VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201202-0132 CVE-2011-3021 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. CVE-ID CVE-2012-3689 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of drag and drop events. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: An attacker may be able to escape the sandbox and access any file the current user has access to Description: An access control issue existed in the handling of file URLs. An attacker who gains arbitrary code execution in a Safari WebProcess may be able to bypass the sandbox and access any file that the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 RELEASE DATE: 2012-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/48016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists in PDF codecs. 2) A use-after-free error exists within counter nodes. 4) An error within path rendering can be exploited to cause a heap-based buffer overflow. 5) An error within MKV handling can be exploited to cause a heap-based buffer overflow. 6) An unspecified error exists within native client validator. 7) A use-after-free error exists in subframe loading. 8) An unspecified error exists when using HTTP for a translation script. 9) A use-after-free error exists when performing drag and drop. 10) An error when parsing H.264 content can be exploited to cause an out-of-bounds read. 11) An integer overflow and integer truncation error exists in libpng. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 5) scarybeasts, Google Chrome Security Team 2, 3, 12) miaubiz 4) Aki Helin, OUSPG 5) Mateusz Jurczyk, Google Security Team 6) Nick Bray, Chromium development community 7) Arthur Gerkis 8) Jorge Obes, Google Chrome Security Team 9) pa_kt 10) Slawomir Blazek 11) Juri Aedla ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599 IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743 Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE-----
VAR-201202-0138 CVE-2011-3027 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Google Chrome before 17.0.963.56 does not properly perform a cast of an unspecified variable during handling of columns, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from incorrectly performing conversions of unspecified variables during column processing. This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. CVE-ID CVE-2012-3689 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of drag and drop events. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: An attacker may be able to escape the sandbox and access any file the current user has access to Description: An access control issue existed in the handling of file URLs. An attacker who gains arbitrary code execution in a Safari WebProcess may be able to bypass the sandbox and access any file that the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 RELEASE DATE: 2012-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/48016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists in PDF codecs. 2) A use-after-free error exists within counter nodes. 4) An error within path rendering can be exploited to cause a heap-based buffer overflow. 5) An error within MKV handling can be exploited to cause a heap-based buffer overflow. 6) An unspecified error exists within native client validator. 7) A use-after-free error exists in subframe loading. 8) An unspecified error exists when using HTTP for a translation script. 9) A use-after-free error exists when performing drag and drop. 10) An error when parsing H.264 content can be exploited to cause an out-of-bounds read. 11) An integer overflow and integer truncation error exists in libpng. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 5) scarybeasts, Google Chrome Security Team 2, 3, 12) miaubiz 4) Aki Helin, OUSPG 5) Mateusz Jurczyk, Google Security Team 6) Nick Bray, Chromium development community 7) Arthur Gerkis 8) Jorge Obes, Google Chrome Security Team 9) pa_kt 10) Slawomir Blazek 11) Juri Aedla ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599 IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743 Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE-----
VAR-201202-0127 CVE-2011-3016 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue. Google Chrome There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) May be affected or unknown in detail. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.56 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. CVE-ID CVE-2012-3689 : David Bloom of Cue WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: Dragging and dropping selected text on a web page may cause files from the user's system to be sent to a remote server Description: An access control issue existed in the handling of drag and drop events. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4 Impact: An attacker may be able to escape the sandbox and access any file the current user has access to Description: An access control issue existed in the handling of file URLs. An attacker who gains arbitrary code execution in a Safari WebProcess may be able to bypass the sandbox and access any file that the user running Safari has access to. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 RELEASE DATE: 2012-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/48016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) An integer overflow error exists in PDF codecs. 2) A use-after-free error exists within counter nodes. 4) An error within path rendering can be exploited to cause a heap-based buffer overflow. 5) An error within MKV handling can be exploited to cause a heap-based buffer overflow. 6) An unspecified error exists within native client validator. 7) A use-after-free error exists in subframe loading. 8) An unspecified error exists when using HTTP for a translation script. 9) A use-after-free error exists when performing drag and drop. 10) An error when parsing H.264 content can be exploited to cause an out-of-bounds read. 11) An integer overflow and integer truncation error exists in libpng. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 5) scarybeasts, Google Chrome Security Team 2, 3, 12) miaubiz 4) Aki Helin, OUSPG 5) Mateusz Jurczyk, Google Security Team 6) Nick Bray, Chromium development community 7) Arthur Gerkis 8) Jorge Obes, Google Chrome Security Team 9) pa_kt 10) Slawomir Blazek 11) Juri Aedla ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599 IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743 Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE-----
VAR-201202-0137 CVE-2011-3026 Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. libpng is prone to a remote integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely crash the library. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. The following products and versions are affected: Symantec Mail Security for Microsoft Exchange prior to 6.5.8; Symantec Mail Security for Domino prior to 8.1.1; Symantec Messaging Gateway prior to 10.0.1; Symantec Data Loss Prevention (DLP) prior to 11.6.1 Versions; IBM Notes 8.5.x versions; IBM Lotus Domino 8.5.x versions prior to 8.5.3 FP4 and others. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Autonomy KeyView File Processing Vulnerabilities SECUNIA ADVISORY ID: SA51362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. The vulnerabilities are reported in versions prior to 10.16. SOLUTION: Update to version 10.16. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libpng security update Advisory ID: RHSA-2012:0317-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0317.html Issue date: 2012-02-20 CVE Names: CVE-2011-3026 ===================================================================== 1. Summary: Updated libpng and libpng10 packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk (MFSA 2012-11) 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm ppc: libpng-1.2.7-9.el4.ppc.rpm libpng-1.2.7-9.el4.ppc64.rpm libpng-debuginfo-1.2.7-9.el4.ppc.rpm libpng-debuginfo-1.2.7-9.el4.ppc64.rpm libpng-devel-1.2.7-9.el4.ppc.rpm libpng10-1.0.16-10.el4.ppc.rpm libpng10-1.0.16-10.el4.ppc64.rpm libpng10-debuginfo-1.0.16-10.el4.ppc.rpm libpng10-debuginfo-1.0.16-10.el4.ppc64.rpm libpng10-devel-1.0.16-10.el4.ppc.rpm s390: libpng-1.2.7-9.el4.s390.rpm libpng-debuginfo-1.2.7-9.el4.s390.rpm libpng-devel-1.2.7-9.el4.s390.rpm libpng10-1.0.16-10.el4.s390.rpm libpng10-debuginfo-1.0.16-10.el4.s390.rpm libpng10-devel-1.0.16-10.el4.s390.rpm s390x: libpng-1.2.7-9.el4.s390.rpm libpng-1.2.7-9.el4.s390x.rpm libpng-debuginfo-1.2.7-9.el4.s390.rpm libpng-debuginfo-1.2.7-9.el4.s390x.rpm libpng-devel-1.2.7-9.el4.s390x.rpm libpng10-1.0.16-10.el4.s390.rpm libpng10-1.0.16-10.el4.s390x.rpm libpng10-debuginfo-1.0.16-10.el4.s390.rpm libpng10-debuginfo-1.0.16-10.el4.s390x.rpm libpng10-devel-1.0.16-10.el4.s390x.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng-1.2.7-9.el4.src.rpm ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/libpng10-1.0.16-10.el4.src.rpm i386: libpng-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-devel-1.2.7-9.el4.i386.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-devel-1.0.16-10.el4.i386.rpm ia64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.ia64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.ia64.rpm libpng-devel-1.2.7-9.el4.ia64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.ia64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.ia64.rpm libpng10-devel-1.0.16-10.el4.ia64.rpm x86_64: libpng-1.2.7-9.el4.i386.rpm libpng-1.2.7-9.el4.x86_64.rpm libpng-debuginfo-1.2.7-9.el4.i386.rpm libpng-debuginfo-1.2.7-9.el4.x86_64.rpm libpng-devel-1.2.7-9.el4.x86_64.rpm libpng10-1.0.16-10.el4.i386.rpm libpng10-1.0.16-10.el4.x86_64.rpm libpng10-debuginfo-1.0.16-10.el4.i386.rpm libpng10-debuginfo-1.0.16-10.el4.x86_64.rpm libpng10-devel-1.0.16-10.el4.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm x86_64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.x86_64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm x86_64: libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libpng-1.2.10-15.el5_7.src.rpm i386: libpng-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm ia64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.ia64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.ia64.rpm libpng-devel-1.2.10-15.el5_7.ia64.rpm ppc: libpng-1.2.10-15.el5_7.ppc.rpm libpng-1.2.10-15.el5_7.ppc64.rpm libpng-debuginfo-1.2.10-15.el5_7.ppc.rpm libpng-debuginfo-1.2.10-15.el5_7.ppc64.rpm libpng-devel-1.2.10-15.el5_7.ppc.rpm libpng-devel-1.2.10-15.el5_7.ppc64.rpm s390x: libpng-1.2.10-15.el5_7.s390.rpm libpng-1.2.10-15.el5_7.s390x.rpm libpng-debuginfo-1.2.10-15.el5_7.s390.rpm libpng-debuginfo-1.2.10-15.el5_7.s390x.rpm libpng-devel-1.2.10-15.el5_7.s390.rpm libpng-devel-1.2.10-15.el5_7.s390x.rpm x86_64: libpng-1.2.10-15.el5_7.i386.rpm libpng-1.2.10-15.el5_7.x86_64.rpm libpng-debuginfo-1.2.10-15.el5_7.i386.rpm libpng-debuginfo-1.2.10-15.el5_7.x86_64.rpm libpng-devel-1.2.10-15.el5_7.i386.rpm libpng-devel-1.2.10-15.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm ppc64: libpng-1.2.46-2.el6_2.ppc.rpm libpng-1.2.46-2.el6_2.ppc64.rpm libpng-debuginfo-1.2.46-2.el6_2.ppc.rpm libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm libpng-devel-1.2.46-2.el6_2.ppc.rpm libpng-devel-1.2.46-2.el6_2.ppc64.rpm s390x: libpng-1.2.46-2.el6_2.s390.rpm libpng-1.2.46-2.el6_2.s390x.rpm libpng-debuginfo-1.2.46-2.el6_2.s390.rpm libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm libpng-devel-1.2.46-2.el6_2.s390.rpm libpng-devel-1.2.46-2.el6_2.s390x.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm ppc64: libpng-debuginfo-1.2.46-2.el6_2.ppc64.rpm libpng-static-1.2.46-2.el6_2.ppc64.rpm s390x: libpng-debuginfo-1.2.46-2.el6_2.s390x.rpm libpng-static-1.2.46-2.el6_2.s390x.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm x86_64: libpng-1.2.46-2.el6_2.i686.rpm libpng-1.2.46-2.el6_2.x86_64.rpm libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-devel-1.2.46-2.el6_2.i686.rpm libpng-devel-1.2.46-2.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libpng-1.2.46-2.el6_2.src.rpm i386: libpng-debuginfo-1.2.46-2.el6_2.i686.rpm libpng-static-1.2.46-2.el6_2.i686.rpm x86_64: libpng-debuginfo-1.2.46-2.el6_2.x86_64.rpm libpng-static-1.2.46-2.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3026.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPQqGfXlSAg2UNWIIRAvPAAKC5ML8Y7b6VjL034A1Z25dbaHQBeACbByBB 4I5iDRbA+wiPuXoUTrzz8EM= =Ow8Q -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-1367-3 February 17, 2012 thunderbird vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file. Original advisory details: Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC Apple TV Available for: Apple TV 2nd generation and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Apple TV Available for: Apple TV 2nd generation and later Impact: An attacker with a privileged network position may cause an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in JavaScriptCore. CVE-ID CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> General -> Update Software". To check the current version of software, select "Settings -> General -> About". Description: XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667 CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates. DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652 International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599 Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc. PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048 Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389 USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004. For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33 For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532 For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE----- . The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security
VAR-201202-0072 CVE-2012-0503 Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'I18n' sub-component. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35. Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1373-1 February 24, 2012 openjdk-6 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple OpenJDK 6 vulnerabilities have been fixed. Software Description: - openjdk-6: Open Source Java implementation Details: It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. It was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563) It was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501) It was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502) It was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503) It was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505) It was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506) It was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: icedtea-6-jre-cacao 6b23~pre11-0ubuntu1.11.10.2 icedtea-6-jre-jamvm 6b23~pre11-0ubuntu1.11.10.2 openjdk-6-jre 6b23~pre11-0ubuntu1.11.10.2 openjdk-6-jre-headless 6b23~pre11-0ubuntu1.11.10.2 openjdk-6-jre-lib 6b23~pre11-0ubuntu1.11.10.2 openjdk-6-jre-zero 6b23~pre11-0ubuntu1.11.10.2 Ubuntu 11.04: icedtea-6-jre-cacao 6b22-1.10.6-0ubuntu1 icedtea-6-jre-jamvm 6b22-1.10.6-0ubuntu1 openjdk-6-jre 6b22-1.10.6-0ubuntu1 openjdk-6-jre-headless 6b22-1.10.6-0ubuntu1 openjdk-6-jre-lib 6b22-1.10.6-0ubuntu1 openjdk-6-jre-zero 6b22-1.10.6-0ubuntu1 Ubuntu 10.10: icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.10.1 openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.10.1 openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.10.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b20-1.9.13-0ubuntu1~10.04.1 openjdk-6-jre 6b20-1.9.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b20-1.9.13-0ubuntu1~10.04.1 openjdk-6-jre-lib 6b20-1.9.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b20-1.9.13-0ubuntu1~10.04.1 After a standard system update you need to restart any Java applications or applets to make all the necessary changes. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available and addresses the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667 For OS X Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh 7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU= =Pf96 -----END PGP SIGNATURE----- . Release Date: 2012-03-26 Last Updated: 2012-04-02 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. This could lead to JVM crash or Java sandbox bypass. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. This could have been used to perform modification of the data that should have been immutable. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 6b24-1.11.1-1. We recommend that you upgrade your openjdk-6 packages. Fix in AtomicReferenceArray (CVE-2011-3571). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0139-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html Issue date: 2012-02-16 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0500.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMvOiZHAqtQCgmt4n dZEXYZPhMUvix7Sd5jUeKng= =Czkl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201202-0070 CVE-2012-0501 Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. The vulnerability can be exploited over multiple protocols. This issue affects the 'Java Runtime Environment' sub-component. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0 Update 33. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available and addresses the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667 For OS X Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh 7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU= =Pf96 -----END PGP SIGNATURE----- . Release Date: 2012-03-26 Last Updated: 2012-04-02 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012 openjdk-6b18 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed. Software Description: - openjdk-6b18: Open Source Java implementation Details: USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0507) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1 Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1 After a standard system update you need to restart any Java applications or applets to make all the necessary changes. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0322-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html Issue date: 2012-02-21 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR eIi8N5jfo4lIBLPu4EKFpVo= =ChsF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201202-0067 CVE-2012-0498 Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within cmm.dll. While parsing multi-function a to b curve data the size of an allocation is calculated based on user supplied data. It is possible to cause an integer wrap on the nTblSize variable. This variable is later used to allocate an heap buffer which will be smaller than necessary resulting in heap memory corruption. This can lead to remote code execution under the context of the current user. The vulnerability can be exploited over multiple protocols. This issue affects the '2D' sub-component. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0 Update 33. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Release Date: 2012-03-26 Last Updated: 2012-04-02 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.13 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v6.0.14 or subsequent MANUAL ACTIONS: Yes - Update For Java v6.0.13 and earlier, update to Java v6.0.14 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jre60.JRE60-COM Jre60.JRE60-IPF32 Jre60.JRE60-IPF32-HS Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS Jdk60.JDK60-COM Jdk60.JDK60-IPF32 Jdk60.JDK60-IPF64 Jdk60.JDK60-PA20 Jdk60.JDK60-PA20W action: install revision 1.6.0.14.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 27 March 2012 Initial release Version:2 (rev.2) 2 April 2012 corrected CVE-2012-0507 score Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fix in AtomicReferenceArray (CVE-2011-3571). Add property to limit number of request headers to the HTTP Server (CVE-2011-5035). Incorect checking for graphics rendering object (CVE-2012-0497). CVE-2012-0499, CVE-2012-0500). Better input parameter checking in zip file processing (CVE-2012-0501). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9 NSDNWCT+JqEyYHUExPAwR58= =cwgS -----END PGP SIGNATURE----- . The specific flaw exists within cmm.dll. - -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-04-09 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0139-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html Issue date: 2012-02-16 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0500.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMvOiZHAqtQCgmt4n dZEXYZPhMUvix7Sd5jUeKng= =Czkl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201202-0071 CVE-2012-0502 Oracle Java SE of Java Runtime Environment (JRE) Component vulnerabilities CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'AWT' sub-component. This vulnerability affects the following supported versions: 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. CVE-2011-3377 The Iced Tea browser plugin included in the openjdk-6 package does not properly enforce the Same Origin Policy on web content served under a domain name which has a common suffix with the required domain name. This could lead to JVM crash or Java sandbox bypass. CVE-2012-0505 The Java serialization code leaked references to serialization exceptions, possibly leaking critical objects to untrusted code in Java applets and applications. This could have been used to perform modification of the data that should have been immutable. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 6b24-1.11.1-1. We recommend that you upgrade your openjdk-6 packages. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012 openjdk-6b18 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed. Software Description: - openjdk-6b18: Open Source Java implementation Details: USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Original advisory details: It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. (CVE-2011-5035) ATTENTION: this update changes previous Java HttpServer class behavior by limiting the number of request headers to 200. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. It was discovered that the Java Sound component did not properly check buffer boundaries. A remote attacker could use this to cause a denial of service or view confidential data. (CVE-2011-3563) It was discovered that the Java2D implementation does not properly check graphics rendering objects before passing them to the native renderer. A remote attacker could use this to cause a denial of service or to bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0501) It was discovered that the Java AWT KeyboardFocusManager did not properly enforce keyboard focus security policy. A remote attacker could use this with an untrusted application or applet to grab keyboard focus and possibly expose confidential data. (CVE-2012-0502) It was discovered that the Java TimeZone class did not properly enforce security policy around setting the default time zone. A remote attacker could use this with an untrusted application or applet to set a new default time zone and bypass Java sandbox restrictions. (CVE-2012-0503) It was discovered the Java ObjectStreamClass did not throw an accurately identifiable exception when a deserialization failure occurred. A remote attacker could use this with an untrusted application or applet to bypass Java sandbox restrictions. (CVE-2012-0505) It was discovered that the Java CORBA implementation did not properly protect repository identifiers on certain CORBA objects. A remote attacker could use this to corrupt object data. (CVE-2012-0506) It was discovered that the Java AtomicReferenceArray class implementation did not properly check if an array was of the expected Object[] type. A remote attacker could use this with a malicious application or applet to bypass Java sandbox restrictions. (CVE-2012-0507) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1 Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1 Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1 After a standard system update you need to restart any Java applications or applets to make all the necessary changes. 6) - x86_64 3. Release Date: 2012-04-02 Last Updated: 2012-04-02 ------------------------------------------------------------------------------ Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 5.0.24 or earlier BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3521 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3554 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following Java version upgrades to resolve these vulnerabilities. The upgrades are available from the following location http://www.hp.com/go/java HP-UX B.11.11, B.11.23, B.11.31 JDK and JRE v5.0.25 or subsequent MANUAL ACTIONS: Yes - Update For Java v5.0.24 and earlier, update to Java v5.0.25 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jdk15.JDK15 Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-IPF32 Jdk15.JDK15-IPF64 Jdk15.JDK15-COM Jdk15.JDK15-DEMO Jdk15.JDK15-PA20 Jdk15.JDK15-PA20W Jre15.JRE15 Jre15.JRE15-COM Jre15.JRE15-IPF32 Jre15.JRE15-IPF32-HS Jre15.JRE15-IPF64 Jre15.JRE15-IPF64-HS Jre15.JRE15-PA20 Jre15.JRE15-PA20-HS Jre15.JRE15-PA20W Jre15.JRE15-PA20W-HS action: install revision 1.5.0.25.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 2 April 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Fix in AtomicReferenceArray (CVE-2011-3571). Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). Issues with some KeyboardFocusManager method (CVE-2012-0502). Issues with TimeZone class (CVE-2012-0503). Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505). Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages Description =========== Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details. Impact ====== An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code. Workaround ========== There is no known workaround at this time. Resolution ========== All Oracle JDK 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51" All Oracle JRE 1.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51" All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version: # emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51" All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea. NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. References ========== [ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201401-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-sun security update Advisory ID: RHSA-2012:0139-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0139.html Issue date: 2012-02-16 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 ===================================================================== 1. Summary: Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide JDK and JRE 6 Update 31 and resolve these issues. All running instances of Sun Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 790720 - CVE-2012-0498 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790722 - CVE-2012-0499 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D) 790724 - CVE-2012-0500 Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 (Deployment) 6. Package List: Red Hat Enterprise Linux AS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Desktop version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux ES version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux WS version 4 Extras: i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el4.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el4.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.i586.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.i586.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el5.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el5.x86_64.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux HPC Node Supplementary (v. 6): x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.i686.rpm x86_64: java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-demo-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.i686.rpm java-1.6.0-sun-devel-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-jdbc-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-plugin-1.6.0.31-1jpp.1.el6_2.x86_64.rpm java-1.6.0-sun-src-1.6.0.31-1jpp.1.el6_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0498.html https://www.redhat.com/security/data/cve/CVE-2012-0499.html https://www.redhat.com/security/data/cve/CVE-2012-0500.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.oracle.com/technetwork/java/javase/6u31-relnotes-1482342.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPVa5XlSAg2UNWIIRAn6xAJ932rg7KVwp+jyL7jwxMvOiZHAqtQCgmt4n dZEXYZPhMUvix7Sd5jUeKng= =Czkl -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201202-0054 CVE-2012-0014 Microsoft .NET Framework and Silverlight Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: 7.8
