS 7835-H2 For further information for support MCS Server Appliances consult the release notes for Cisco Digital Media Suite 5.2.x at the following link: http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/release/notes/dms52rn.html#wp232018 +-------------------------------------------------------------------+ | Cisco Show and Share Release | First Fixed Release | |-------------------------------+-----------------------------------| | 5(2) | Vulnerable; migrate to 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(1) | Vulnerable; migrate to 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(2) | 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(3) | Not Vulnerable | +-------------------------------------------------------------------+ Note: Read the WARNING provided above regarding Cisco Show and Share version 5.2(3). Cisco Show and Share software upgrades, can be download from: http://www.cisco.com/cisco/software/type.html?mdfid=280171242&catid=268438145 Workarounds =========== There are no workarounds for these vulnerabilities. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were discovered and reported to Cisco Systems by Andy Yang and Mehdi Kiani of stratsec. Status of this Notice: Final ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2011-October-19 | Initial public release. | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk6ezG8ACgkQQXnnBKKRMNBC+wEAgw1X2jVS3rGMxCoAV7aZT2c/ V8mwj1IYOTyc++V/D4gA/jhvG+FAUN0Uh2j3wKuBhiM+djeLpfjpzRgkErdiM0zj =isVi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857. The issue occurs because the application fails to adequately sanitize user-supplied input. This issue is tracked by Cisco bug IDs CSCto69857. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Show and Share Security Vulnerabilities Advisory ID: cisco-sa-20111019-sns Revision 1.0 For Public Release 2011 October 19 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= The Cisco Show and Share webcasting and video sharing application contains two vulnerabilities. The first vulnerability allows an unauthenticated user to access several administrative web pages. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available for these vulnerabilities. This advisory is posted at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns Note:Effective October 18, 2011, Cisco moved the current list of Cisco Security Advisories and Responses published by Cisco PSIRT. The new location is: http://tools.cisco.com/security/center/publicationListing You can also navigate to this page from the CiscoProducts and Services menu of the Cisco Security Intelligence Operations (SIO) Portal. Following this transition, new Cisco Security Advisories and Responses will be published to the new location. Although the URL has changed, the content of security documents and the vulnerability policy are not impacted. Cisco will continue to disclose security vulnerabilities in accordance with the published Security Vulnerability Policy. Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect all versions of Cisco Show and Share prior to the first fixed releases as indicated in the Software Version and Fixes section of this Cisco Security Advisory. To determine the Cisco Show and Share Software release that an appliance is running, administrators can log in to the Appliance Administrative Interface (AAI), and access the main menu. The software version is identified next to the Cisco Show and Share field. The following example identifies a Cisco Show and Share appliance running version 5.2.2 Cisco Show and Share Application Administration Interface Main Menu IP: 192.168.0.1 Cisco Show and Share 5.2.2 http://sns.example.com/vportal SHOW_INFO Show system information. BACKUP_AND_RESTORE Back up and restore. APPLIANCE_CONTROL Configure advance options NETWORK_SETTINGS Configure network parameters. DATE_TIME_SETTINGS Configure date and time CERTIFICATE_MANAGEMENT Manage all certificates in the system < OK > <LOG OUT> Products Confirmed Not Vulnerable +-------------------------------- The following products are confirmed not vulnerable: * Cisco Video Portal No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Show and Share is a webcasting and video sharing application that helps organizations create secure video communities to share ideas and expertise, optimize global video collaboration, and personalize the connection between customers, employees, and students with user-generated content. Cisco Show and Share provides the ability to create live and on-demand video content, and define who can watch specific content. It offers viewer collaboration tools such as commenting, rating, and word tagging, and provides comprehensive access reporting. Cisco Show and Share contains the following vulnerabilities: * Anonymous users can access some administration pages Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. These include pages for accessing Encoders and Pull Configurations, Push Configurations, Video Encoding Formats, and Transcoding. Note: The web server runs as a non-root user. Details regarding the impact of accessing each one of these administrative pages are included in the Impact section of this Cisco Security Advisory. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCto73758 - Anonymous users can access some administration pages CVSS Base Score - 7.5 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 6.2 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCto69857 - Cisco Show and Share arbitrary code execution CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== These vulnerabilities have the following impact on Cisco Show and Share: * CSCto73758: Anonymous users can access some administration pages Several administrative web pages of the Cisco Show and Share can be accessed without prior user authentication. The impact of the different administrative web pages include: Encoders Configurations +---------------------- The Encoders Configuration pages have a direct impact on live events. If all of the encoders from the encoders' configurations are removed, then a live event cannot be created. An encoder or a push configuration is required in order for a live event to be created. This page also reveals information about the encoders, such as Encoder IP Address and associated username. Push Configurations +------------------ The Push Configurations and Encoders Configuration pages have a direct impact on live events. If all of the encoders of push configurations are removed, then a live event cannot be created. An encoder or a push configuration is required in order for a live event to be created. Video Encoding Formats +--------------------- Video encoding formats have a direct impact on the encoders. Even with an encoder or a push configuration configured, if no video format is specified then the encoder cannot encode the video stream for the live event. Transcoding +---------- This page does not have a direct impact on live events or the encoders. This page will only set a task to be executed for transcoding. Transcoding is a process of deriving digital media files that use one codec from digital media files that use a different codec; the source file is not changed or destroyed. If all tasks are removed the set task for transcoding will not be executed. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt And any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the software table (below) names a Cisco SnS release train. If a given release train is vulnerable, then the earliest possible releases that contains the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Each row of the software table (below) names a Cisco Show and Share release train. If a given release train is vulnerable, then the earliest possible releases that contains the fix are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the "First Fixed Release" is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "First Fixed Release" column of the table. WARNING: Please read the release notes on Cisco Show and Share version 5.2(3) regarding MCS Server Appliance support. The following MCS Server Appliances are not supported in Cisco Show and Share version 5.2(3), and administrators should use a recommended release of 5.2(2.1) or later: * MCS 7825-H2 * MCS 7825-H3 * MCS 7835-H1 * MCS 7835-H2 For further information for support MCS Server Appliances consult the release notes for Cisco Digital Media Suite 5.2.x at the following link: http://www.cisco.com/en/US/docs/video/digital_media_systems/5_x/5_2/dms/release/notes/dms52rn.html#wp232018 +-------------------------------------------------------------------+ | Cisco Show and Share Release | First Fixed Release | |-------------------------------+-----------------------------------| | 5(2) | Vulnerable; migrate to 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(1) | Vulnerable; migrate to 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(2) | 5.2(2.1) | |-------------------------------+-----------------------------------| | 5.2(3) | Not Vulnerable | +-------------------------------------------------------------------+ Note: Read the WARNING provided above regarding Cisco Show and Share version 5.2(3). Cisco Show and Share software upgrades, can be download from: http://www.cisco.com/cisco/software/type.html?mdfid=280171242&catid=268438145 Workarounds =========== There are no workarounds for these vulnerabilities. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at: http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were discovered and reported to Cisco Systems by Andy Yang and Mehdi Kiani of stratsec. Status of this Notice: Final ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111019-sns In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2011-October-19 | Initial public release. | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAk6ezG8ACgkQQXnnBKKRMNBC+wEAgw1X2jVS3rGMxCoAV7aZT2c/ V8mwj1IYOTyc++V/D4gA/jhvG+FAUN0Uh2j3wKuBhiM+djeLpfjpzRgkErdiM0zj =isVi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Vtiger CRM is a web-based open source customer relationship management system. Vtiger CRM uses the affected version class file located in /cron/class.phpmailer.php, and there is a remote code execution vulnerability in the implementation. This vulnerability can be exploited by malicious users to execute arbitrary code

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors. The vulnerability can be exploited over multiple protocols. This issue affects the 'Java Runtime Environment' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3 Description =========== Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551). IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552). IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3556). IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability, related to RMI (CVE-2011-3557). Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet&#039;s origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . Release Date: 2012-01-23 Last Updated: 2012-01-23 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 23 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547) A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558) The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553) It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552) This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the 'Deserialization' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29" All Oracle JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29" All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29" NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin. References ========== [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html -- Disclosure Timeline: 2011-05-12 - Vulnerability reported to vendor 2011-10-26 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sami Koivu -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . Release Date: 2012-01-23 Last Updated: 2012-01-23 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 23 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547) A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558) The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553) It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552) This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. IBM ServeRAID Manager version 9.30-17006 and prior exposes a Java RMI that allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'RMI' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33, JRockit R28.1.4. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Impact ====== A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29" All Oracle JRE 1.6 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29" All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29" NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin. References ========== [ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.5.0-ibm security update Advisory ID: RHSA-2011:1478-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1478.html Issue date: 2011-11-24 CVE Names: CVE-2011-3545 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3552 CVE-2011-3554 CVE-2011-3556 ===================================================================== 1. Summary: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Detailed vulnerability descriptions are linked from the IBM "Security alerts" page, listed in the References section. (CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3554, CVE-2011-3556) All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.ppc64.rpm s390: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.s390x.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el4.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el4.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm ppc: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-accessibility-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el5.x86_64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.i386.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm ppc64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.ppc64.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.ppc.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.ppc64.rpm s390x: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.s390x.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.s390.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.s390x.