Mandriva Linux Security Advisory 2013-195 - A heap corruption vulnerability has been discovered and corrected in PHP.
41d22962d3e847be882f55fdf4b1b3e582c6f09ece79764dfde346402e48e90eRed Hat Security Advisory 2013-1060-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
ee8d21bf3d250b22758d57658b44d4417db7b174c40cba149fa6427c16058940Red Hat Security Advisory 2013-1059-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
9f6a228046040127622a514b9f1dee514c668e2a2a86fe840ff251b81e09159dThis is a brief summary of how a security researcher discovered a use-after-free vulnerability in Microsoft Internet Explorer versions 6 and 7.
fed4dfb70fc3fa7c23bed757145fad40571994fdcfece3bbf1de6eeb343e3a5bRed Hat Security Advisory 2013-1049-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
e75380b7282aaa382921ecf112fdb316da3dd5c1a98030990320b73778be9439Red Hat Security Advisory 2013-1050-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
ae1ae5890faa897c0e388c7e472e6bdef7bff09f6930a9b2d0da6eb924a76977HP Security Bulletin HPSBST02890 3 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. Revision 3 of this advisory.
422b3375eb717c521ae8728e85ffcb04eb02f34f89ad0731bdbeff7ba22d3908Gentoo Linux Security Advisory 201307-1 - Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 1.4.24 are affected.
6fbe65c7f8c455d91fb9793263cbcd363c732b4b7cf6a52f71982d44d7efc8bbLinksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.
850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12Red Hat Security Advisory 2013-1024-01 - Updated Messaging component packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.
b27517f1b626a0eda896340f34f49bd12b4b6bbb7834967692784fd3d4d3f17cMandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.
222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405bMandriva Linux Security Advisory 2013-193 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. The updated packages have been upgraded to the latest 2.2.25 version which is not vulnerable to this issue.
6bb051f28da0e3ffb1ef6f736e950ea307cd11c8d925486e08bc7aa93ce12511Drupal TinyBox third party module version 7.x suffers from a cross site scripting vulnerability.
68b8c0eff858ede028a885fc8fd53a4323fee40a21aeb4d6befadd4bf113c3b0Red Hat Security Advisory 2013-1044-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. The RichFaces component is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.
d18a74069a96a4aaa1652df273b226c9ec81f840a9d532e9124b8e2d2d808e2aRed Hat Security Advisory 2013-1045-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
81c3cfee3b426df3d700d82b46210967ca52f443a2ad2a47a35bc2782f988cacRed Hat Security Advisory 2013-1043-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
3f195710e9356b035cbdd3ab0f3ee82522528a883a4fa741abf131813d48cd52Red Hat Security Advisory 2013-1042-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.
8d99bfdf74e800ed985ade651322e5980dd02d516df4c0faefe2493afad24b8aDebian Linux Security Advisory 2719-1 - Multiple vulnerabilities were discovered in the poppler PDF rendering library.
fcb50182fa2bad45ade94192c613b84468ab1d62c6da5c762196695a733f5ef6Joomla AICONTACTSAFE version 2.0.19 suffers from a cross site scripting vulnerability.
b4bb8004d0a3151453a8c7faca6416303b9cc9330e840b011b75ec6cee0b4adaRed Hat Security Advisory 2013-1041-01 - Red Hat JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release serves as a replacement for Red Hat JBoss Web Framework Kit 2.2.0, and includes bug fixes and enhancements.
01a332930e3b54aa66e37d38faf5261be617f0a2b3b9a9b5193cf5c0fd7a030fDrupal Stage File Proxy third party module version 7.x suffers from a denial of service vulnerability.
23967aa8e46741d57dfe02f01047b63ebac959fb12239ac77670027003d32d69Adobe Reader version 11.0.03 installs multiple vulnerable third party components.
92867cb438017412891299d6363d515d6e808f27508933657856de2352bdc38cDrupal Hatch third party theme version 7.x suffers from a cross site scripting vulnerability.
f13583226935979ac339ab88cc43455edebe5790b423925913ad8bfd7f015381Slackware Security Advisory - New dbus packages are available for Slackware 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2168.
6abf1900c85eae20f638426b2b7e6222d61f46c0eac24cd85c96f33b1e60511fRed Hat Security Advisory 2013-1035-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-17, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.297.
e8bc26abdaf96a6fb979f546c978c89aea6c18520be6a6a31742796a55e81afe
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed