Wednesday Mar 13, 2013

Multiple vulnerabilities in libpng

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3026 Numeric Errors vulnerability 7.5 libpng
Solaris 10 SPARC: 137080-07 X86: 137081-07
Solaris 11.1 11.1
CVE-2011-3048 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2010-1634 Integer Overflow vulnerability in Python

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1634 Integer Overflow vulnerability 5.0 Python
Solaris 10 SPARC: 143506-03 X86: 143507-03
Solaris 11.1 11.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Thunderbird

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3659 Resource Management Errors vulnerability 10.0 Thunderbird
Solaris 10 SPARC: 145200-10 X86: 145201-10
Solaris 11.1 11.1
CVE-2012-0442 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-0443 Unspecified vulnerability 10.0
CVE-2012-0445 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2012-0446 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0447 Information Exposure vulnerability 5.0
CVE-2012-0449 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3439 Denial of Service (DoS) vulnerability 9.3 FreeType Font Engine
Solaris 10 SPARC: 119812-14 X86: 119813-16
Solaris 11.1 11.1
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3256 Denial of Service (DoS) vulnerability 4.3 FreeType 2 Library
Solaris 10 SPARC: 119812-13 X86: 119813-15
Solaris 11.1 11.1
Solaris 8 Patches planned but not yet available
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2009-2624 Denial of Service (DoS) vulnerability 6.8 Gzip
Solaris 10 SPARC: 120719-03 X86: 120720-03
Solaris 11.1 11.1
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-3410 stack-based buffer overflow vulnerability in Bash

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3410 Buffer overflow vulnerability 4.6 Bash
Solaris 10 SPARC: 126546-04 X86: 126547-04
Solaris 11.1 11.1
Solaris 9 Patches planned but not yet available

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« March 2013 »
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
31
      
Today