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-jdbc-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-plugin-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.i686.rpm x86_64: java-1.5.0-ibm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-demo-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.i686.rpm java-1.5.0-ibm-devel-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-javacomm-1.5.0.13.0-1jpp.1.el6.x86_64.rpm java-1.5.0-ibm-src-1.5.0.13.0-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://access.redhat.com/security/updates/classification/#critical http://www.ibm.com/developerworks/java/jdk/alerts/ http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOzmt6XlSAg2UNWIIRAi6QAKDBjSeCRF5ohy6oBxvlL2bKiIywSACeKzcH 3KDDc4HKBfG2KfDqGTHcd5E= =Nb9O -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3552 Malicous Java code can use up an excessive amount of UDP ports, leading to a denial of service. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3554 JAR files in pack200 format are not properly checked for errors, potentially leading to arbitrary code execution when unpacking crafted pack200 files. CVE-2011-3557 The RMI Registry server fails to properly restrict privileges of untrusted Java code, allowing RMI clients to elevate their privileges on the RMI Registry server. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D (CVE-2011-3551). IcedTea6 prior to 1.10.4 allows remote attackers to affect integrity via unknown vectors related to Networking (CVE-2011-3552). IcedTea6 prior to 1.10.4 allows remote authenticated users to affect confidentiality, related to JAXWS (CVE-2011-3553). A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection (CVE-2011-3389). Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag -Djsse.enableCBCProtection=false to the java command. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot (CVE-2011-3558). Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea project Web browser plugin. A malicious applet could use this flaw to bypass SOP protection and open connections to any sub-domain of the second-level domain of the applet&#039;s origin, as well as any sub-domain of the domain that is the suffix of the origin second-level domain. For example, IcedTea-Web plugin allowed applet from some.host.example.com to connect to other.host.example.com, www.example.com, and example.com, as well as www.ample.com or ample.com. (CVE-2011-3377). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOvSWxmqjQ0CJFipgRAnk1AKDUddZYCqwkfhoUpLxEL0BT3mDf0ACfbuTI aaF2JGTyfceBABs92un/yVA= =yPsD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 23 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. Exploiting this vulnerability could allow an attacker to exhaust all ephemeral ports on the system. This could impact the availability of networking and system resources on the computer. Other attacks are also possible. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3551 The Java2D C code contains an integer overflow which results in a heap-based buffer overflow, potentially allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. CVE-2011-3560 The com.sun.net.ssl.HttpsURLConnection class does not perform proper security manager checks in the setSSLSocketFactory() method, allowing untrusted Java code to bypass security policy restrictions. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. We recommend that you upgrade your openjdk-6 packages. ========================================================================== Ubuntu Security Notice USN-1263-1 November 16, 2011 icedtea-web, openjdk-6, openjdk-6b18 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. Software Description: - icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Details: Deepak Bhole discovered a flaw in the Same Origin Policy (SOP) implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. (CVE-2011-3377) Juliano Rizzo and Thai Duong discovered that the block-wise AES encryption algorithm block-wise as used in TLS/SSL was vulnerable to a chosen-plaintext attack. This could allow a remote attacker to view confidential data. (CVE-2011-3389) It was discovered that a type confusion flaw existed in the in the Internet Inter-Orb Protocol (IIOP) deserialization code. A remote attacker could use this to cause an untrusted application or applet to execute arbitrary code by deserializing malicious input. (CVE-2011-3521) It was discovered that the Java scripting engine did not perform SecurityManager checks. This could allow a remote attacker to cause an untrusted application or applet to execute arbitrary code with the full privileges of the JVM. (CVE-2011-3544) It was discovered that the InputStream class used a global buffer to store input bytes skipped. An attacker could possibly use this to gain access to sensitive information. (CVE-2011-3547) It was discovered that a vulnerability existed in the AWTKeyStroke class. A remote attacker could cause an untrusted application or applet to execute arbitrary code. (CVE-2011-3548) It was discovered that an integer overflow vulnerability existed in the TransformHelper class in the Java2D implementation. A remote attacker could use this cause a denial of service via an application or applet crash or possibly execute arbitrary code. (CVE-2011-3551) It was discovered that the default number of available UDP sockets for applications running under SecurityManager restrictions was set too high. A remote attacker could use this with a malicious application or applet exhaust the number of available UDP sockets to cause a denial of service for other applets or applications running within the same JVM. (CVE-2011-3552) It was discovered that Java API for XML Web Services (JAX-WS) could incorrectly expose a stack trace. A remote attacker could potentially use this to gain access to sensitive information. (CVE-2011-3553) It was discovered that the unpacker for pack200 JAR files did not sufficiently check for errors. An attacker could cause a denial of service or possibly execute arbitrary code through a specially crafted pack200 JAR file. (CVE-2011-3554) It was discovered that the RMI registration implementation did not properly restrict privileges of remotely executed code. A remote attacker could use this to execute code with elevated privileges. (CVE-2011-3556, CVE-2011-3557) It was discovered that the HotSpot VM could be made to crash, allowing an attacker to cause a denial of service or possibly leak sensitive information. (CVE-2011-3558) It was discovered that the HttpsURLConnection class did not properly perform SecurityManager checks in certain situations. This could allow a remote attacker to bypass restrictions on HTTPS connections. (CVE-2011-3560) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10 icedtea-netx 1.1.3-1ubuntu1.1 icedtea-plugin 1.1.3-1ubuntu1.1 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10 Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b22-1.10.4-0ubuntu1~11.04.1 icedtea-netx 1.1.1-0ubuntu1~11.04.2 icedtea-plugin 1.1.1-0ubuntu1~11.04.2 openjdk-6-jre 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-lib 6b22-1.10.4-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b22-1.10.4-0ubuntu1~11.04.1 Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jdk 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.10.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.10.2 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.10-0ubuntu1~10.04.2 icedtea6-plugin 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-demo 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-headless 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-lib 6b20-1.9.10-0ubuntu1~10.04.2 openjdk-6-jre-zero 6b20-1.9.10-0ubuntu1~10.04.2 After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2011:1384-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1384.html Issue date: 2011-10-19 CVE Names: CVE-2011-3389 CVE-2011-3516 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3550 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3555 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 747191 - CVE-2011-3545 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Sound) 747198 - CVE-2011-3549 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Swing) 747200 - CVE-2011-3550 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (AWT) 747203 - CVE-2011-3516 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747205 - CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 747206 - CVE-2011-3555 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (JRE) 747208 - CVE-2011-3561 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.i686.rpm x86_64: java-1.6.0-sun-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-demo-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.i686.rpm java-1.6.0-sun-devel-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.29-1jpp.1.el6.x86_64.rpm java-1.6.0-sun-src-1.6.0.29-1jpp.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3516.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3545.html https://www.redhat.com/security/data/cve/CVE-2011-3546.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3549.html https://www.redhat.com/security/data/cve/CVE-2011-3550.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3555.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://www.redhat.com/security/data/cve/CVE-2011-3561.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOnw+BXlSAg2UNWIIRArM2AJwNT0vxdrXLgkZjOCwP8LkDemBYzQCbBrE3 0MJzQCB587rTzSRSo+gGytc= =809z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . Release Date: 2012-01-23 Last Updated: 2012-01-23 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.12 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3516 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3544 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3546 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3550 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2011-3551 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3553 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3558 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3561 (AV:A/AC:H/Au:N/C:P/I:N/A:N) 1.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. This bulletin will be revised as other upgrades for additional supported Java versions become available. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.13 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.12 and earlier, update to Java v6.0.13 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.13.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 23 January 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. ========================================================================== Ubuntu Security Notice USN-1257-1 November 10, 2011 radvd vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. Software Description: - radvd: Router Advertisement Daemon Details: Vasiliy Kulikov discovered that radvd incorrectly parsed the ND_OPT_DNSSL_INFORMATION option. The default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2011-3602) Vasiliy Kulikov discovered that radvd incorrectly handled certain lengths. (CVE-2011-3604) Vasiliy Kulikov discovered that radvd incorrectly handled delays when used in unicast mode, which is not the default in Ubuntu. (CVE-2011-3605) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: radvd 1:1.8-1ubuntu0.1 Ubuntu 11.04: radvd 1:1.7-1ubuntu0.1 Ubuntu 10.10: radvd 1:1.6-1ubuntu0.1 Ubuntu 10.04 LTS: radvd 1:1.3-1.1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1257-1 CVE-2011-3601, CVE-2011-3602, CVE-2011-3604, CVE-2011-3605 Package Information: https://launchpad.net/ubuntu/+source/radvd/1:1.8-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.7-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.6-1ubuntu0.1 https://launchpad.net/ubuntu/+source/radvd/1:1.3-1.1ubuntu0.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46200 SOLUTION: Apply updated packages via the apt-get package manager. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: radvd Privilege Escalation and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46200 RELEASE DATE: 2011-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/46200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues and vulnerabilities have been reported in radvd, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). 1) A signedness error within the "process_ra()" function (process.c) when parsing the "ND_OPT_DNSSL_INFORMATION" option can be exploited to cause a stack-based buffer overflow. 2) An input sanitation error within the "set_interface_var()" function (device-linux.c) can be exploited to e.g. 3) The daemon does not properly terminate if the privilege separation failed, which can lead to the daemon running with higher privileges than intended. 4) Boundary errors within the "process_ra()" function (process.c) can be exploited to cause out-of-bounds reads and crash the service. 5) An error within the unicast-only mode can be exploited to cause a delay within the processing by flooding the service with ND_ROUTER_SOLICIT messages. Note: Successful exploitation of this vulnerability requires that the service is running in unicast-only mode. Prior versions may also be affected. SOLUTION: Update to version 1.8.2, which fixes vulnerabilities #1, #3, #4, and #5. Security issue #2 is fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/10/06/3 https://github.com/reubenhwk/radvd/blob/fc207cc6a2de572226133276ee30a9a313dca902/CHANGES https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2323-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez October 26, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : radvd Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-3602 CVE-2011-3604 CVE-2011-3605 Debian Bug : 644614 Multiple security issues were discovered by Vasiliy Kulikov in radvd, an IPv6 Router Advertisement daemon: CVE-2011-3602 set_interface_var() function doesn't check the interface name, which is chosen by an unprivileged user. CVE-2011-3604 process_ra() function lacks multiple buffer length checks which could lead to memory reads outside the stack, causing a crash of the daemon. CVE-2011-3605 process_rs() function calls mdelay() (a function to wait for a defined time) unconditionnally when running in unicast-only mode. As this call is in the main thread, that means all request processing is delayed (for a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacked could flood the daemon with router solicitations in order to fill the input queue, causing a temporary denial of service (processing would be stopped during all the mdelay() calls). Note: upstream and Debian default is to use anycast mode. For the oldstable distribution (lenny), this problem has been fixed in version 1:1.1-3.1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6-1.1. For the testing distribution (wheezy), this problem has been fixed in version 1:1.8-1.2. For the unstable distribution (sid), this problem has been fixed in version 1:1.8-1.2. We recommend that you upgrade your radvd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk6q2QcACgkQXm3vHE4uylqlEQCgpdFwHzpKLF6KHlJs4y/ykeo/ oEYAniJXFaff25pMtXzM6Ovu8zslZm7H =VfHu -----END PGP SIGNATURE-----

