Tuesday Mar 19, 2013

Multiple vulnerabilities in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1623 Vulnerability allows statistical analysis of timing data of crafted packets 4.3 yaSSL
MySQL 5.1 5.1.69
MySQL 5.5 5.5.31
MySQL 5.6 5.6.11
CVE-2012-4929 Cryptographic vulnerabiility 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2008-4316 Numeric Errors vulnerability in Glib

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2008-4316 Numeric Errors vulnerability 4.6 GLib
Solaris 10 SPARC: 149112-01 X86: 149113-01

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1492 Buffer Overflow vulnerability in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1492 Buffer overflow vulnerability 7.5 yaSSL
MySQL 5.1 5.1.68
MySQL 5.5 5.5.30

Oracle acknowledges with thanks, Luigi Auriemma from Tippint Point's Zero Day Initiative for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-0553 Buffer Overflow vulnerability in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0553 Buffer overflow vulnerability 7.5 yaSSL
MySQL 5.1 5.1.68
MySQL 5.5 5.5.28

Multiple cross-site scripting (XSS) vulnerabilities in JFreeChart

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-6306 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 JFreeChart
Solaris Cluster 3.2 On Request
Solaris Cluster 3.3 SPARC: 150100-01 149432-02 X86: 150101-01 149433-02
CVE-2007-6307 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« March 2013 »
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
14
15
16
17
18
20
21
22
23
24
25
26
27
28
29
30
31
      
Today