Severity: HIGH
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability.". Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition. The platform includes the C# and Visual Basic programming languages, the common language runtime, and an extensive class library. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for February 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. IV. References * Microsoft Security Bulletin Summary for February 2012 - <https://technet.microsoft.com/en-us/security/bulletin/ms12-feb> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update - <https://www.update.microsoft.com/> * Microsoft Update Overview - <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off - <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA12-045A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-045A Feedback VU#752838" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2012 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History February 14, 2012: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw 2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7 gtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP 40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK joX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW iRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ== =E3Fg -----END PGP SIGNATURE-----
VAR-201202-0094 CVE-2012-0340 Cisco IronPort Encryption Appliance Management interface cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. The Cisco IronPort family of products is a widely used mail encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. Since the WEB interface provided by the device fails to properly filter the input submitted by the user, the unauthenticated remote attacker can construct a malicious link, induce the user to parse, obtain the target user's browser sensitive information or hijack the user session. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by IronPort bug 72410
VAR-201202-0034 CVE-2011-3968 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. Google Chrome There is a service disruption (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.By a third party Service operation interruption (DoS) You may be put into a state or affected by other details. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.46 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201202-0032 CVE-2011-3966 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.46 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201202-0024 CVE-2011-3958 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption through crafted documents by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.46 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201202-0017 CVE-2011-3971 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.46 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201202-0015 CVE-2011-3969 Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 17.0.963.46 are vulnerable. Google Chrome is a web browser developed by Google (Google). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: February 18, 2012 Bugs: #402841, #404067 ID: 201202-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Background ========== Chromium is an open source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 17.0.963.56 >= 17.0.963.56 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted web site using Chromium, possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, information leak (clipboard contents), bypass of the Same Origin Policy, or escape from NativeClient's sandbox. A remote attacker could also entice the user to perform a set of UI actions (drag and drop) to trigger an URL bar spoofing vulnerability. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-17.0.963.56" References ========== [ 1 ] CVE-2011-3016 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3016 [ 2 ] CVE-2011-3017 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3017 [ 3 ] CVE-2011-3018 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3018 [ 4 ] CVE-2011-3019 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3019 [ 5 ] CVE-2011-3020 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3020 [ 6 ] CVE-2011-3021 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3021 [ 7 ] CVE-2011-3022 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3022 [ 8 ] CVE-2011-3023 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3023 [ 9 ] CVE-2011-3024 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3024 [ 10 ] CVE-2011-3025 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3025 [ 11 ] CVE-2011-3027 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3027 [ 12 ] CVE-2011-3953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3953 [ 13 ] CVE-2011-3954 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3954 [ 14 ] CVE-2011-3955 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3955 [ 15 ] CVE-2011-3956 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3956 [ 16 ] CVE-2011-3957 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3957 [ 17 ] CVE-2011-3958 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3958 [ 18 ] CVE-2011-3959 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3959 [ 19 ] CVE-2011-3960 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3960 [ 20 ] CVE-2011-3961 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3961 [ 21 ] CVE-2011-3962 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3962 [ 22 ] CVE-2011-3963 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3963 [ 23 ] CVE-2011-3964 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3964 [ 24 ] CVE-2011-3965 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3965 [ 25 ] CVE-2011-3966 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3966 [ 26 ] CVE-2011-3967 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3967 [ 27 ] CVE-2011-3968 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3968 [ 28 ] CVE-2011-3969 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3969 [ 29 ] CVE-2011-3970 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3970 [ 30 ] CVE-2011-3971 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3971 [ 31 ] CVE-2011-3972 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3972 [ 32 ] Release Notes 17.0.963.46 http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.ht= ml [ 33 ] Release Notes 17.0.963.56 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.htm= l Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201202-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-201202-0041 CVE-2011-4533 Ing. Punzenberger COPA-DATA zenon of zenAdminSrv.exe Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 50777, aka Reference Number 25240. Punzenberger COPA-DATA GmbH zenon is an industrial automation software. Punzenberger COPA-DATA GmbH zenon is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash an affected system, denying service to legitimate users. zenon 6.51 SP0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: zenon Two Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA47892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47892 RELEASE DATE: 2012-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/47892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in zenon, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) An error in zenAdminSrv.exe when processing certain packets can be exploited via a specially crafted packet sent to TCP port 50777. 2) An error in ZenSysSrv.exe when handling client connections can be exploited by connecting and disconnecting multiple times on TCP port 1101. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 6.51 SP0. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201202-0042 CVE-2011-4534 Ing. Punzenberger COPA-DATA zenon of ZenSysSrv.exe Service disruption in (DoS) Vulnerabilities CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via a series of connections and disconnections on TCP port 1101, aka Reference Number 25212. Punzenberger COPA-DATA GmbH zenon is an industrial automation software. Punzenberger COPA-DATA GmbH zenon is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to crash an affected system, denying service to legitimate users. zenon 6.51 SP0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: zenon Two Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA47892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47892 RELEASE DATE: 2012-02-08 DISCUSS ADVISORY: http://secunia.com/advisories/47892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in zenon, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) An error in zenAdminSrv.exe when processing certain packets can be exploited via a specially crafted packet sent to TCP port 50777. 2) An error in ZenSysSrv.exe when handling client connections can be exploited by connecting and disconnecting multiple times on TCP port 1101. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 6.51 SP0. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-013-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-201202-0048 CVE-2011-4513 plural Siemens Vulnerabilities in products that allow arbitrary code execution CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. plural Siemens The product includes HMI Web An arbitrary code execution vulnerability exists due to a flaw in processing related to the server and runtime loader.Crafted by attackers project An arbitrary code may be executed via the file. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. Social engineering is required to enable administrators to download files and execute them. SIMATIC Wincc Runtime Advanced is prone to a remote security vulnerability. Vulnerabilities exist in several versions of Siemens SIMATIC WinCC
VAR-201202-0049 CVE-2011-4514 plural Siemens Product TELNET Access vulnerability in daemon CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. plural Siemens Product TELNET Since the daemon does not authenticate, there is a vulnerability that allows easy access.By a third party TCP Access can easily be gained through a session. Siemens SIMATIC is an automation software in a single engineering environment. SIMATIC panels include the Telnet daemon by default, but the daemon does not implement any validation features. A vulnerability exists in several versions of Siemens SIMATIC WinCC due to the failure of the TELNET daemon to perform authentication. A remote attacker could use this vulnerability to gain access through a TCP session
VAR-201202-0047 CVE-2011-4512 Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. plural Siemens Product HMI Web The server CRLF An injection vulnerability exists.By any third party HTTP Inserted header, and HTTP Response splitting attacks can be triggered. Siemens SIMATIC is an automation software in a single engineering environment. The HMI web server has a header injection vulnerability that allows elevation of privilege, stealing data or breaking services. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions