Wednesday Apr 04, 2012

CVE-2011-4576 Information Disclosure vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-4576 Information Disclosure vulnerability 5.0 OpenSSL
Solaris 10 SPARC: 147707-03 X86: 146672-04

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-0050 Denial of Service (DoS) vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0050 Denial of Service (DoS) vulnerability 5.0 OpenSSL
Solaris 11 11/11 SRU 4a

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-4108 Cryptographic Issues vulnerability 4.3 OpenSSL
Solaris 11 11/11 SRU 4a
CVE-2011-4109 Unspecified vulnerability 9.3
CVE-2011-4576 Information Disclosure vulnerability 5.0
CVE-2011-4577 Denial of Service (DoS) vulnerability 4.3
CVE-2011-4619 Denial of Service (DoS) vulnerability 5.0
CVE-2012-0027 Denial of Service (DoS) vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Samba

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2522 Cross-Site Request Forgery (CSRF) vulnerability 6.8 Samba
Solaris 10 SPARC: 119757-21 X86: 119758-21
Solaris 9 Patches planned but not yet available
CVE-2011-2694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in Thunderbird

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3648 Cross-site scripting (XSS) vulnerability 4.3 Thunderbird
Solaris 11 11/11 SRU 04
CVE-2011-3650 Denial of Service(DoS) vulnerability 9.3
CVE-2011-3651 Denial of Service(DoS) vulnerability 10.0
CVE-2011-3652 Denial of Service(DoS) vulnerability 10.0
CVE-2011-3654 Denial of Service(DoS) vulnerability 10.0
CVE-2011-3655 Access Control vulnerability 9.3

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in libpng

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2690 Buffer Overflow vulnerability 6.8 PNG reference library (libpng)
Solaris 10 SPARC: 137080-06 X86: 137081-06
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available
CVE-2011-2691 Denial of Service (Dos) vulnerability 5.0
CVE-2011-2692 Denial of Service (Dos) vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3375 Information Disclosure vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3375 Information Exposure vulnerability 5.0 Apache Tomcat
Solaris 11 11/11 SRU 04

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2009-2409 Cryptographic Issues in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2009-2409 Cryptographic Issues vulnerability 5.1 OpenSSL
Solaris 10 SPARC: 147707-02 X86: 146672-03
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Denial of Service vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0041 Denial of Service(DoS) vulnerability 1.9 Wireshark
Solaris 11 11/11 SRU 04
CVE-2012-0042 Denial of Service(DoS) vulnerability 2.9
CVE-2012-0043 Buffer Overflow vulnerability 5.4
CVE-2012-0066 Denial of Service(DoS) vulnerability 1.9
CVE-2012-0067 Denial of Service(DoS) vulnerability 1.9
CVE-2012-0068 Buffer Overflow vulnerability 4.4

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2004-1010 Buffer Overflow vulnerability in Zip utility

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2004-1010 Buffer Overflow vulnerability 10.0 Zip
Solaris 10 SPARC: 147378-01 X86: 147379-01
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2012 »
SunMonTueWedThuFriSat
1
2
3
6
7
8
9
10
11
12
13
14
15
16
18
19
21
22
23
24
25
26
27
28
29
30
     
       
Today