Thursday Aug 23, 2012

CVE-2012-3133 Buffer Overflow in DataDirect ODBC driver affects Hyperion Interactive Reporting, Hyperion Production Reporting Server, Hyperion Essbase Server, Hyperion Integration Services Server

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3133 Buffer Overflow Vulnerability 6.8 DataDirect ODBC driver
Hyperion Interactive Reporting 11.1.2.1 Windows (32 bit, 64 bit) : 13709574 , Linux (x86, x86-64) : 13909990
Hyperion Essbase Server 11.1.2.1 Windows (32 bit, 64 bit) : 13709574 , Linux (x86, x86-64) : 13909990
Hyperion Production Reporting Server 11.1.2.1 Windows (32 bit, 64 bit) : 13709574 , Linux (x86, x86-64) : 13909990
Hyperion Integration Services Server 11.1.2.1 Windows (32 bit, 64 bit) : 13709574 , Linux (x86, x86-64) : 13909990
Hyperion Interactive Reporting 11.1.2.2 Linux (x86,x86-64) : 14037883
Hyperion Essbase Server 11.1.2.2 Linux (x86,x86-64) : 14037883
Hyperion Production Reporting Server 11.1.2.2 Linux (x86,x86-64) : 14037883
Hyperion Integration Services Server 11.1.2.2 Linux (x86,x86-64) : 14037883

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Aug 21, 2012

CVE-2012-1820 Denial of Service (DoS) vulnerability in Quagga

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1820 Denial of Service (DoS) vulnerability 2.9 Quagga
Solaris 10 SPARC: 126206-10 X86: 126207-10
Solaris 11 11/11 SRU 10.5

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2010-4008 Denial of Service (DoS) vulnerability in libxml2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-4008 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 4.3 libxml2
Solaris 10 SPARC: 125731-07 X86: 125732-07
Solaris 11 11/11 SRU 10.5

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-2370 Denial of Service (DoS) vulnerability in GTK+

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2370 Numeric Errors vulnerability 5.0 GTK+
Solaris 11 11/11 SRU 10.5

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Denial of Service (DoS) vulnerabilities in ISC DHCP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3571 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.1 ISC DHCP
Solaris 11 11/11 SRU 10.5
CVE-2012-3954 Resource Management Errors vulnerability 3.3

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Vulnerabilities in Quagga

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0248 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 4.3 Quagga
Solaris 10 SPARC: 126206-10 X86: 126207-10
Solaris 11 11/11 SRU 10.5
CVE-2012-0249 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3
CVE-2012-0250 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3
CVE-2012-0255 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-2088 Denial of Service (DoS) vulnerability in libtiff

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2088 Numeric Errors vulnerability 7.5 LibTIFF
Solaris 10 SPARC: 119900-15 X86: 119901-14
Solaris 11 11/11 SRU 10.5

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-2113 Denial of Service (DoS) vulnerability in libtiff

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2113 Numeric Errors vulnerability 6.8 LibTIFF
Solaris 10 SPARC: 119900-15 X86: 119901-14
Solaris 11 11/11 SRU 10.5

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Aug 14, 2012

CVE-2012-1667 Denial of Service (DoS) vulnerability in BIND

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1667 Denial of Service (DoS) vulnerability 8.5 BIND
Solaris 11 11/11 SRU 9.5
Solaris 10 SPARC: 119783-22 X86: 119784-22
Solaris 9 SPARC: 112837-27 X86: 114265-26

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Thunderbird

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 Thunderbird
Solaris 11 11/11 SRU 9.5
Solaris 10 SPARC: 145200-11 X86: 145201-11
CVE-2012-0469 Resource Management Errors vulnerability 10.0
CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0473 Numeric Errors vulnerability 5.0
CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3
CVE-2012-0479 Identity spoofing vulnerability 4.3
CVE-2011-3062 Numeric Errors vulnerability 6.8
CVE-2012-0467 Denial of Service (DoS) vulnerability 10.0

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« August 2012 »
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
8
9
10
11
12
13
15
16
17
18
19
20
22
24
25
26
27
28
29
30
31
 
       
Today