The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact. radvd is prone to the follow security vulnerabilities: 1. Multiple local privilege-escalation vulnerability. 2. A local arbitrary file-overwrite vulnerability. 3. Multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to execute arbitrary code with administrative privileges, overwrite arbitrary files, and cause denial-of-service conditions. The software can replace IPv6 routing for stateless address auto-configuration. The vulnerability is caused by the program not handling the 'privsep_init' function correctly. For more information: SA46203 SA46205 SOLUTION: Apply updated packages via the apt-get package manager. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: radvd: Multiple vulnerabilities Date: November 20, 2011 Bugs: #385967 ID: 201111-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in radvd which could potentially lead to privilege escalation, data loss, or a Denial of Service. Background ========== radvd is an IPv6 router advertisement daemon for Linux and BSD. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/radvd < 1.8.2 >= 1.8.2 Description =========== Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All radvd users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/radvd-1.8.2" References ========== [ 1 ] CVE-2011-3601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3601 [ 2 ] CVE-2011-3602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3602 [ 3 ] CVE-2011-3603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3603 [ 4 ] CVE-2011-3604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3604 [ 5 ] CVE-2011-3605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3605 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201111-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: radvd Privilege Escalation and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46200 RELEASE DATE: 2011-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/46200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues and vulnerabilities have been reported in radvd, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). 1) A signedness error within the "process_ra()" function (process.c) when parsing the "ND_OPT_DNSSL_INFORMATION" option can be exploited to cause a stack-based buffer overflow. 2) An input sanitation error within the "set_interface_var()" function (device-linux.c) can be exploited to e.g. 3) The daemon does not properly terminate if the privilege separation failed, which can lead to the daemon running with higher privileges than intended. 4) Boundary errors within the "process_ra()" function (process.c) can be exploited to cause out-of-bounds reads and crash the service. 5) An error within the unicast-only mode can be exploited to cause a delay within the processing by flooding the service with ND_ROUTER_SOLICIT messages. Note: Successful exploitation of this vulnerability requires that the service is running in unicast-only mode. Prior versions may also be affected. SOLUTION: Update to version 1.8.2, which fixes vulnerabilities #1, #3, #4, and #5. Security issue #2 is fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Vasiliy Kulikov ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/10/06/3 https://github.com/reubenhwk/radvd/blob/fc207cc6a2de572226133276ee30a9a313dca902/CHANGES https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment

/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 configures a hardcoded password of admin for the root account, which makes it easier for remote attackers to obtain shell access by leveraging a running telnetd server. D-Link DCS-2121 Camera /etc/rc.d/rc.local Contains a vulnerability that allows shell access.In operation by a third party Telnet Shell access may be obtained using the server. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. There is a trust management vulnerability in /etc/rc.d/rc.local of firmware 1.04 of D-Link DCS-2121 camera

PROMOTIC is a SCADA software. The input passed by PROMOTIC via the \"/webdir/\" URL is missing filtering before being used to read the file, and the directory traversal attack can read arbitrary files with application permissions. The \"SaveCfg()\" method of the PROMOTIC PmTrendViewer ActiveX control has a boundary error, and submitting a long string to the \"vCfg\" parameter triggers a stack-based buffer overflow. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: PROMOTIC Directory Traversal and ActiveX Control Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46430 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46430/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46430 RELEASE DATE: 2011-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/46430/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46430/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46430 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in PROMOTIC, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system. Successful exploitation of vulnerabilities #2 and #3 allows execution of arbitrary code. The vulnerabilities are confirmed in version 8.1.3. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/promotic_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Vtiger CRM is a web-based open source customer relationship management system. Vtiger CRM has a vulnerability in handling the filtering of multiple parameters that can be exploited by malicious users to execute arbitrary script code in the victim's browser via a specially crafted URL. vtiger CRM A vulnerability exists in the processing of multiple parameter filtering

Vtiger CRM is a web-based open source customer relationship management system. Vtiger CRM has a vulnerability in handling the filtering of multiple parameters that can be exploited by malicious users to execute arbitrary script code in the victim's browser via a specially crafted URL. vtiger CRM A vulnerability exists in the processing of multiple parameter filtering

Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. Apple Safari is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. NOTE: This issue was previously covered in BID 50089 (Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A code injection vulnerability exists in versions of Apple Safari prior to 5.1.1. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46412 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46412/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46412 RELEASE DATE: 2011-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/46412/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46412/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46412 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. 1) An input sanitation error within the handling of "safari-extension://" URLs can be exploited to e.g. 2) A policy error within the handling of "file://" URLs can be exploited to execute arbitrary local applications. Note: This vulnerability does not affect the Windows platform. 3) An error within the handling of SSL certificates can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. Note: This vulnerability does not affect OS X Lion or the Windows platform. 4) Multiple vulnerabilities in WebKit can be exploited by malicious people to cause a crash or compromise a user's system. For more information: SA44375 SA45097 SA45498 SA46049 SA46171 SA46339 5) An error exists within the handling of the beforeload event. For more information see vulnerability #22 in: SA45498 6) An error exists within the handling of the window.open method. For more information see vulnerability #28 in: SA45498 7) An error exists within the handling of the document.documentURI property. For more information see vulnerability #29 in: SA45498 8) A cross-origin error exists within the handling of inactive DOM windows, which can be exploited to conduct cross-site scripting attacks. 9) A logic error within the handling of cookies in the Private Browsing mode can lead to cookies being stored although the "Block cookies" option is set to "Always". Note: This does not affect the Windows platform. SOLUTION: Update to version 5.1.1. PROVIDED AND/OR DISCOVERED BY: 1, 2) Aaron Sigel The vendor credits: 3) Jason Broccardo, Fermi National Accelerator Laboratory 8) Sergey Glazunov 9) John Adamczyk The vendor provides a bundled list of credits for vulnerabilities in #4: * Jose A. Vazquez, spa-s3c.blogspot.com * Abhishek Arya (Inferno), Google Chrome Security Team * Cris Neckar, Google Chrome Security Team * miaubiz * Adam Barth and Abhishek Arya, Google Chrome Security Team * Mikolaj Malecki, Samsung * SkyLined, Google Chrome Security Team * Martin Barbella * Raman Tenneti and Philip Rogers, Google * Aki Helin, OUSPG * Sadrul Habib Chowdhury, Chromium development community * Dimitri Glazkov, Kent Tamura, and Dominic Cooney, Chromium development community * Slawomir Blazek * Apple ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5000 Aaron Sigel: http://vttynotes.blogspot.com/2011/10/cve-2011-3230-launch-any-file-path-from.html http://vttynotes.blogspot.com/2011/10/cve-2011-3229-steal-files-and-inject-js.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. Free Type is prone to multiple memory corruption vulnerabilities. Successfully exploiting these issues will allow attackers to execute arbitrary code. Failed exploit attempts may cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 50086 (Apple iPhone/iPad/iPod touch Prior to iOS 5 Multiple Vulnerabilities) but has been given its own record to better document it. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. A code injection vulnerability exists in FreeType of Apple's CoreGraphics versions prior to iOS 5. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46377 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46377/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46377 RELEASE DATE: 2011-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/46377/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46377/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46377 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to disclose certain information and by malicious people to conduct script insertion, cross-site scripting, and spoofing attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's device. 1) An error within the CalDAV component does not properly validate the SSL certificate when synchronizing the calendar, which can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack. 2) Input passed via invitation notes is not properly sanitised in Calendar before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious invitation is being viewed. 3) The CFNetwork component stores a user's AppleID password and username in the log file readable by applications, which can be exploited to disclose the credentials. 4) The CFNetwork component does not properly restrict cross-domain access of HTTP cookies, which can be exploited to access the cookies of another web site. 5) An error exists within CoreFoundation when handling string tokenization. For more information see vulnerability #1 in: SA46339 6) Multiple errors within CoreGraphics when handling the certain freetype fonts can be exploited to corrupt memory. 7) An error within CoreMedia does not properly handle cross-site redirects and can be exploited to disclose video data. 8) An error exits within the Data Access component when handling multiple accounts configured on the same server and can be exploited to disclose the cookie of another account. 9) The application accepts X.509 certificates with MD5 hashes, which could lead to weak cryptographic certificates being used. This can be exploited to disclose encrypted information e.g. using a Man-in-the-Middle (MitM) attack. 10) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168 11) An error within ImageIO when handling CCITT Group 4 encoded TIFF files can be exploited to cause a buffer overflow. For more information see vulnerability #1 in: SA43593 12) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #9 in: SA45325 13) An error within ICU (International Components for Unicode) can be exploited to cause a buffer overflow. For more information see vulnerability #11 in: SA45054 14) An error within the kernel does not reclaim memory from incomplete TCP connections, which can be exploited to exhaust system resources by connecting to a listening service and cause the device to reset. 15) A NULL-pointer dereference error within the kernel when handling IPv6 socket options can be exploited to cause the device to reset. 16) An error within libxml can be exploited to cause a heap-based buffer overflow. For more information see vulnerability #12 in: SA45325 17) An error within OfficeImport when viewing certain Microsoft Word files can be exploited to cause a buffer overflow. 18) An error within OfficeImport when viewing certain Microsoft Excel files can be exploited to cause a buffer overflow. 19) An indexing error exists in the OfficeImport framework when processing certain records in a Microsoft Word file. For more information see vulnerability #19 in: SA45054 20) An error in the OfficeImport framework when processing records can be exploited to corrupt memory. For more information see vulnerability #28 in: SA43814 21) An error within Safari does not properly handle the "attachment" HTTP Content-Disposition header and can be exploited to conduct cross-site scripting attacks. 22) The parental restrictions feature stores the restrictions passcode in plaintext on disk and can be exploited to disclose the passcode. 23) An error within UIKit does not properly handle "tel:" URIs and can be exploited to cause the device to hang by tricking the user into visiting a malicious website. 24) Some vulnerabilities are caused due to a bundled vulnerable version of WebKit. For more information: SA43519 SA43683 SA43696 SA43859 SA45097 SA45325 SA45325 SA45498 SA45498 SA46339 SA46412 25) The WiFi credentials are stored in a file readable by other applications, which may lead to the credentials being disclosed. PROVIDED AND/OR DISCOVERED BY: 1) Leszek Tasiemski, nSense. 6, 9) Reported by the vendor. The vendor credits: 2) Rick Deacon 3) Peter Quade, qdevelop 4) Erling Ellingsen, Facebook. 7) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 8) Bob Sielken, IBM 14) Wouter van der Veer, Topicus and Josh Enders 15) Thomas Clement, Intego 17) Tobias Klein via iDefense. 18) Tobias Klein, www.trapkit.de 21) Christian Matthies via iDefense and Yoshinori Oota, Business Architects via JP/CERT. 22) An anonymous person 23) Simon Young, Anglia Ruskin University 25) Laurent OUDOT, TEHTRI Security ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4999 nSense: http://www.nsense.fi/advisories/nsense_2011_006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny7. For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze2. For the unstable distribution (sid), this problem has been fixed in version 2.4.7-1. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . A regression was found in freetype2 in Mandriva Enterprise Server 5 that caused ugly font rendering with firefox (#63892). Additionally, improvements conserning the LZW handling (as noted in the freetype-2.4.7 version) was added. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFOoSQgmqjQ0CJFipgRAu7bAKCNJuDDSIC2BGla3ck+cJp/Kn88ZwCg1jD/ dxu3TlyhMXF4coBC+GcK+2g= =QK6b -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001 OS X Lion v10.7.3 and Security Update 2012-001 is now available and addresses the following: Address Book Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker in a privileged network position may intercept CardDAV data Description: Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval. CVE-ID CVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.21 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-3348 Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default. CVE-ID CVE-2011-3389 CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send the request to an incorrect origin server. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook CFNetwork Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3447 : Erling Ellingsen of Facebook ColorSync Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0200 : binaryproof working with TippingPoint's Zero Day Initiative CoreAudio Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of AAC encoded audio streams. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day Initiative CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in CoreMedia's handling of H.264 encoded movie files. CVE-ID CVE-2011-3448 : Scott Stender of iSEC Partners CoreText Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of font files. CVE-ID CVE-2011-3449 : Will Dormann of the CERT/CC CoreUI Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of long URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3450 : Ben Syverson curl Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote server may be able to impersonate clients via GSSAPI requests Description: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This issue is addressed by disabling GSSAPI credential delegation. CVE-ID CVE-2011-2192 Data Security Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. DigiCert Malaysia has issued certificates with weak keys that it is unable to revoke. An attacker with a privileged network position could intercept user credentials or other sensitive information intended for a site with a certificate issued by DigiCert Malaysia. This issue is addressed by configuring default system trust settings so that DigiCert Malaysia's certificates are not trusted. We would like to acknowledge Bruce Morton of Entrust, Inc. for reporting this issue. dovecot Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Dovecot disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling the countermeasure. CVE-ID CVE-2011-3389 : Apple filecmds Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Decompressing a maliciously crafted compressed file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the 'uncompress' command line tool. CVE-ID CVE-2011-2895 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is address by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 Internet Sharing Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A Wi-Fi network created by Internet Sharing may lose security settings after a system update Description: After updating to a version of OS X Lion prior to 10.7.3, the Wi-Fi configuration used by Internet Sharing may revert to factory defaults, which disables the WEP password. This issue only affects systems with Internet Sharing enabled and sharing the connection to Wi-Fi. This issue is addressed by preserving the Wi-Fi configuration during a system update. CVE-ID CVE-2011-3452 : an anonymous researcher Libinfo Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in Libinfo's handling of hostname lookup requests. Libinfo could return incorrect results for a maliciously crafted hostname. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3441 : Erling Ellingsen of Facebook libresolv Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's libresolv library may be vulnerable to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the parsing of DNS resource records, which may lead to heap memory corruption. CVE-ID CVE-2011-3453 : Ilja van Sprundel of IOActive libsecurity Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Some EV certificates may be trusted even if the corresponding root has been marked as untrusted Description: The certificate code trusted a root certificate to sign EV certificates if it was on the list of known EV issuers, even if the user had marked it as 'Never Trust' in Keychain. The root would not be trusted to sign non-EV certificates. CVE-ID CVE-2011-3422 : Alastair Houghton OpenGL Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in PHP 5.3.6 Description: PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-1148 CVE-2011-1657 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483 CVE-2011-3182 CVE-2011-3189 CVE-2011-3267 CVE-2011-3268 PHP Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Multiple vulnerabilities in libpng 1.5.4 Description: libpng is updated to version 1.5.5 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-3328 QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of font tables embedded in QuickTime movie files. CVE-ID CVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. CVE-ID CVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 files. CVE-ID CVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. CVE-ID CVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day Initiative QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FLC encoded movie files CVE-ID CVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative SquirrelMail Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in SquirrelMail Description: SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/ CVE-ID CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 Subversion Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Accessing a Subversion repository may lead to the disclosure of sensitive information Description: Subversion is updated to version 1.6.17 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Further information is available via the Subversion web site at http://subversion.tigris.org/ CVE-ID CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 Time Machine Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: A remote attacker may access new backups created by the user's system Description: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user's system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. CVE-ID CVE-2011-3462 : Michael Roitzsch of the Technische Universitat Dresden Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.32 Description: Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2011-2204 WebDAV Sharing Available for: OS X Lion Server v10.7 to v10.7.2 Impact: Local users may obtain system privileges Description: An issue existed in WebDAV Sharing's handling of user authentication. A user with a valid account on the server or one of its bound directories could cause the execution of arbitrary code with system privileges. