Tuesday Mar 19, 2013

Multiple vulnerabilities in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1623 Vulnerability allows statistical analysis of timing data of crafted packets 4.3 yaSSL
MySQL 5.1 5.1.69
MySQL 5.5 5.5.31
MySQL 5.6 5.6.11
CVE-2012-4929 Cryptographic vulnerabiility 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2008-4316 Numeric Errors vulnerability in Glib

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2008-4316 Numeric Errors vulnerability 4.6 GLib
Solaris 10 SPARC: 149112-01 X86: 149113-01

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1492 Buffer Overflow vulnerability in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1492 Buffer overflow vulnerability 7.5 yaSSL
MySQL 5.1 5.1.68
MySQL 5.5 5.5.30

Oracle acknowledges with thanks, Luigi Auriemma from Tippint Point's Zero Day Initiative for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-0553 Buffer Overflow vulnerability in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0553 Buffer overflow vulnerability 7.5 yaSSL
MySQL 5.1 5.1.68
MySQL 5.5 5.5.28

Multiple cross-site scripting (XSS) vulnerabilities in JFreeChart

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-6306 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 JFreeChart
Solaris Cluster 3.2 On Request
Solaris Cluster 3.3 SPARC: 150100-01 149432-02 X86: 150101-01 149433-02
CVE-2007-6307 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Wednesday Mar 13, 2013

Multiple vulnerabilities in libpng

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3026 Numeric Errors vulnerability 7.5 libpng
Solaris 10 SPARC: 137080-07 X86: 137081-07
Solaris 11.1 11.1
CVE-2011-3048 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2010-1634 Integer Overflow vulnerability in Python

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1634 Integer Overflow vulnerability 5.0 Python
Solaris 10 SPARC: 143506-03 X86: 143507-03
Solaris 11.1 11.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Thunderbird

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3659 Resource Management Errors vulnerability 10.0 Thunderbird
Solaris 10 SPARC: 145200-10 X86: 145201-10
Solaris 11.1 11.1
CVE-2012-0442 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-0443 Unspecified vulnerability 10.0
CVE-2012-0445 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2012-0446 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0447 Information Exposure vulnerability 5.0
CVE-2012-0449 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3439 Denial of Service (DoS) vulnerability 9.3 FreeType Font Engine
Solaris 10 SPARC: 119812-14 X86: 119813-16
Solaris 11.1 11.1
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3256 Denial of Service (DoS) vulnerability 4.3 FreeType 2 Library
Solaris 10 SPARC: 119812-13 X86: 119813-15
Solaris 11.1 11.1
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« March 2013 »
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
31
      
Today