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3463 : Gordon Davisson of Crywolf Webmail Available for: OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted e-mail message may lead to the disclosure of message content Description: A cross-site scripting vulnerability existed in the handling of mail messages. This issue is addressed by updating Roundcube Webmail to version 0.6. This issue does not affect systems prior to OS X Lion. Further information is available via the Roundcube site at http://trac.roundcube.net/ CVE-ID CVE-2011-2937 X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-3256 : Apple OS X Lion v10.7.3 and Security Update 2012-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2021-001 or OS X v10.7.3. For OS X Lion v10.7.2 The download file is named: MacOSXUpd10.7.3.dmg Its SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c For OS X Lion v10.7 and v10.7.1 The download file is named: MacOSXUpdCombo10.7.3.dmg Its SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c For OS X Lion Server v10.7.2 The download file is named: MacOSXServerUpd10.7.3.dmg Its SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d For OS X Lion Server v10.7 and v10.7.1 The download file is named: MacOSXServerUpdCombo10.7.3.dmg Its SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b For Mac OS X v10.6.8 The download file is named: SecUpd2012-001Snow.dmg Its SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-001.dmg Its SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V P6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp RrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy 9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf MnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E pvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo= =c1eU -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1267-1 November 18, 2011 freetype vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. (CVE-2011-3439) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libfreetype6 2.4.4-2ubuntu1.1 Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.2 Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.3 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.5 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.7 After a standard system update you need to restart your session to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1402-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1402.html Issue date: 2011-10-25 CVE Names: CVE-2011-3256 ===================================================================== 1. Summary: Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. (CVE-2011-3256) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 746226 - CVE-2011-3256 FreeType FT_Bitmap_New integer overflow to buffer overflow, FreeType TT_Vary_Get_Glyph_Deltas improper input validation 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm ppc: freetype-2.1.9-20.el4.ppc.rpm freetype-2.1.9-20.el4.ppc64.rpm freetype-debuginfo-2.1.9-20.el4.ppc.rpm freetype-debuginfo-2.1.9-20.el4.ppc64.rpm freetype-demos-2.1.9-20.el4.ppc.rpm freetype-devel-2.1.9-20.el4.ppc.rpm freetype-utils-2.1.9-20.el4.ppc.rpm s390: freetype-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-demos-2.1.9-20.el4.s390.rpm freetype-devel-2.1.9-20.el4.s390.rpm freetype-utils-2.1.9-20.el4.s390.rpm s390x: freetype-2.1.9-20.el4.s390.rpm freetype-2.1.9-20.el4.s390x.rpm freetype-debuginfo-2.1.9-20.el4.s390.rpm freetype-debuginfo-2.1.9-20.el4.s390x.rpm freetype-demos-2.1.9-20.el4.s390x.rpm freetype-devel-2.1.9-20.el4.s390x.rpm freetype-utils-2.1.9-20.el4.s390x.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/freetype-2.1.9-20.el4.src.rpm i386: freetype-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-demos-2.1.9-20.el4.i386.rpm freetype-devel-2.1.9-20.el4.i386.rpm freetype-utils-2.1.9-20.el4.i386.rpm ia64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.ia64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.ia64.rpm freetype-demos-2.1.9-20.el4.ia64.rpm freetype-devel-2.1.9-20.el4.ia64.rpm freetype-utils-2.1.9-20.el4.ia64.rpm x86_64: freetype-2.1.9-20.el4.i386.rpm freetype-2.1.9-20.el4.x86_64.rpm freetype-debuginfo-2.1.9-20.el4.i386.rpm freetype-debuginfo-2.1.9-20.el4.x86_64.rpm freetype-demos-2.1.9-20.el4.x86_64.rpm freetype-devel-2.1.9-20.el4.x86_64.rpm freetype-utils-2.1.9-20.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm x86_64: freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/freetype-2.2.1-28.el5_7.1.src.rpm i386: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-demos-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm ia64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.ia64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ia64.rpm freetype-demos-2.2.1-28.el5_7.1.ia64.rpm freetype-devel-2.2.1-28.el5_7.1.ia64.rpm ppc: freetype-2.2.1-28.el5_7.1.ppc.rpm freetype-2.2.1-28.el5_7.1.ppc64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc.rpm freetype-debuginfo-2.2.1-28.el5_7.1.ppc64.rpm freetype-demos-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc.rpm freetype-devel-2.2.1-28.el5_7.1.ppc64.rpm s390x: freetype-2.2.1-28.el5_7.1.s390.rpm freetype-2.2.1-28.el5_7.1.s390x.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390.rpm freetype-debuginfo-2.2.1-28.el5_7.1.s390x.rpm freetype-demos-2.2.1-28.el5_7.1.s390x.rpm freetype-devel-2.2.1-28.el5_7.1.s390.rpm freetype-devel-2.2.1-28.el5_7.1.s390x.rpm x86_64: freetype-2.2.1-28.el5_7.1.i386.rpm freetype-2.2.1-28.el5_7.1.x86_64.rpm freetype-debuginfo-2.2.1-28.el5_7.1.i386.rpm freetype-debuginfo-2.2.1-28.el5_7.1.x86_64.rpm freetype-demos-2.2.1-28.el5_7.1.x86_64.rpm freetype-devel-2.2.1-28.el5_7.1.i386.rpm freetype-devel-2.2.1-28.el5_7.1.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm ppc64: freetype-2.3.11-6.el6_1.7.ppc.rpm freetype-2.3.11-6.el6_1.7.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-devel-2.3.11-6.el6_1.7.ppc.rpm freetype-devel-2.3.11-6.el6_1.7.ppc64.rpm s390x: freetype-2.3.11-6.el6_1.7.s390.rpm freetype-2.3.11-6.el6_1.7.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-devel-2.3.11-6.el6_1.7.s390.rpm freetype-devel-2.3.11-6.el6_1.7.s390x.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm ppc64: freetype-debuginfo-2.3.11-6.el6_1.7.ppc64.rpm freetype-demos-2.3.11-6.el6_1.7.ppc64.rpm s390x: freetype-debuginfo-2.3.11-6.el6_1.7.s390x.rpm freetype-demos-2.3.11-6.el6_1.7.s390x.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-2.3.11-6.el6_1.7.i686.rpm freetype-2.3.11-6.el6_1.7.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-devel-2.3.11-6.el6_1.7.i686.rpm freetype-devel-2.3.11-6.el6_1.7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.7.src.rpm i386: freetype-debuginfo-2.3.11-6.el6_1.7.i686.rpm freetype-demos-2.3.11-6.el6_1.7.i686.rpm x86_64: freetype-debuginfo-2.3.11-6.el6_1.7.x86_64.rpm freetype-demos-2.3.11-6.el6_1.7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3256.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOpv7zXlSAg2UNWIIRAtxRAJ9yxP+ABOboEq9+fB+RnBOLIUp/XgCePltE cL8BidDpB1YhdkDs+bUyhbU= =qAkG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce